Creating Instance Templates

This page describes how to create and manage instance templates. Instance templates allow you to define the machine type, boot disk image or container image, network, and other instance properties to use when creating new VM instances. You can use instance templates to create instances in a managed instance group or to create individual instances.

Before you begin

Creating a new instance template

Most of the instance properties that you can define in a regular API request to create an individual VM instance can be defined in the instance template, including any instance metadata, startup scripts, persistent disks, service accounts, and so on.

At a minimum, the same required properties for creating an instance are also required to create an instance template. See a list of the required fields on the instanceTemplates().insert reference.

Create an instance template through the Google Cloud Platform Console, gcloud compute tool, or the API.

Console

  1. In the GCP Console, go to the Instance Templates page.

    Go to the Instance templates page

  2. Click Create instance template.
  3. Fill in the fields you want for your instance template, or accept the default values. The following values are provided by default:

    • Machine type: n1-standard-1
    • Image: The latest Debian image
    • Boot disk: A new standard boot disk named after the instance
    • VPC network: The default VPC network
    • IP address: An ephemeral external IP address
  4. Optionally, change the instance's Shielded VM settings, if you chose an image that supports Shielded VM:

    1. Click on the Security tab in the Management, Security, Disks, Networking, Sole Tenancy section.
    2. If you want to disable Secure Boot, uncheck Turn on Secure Boot. Secure Boot helps protect your VM instances against boot-level and kernel-level malware and rootkits. For more information, see Secure Boot.
    3. If you want to disable the virtual trusted platform module (vTPM), uncheck Turn on vTPM. The vTPM enables Measured Boot, which validates the VM pre-boot and boot integrity. For more information, see Virtual Trusted Platform Module (vTPM).

    4. If you want to disable integrity monitoring, uncheck Turn on Integrity Monitoring. Integrity monitoring lets you monitor the boot integrity of your Shielded VM instances using Stackdriver. For more information, see Integrity monitoring.

  5. Optionally, click on the tabs in the Management, Security, Disks, Networking, Sole Tenancy section to further customize your template. For example, you can add up to 15 secondary non-boot disks.

  6. Click Create to create the template.

gcloud

In gcloud compute, create an instance template using the instance-templates create command:

gcloud compute instance-templates create [INSTANCE_TEMPLATE_NAME]

where you replace [INSTANCE_TEMPLATE_NAME] with the desired name of the instance template.

If you do not provide explicit template settings, gcloud compute creates a template with the following default values:

  • Machine type: n1-standard-1
  • Image: The latest Debian image
  • Boot disk: A new standard boot disk named after the instance
  • Network: The default VPC network
  • IP address: An ephemeral external IP address

You can also explicitly provide these configuration settings. For example:

gcloud compute instance-templates create example-template-custom \
    --machine-type n1-standard-4 \
    --image-family debian-9 \
    --image-project debian-cloud \
    --boot-disk-size 250GB

You can add up to 15 secondary non-boot disks. Specify the --create-disk flag for each secondary disk you create. To create secondary disks from a public or stock image, specify the image and image-project properties in the --create-disk flag. To create a blank disk, do not include these properties. Optionally, include properties for the disk size and type.

gcloud compute instance-templates create [INSTANCE_TEMPLATE_NAME] \
    --create-disk image=[DISK_IMAGE],image-project=[DISK_IMAGE_PROJECT],size=[SIZE_GB]

where:

  • [INSTANCE_TEMPLATE_NAME] is the name for the new template.
  • [DISK_IMAGE] is the source image for the secondary disk. For a list of available images, run gcloud compute images list. For blanks disks, do not specify a disk image or image project.
  • [DISK_IMAGE_PROJECT] is the image project to which the disk image belongs. For blanks disks, do not specify a disk image or image project.
  • [SIZE_GB] is the size of the secondary disk.

If you chose an image that supports Shielded VM, you can optionally change the instance's Shielded VM settings using one of the following flags:

  • --no-shielded-vm-secure-boot: Disable Secure Boot. Secure Boot helps protect your VM instances against boot-level and kernel-level malware and rootkits. For more information, see Secure Boot.
  • --no-shielded-vm-vtpm: Disable the virtual trusted platform module (vTPM). The vTPM enables Measured Boot, which validates the VM pre-boot and boot integrity. For more information, see Virtual Trusted Platform Module (vTPM).

  • --no-shielded-vm-integrity-monitoring: Disable integrity monitoring. Integrity monitoring lets you monitor the boot integrity of your Shielded VM instances using Stackdriver. For more information, see Integrity monitoring.

You can see a list of available flags in the gcloud compute reference.

A template with the default configuration settings might look like the following:

gcloud compute instance-templates describe example-template

creationTimestamp: '2014-09-10T16:18:32.042-07:00'
description: ''
id: '6057583701980539406'
kind: compute#instanceTemplate
name: example-template
properties:
  canIpForward: false
  disks:
  - autoDelete: true
    boot: true
    initializeParams:
      sourceImage: https://www.googleapis.com/compute/v1/projects/debian-cloud/global/images/family/debian-9
    kind: compute#attachedDisk
    mode: READ_WRITE
    type: PERSISTENT
  machineType: n1-standard-1
  networkInterfaces:
  - accessConfigs:
    - kind: compute#accessConfig
      name: external-nat
      type: ONE_TO_ONE_NAT
    network: https://www.googleapis.com/compute/v1/projects/myproject/global/networks/default
  scheduling:
    automaticRestart: true
    onHostMaintenance: MIGRATE
  serviceAccounts:
  - email: default
    scopes:
    - https://www.googleapis.com/auth/devstorage.read_only
selfLink: https://www.googleapis.com/compute/v1/projects/myproject/global/instanceTemplates/example-template

API

In the instance template API, you must explicitly define all of the required configuration fields as described in the instanceTemplates().insert documentation. For example, an instance template with the minimal required fields looks like the following:

{
"name": "example-template",
"properties": {
  "machineType": "n1-standard-4",
  "networkInterfaces": [
    {
      "network": "global/networks/default",
      "accessConfigs":
      [
        {
          "name": "external-IP",
          "type": "ONE_TO_ONE_NAT"
        }
      ]
    }
  ],
  "disks":
  [
    {
      "type": "PERSISTENT",
      "boot": true,
      "mode": "READ_WRITE",
      "initializeParams":
      {
        "sourceImage": "projects/debian-cloud/global/images/family/debian-9"
      }
    }
  ]
  }
}

For the disks property, you must either provide the initializeParams property to create new persistent boot disks for each instance, or you can provide the source property to attach an existing persistent boot disk. If you attach an existing boot disk, you can only create one instance from your template.

You can add up to 15 secondary non-boot disks by using the initializeParams property for each additional disk. Create additional disks with a public or a private image. To add blank disks, do not specify a sourceImage. Optionally, you can include the diskSizeGb and diskType properties.

If you chose an image that supports Shielded VM, you can optionally change the instance's Shielded VM settings by using the following boolean request body items:

  • enableSecureBoot: Enable or disable Secure Boot. Secure Boot helps protect your VM instances against boot-level and kernel-level malware and rootkits. For more information, see Secure Boot.
  • enableVtpm: Enable or disable the virtual trusted platform module (vTPM). The vTPM enables Measured Boot, which validates the VM pre-boot and boot integrity. For more information, see Virtual Trusted Platform Module (vTPM).
  • enableIntegrityMonitoring: Enable or disable integrity monitoring. Integrity monitoring lets you monitor and verify the runtime boot integrity of your Shielded VM instances using Stackdriver reports. For more information, see Integrity monitoring.

Creating an instance template based on an existing instance

You can use the --source-instance and --source-instance-zone flags to save the configuration of an existing virtual machine instance into an instance template. Optionally, you can override how the source disks for the instance are defined in the template.

The table below shows the options for overriding how disks are defined in the template.

Disk type Options
Boot disk
  • [Default] Use the same source image or image family that was used to create the boot disk in the source instance.
  • Use the URL of any (custom or public) image.
Other read-write persistent disk(s)
  • [Default] Use the same source image/source image family that was used to create the disk in the source instance. Note: If the source instance's disk does not have a source image/source image family property, then it will be included in the template as a blank disk.
  • Use the URL of any (custom or public) image.
  • Use a blank disk in the template instead. When the template is used to create a new instance, this disk is created unformatted. You must to format and mount the disk in a startup script to be able to use it in a scalable setup.
  • Do not include the disk.
Read-only disk(s)
  • [Default] Include the disk in read-only mode.
  • Do not include the disk.
Local SSD(s)
  • [Default] Include a blank local SSD. When the template is used to create a new instance, this disk is created unformatted. You must format and mount the disk in a startup script to be able to use it in a scalable setup.

For each disk, you can also override the auto-delete attribute to specify whether or not the disk should be deleted when its associated instance is deleted.

By default, if no override options are specified, the disk configuration in the template matches the source instance.

Console

  1. In the GCP Console, go to the Instance Templates page.

    Go to the Instance templates page

  2. Click the arrow drop down next to Create instance template and select Based on instance.
  3. Select the instance to use as a model for the new template.
  4. Make modifications to the template if necessary.
  5. Click Create to create the template.

gcloud

For a list of all the flags, see the gcloud instance-templates create command.

gcloud compute instance-templates create [INSTANCE_TEMPLATE_NAME] \
    --source-instance=[SOURCE_INSTANCE] \
    --source-instance-zone=[SOURCE_INSTANCE_ZONE] \
    [--configure-disk= \
        device-name=[SOURCE_DISK], \
        instantiate-from=[INSTANTIATE_FROM], \
        auto-delete=[AUTO_DELETE]]

where:

  • [INSTANCE_TEMPLATE_NAME] is the name of the template to create.
  • [SOURCE_INSTANCE] is the name of the instance to use as a model for the new template.
  • [SOURCE_INSTANCE_ZONE] is the zone that contains the source instance.
  • [SOURCE_DISK] is the name of a source-instance disk that you want to override within the template.
  • [INSTANTIATE_FROM] specifies whether to include the disk and which image to use. Valid values depend on the type of disk:
    • source-image or source-image-family (valid only for boot and other persistent read-write disks).
    • custom-image (valid only for boot and other persistent read-write disks). If specified then the path or URL for the custom image must also be specified; see example below.
    • attach-read-only (valid only for read-only disks).
    • blank (valid only for non-boot persistent disks and local SSDs). If specified, then when the template is used to create a new instance, the disk is created unformatted. You must format and mount the disk in a startup script to be able to use it in a scalable setup.
    • do-not-include (valid only for non-boot persistent disks and read-only disks).
    • blank (valid only for non-boot persistent disks and read-only disks).
  • [AUTO_DELETE] specifies whether the disk will be auto-deleted when the instance is deleted. Valid values are: false, no, true, and yes.

For example, the following command creates an instance template based on my-source-instance, with the option to use the original image from data-disk-a but set auto-delete to true, and to replace data-disk-b with a custom image.

gcloud compute instance-templates create my-instance-template  \
    --source-instance my-source-instance \
    --configure-disk=device-name=data-disk-a,instantiate-from=source-image, \
      auto-delete=true
    --configure-disk=device-name=data-disk-b,instantiate-from=custom-image, \
      custom-image=projects/coreos-cloud/global/images/coreos-alpha-1492-3-0-v20170810

API

For a list of all the flags, see the InstanceTemplates API docs.

POST https://www.googleapis.com/compute/v1/projects/[PROJECT_ID]/global/instanceTemplates
{
  "name": "[INSTANCE_TEMPLATE_NAME]",
  "sourceInstance": "zones/[SOURCE_INSTANCE_ZONE]/instances/[SOURCE_INSTANCE]",
  "sourceInstanceParams": {
    "diskConfigs": [
      "deviceName": "[SOURCE_DISK]",
      "instantiateFrom": "[INSTANTIATE_FROM]"
    ]
  }
}

where:

  • [PROJECT_ID] with the project ID for the request.
  • [INSTANCE_TEMPLATE_NAME] with the name of the new template.
  • [SOURCE_INSTANCE_ZONE] with the zone of the source instance.
  • [SOURCE_INSTANCE] with the name of the source instance to use as a model for this instance template.
  • [SOURCE_DISK] is the name of a source-instance disk that you want to override within the template.
  • [INSTANTIATE_FROM] specifies whether to include the disk and which image to use. Valid values depend on the type of disk:
    • source-image or source-image-family (valid only for boot and other persistent read-write disks).
    • custom-image (valid only for boot and other persistent read-write disks). If specified then the path or URL for the custom image must also be specified; see example below.
    • attach-read-only (valid only for read-only disks).
    • blank (valid only for non-boot persistent disks and local SSDs). If specified, then when the template is used to create a new instance, the disk is created unformatted. You must format and mount the disk in a startup script to be able to use it in a scalable setup.
    • do-not-include (valid only for non-boot persistent disks and read-only disks).

The following example creates a new instance template based on my-source-instance. In the instance template, the image for data-disk-a is replaced with projects/coreos-cloud/global/images/coreos-alpha-1492-3-0-v20170810.

POST https://www.googleapis.com/compute/v1/projects/my_project/global/instanceTemplates
{
  "name": "my-instance-template",
  "sourceInstance": "zones/us-central1-a/instances/my-source-instance",
  "sourceInstanceParams":
  {
    "diskConfigs":
    [
      {
        "deviceName": "data-disk-a",
        "instantiateFrom": "custom-image",
        "customImage": "projects/coreos-cloud/global/images/coreos-alpha-1492-3-0-v20170810"
      }
    ]
  }
}

Creating an instance template with a container image

You can specify a container image in an instance template. By default, Compute Engine also includes in the template a Container-Optimized OS image with Docker installed. When you use the template to create a new instance, the container is launched automatically as the instance starts up.

Console

  1. Go to the Instance Templates page.

    Go to the Instance Templates page

  2. Click Create instance template.
  3. In the Container section, select the Deploy a container image to this VM instance checkbox.
  4. Specify the Container image to use.
    • For example, you can specify gcr.io/cloud-marketplace/google/nginx1:1.12 to select an NGINX 1.12 container image from Cloud Launcher.
    • If you use a container image from Docker Hub, always specify the full Docker image name. For example, specify the following image name to deploy an Apache container image: docker.io/httpd:2.4.
  5. Optionally, click Advanced container options. For more information, see Configuring Options to Run Your Container.
  6. Click Create.

gcloud

Use the gcloud beta compute instance-templates create-with-container command:

gcloud beta compute instance-templates create-with-container [INSTANCE_TEMPLATE_NAME] \
     --container-image [CONTAINER_IMAGE]

where:

  • [INSTANCE_TEMPLATE_NAME] is the name of the template to create.
  • [CONTAINER_IMAGE] is the full name of the container image to use.

For example, the following command creates a new instance template named nginx-vm. A VM instance created from this template will launch and run the container image, gcr.io/cloud-marketplace/google/nginx1:1.12, when the VM starts.

 gcloud beta compute instance-templates create-with-container nginx-vm \
     --container-image gcr.io/cloud-marketplace/google/nginx1:1.12

You can also configure options to run your container.

Creating an instance template that specifies a subnet

Instance template commands have --subnet and --region flags that place new instances into the subnet of your choice. The --subnet flag requires the --region flag.

gcloud compute instance-templates create [INSTANCE_TEMPLATE_NAME] \
    --region [REGION] \
    --subnet [SUBNET_NAME_OR_URL]

where you replace the following:

  • [INSTANCE_TEMPLATE_NAME] with the desired name of the instance template.
  • [REGION] with the region of the subnet.
  • [SUBNET_NAME_OR_URL] with either the name of the subnet or its URL. Note: if you use the subnet name, Google will find that subnet in the target region (provided that it exists there); however, if you use the subnet URL, then the instance template can only be used to create instances in the specific region that is associated with the subnet URL.

This example creates a template called template-qa that only creates instances in the subnet-us-qa subnet.

gcloud compute instance-templates create template-qa \
    --region us-central1 \
    --subnet subnet-us-qa

Created [https://www.googleapis.com/compute/latest/projects/PROJECT_ID/global/instanceTemplates/template-qa].
NAME        MACHINE_TYPE  PREEMPTIBLE CREATION_TIMESTAMP
template-qa n1-standard-1             2015-12-23T20:34:00.791-07:00

Using this template to create instances for a Managed Instance Group (with or without autoscaling) automatically creates the instance in the specified region and subnet. This lets you control the subnet of new instances created for load balancing.

Using custom or public images in your instance templates

Because managed instance groups are designed to add and remove instances frequently, it is useful to create a custom image and specify it in the instance template. Prepare your image with the applications and settings that your instances need so you don't have to manually configure those items on individual instances in the managed instance group.

Alternatively, you can create an instance template that uses a public image and a startup script to prepare the instance after it starts running. Custom images are more deterministic and start more quickly than instances with startup scripts. However, startup scripts are more flexible and allow you to update the applications and settings in your instances more easily.

Updating an instance template

It is not possible to update an existing instance template or change an instance template after it has been created. If an instance template goes out of date, or you need to make changes to the configuration, create a new instance template.

What's next

Was this page helpful? Let us know how we did:

Send feedback about...

Compute Engine Documentation