Creating a persistent disk from a data source

Before you begin

You can either create a blank persistent disk, or create a disk from a data source. You can use a persistent disk as a boot disk for a virtual machine (VM) instance, or as a data disk that you attach to a VM.

Data sources

You can create persistent disks from the following data sources:

Creating a disk clone from an existing disk

You can create a new persistent disk clone from an existing persistent disk, even if the existing disk is attached to a VM instance. When you clone a disk, you create a new disk that contains all the data on the source disk. You can modify properties on that clone, such as the size. You can also delete the source disk without any risk of deleting the clone.

The ability to clone disks is useful for duplicating production data to debug without disturbing production, duplicating disks while scaling out your VMs, and creating replicas for database backup verification. You can also clone disks to move non-boot disk data to a new project. For scenarios where data protection is required for additional resilience, such as backup and disaster recovery, we recommend using snapshots instead of disk clones.

Restrictions

  • The zone, region, and disk type of the clone must be the same as that of the source disk.
  • You cannot create a zonal disk clone from a regional disk. You cannot create a regional disk clone from a zonal disk.
  • The size of the clone must be at least the size of the source disk. If you create a clone using the Google Cloud Console, you cannot specify a disk size and the clone is the same size as the source disk.
  • If you use a customer-supplied encryption key or a customer-managed encryption key to encrypt the source disk, you must use the same key to encrypt the clone. For more information, see Creating a clone of an encrypted source disk.
  • You can create at most one clone of a given source disk every 30 seconds.
  • You can create at most 1000 total disk clones of a given source disk. Exceeding this limit returns an internalError.

If you exceed the cloning frequency limits, the request fails with the following error:

RATE LIMIT: ERROR: (gcloud.compute.disks.create) Could not fetch resource:
 - Operation rate exceeded for resource '<removed>'. Too frequent operations from the source resource.

Creating a disk clone

Console

  1. In the Google Cloud Console, go to the Disks page.

    Go to Disks

  2. In the list of zonal persistent disks, find the disk that you want to clone.

  3. Click the menu button under Actions and select Clone disk.

Create clone.

  1. In the Clone disk panel, specify a name for the new disk.
  2. Under Properties, review other details for the new disk.
  3. Click Save.

gcloud

In the gcloud tool, use the disks create command command and specify the --source-disk. The following example clones the source disk to a new disk in a different project:

gcloud compute disks create projects/TARGET_PROJECT_ID/zones/ZONE/disks/TARGET_DISK_NAME \
    --description="cloned disk" \
    --source-disk=projects/SOURCE_PROJECT_ID/zones/ZONE/disks/SOURCE_DISK_NAME

API

In the API, construct a POST request to the compute.disks.insert method. In the request body, specify the name and sourceDisk parameters. The clone inherits all omitted properties from the source disk. The following example clones the source disk to a new disk in a different project:

POST https://compute.googleapis.com/compute/v1/projects/TARGET_PROJECT_ID/zones/ZONE/disks

{
  "name": "TARGET_DISK_NAME"
  "sourceDisk": "projects/SOURCE_PROJECT_ID/zones/ZONE/disks/SOURCE_DISK_NAME"
}

Creating a clone of an encrypted source disk

If you use a customer-supplied encryption key to encrypt your source disk, you must also use the same key to encrypt the clone.

Console

Follow the steps to create a disk clone. When you configure the disk properties, provide the source disk encryption key under Decryption and encryption.

gcloud

Provide the source disk encryption key using the --csek-key-file flag when you create the disk clone. If you are using an RSA-wrapped key, use the gcloud beta component:

gcloud beta compute disks create projects/TARGET_PROJECT_ID/zones/ZONE/disks/TARGET_DISK_NAME \
  --description="cloned disk" \
  --source-disk=projects/SOURCE_PROJECT_ID/zones/ZONE/disks/SOURCE_DISK_NAME \
  --csek-key-file example-key-file.json

API

Provide the source disk encryption key using the diskEncryptionKey property.

POST https://compute.googleapis.com/compute/beta/projects/TARGET_PROJECT_ID/zones/ZONE/disks

{
  "name": "TARGET_DISK_NAME"
  "sourceDisk": "projects/SOURCE_PROJECT_ID/zones/ZONE/disks/SOURCE_DISK_NAME"
  "diskEncryptionKey": {
    "rsaEncryptedKey": "ieCx/NcW06PcT7Ep1X6LUTc/hLvUDYyzSZPPVCVPTVEohpeHASqC8uw5TzyO9U+Fka9JFHz0mBibXUInrC/jEk014kCK/NPjYgEMOyssZ4ZINPKxlUh2zn1bV+MCaTICrdmuSBTWlUUiFoDD6PYznLwh8ZNdaheCeZ8ewEXgFQ8V+sDroLaN3Xs3MDTXQEMMoNUXMCZEIpg9Vtp9x2oeQ5lAbtt7bYAAHf5l+gJWw3sUfs0/Glw5fpdjT8Uggrr+RMZezGrltJEF293rvTIjWOEB3z5OHyHwQkvdrPDFcTqsLfh+8Hr8g+mf+7zVPEC8nEbqpdl3GPv3A7AwpFp7MA=="
  },
}

If you use a customer-managed encryption key to encrypt your source disk, you must also use the same key to encrypt the clone.

Console

Compute Engine automatically encrypts the clone using the source disk encryption key.

gcloud

Provide the key for the source disk using the --kms-key flag when you create the disk clone. If you are using an RSA-wrapped key, use the gcloud beta component:

gcloud beta compute disks create projects/TARGET_PROJECT_ID/zones/ZONE/disks/TARGET_DISK_NAME \
  --description="cloned disk" \
  --source-disk=projects/SOURCE_PROJECT_ID/zones/ZONE/disks/SOURCE_DISK_NAME \
  --kms-key projects/KMS_PROJECT_ID/locations/REGION/keyRings/KEY_RING/cryptoKeys/KEY

API

Provide the key for the source disk using the kmsKeyName property when you create the disk clone.

POST https://compute.googleapis.com/compute/beta/projects/TARGET_PROJECT_ID/zones/ZONE/disks

{
  "name": "TARGET_DISK_NAME"
  "sourceDisk": "projects/SOURCE_PROJECT_ID/zones/ZONE/disks/SOURCE_DISK_NAME"
  "diskEncryptionKey": {
    "kmsKeyName": "projects/KMS_PROJECT_ID/locations/REGION/keyRings/KEY_RING/cryptoKeys/KEY"
  },
}

What's next