Creating instance templates

This page describes how to create and manage instance templates. Instance templates let you specify the machine type, boot disk image, network, and other VM properties that you want to use when creating virtual machine (VM) instances.

You can use instance templates to create VMs in a managed instance group (MIG) or to create individual VMs.

Before you begin

Limitations

Shared VPC on interfaces other than nic0 for instance templates is supported in gcloud tool and the API, but not in Cloud Console.

Creating a new instance template

Most of the VM properties that you can specify in a request to create an individual VM instance can also be specified for an instance template, including any VM metadata, startup scripts, persistent disks, service accounts, and so on. You must specify the machine type, boot disk, and network.

Create an instance template through the Google Cloud Console, gcloud command-line tool, or the API.

Console

  1. In the Cloud Console, go to the Instance templates page.

    Go to Instance templates

  2. Click Create instance template.

  3. Enter values for the following fields, or accept the default values. The default values change based on the machine family that you select.

    • Machine type
    • Image
    • Boot disk
    • VPC network
    • IP address
  4. Optional: If you chose an image that supports Shielded VM, change the VM's Shielded VM settings:

    1. Under Management, Security, Disks, Networking, Sole Tenancy, click the Security tab.
    2. If you want to disable Secure Boot, clear the Turn on Secure Boot checkbox. Secure Boot helps protect your VM instances against boot-level and kernel-level malware and rootkits. For more information, see Secure boot.
    3. If you want to disable the virtual trusted platform module (vTPM), clear the Turn on vTPM checkbox. The vTPM enables Measured boot, which validates the VM pre-boot and boot integrity. For more information, see Virtual Trusted Platform Module (vTPM).

    4. If you want to disable integrity monitoring, uncheck the Turn on Integrity Monitoring checkbox. Integrity monitoring lets you monitor the boot integrity of your Shielded VM instances by using Cloud Monitoring. For more information, see Integrity monitoring.

  5. Optional: Under Management, Security, Disks, Networking, Sole Tenancy, click the tabs to further customize your template. For example, you can add up to 15 secondary non-boot disks.

  6. Optional: Click Equivalent REST to view the REST request body, which includes the JSON representation of your instance template.

  7. Click Create to create the template.

gcloud

In gcloud compute, create an instance template by using the instance-templates create command.

gcloud compute instance-templates create INSTANCE_TEMPLATE_NAME

Replace INSTANCE_TEMPLATE_NAME with a name for the instance template.

If you do not provide explicit template settings, gcloud compute uses the following default values:

  • Machine type: the machine type—for example, n1-standard-1
  • Image: the latest Debian image
  • Boot disk: a new standard boot disk named after the VM
  • Network: the default VPC network
  • IP address: an ephemeral external IP address

You can also explicitly provide these configuration settings. For example:

gcloud compute instance-templates create example-template-custom \
    --machine-type=e2-standard-4 \
    --image-family=debian-10 \
    --image-project=debian-cloud \
    --boot-disk-size=250GB

You can add up to 15 secondary non-boot disks. Specify the --create-disk flag for each secondary disk you create. To create secondary disks from a public or stock image, specify the image and image-project properties in the --create-disk flag. To create a blank disk, do not include these properties. Optionally, include properties for the disk size and type.

gcloud compute instance-templates create INSTANCE_TEMPLATE_NAME \
    --create-disk= \
        {--image=DISK_IMAGE | --image-family=DISK_IMAGE_FAMILY}, \
        image-project=DISK_IMAGE_PROJECT, \
        size=SIZE_GB

Replace the following:

  • INSTANCE_TEMPLATE_NAME: the name for the new template

  • DISK_IMAGE or DISK_IMAGE_FAMILY: specify one of the following:
    • DISK_IMAGE: the name of the image that you want to use as a non-boot disk
    • DISK_IMAGE_FAMILY: an image family to use as a non-boot disk

      For more information on image families, see best practices when using image families on Compute Engine.

  • For blank disks, don't specify the image property.

  • DISK_IMAGE_PROJECT: the image project that contains the image

    For blank disks, don't specify the image-project property. For more information on public images, see Public images.

  • SIZE_GB: the size of the secondary disk

If you chose an image that supports Shielded VM, you can optionally change the instance's Shielded VM settings using one of the following flags:

  • --no-shielded-secure-boot: turns off Secure Boot

    Secure Boot helps protect your VM instances against boot-level and kernel-level malware and rootkits. For more information, see Secure Boot.

  • --no-shielded-vtpm: turns off the virtual trusted platform module (vTPM)

    The vTPM enables Measured Boot, which validates the VM pre-boot and boot integrity. For more information, see Virtual Trusted Platform Module (vTPM).

  • --no-shielded-integrity-monitoring: turns off integrity monitoring

    Integrity monitoring lets you monitor the boot integrity of your Shielded VM instances using Cloud Monitoring. For more information, see Integrity monitoring.

For a list of all available subcommands and flags, see the instance-templates reference.

A template with the default configuration settings might look like the following:

gcloud compute instance-templates describe example-template
creationTimestamp: '2019-09-10T16:18:32.042-07:00'
description: ''
id: '6057583701980539406'
kind: compute#instanceTemplate
name: example-template
properties:
  canIpForward: false
  disks:
  - autoDelete: true
    boot: true
    initializeParams:
      sourceImage: https://compute.googleapis.com/compute/v1/projects/debian-cloud/global/images/family/debian-10
    kind: compute#attachedDisk
    mode: READ_WRITE
    type: PERSISTENT
  machineType: e2-standard-2
  networkInterfaces:
  - accessConfigs:
    - kind: compute#accessConfig
      name: external-nat
      type: ONE_TO_ONE_NAT
    network: https://compute.googleapis.com/compute/v1/projects/myproject/global/networks/default
  scheduling:
    automaticRestart: true
    onHostMaintenance: MIGRATE
  serviceAccounts:
  - email: default
    scopes:
    - https://www.googleapis.com/auth/devstorage.read_only
selfLink: https://compute.googleapis.com/compute/v1/projects/myproject/global/instanceTemplates/example-template

API

To create an instance template, make a POST request to the instanceTemplates.insert method:

POST https://compute.googleapis.com/compute/v1/projects/PROJECT_ID/global/instanceTemplates

Replace PROJECT_ID with the project ID.

In the body of the request, provide the template properties:

{
  "name": "INSTANCE_TEMPLATE_NAME"
  "properties": {
    "machineType": "zones/ZONE/machineTypes/MACHINE_TYPE",
    "networkInterfaces": [
      {
        "network": "global/networks/default",
        "accessConfigs":
        [
          {
            "name": "external-IP",
            "type": "ONE_TO_ONE_NAT"
          }
        ]
      }
    ],
    "disks":
    [
      {
        "type": "PERSISTENT",
        "boot": true,
        "mode": "READ_WRITE",
        "initializeParams":
        {
          "sourceImage": "projects/IMAGE_PROJECT/global/images/IMAGE"
        }
      }
    ]
  }
}

Replace the following:

  • INSTANCE_TEMPLATE_NAME: the name of the instance template
  • ZONE: the zone where VMs are located
  • MACHINE_TYPE: the machine type of the VMs

  • IMAGE_PROJECT: the image project that contains the image

    For more information on public images, see Public images.

  • IMAGE or IMAGE_FAMILY: specify one of the following:
    • IMAGE: a specific version of the image

      For example, "sourceImage": "projects/debian-cloud/global/images/debian-10-buster-v20200309"

    • IMAGE_FAMILY: an image family

      This creates the VM from the most recent, non-deprecated OS image. For example, if you specify "sourceImage": "projects/debian-cloud/global/images/family/debian-10", Compute Engine creates a VM from the latest version of the OS image in the Debian 10 image family.

      For more information on image families, see best practices when using image families on Compute Engine.

You can specify one of the following options for the disks property:

  • Specify initializeParams to create persistent boot disks for each instance. You can add up to 15 secondary non-boot disks by using the initializeParams property for each additional disk. You can create disks by using public or custom images (or image families) in the sourceImage as shown in the preceding example. To add blank disks, do not specify a sourceImage.

  • Specify source to attach an existing persistent boot disk. If you attach an existing boot disk, you can only create one instance from your template.

Optionally, you can specify the diskSizeGb, diskType, and labels properties for initializeParams and the diskSizeGb property for source.

If you chose an image that supports Shielded VM, you can optionally change the VM's Shielded VM settings by using the following Boolean request body items:

  • enableSecureBoot: turns on or off Secure Boot

    Secure Boot helps protect your VM instances against boot-level and kernel-level malware and rootkits. For more information, see Secure Boot.

  • enableVtpm: turns on or off the virtual trusted platform module (vTPM)

    The vTPM enables Measured Boot, which validates the VM pre-boot and boot integrity. For more information, see Virtual Trusted Platform Module (vTPM).

  • enableIntegrityMonitoring: turns on or off integrity monitoring

    Integrity monitoring lets you monitor and verify the runtime boot integrity of your Shielded VM instances by using Cloud Monitoring reports. For more information, see Integrity monitoring.

To learn more about request parameters, see the instanceTemplates.insert method.

Creating an instance template based on an existing instance

You can use the Compute Engine API or gcloud tool to save the configuration of an existing VM instance as an instance template. You can optionally override how the source disks are defined in the template.

If you need to override other properties, first create an instance template based on an existing instance, then create a similar template with additional overrides.

gcloud

Use the gcloud instance-templates create command with the --source-instance and --source-instance-zone flags.

gcloud compute instance-templates create INSTANCE_TEMPLATE_NAME \
    --source-instance=SOURCE_INSTANCE \
    --source-instance-zone=SOURCE_INSTANCE_ZONE \

To override how the source instance's disks are defined, add one or more --configure-disk flags:

gcloud compute instance-templates create INSTANCE_TEMPLATE_NAME \
    --source-instance=SOURCE_INSTANCE \
    --source-instance-zone=SOURCE_INSTANCE_ZONE \
    --configure-disk= \
        device-name=SOURCE_DISK, \
        instantiate-from=INSTANTIATE_FROM, \
        auto-delete=AUTO_DELETE

Replace the following:

  • INSTANCE_TEMPLATE_NAME is the name of the template to create.
  • SOURCE_INSTANCE is the name of the instance to use as a model for the new template.
  • SOURCE_INSTANCE_ZONE is the zone that contains the source instance.
  • SOURCE_DISK is the name of a source-instance disk that you want to override within the template.
  • INSTANTIATE_FROM specifies whether to include the disk and which image to use. Valid values depend on the type of disk:

    • source-image or source-image-family (valid only for boot and other persistent read/write disks).
    • custom-image (valid only for boot and other persistent read/write disks). If specified, then the path or URL for the custom image must also be specified, as shown in the following example. Alternatively, you can also specify an image family using the following format:

      projects/exampleproject/global/images/family/IMAGE_FAMILY_NAME.

      Replace IMAGE_FAMILY_NAME with the name of the image family.

    • attach-read-only (valid only for read-only disks).

    • blank (valid only for non-boot persistent disks and local SSDs). If specified, then, when the template is used to create a new instance, the disk is created unformatted. You must format and mount the disk in a startup script before you can use it in a scalable setup.

    • do-not-include (valid only for non-boot persistent disks and read-only disks).

    • blank (valid only for non-boot persistent disks and read-only disks).

  • AUTO_DELETE specifies whether the disk is auto-deleted when the instance is deleted. Valid values are: false, no, true, and yes.

For example, the following command creates an instance template based on my-source-instance, with the option to use the original image from data-disk-a, but set auto-delete to true and replace data-disk-b with a custom image.

gcloud compute instance-templates create my-instance-template  \
    --source-instance=my-source-instance \
    --configure-disk=device-name=data-disk-a,instantiate-from=source-image, \
      auto-delete=true
    --configure-disk=device-name=data-disk-b,instantiate-from=custom-image, \
      custom-image=projects/cps-cloud/global/images/cos-89-16108-403-15

API

Call the instanceTemplates.insert method and specify the sourceInstance field. To override how the source instance's disks are defined, add one or more diskConfigs fields.

POST https://compute.googleapis.com/compute/v1/projects/PROJECT_ID/global/instanceTemplates

{
  "name": "INSTANCE_TEMPLATE_NAME",
  "sourceInstance": "zones/SOURCE_INSTANCE_ZONE/instances/SOURCE_INSTANCE",
  "sourceInstanceParams": {
    "diskConfigs": [
      {
        "deviceName": "SOURCE_DISK",
        "instantiateFrom": "INSTANTIATE_FROM",
        "autoDelete": false
      }
    ]
  }
}

Replace the following:

  • PROJECT_ID: the project ID for the request
  • INSTANCE_TEMPLATE_NAME: the name for the new template
  • SOURCE_INSTANCE_ZONE: the zone of the source instance
  • SOURCE_INSTANCE: the name of the source instance to use as a model for this instance template
  • SOURCE_DISK: the name of a source-instance disk that you want to override within the template
  • INSTANTIATE_FROM: specifies whether to include the disk and which image to use

    Valid values depend on the type of disk:

    • source-image or source-image-family (valid only for boot and other persistent read/write disks).
    • custom-image (valid only for boot and other persistent read/write disks). If specified, then the path or URL for the custom image must also be specified, as shown in the following example. Alternatively, you can also specify an image family using the following format:

      projects/exampleproject/global/images/family/IMAGE_FAMILY_NAME.

      Replace IMAGE_FAMILY_NAME with the name of the image family.

    • attach-read-only (valid only for read-only disks).

    • blank (valid only for non-boot persistent disks and local SSDs). If specified, then, when the template is used to create a new instance, the disk is created unformatted. You must format and mount the disk in a startup script before you can use it in a scalable setup.

    • do-not-include (valid only for non-boot persistent disks and read-only disks).

The following example creates a new instance template based on my-source-instance. In the instance template, the image for data-disk-a is replaced with projects/cos-cloud/global/images/cos-89-16108-403-15.

POST https://compute.googleapis.com/compute/v1/projects/my_project/global/instanceTemplates

{
  "name": "my-instance-template",
  "sourceInstance": "zones/us-central1-a/instances/my-source-instance",
  "sourceInstanceParams":
  {
    "diskConfigs":
    [
      {
        "deviceName": "data-disk-a",
        "instantiateFrom": "custom-image",
        "customImage": "projects/cos-cloud/global/images/cos-89-16108-403-15"
      }
    ]
  }
}

The following table shows the options for overriding how disks are defined in the template.

Disk type Options
Boot disk
  • [Default] Use the same source image or image family that was used to create the boot disk in the source instance.
  • Use the URL of any image (custom or public) as described in the preceding example or specify an image family using the following format:

    projects/exampleproject/global/images/family/IMAGE_FAMILY_NAME

Other read/write persistent disks
  • [Default] Use the same source image/source image family that was used to create the disk in the source instance. Note: If the source instance's disk doesn't have a source image/source image family property, then it is included in the template as a blank disk.
  • Use the URL of any image (custom or public) as described in the preceding example or specify an image family using the following format:

    projects/exampleproject/global/images/family/IMAGE_FAMILY_NAME

  • Use a blank disk in the template instead. When the template is used to create a new instance, this disk is created unformatted. You must format and mount the disk in a startup script before you can use it in a scalable setup.
  • Do not include the disk.
Read-only disk(s)
  • [Default] Include the disk in read-only mode.
  • Do not include the disk.
Local SSD(s)
  • [Default] Include a blank local SSD. When the template is used to create a new instance, this disk is created unformatted. You must format and mount the disk in a startup script before you can use it in a scalable setup.

For each disk, you can also override the auto-delete attribute to specify whether the disk should be deleted when its associated instance is deleted.

By default, if no override options are specified, the disk configuration in the template matches the source instance.

Creating an instance template based on an existing template

You cannot update an existing instance template. But, if an instance template goes out of date or if you need to make changes, you can create another one with similar properties by using the console.

  1. Go to the Instance templates page.

    Go to Instance templates

  2. Click on the instance template that you want to copy and update.

  3. Click Create similar.

  4. Update the configuration in the new template.

  5. Click Create.

Creating an instance template with a container image

You can specify a container image in an instance template. By default, Compute Engine also includes in the template a Container-Optimized OS image with Docker installed. When you use the template to create a new instance, the container is launched automatically as the instance starts up.

Console

  1. Go to the Instance templates page.

    Go to Instance templates

  2. Click Create instance template.

  3. In the Container section, select the Deploy a container image to this VM instance checkbox.

  4. Specify the Container image to use.

    • You can specify an image from Container Registry or Artifact Registry. For example:
      • gcr.io/cloud-marketplace/google/nginx1:1.12 selects an NGINX 1.12 container image from Google Cloud Marketplace.
      • us-docker.pkg.dev/google-samples/containers/gke/hello-app:1.0 selects a sample hello-app image stored in Artifact Registry.
    • If you use a container image from Docker Hub, always specify the full Docker image name. For example, specify the following image name to deploy an Apache container image: docker.io/httpd:2.4.
  5. Optionally, click Advanced container options. For more information, see Configuring options to run your Container.

  6. Click Create.

gcloud

Use the gcloud compute instance-templates create-with-container command:

gcloud compute instance-templates create-with-container INSTANCE_TEMPLATE_NAME \
     --container-image=CONTAINER_IMAGE

Replace the following:

  • INSTANCE_TEMPLATE_NAME: The name of the template to create.
  • CONTAINER_IMAGE: The full name of the container image to use.

For example, the following command creates a new instance template named nginx-vm. A VM instance created from this template launches and runs the container image, gcr.io/cloud-marketplace/google/nginx1:1.12, when the VM starts.

gcloud compute instance-templates create-with-container nginx-vm \
     --container-image=gcr.io/cloud-marketplace/google/nginx1:1.12

You can also configure options to run your container.

Creating an instance template that specifies a subnet

Use the --subnet flag to place instances that are created from the template into the subnet of your choice. The --subnet flag requires the --region flag.

gcloud compute instance-templates create INSTANCE_TEMPLATE_NAME \
    --region=REGION \
    --subnet=SUBNET_NAME_OR_URL

Replace the following:

  • INSTANCE_TEMPLATE_NAME: the name for the instance template
  • REGION: the region of the subnet
  • SUBNET_NAME_OR_URL: either the name of the subnet or its URL

The following example creates a template called template-qa that only creates instances in the subnet-us-qa subnet.

gcloud compute instance-templates create template-qa \
    --region=us-central1 \
    --subnet=subnet-us-qa

Created [https://compute.googleapis.com/compute/latest/projects/PROJECT_ID/global/instanceTemplates/template-qa].
NAME        MACHINE_TYPE  PREEMPTIBLE CREATION_TIMESTAMP
template-qa e2-standard-2             2019-12-23T20:34:00.791-07:00

Using this template to create instances for a MIG (with or without autoscaling) automatically creates the instance in the specified region and subnet. This lets you control the subnet of new instances created for load balancing.

Using custom or public images in your instance templates

You can either use a custom image or a public image for your instance templates:

  • Custom images. As MIGs are designed to add and remove instances frequently, it is useful to create a custom image and specify it in the instance template. You can prepare your image with the applications and settings that your VMs need, so you don't have to manually configure those items on individual VMs in the MIG.

  • Public images. You can create an instance template that uses a public image and a startup script to prepare the instance after it starts running.

Custom images are more deterministic and start more quickly than VMs with startup scripts. However, startup scripts are more flexible and let you update the apps and settings in your instances more easily.

If you're managing images using image families, you can specify the name of your custom or public image family in the instance template. For more information on image families, see best practices when using image families on Compute Engine.

Updating an instance template

You cannot update an existing instance template or change an instance template after it has been created. If an instance template goes out of date, or you need to make changes to the configuration, create a new instance template.

What's next