Creating Instance Templates

Console

1. In the GCP Console, go to the Instance Templates page.

   Go to the Instance templates page

2. Click Create instance template.

3. Fill in the fields you want for your instance template, or accept the default values. The following values are provided by default:

   • Machine type: n1-standard-1
   • Image: The latest Debian image
   • Boot disk: A new standard boot disk named after the instance
   • VPC network: The default VPC network
   • IP address: An ephemeral external IP address

4. Optionally, change the instance's Shielded VM settings, if you chose an image that supports Shielded VM:

   1. Click on the Security tab in the Management, Security, Disks, Networking, Sole Tenancy section.
   2. If you want to disable Secure Boot, uncheck Turn on Secure Boot. Secure Boot helps protect your VM instances against boot-level and kernel-level malware and rootkits. For more information, see Secure Boot.

   3. If you want to disable the virtual trusted platform module (vTPM), uncheck Turn on vTPM. The vTPM enables Measured Boot, which validates the VM pre-boot and boot integrity. For more information, see Virtual Trusted Platform Module (vTPM).

   4. If you want to disable integrity monitoring, uncheck Turn on Integrity Monitoring. Integrity monitoring lets you monitor the boot integrity of your Shielded VM instances using Stackdriver. For more information, see Integrity monitoring.

5. Optionally, click on the tabs in the Management, Security, Disks, Networking, Sole Tenancy section to further customize your template. For example, you can add up to 15 secondary non-boot disks.

6. Optionally, click Equivalent REST at the bottom of the page to view the REST request body, which includes the JSON representation of your instance template.

7. Click Create to create the template.

gcloud

In gcloud compute, create an instance template using the instance-templates create command:

gcloud compute instance-templates create [INSTANCE_TEMPLATE_NAME]

where you replace [INSTANCE_TEMPLATE_NAME] with the desired name of the instance template.

If you do not provide explicit template settings, gcloud compute creates a template with the following default values:

• Machine type: n1-standard-1
• Image: The latest Debian image
• Boot disk: A new standard boot disk named after the instance
• Network: The default VPC network
• IP address: An ephemeral external IP address

You can also explicitly provide these configuration settings. For example:

gcloud compute instance-templates create example-template-custom \
    --machine-type n1-standard-4 \
    --image-family debian-9 \
    --image-project debian-cloud \
    --boot-disk-size 250GB

You can add up to 15 secondary non-boot disks. Specify the --create-disk flag for each secondary disk you create. To create secondary disks from a public or stock image, specify the image and image-project properties in the --create-disk flag. To create a blank disk, do not include these properties. Optionally, include properties for the disk size and type.

gcloud compute instance-templates create [INSTANCE_TEMPLATE_NAME] \
    --create-disk image=[DISK_IMAGE],image-project=[DISK_IMAGE_PROJECT],size=[SIZE_GB]

where:

• [INSTANCE_TEMPLATE_NAME] is the name for the new template.
• [DISK_IMAGE] is the source image for the secondary disk. For a list of available images, run gcloud compute images list. For blanks disks, do not specify a disk image or image project.
• [DISK_IMAGE_PROJECT] is the image project to which the disk image belongs. For blanks disks, do not specify a disk image or image project.
• [SIZE_GB] is the size of the secondary disk.

If you chose an image that supports Shielded VM, you can optionally change the instance's Shielded VM settings using one of the following flags:

• --no-shielded-vm-secure-boot: Disable Secure Boot. Secure Boot helps protect your VM instances against boot-level and kernel-level malware and rootkits. For more information, see Secure Boot.

• --no-shielded-vm-vtpm: Disable the virtual trusted platform module (vTPM). The vTPM enables Measured Boot, which validates the VM pre-boot and boot integrity. For more information, see Virtual Trusted Platform Module (vTPM).

• --no-shielded-vm-integrity-monitoring: Disable integrity monitoring. Integrity monitoring lets you monitor the boot integrity of your Shielded VM instances using Stackdriver. For more information, see Integrity monitoring.

You can see a list of available flags in the gcloud compute reference.

A template with the default configuration settings might look like the following:

gcloud compute instance-templates describe example-template

creationTimestamp: '2014-09-10T16:18:32.042-07:00'
description: ''
id: '6057583701980539406'
kind: compute#instanceTemplate
name: example-template
properties:
  canIpForward: false
  disks:
  - autoDelete: true
    boot: true
    initializeParams:
      sourceImage: https://www.googleapis.com/compute/v1/projects/debian-cloud/global/images/family/debian-9
    kind: compute#attachedDisk
    mode: READ_WRITE
    type: PERSISTENT
  machineType: n1-standard-1
  networkInterfaces:
  - accessConfigs:
    - kind: compute#accessConfig
      name: external-nat
      type: ONE_TO_ONE_NAT
    network: https://www.googleapis.com/compute/v1/projects/myproject/global/networks/default
  scheduling:
    automaticRestart: true
    onHostMaintenance: MIGRATE
  serviceAccounts:
  - email: default
    scopes:
    - https://www.googleapis.com/auth/devstorage.read_only
selfLink: https://www.googleapis.com/compute/v1/projects/myproject/global/instanceTemplates/example-template

API

In the instance template API, you must explicitly define all of the required configuration fields as described in the instanceTemplates().insert documentation. For example, an instance template with the minimal required fields looks like the following:

{
"name": "example-template",
"properties": {
  "machineType": "n1-standard-4",
  "networkInterfaces": [
    {
      "network": "global/networks/default",
      "accessConfigs":
      [
        {
          "name": "external-IP",
          "type": "ONE_TO_ONE_NAT"
        }
      ]
    }
  ],
  "disks":
  [
    {
      "type": "PERSISTENT",
      "boot": true,
      "mode": "READ_WRITE",
      "initializeParams":
      {
        "sourceImage": "projects/debian-cloud/global/images/family/debian-9"
      }
    }
  ]
  }
}

For the disks property, you must either provide the initializeParams property to create new persistent boot disks for each instance, or you can provide the source property to attach an existing persistent boot disk. If you attach an existing boot disk, you can only create one instance from your template.

You can add up to 15 secondary non-boot disks by using the initializeParams property for each additional disk. Create additional disks with a public or a private image. To add blank disks, do not specify a sourceImage. Optionally, you can include the diskSizeGb, diskType, and labels properties.

If you chose an image that supports Shielded VM, you can optionally change the instance's Shielded VM settings by using the following boolean request body items:

• enableSecureBoot: Enable or disable Secure Boot. Secure Boot helps protect your VM instances against boot-level and kernel-level malware and rootkits. For more information, see Secure Boot.
• enableVtpm: Enable or disable the virtual trusted platform module (vTPM). The vTPM enables Measured Boot, which validates the VM pre-boot and boot integrity. For more information, see Virtual Trusted Platform Module (vTPM).
• enableIntegrityMonitoring: Enable or disable integrity monitoring. Integrity monitoring lets you monitor and verify the runtime boot integrity of your Shielded VM instances using Stackdriver reports. For more information, see Integrity monitoring.

For all possible fields, see the reference documentation.

gcloud

For a list of all the flags, see the gcloud instance-templates create command.

gcloud compute instance-templates create [INSTANCE_TEMPLATE_NAME] \
    --source-instance=[SOURCE_INSTANCE] \
    --source-instance-zone=[SOURCE_INSTANCE_ZONE] \
    [--configure-disk= \
        device-name=[SOURCE_DISK], \
        instantiate-from=[INSTANTIATE_FROM], \
        auto-delete=[AUTO_DELETE]]

where:

• [INSTANCE_TEMPLATE_NAME] is the name of the template to create.
• [SOURCE_INSTANCE] is the name of the instance to use as a model for the new template.
• [SOURCE_INSTANCE_ZONE] is the zone that contains the source instance.
• [SOURCE_DISK] is the name of a source-instance disk that you want to override within the template.
• [INSTANTIATE_FROM] specifies whether to include the disk and which image to use. Valid values depend on the type of disk:
  • source-image or source-image-family (valid only for boot and other persistent read-write disks).
  • custom-image (valid only for boot and other persistent read-write disks). If specified then the path or URL for the custom image must also be specified; see example below.
  • attach-read-only (valid only for read-only disks).
  • blank (valid only for non-boot persistent disks and local SSDs). If specified, then when the template is used to create a new instance, the disk is created unformatted. You must format and mount the disk in a startup script to be able to use it in a scalable setup.
  • do-not-include (valid only for non-boot persistent disks and read-only disks).
  • blank (valid only for non-boot persistent disks and read-only disks).
• [AUTO_DELETE] specifies whether the disk will be auto-deleted when the instance is deleted. Valid values are: false, no, true, and yes.

For example, the following command creates an instance template based on my-source-instance, with the option to use the original image from data-disk-a but set auto-delete to true, and to replace data-disk-b with a custom image.

gcloud compute instance-templates create my-instance-template  \
    --source-instance my-source-instance \
    --configure-disk=device-name=data-disk-a,instantiate-from=source-image, \
      auto-delete=true
    --configure-disk=device-name=data-disk-b,instantiate-from=custom-image, \
      custom-image=projects/coreos-cloud/global/images/coreos-alpha-1492-3-0-v20170810

API

For a list of all the flags, see the InstanceTemplates API docs.

POST https://www.googleapis.com/compute/v1/projects/[PROJECT_ID]/global/instanceTemplates
{
  "name": "[INSTANCE_TEMPLATE_NAME]",
  "sourceInstance": "zones/[SOURCE_INSTANCE_ZONE]/instances/[SOURCE_INSTANCE]",
  "sourceInstanceParams": {
    "diskConfigs": [
      {
        "deviceName": "[SOURCE_DISK]",
        "instantiateFrom": "[INSTANTIATE_FROM]"
      }
    ]
  }
}

where:

• [PROJECT_ID] with the project ID for the request.
• [INSTANCE_TEMPLATE_NAME] with the name of the new template.
• [SOURCE_INSTANCE_ZONE] with the zone of the source instance.
• [SOURCE_INSTANCE] with the name of the source instance to use as a model for this instance template.
• [SOURCE_DISK] is the name of a source-instance disk that you want to override within the template.
• [INSTANTIATE_FROM] specifies whether to include the disk and which image to use. Valid values depend on the type of disk:
  • source-image or source-image-family (valid only for boot and other persistent read-write disks).
  • custom-image (valid only for boot and other persistent read-write disks). If specified then the path or URL for the custom image must also be specified; see example below.
  • attach-read-only (valid only for read-only disks).
  • blank (valid only for non-boot persistent disks and local SSDs). If specified, then when the template is used to create a new instance, the disk is created unformatted. You must format and mount the disk in a startup script to be able to use it in a scalable setup.
  • do-not-include (valid only for non-boot persistent disks and read-only disks).

The following example creates a new instance template based on my-source-instance. In the instance template, the image for data-disk-a is replaced with projects/coreos-cloud/global/images/coreos-alpha-1492-3-0-v20170810.

POST https://www.googleapis.com/compute/v1/projects/my_project/global/instanceTemplates
{
  "name": "my-instance-template",
  "sourceInstance": "zones/us-central1-a/instances/my-source-instance",
  "sourceInstanceParams":
  {
    "diskConfigs":
    [
      {
        "deviceName": "data-disk-a",
        "instantiateFrom": "custom-image",
        "customImage": "projects/coreos-cloud/global/images/coreos-alpha-1492-3-0-v20170810"
      }
    ]
  }
}

Console

1. Go to the Instance Templates page.

   Go to the Instance Templates page

2. Click Create instance template.
3. In the Container section, select the Deploy a container image to this VM instance checkbox.
4. Specify the Container image to use.
   • For example, you can specify gcr.io/cloud-marketplace/google/nginx1:1.12 to select an NGINX 1.12 container image from Cloud Launcher.
   • If you use a container image from Docker Hub, always specify the full Docker image name. For example, specify the following image name to deploy an Apache container image: docker.io/httpd:2.4.
5. Optionally, click Advanced container options. For more information, see Configuring Options to Run Your Container.
6. Click Create.

gcloud

Use the gcloud compute instance-templates create-with-container command:

gcloud compute instance-templates create-with-container [INSTANCE_TEMPLATE_NAME] \
     --container-image [CONTAINER_IMAGE]

where:

• [INSTANCE_TEMPLATE_NAME] is the name of the template to create.
• [CONTAINER_IMAGE] is the full name of the container image to use.

For example, the following command creates a new instance template named nginx-vm. A VM instance created from this template will launch and run the container image, gcr.io/cloud-marketplace/google/nginx1:1.12, when the VM starts.

 gcloud compute instance-templates create-with-container nginx-vm \
     --container-image gcr.io/cloud-marketplace/google/nginx1:1.12

You can also configure options to run your container.