Link Search Menu Expand Document

GCP Environment

The user account provisioned through the Katacoda environment will have access to an isolated project per user, defined under O’Reilly’s organization. Note that the temporary user account is active for 60 minutes and is then deactivated. Please see the GCP Sandbox example (through direct link only) on

Lab Set-up

  1. Base imageID to configure in index.json: "imageid": "orm-gcp"
  2. index.json should be configured to auto-execute the script.
  "intro": {
      "text": "",
      "courseData": "",
      "code": ""
  1. The script should include:
  chmod +x /opt/get-gcp
  for i in {1..20}; do /opt/get-gcp && . ~/.gcpenv && break || sleep 1; done

The user is assigned a combination of roles (roles/editor, roles/iam.serviceAccountAdmin, roles/resourcemanager.projectIamAdmin, roles/datastore.owner, and roles/servicenetworking.networksAdmin) for their associated project. These roles are necessary for the user to create and manage resources in the project, but prevent the user from creating or modifying resources outside of the project.

Pre-Installed Tools

Environment Variables

The environment includes GCP credentials in the file ~/.gcp-resp, and there is a helper script /opt/get-gcp that configures the following environment variables:

  • console_url: URL containing project ID to sign in to a GCP account as a user
  • email: GCP user email
  • password: GCP user password
  • project_name: GCP project name
  • GOOGLE_APPLICATION_CREDENTIALS: path to the service account key file
  • USER: GCP project name
  • randomNum / sessionRandomNumber: a random string of 12 decimal digits. Useful for resources that need to be globally unique.

Supported Services

  • API Keys
  • App Engine
  • Artifact Registry
  • Batch
  • BigQuery
  • Cloud Armor
  • Cloud Bigtable
  • Cloud Build
  • Cloud Composer
  • Cloud Data Fusion
  • Cloud Data Loss Prevention
  • Cloud Dataflow Fault Tolerance
  • Cloud Datastore
  • Cloud Deploy
  • Cloud Deployment Manager
  • Cloud DNS
  • Cloud Filestore
  • Cloud Functions
  • Cloud GPUs
  • Cloud Key Management Service (KMS)
  • Cloud Logging
  • Cloud Memorystore
  • Cloud Monitoring
  • Cloud NAT
  • Cloud Profiler
  • Cloud Run
  • Cloud Scheduler
  • Cloud SDK
  • Cloud Shell
  • Cloud Spanner
  • Cloud Speech-to-Text
  • Cloud SQL
  • Cloud Storage
  • Cloud Tensor Processing Units (TPUs)
  • Cloud Text-to-Speech
  • Cloud Trace
  • Cloud Vision AI
  • Cloud VPCs
  • Compute Engine
  • Config Connector
  • Data Catalog
  • Dataflow
  • Dataflow Runner
  • Dataproc
  • Dataproc Metastore
  • Eventarc
  • Firebase Rules
  • Firestore
  • Google Cloud Translation
  • IAM
  • Kubernetes GKE
  • Looker Studio
  • Natural Language AI
  • Operations Suite - Error Reporting
  • Pub/Sub
  • Recommender
  • Resource Manager
  • Resource Settings API
  • Secret Manager
  • Security Command Center
  • Service Directory
  • Service Networking API
  • Storage Transfer Service
  • Vertex AI

Note: If a service or action isn’t explicitly stated in this list, it isn’t currently supported, but we are actively expanding access.


  • 32 CPUs across all regions on the Google Compute Engine service.
  • 4096 GB of total disk storage is allowed per region for instances in the (Google Compute Engine) service.
  • 12 Compute Engine instances can be created in each region.
  • 5 Spanner database nodes can be allocated within each region
  • 20 CPUs can be utilized for n2 and e2 in AI Platform for each region.
  • The most expensive AI CPUs are not allowed.
  • The most expensive AI GPUs (accelerators) are not allowed.
  • A maximum of 1GB of content (including images and bytes) can be ingested and scanned globally in the Data Loss Prevention (DLP) service.
  • 1 Cloud Build private pool per region per project
  • 2 Cloud Build concurrent builds per project
  • Cloud Speech-to-Text 3600 seconds of audio per day
  • A maximum of 8 TPUs can be used in a given region for each project


The following limitations are in place for the GCP environment:

  • Users can’t create any capacity commitments or make any reservations.
  • Users can’t create or manage project or folders
  • Users can’t create or manage billing accounts
  • Users can’t create or manage organizations
  • Users can’t update quotas

Note: Quotas and limitations are continuously reviewed and updated as necessary.