GCP Day-to-Day Operational Tasks

This guide outlines common daily tasks for a Cloud Engineer or DevOps Engineer working with Google Cloud Platform.

1. Monitoring and Logging

Check Cloud Monitoring Dashboards: Review key metrics (CPU, Memory, Latency, Error Rates) for GKE clusters, Compute Engine instances, and Cloud SQL databases.
Analyze Logs in Cloud Logging: Search for ERROR or CRITICAL log entries in the Log Explorer. Use advanced queries to filter by resource type (e.g., resource.type="k8s_container").
Review Error Reporting: Check the Error Reporting console for new or recurring application crashes and stack traces.

Granting Access: Add new team members to specific projects using the Principle of Least Privilege. Assign roles like roles/viewer or specific service roles (e.g., roles/storage.objectAdmin) instead of roles/owner.
Service Accounts: Rotate keys for service accounts used by external applications. Audit service account usage to ensure they are not over-privileged.

VM Management: Resize Compute Engine instances based on utilization reports (Rightsizing recommendations). Stop development instances during non-working hours to save costs.
GKE Maintenance: Upgrade GKE cluster control planes and node pools to the latest stable version. Check for deprecated APIs before upgrading.
Storage Cleanup: Set up Lifecycle Management policies on Cloud Storage buckets to automatically delete old temporary files or move infrequent data to Nearline/Coldline storage classes.

Security Command Center: Review findings in the Security Command Center (SCC) for misconfigurations (e.g., open firewalls, public buckets).
Firewall Rules: Audit VPC firewall rules. Ensure that SSH/RDP ports are not open to 0.0.0.0/0 (use IAP for TCP forwarding instead).

Billing Reports: Check the Billing Report daily or weekly to spot unexpected cost spikes.
Budgets & Alerts: Ensure budget alerts are configured to notify the team when spending exceeds 50%, 75%, and 90% of the monthly budget.