gcpdiag: Tool For Google Cloud Platform (GCP)
Find and fix common issues in Google Cloud Platform projects using a command-line tool.
gcpdiag: A command-line tool for finding and fixing common issues in Google Cloud Platform projects
gcpdiag is a command-line tool that is used to find and fix common issues in Google Cloud Platform projects. It is an open-source tool that is available on GitHub. It can be installed and run on any machine that has the Google Cloud SDK installed.
gcpdiag is based on the troubleshooting experience of the Google Cloud Support team. It scans projects for a wide range of issues, including security, performance, and best practices.
gcpdiag Architecture:
The high-level architecture of gcpdiag looks as follows:
Pre-requisites:
The credentials that you use with gcpdiag need to have at least the following roles granted:
- Viewer on the inspected project.
- Service Usage Consumer on the project used for billing/quota enforcement. This is the project being inspected by default but can be explicitly set using the
--billing-projectoption.
The Editor and Owner roles include all the required permissions, but we recommend that if you use service account authentication (--auth-key), you only grant the Viewer and Service Usage Consumer roles on that service account.
Required APIs:
gcpdiag requires the following APIs to be enabled in order for the inspection of resources to work correctly:
- Cloud Resource Manager API
- Identity and Access Management API
- Cloud Logging API
- Service Usage API
These APIs provide gcpdiag with the permissions it needs to access and inspect resources in your project. If these APIs are not enabled, gcpdiag will not be able to run correctly.
The specific steps that gcpdiag takes to work are as follows:
- gcpdiag authenticates to the Google Cloud Platform using the credentials that you provide.
- gcpdiag retrieves a list of all the projects that you have access to.
- For each project, gcpdiag makes a series of API calls to inspect the resources in the project.
- gcpdiag identifies any potential issues with the resources in the project.
- gcpdiag generates a report that lists all the issues that were found.
NOTE:
gcpdiag ships with over 70 rules that check for a wide range of issues, including security, performance, and best practices
How to Use:
1- Running in Cloud Shell:
gcpdiag is integrated in google Cloud Shell:
gcpdiag lint --project=MYPROJECT
2- Running with Docker:
You can run gcpdiag using a shell wrapper that starts gcpdiag in a Docker container. This should work on any machine with Docker or Podman installed.
curl https://gcpdiag.dev/gcpdiag.sh >gcpdiag
chmod +x gcpdiag
./gcpdiag lint --project=MYPROJECT$ ./gcpdiag lint --project=gcp-project-390708
Unable to find image 'us-docker.pkg.dev/gcpdiag-dist/release/gcpdiag:0.63' locally
0.63: Pulling from gcpdiag-dist/release/gcpdiag
faef57eae888: Pull complete
36578dff3c0f: Pull complete
dc5bc15716ac: Pull complete
f127de16bbdd: Pull complete
02fcdd01704c: Pull complete
58cb2123c7dc: Pull complete
efcde4bdd2cd: Pull complete
2d5b5d9a1b8e: Pull complete
73a9c0ad0d8b: Pull complete
18ee60389570: Pull complete
d9d3a183d725: Pull complete
94f2c3ef7286: Pull complete
e84235464ea1: Pull complete
e0ae8d129bf9: Pull complete
8ccefa52b4b8: Pull complete
4de99ace6b4a: Pull complete
ba406778ff6d: Pull complete
be77ef8c2546: Pull complete
Digest: sha256:da2fd09cf0d4f831e4a1db1c390b3e210d41f6d09eaeb866b835dea96f7e2a65
Status: Downloaded newer image for us-docker.pkg.dev/gcpdiag-dist/release/gcpdiag:0.63
gcpdiag 🩺 0.63- The output looks like this on the terminal:
NOTE: The supported output formatters are JSON, CSV, and terminal.
- security vulnerability detected:
I trust that you have found this user-friendly. And buy me a coffee to show your support.
Please share your thoughts and experiences after following the steps outlined. Your feedback is valuable and helps us improve the quality.
Topics:
- Provision GKE Cluster with Terraform Using Module
- Deploy Cloud Functions on GCP with Terraform- (Environment -1st Gen)
- Deploy Cloud Functions on GCP with Terraform (2nd Gen Environment)
- Terraform Tools That You Need
Do not forget the 👏✌️❤️ if you like this content!
Also, I will be glad if you hit the follow button so you get notified of my new posts.
You can also follow me on LinkedIn!
Thank you!
