Google Cloud — Getting Started with GCP
Learn how to get started with Google Cloud Platform including Free Tier setup, Console navigation, Cloud SDK installation, gcloud CLI commands, and Cloud Shell usage..
20+ years shipping production infrastructure and CI/CD at scale. Everything here is grounded in real deployments.
- ✓Basic understanding of cloud computing concepts, command-line familiarity (bash), a Google account with billing enabled, and the gcloud CLI installed (version 450.0.0 or later).
Getting Started with GCP is like having a specialized tool that handles the heavy lifting so you don't have to build and manage the underlying infrastructure yourself — it just works with Google Cloud.
Google Cloud Platform (GCP) offers a suite of cloud computing services that run on the same infrastructure Google uses internally. Getting started can feel overwhelming with dozens of services and tools. This guide walks you through the fundamentals — signing up for Free Tier, navigating the Console, and using the gcloud CLI and Cloud Shell to manage resources.
Why GCP? A Pragmatic Choice for Production Workloads
Google Cloud Platform (GCP) isn't just another cloud — it's built on the same infrastructure that powers Google Search, YouTube, and Gmail. For DevOps teams, this means battle-tested networking, industry-leading data analytics (BigQuery), and a Kubernetes service (GKE) that's the gold standard. Unlike AWS or Azure, GCP's network is designed for global scale from day one, with low-latency inter-region connectivity and a single VPC that spans the planet. If you're starting fresh, GCP's simpler IAM model and consistent CLI (gcloud) reduce cognitive load. But don't mistake simplicity for weakness — GCP's per-second billing and sustained-use discounts save money without complex reservations. For a beginner, the learning curve is gentler, but the production patterns are just as rigorous. Start here, and you'll build skills that transfer to any cloud.
Setting Up Your GCP Environment: Project, Billing, and IAM
Every GCP resource lives in a project. Think of a project as a logical container for billing, permissions, and APIs. Start by creating a project with a descriptive name (e.g., 'thecodeforge-prod'). Enable billing — without it, most services won't work. Then, set up IAM: avoid using the owner account for daily operations. Create a service account for automation and assign least-privilege roles like 'roles/compute.admin' or 'roles/storage.objectAdmin'. Use gcloud to manage everything: gcloud projects create, gcloud config set project, and gcloud iam service-accounts create. For local development, authenticate with gcloud auth application-default login. This setup mirrors production patterns where CI/CD pipelines use service accounts, not human credentials.
Core Compute: Choosing Between Compute Engine and GKE
GCP offers two primary compute paths: Compute Engine (VMs) and Google Kubernetes Engine (GKE). For beginners, Compute Engine is simpler — you get a VM, SSH in, and install your app. But for production, GKE is almost always the better choice. Kubernetes abstracts away the underlying VMs, provides self-healing, and enables rolling updates. GKE adds managed node pools, auto-scaling, and integrated logging. The trade-off: GKE has a steeper learning curve. Start with a single-node GKE cluster using gcloud container clusters create with --num-nodes=1. Deploy a simple nginx pod to validate. Once comfortable, explore node auto-repair and cluster autoscaler. For stateless apps, GKE is the default. For stateful workloads (databases), consider Compute Engine or Cloud SQL.
Networking: VPCs, Subnets, and Firewall Rules
GCP's Virtual Private Cloud (VPC) is global — one VPC can span regions. Subnets are regional, and you can create them in multiple regions within the same VPC. This simplifies network design: no need for complex peering or VPNs for inter-region communication. Firewall rules are stateful and apply to VMs via network tags. For production, follow the principle of least privilege: default deny ingress, allow only necessary ports. Use gcloud compute firewall-rules create with target tags. For example, allow HTTP only on VMs tagged 'web'. Also, enable Private Google Access so VMs without external IPs can reach Google APIs. This is critical for security — never give a VM a public IP unless absolutely necessary.
Storage: Cloud Storage Buckets and Persistent Disks
GCP offers two main storage types for compute: object storage (Cloud Storage) and block storage (Persistent Disks). Cloud Storage is for unstructured data: backups, static assets, logs. Buckets are globally unique, and you can set lifecycle policies to auto-delete or archive old objects. Use gsutil for CLI access. Persistent Disks are for VM or GKE pod storage. They're network-attached and can be resized without downtime. For production, always use SSD persistent disks for boot volumes and standard for data that doesn't need high IOPS. Enable snapshots for backup. A common pattern: store application configs in a bucket, mount as a volume using gcsfuse, and keep stateful data on persistent disks.
Databases: Cloud SQL vs. Firestore vs. Bigtable
Choosing the right database is critical. Cloud SQL provides managed MySQL, PostgreSQL, and SQL Server — ideal for traditional relational workloads. It handles backups, replication, and failover. Firestore is a NoSQL document database for real-time apps, with strong consistency and offline support. Bigtable is a wide-column NoSQL database for high-throughput, low-latency workloads (e.g., analytics, IoT). For a typical web app, start with Cloud SQL. Use Firestore if you need real-time sync or serverless. Avoid Bigtable unless you have massive scale (TB+). All three integrate with IAM and VPC. For production, always enable point-in-time recovery and automated backups. Test failover by simulating a zone outage.
Monitoring and Logging: Cloud Monitoring and Logging
You can't fix what you can't see. GCP's operations suite (formerly Stackdriver) provides Cloud Monitoring for metrics and alerts, and Cloud Logging for centralized logs. For production, set up uptime checks on your external endpoints, create alerting policies for CPU > 80% or 5xx errors, and use log-based metrics to track custom events. The gcloud logging and gcloud monitoring CLIs let you manage everything programmatically. For GKE, enable Cloud Monitoring and Logging at cluster creation. Use the Ops Agent on Compute Engine VMs for deeper metrics. A common mistake: not setting up budget alerts. Always create a budget alert at 50%, 90%, and 100% of your spend.
CI/CD with Cloud Build and Artifact Registry
Automate your deployments with Cloud Build — GCP's managed CI/CD service. It integrates with Cloud Source Repositories, GitHub, and Bitbucket. Define a cloudbuild.yaml that builds a Docker image, pushes it to Artifact Registry, and deploys to GKE or Cloud Run. Artifact Registry replaces Container Registry and supports Docker, Maven, npm, and more. For production, use kaniko for building containers without Docker daemon (more secure). Add vulnerability scanning to Artifact Registry to catch CVEs before deployment. A typical pipeline: lint, test, build, scan, deploy. Use Cloud Build's built-in substitutions for environment-specific configs.
Infrastructure as Code with Terraform and Deployment Manager
Manual infrastructure is fragile. Use Terraform (preferred) or Deployment Manager to define your GCP resources as code. Terraform's HCL is cloud-agnostic and has a rich provider for GCP. Store state in a Cloud Storage bucket with versioning enabled. Use modules to encapsulate common patterns (e.g., VPC, GKE cluster). For production, enforce policies with Terraform Sentinel or GCP's Organization Policies. Never run terraform apply from a local machine — use a CI/CD pipeline with a service account. A common pitfall: not using prevent_destroy on critical resources like databases. Always plan and review changes before applying.
terraform apply from two different machines. Always use a remote backend with locking.Security Best Practices: IAM, VPC Service Controls, and Beyond
Security in GCP is layered. Start with IAM: use predefined roles, avoid primitive roles (owner/editor/viewer), and grant roles at the resource level when possible. Use VPC Service Controls to prevent data exfiltration from managed services like BigQuery or Cloud Storage. Enable Cloud Armor for WAF protection on HTTP(S) load balancers. Use Secret Manager for API keys and passwords. For compliance, enable Audit Logs and export them to a locked bucket. A common mistake: leaving default service accounts with excessive permissions. Disable them and create custom ones. Also, enable Organization Policies to restrict public IPs, disable service account key creation, and require CMEK for encryption.
Cost Management: Budgets, Quotas, and Sustained Use Discounts
GCP's pricing can be complex but manageable. Use budgets and alerts to avoid surprises. Set up a budget at the project level with alerts at 50%, 90%, and 100%. Use quotas to prevent runaway resource consumption — set CPU, disk, and network quotas per region. Understand sustained use discounts: VMs that run for more than 25% of a month get automatic discounts (up to 30%). Committed use contracts (1 or 3 years) offer deeper discounts for predictable workloads. For GKE, use preemptible VMs for batch jobs. Use the gcloud alpha billing commands to programmatically manage budgets. A common mistake: not cleaning up unused resources (e.g., old disks, static IPs). Use the Recommender to identify idle resources.
Next Steps: From Beginner to Production-Ready
You've set up a project, deployed a GKE cluster, configured networking, and automated CI/CD. Now, harden your setup. Implement blue/green deployments with GKE's managed ingress. Add a CDN with Cloud CDN for static assets. Use Cloud Functions for event-driven tasks. Monitor everything with Cloud Monitoring dashboards. Finally, document your architecture — use diagrams and runbooks. The path from beginner to production is iterative. Start small, automate everything, and never stop learning. GCP's documentation is excellent; use it. Join the Google Cloud community. And remember: in production, simplicity beats complexity. A simple, well-monitored system is better than a complex, fragile one.
| File | Command / Code | Purpose |
|---|---|---|
| check-gcp-access.sh | gcloud projects list --format="table(projectId, name, lifecycleState)" | Why GCP? A Pragmatic Choice for Production Workloads |
| setup-gcp-project.sh | PROJECT_ID="thecodeforge-prod" | Setting Up Your GCP Environment |
| create-gke-cluster.sh | CLUSTER_NAME="demo-cluster" | Core Compute |
| setup-vpc-firewall.sh | VPC_NAME="prod-vpc" | Networking |
| create-bucket-and-disk.sh | BUCKET_NAME="thecodeforge-assets" | Storage |
| create-cloud-sql-instance.sh | INSTANCE_NAME="prod-db" | Databases |
| setup-monitoring.sh | ALERT_POLICY_NAME="high-cpu" | Monitoring and Logging |
| cloudbuild.yaml | steps: | CI/CD with Cloud Build and Artifact Registry |
| main.tf | terraform { | Infrastructure as Code with Terraform and Deployment Manager |
| enforce-org-policy.sh | ORG_ID="123456789012" | Security Best Practices |
| create-budget.sh | ACCOUNT_ID=$(gcloud billing accounts list --format="value(name)" --limit=1) | Cost Management |
| deploy-blue-green.sh | kubectl apply -f blue-deployment.yaml | Next Steps |
Key takeaways
Common mistakes to avoid
3 patternsNot understanding getting started pricing model
Using default settings without tuning for getting started
Missing IAM permissions and service account configuration
Interview Questions on This Topic
What is Getting Started with GCP and when would you use it?
Frequently Asked Questions
20+ years shipping production infrastructure and CI/CD at scale. Everything here is grounded in real deployments.
That's Google Cloud. Mark it forged?
5 min read · try the examples if you haven't