This page shows you how to create a Filestore instance by using either
the Cloud Console or the gcloud tool.
Instructions for creating an instance
Cloud Console
You can create a Filestore instance using the
Cloud Console by performing the following steps. High Scale SSD quota
starts at 0 and you must first make and be approved for a High Scale SSD
quota increase request before you can create a
High Scale SSD instance.
In the Cloud Console, go to the Filestore instances page.
Click Create Instance
Enter all required fields and optional fields as needed based on the instructions in the following sections of this page.
Click Create.
gcloud
Before you begin
To use the gcloud tool, you must either
install the Cloud SDK
or use the Cloud Shell
that's built into the Cloud Console:
gcloud command for creating an Filestore instance
You can create a Filestore instance by running the instances
create command. If you wish to create a High Scale SDD instance, you must run
gcloud beta filestore instances create. Additionally, High Scale SSD quota
starts at 0 and you must make and be approved for High Scale SSD quota
increase request before you can create a High
Scale tier instance.
gcloud [beta] filestore instances create instance-id \
--[project=project-id] \
--[zone=zone] \
--tier=tier \
--file-share=name="file-share-name",capacity=file-share-size \
--network=name="vpc-network",[reserved-ip-range="reserved-ip-address"]
--[labels=key=value,[key=value,…]]
where:
- instance-id is the instance ID of the Filestore instance you want to create. See Naming your instance.
project-id is the project ID of the Cloud project that contains the Filestore instance. You can skip this flag if the Filestore instance is in the
gclouddefault project. You can set the default project by running:gcloud config set project project-idzone is the zone where the Filestore instance resides. See Selecting a location. Run the
gcloud filestore zones listcommand to get a list of supported zones. You can skip this flag if the Filestore instance is in thegclouddefault zone. You can set the default zone by running:gcloud config set filestore/zone zonetier can have the values of
BASIC_HDD,BASIC_SSD, orHIGH_SCALE_SSD. If you are not specifyingbetain the command, then you must use 'STANDARDforBASID_HDDandPREMIUMforBASIC_SSD`. See Service tiers for more information.file-share-name is the name you specify for the NFS file share that is served from the instance. See Naming the file share.
file-share-size is the size you want for the file share. The minimum file share size is 1 tibibyte (
TiB) for aBASIC_HDDtier instance, 2.5TiBfor aBASIC_SSDtier instance, and 60TiBfor a HIGH_SCALE_SSD tier instance. See Allocating capacity.vpc-network is the name of the VPC network you want the instance to use. See Selecting the authorized network. You can't specify a legacy network for the vpc-network value. If necessary, create a new VPC network to use by following the instructions at Creating a new auto mode VPC network.
reserved-ip-address is the IP address range for the Filestore instance. See Configuring a reserved IP address. We recommend that you skip this flag to allow Filestore to automatically find a free IP address range and assign it to the instance.
key is a label that you want to add. Adding labels is not required when creating a Filestore instance. You can also add, delete, or update labels after you create an instance. For details, see Managing labels.
value is the value for a label.
Example
The following command creates an instance with the following characteristics:
- ID is
render1. - Project is
myproject. - Zone is
us-central1-c. - Tier is
BASIC_HDD. - File share name is
NFSvol. - File share size is 2
TiB. - VPC network is
default. - Reserved IP address range is
10.0.7.0/29. - Grants read and write access with root squashed to the client with IP
address
10.0.2.0.
gcloud beta filestore instances create render1 \
--project=myproject \
--zone=us-central1-c \
--tier=BASIC_HDD \
--network=name="default",reserved-ip-range="10.0.7.0/29"
--flags-file=nfs-export-options.json
nfs-export-options.json file contents:
{
"--file-share":
{
"capacity": "102400",
"name": "my_vol",
"nfs-export-options": [
{
"access-mode": "READ_WRITE",
"ip-ranges": [
"10.0.0.0/29",
"10.2.0.0/29"
],
"squash-mode": "ROOT_SQUASH",
"anon_uid": 1003,
"anon_gid": 1003
},
{
"access-mode": "READ_ONLY",
"ip-ranges": [
"192.168.0.0/24"
],
"squash-mode": "NO_ROOT_SQUASH"
}
]
}
}
Naming your instance
The name of your Filestore instance, or instance ID, is used to
identify the instance and is used in gcloud commands. Instance IDs must comply
with the <label> element of
RFC 1035.
Specifically, they must:
- Be between 1-63 characters long.
- Begin with a lowercase letter.
- Consist of dashes, lowercase letters, or digits.
- End with lowercase letters or digits.
The instance ID must be unique in the Cloud project and zone where it's located. Once an instance is created, its instance ID cannot be changed.
Selecting a service tier
The service tier of a Filestore instance is a combination of its Instance type and Storage type. Once an instance is created, its service tier cannot be changed.
Instance type
Select the instance type that best matches your needs. If you don't anticipate
needing more than 63.9 TiB of storage on the instance, we recommend selecting
Basic. However, High Scale tier provides higher overall performance in
multi-client scenarios. If your workloads are performance-critical and spread
over multiple clients, you may still choose to deploy a High Scale tier instance
for its performance benefits. The following table highlights the differences
between Basic and High Scale instance types:
| Feature | Basic | High Scale |
|---|---|---|
| Capacity | 1-63.9TiB |
60-320TiB |
| Scalability | Capacity can be scaled up during runtime in 1GiB increments or its multiples. |
Capacity can be scaled up or down during runtime in 10TiB increments or its multiples. |
| Performance | Static with performance step at 10TiB. |
Scales linearly with capacity. |
High Scale SSD tier instances take anywhere between 15 minutes and one hour to create, depending on the instance size.
Filestore quota is consumed when instance creation starts but you are not billed for the instance during this time.
For more information about service tiers, see the Service tiers page.
Storage type
Select HDD or SSD based on your performance needs. We recommend using SSD for performance-critical workloads. HDD is not available for High Scale instances. The following table highlights the speed difference between Basic HDD, Basic SSD, and High Scale SSD tier instances. The performance of High Scale SSD tier instances automatically scales with the capacity of the instance.
| Specification | Basic HDD | Basic SSD | High Scale SSD |
|---|---|---|---|
| Read IOPS |
|
60,000 | 90,000-480,000 |
| Write IOPS |
|
25,000 | 30,000-160,000 |
| Read Tput (MB/s) |
|
1,200 | 3,000-16,000 |
| Write Tput (MB/s) |
|
350 | 660-3,520 |
For more information about performance, see the Performance page.
Allocating capacity
Since the capacity of Filestore instances can be scaled up without affecting runtime and you are charged based on the allocated size of the instance, you can set the capacity to the amount you currently need when you create the instance. As you approach your capacity limit, you can scale up the capacity as needed. To learn about how you can monitor the capacity of your instances, see Monitoring instances.
You can specify the capacity in whole numbers using either GiB or TiB. The
default unit is GiB.
The following table shows the instance sizes available for each tier:
| Tier | Minimum size | Maximum size | Minimum increment |
|---|---|---|---|
| Basic HDD | 1TiB (1024GiB) |
63.9TiB (65433GiB) |
1GiB |
| Basic SSD | 2.5TiB (2560GiB) |
63.9TiB (65433GiB) |
1GiB |
| High Scale SSD | 60TiB (61440GiB) |
320TiB (327680GiB) |
10TiB |
The size of Basic tier instances can be any whole gibibyte value or its tebibyte equivalent that's between the minimum and maximum instance size. The size of High Scale tier instances can be any value between the minimum and maximum instance size that is a multiple of 10 tebibytes or its gibibyte equivalent. For information on units, see Storage size units.
Once created, the size of Basic tier instances only can be scaled up, while the size of High Scale tier instances can be scaled up or down. For more information, see Scaling capacity.
Total capacity quota
Every project is allocated separate capacity quotas for Basic and High Scale instances for each Google Cloud region. Once you have reached your quota limit, you will not be able to create more Filestore instances or increase the capacity of your existing instances. To see your available quota, go to the Quotas page in the Google Cloud console:
For information on requesting more quota, see Requesting quota increases.
Naming the file share
A file share is the directory on a Filestore instance where all shared files are stored. It is also the thing that you mount or map to on the client VM.
The name of the file share must comply with the following:
- Be between 1-16 characters long.
- Begin with a letter.
- Consist of uppercase or lowercase letters, numbers, and underscores.
- End with a letter or number.
Selecting the authorized network
The authorized network is the VPC network in your Cloud project that the Filestore instance peers to when it is created. Compute Engine VMs must be on the same network as the Filestore instance to access the shared files stored on that instance. Once an instance is created, its authorized network cannot be changed.
If you are using a shared VPC service project, you cannot directly create Filestore instances on the shared VPC network. For details, see Known issues.
If the applications you plan to use with this Filestore instance require NFS file locking, and you are choosing either:
- A VPC network other than the default network.
- The default VPC network with changed firewall rules.
then you may need to open up the ports used by Filestore in the network you choose. For more information, see Configuring firewall rules.
Selecting a location
Location refers to the Region and Zone where the Filestore instance is located. For the best performance and to avoid cross-regional networking charges, ensure that the Filestore instance is located in the same region as the Compute Engine VMs that need to access them.
For more information about regions and zones, see Geography and regions.
Configuring IP-based access control
By default, a Filestore instance grants root level read and write access to all clients, including Compute Engine VMs and GKE clusters, that share the same Cloud project and VPC network. If you want to restrict access, you can do so by creating rules that grant specific access levels to clients based on their IP address. Once the rules are added, all IP addresses and ranges that are not specified in a rule are revoked access.
The following table describes the privileges of each access level. These access
levels are only used in the Cloud Console. In the gcloud tool
and the API, you must specify the rule configurations directly.
| Access level | Rule configuration | Description |
|---|---|---|
| admin |
|
The client can view and modify all files, folders, and metadata as a root user. It can also grant ownership to files or folders by setting its uid and gid, thereby granting access to clients that do not have root level access to the file share. |
| admin-viewer |
|
The client can view all files, folders, and metadata as a root user but cannot modify them. |
| editor |
|
The client can view and modify the files, folders, and metadata according to its assigned uid and gid. |
| viewer |
|
The client can view the files, folders, and metadata according to its assigned uid and gid. |
root-squash maps all requests from uid 0 and gid 0 to anon_uid and
anon_gid, respectively. This removes root level access from clients that
attempt to access the file share as a root user.
When creating IP-based access rules, you must specify an internal IP address
or range and the access level granted. When creating an instance, at least one
rule must grant admin access. This rule can be removed once the instance is
created. In the Cloud Console, you can create up to 10 different
rules involving up to 64 different IP addresses or ranges.
In the gcloud tool, you can configure up to 64 different IP addresses
or CIDR blocks per Filestore instance across a maximum of 10
different rules. A rule is defined as the combination of the access-mode,
squash-mode, and anon_uid/anon_gid configurations. The anon_uid and
anon_gid fields have default values of 65534 and can only be configured
through the API and the gcloud tool.
Example
Here's an example of three different IP-based access rules:
access-mode=READ_ONLY,squash-mode=ROOT_SQUASH,anon_uid=10000.access-mode=READ_WRITE,squash-mode=ROOT_SQUASH,anon_gid=150.access-mode=READ_WRITE,squash-mode=NO_ROOT_SQUASH.
To create IP-based access control rules using the gcloud tool, use the
--flag-file flag with the instances create or instances update commands
and point it to a json configuration file. For example, if the json
configuration file is name nfs-export-options.json, the flag would be:
--flag-file=nfs-export-options.json
Example json configuration file:
{
"--file-share":
{
"capacity": "102400",
"name": "my_vol",
"nfs-export-options": [
{
"access-mode": "READ_WRITE",
"ip-ranges": [
"10.0.0.0/29",
"10.2.0.0/29"
],
"squash-mode": "ROOT_SQUASH",
"anon_uid": 1003,
"anon_gid": 1003
},
{
"access-mode": "READ_ONLY",
"ip-ranges": [
"192.168.0.0/24"
],
"squash-mode": "NO_ROOT_SQUASH"
}
]
}
}
- ip-ranges is the IP address or range to grant access to.
You can specify multiple IP addresses or ranges by separating them with a
comma. Example:
10.0.1.0,10.0.2.0,... - access-mode is the access level to grant to the client(s) whose
IP address falls within ip-range. It can have the values of
READ_WRITEorREAD_ONLY. The default value isREAD_WRITE. - squash-mode can have the values
ROOT_SQUASHorNO_ROOT_SQUASH.ROOT_SQUASHremoves root level access to the client(s) whose IP address falls within ip-range, whileNO_ROOT_SQUASHenables root access. The default value isNO_ROOT_SQUASH. - anon_uid is the user ID value that you want to map to
anon_uid. The default value is65534. - anon_gid is the group ID value that you want to map to
anon_gid. The default value is65534.
Optional fields
Adding an instance description
An instance description allows you to write descriptions, notes, or simple instructions for yourself and other users. For example, you can include information about:
- The types of files stored in the instance.
- Who has access to the instance.
- Instructions for how to get access to the instance.
- What the instance is used for.
Instance descriptions are limited to 2048 characters in length. There are no restrictions on the characters that are allowed. Once a Filestore instance is created, you can update its instance description any time as needed. For information on updating instance descriptions, see Editing instances.
Adding labels
Labels are key-value pairs that you can use to group related instances and store metadata about an instance. Labels can be added, deleted, or modified at any time. For more information, see Managing labels.
Configuring a reserved IP address range
The IP address range must be a subset of one of the internal IP address ranges
(10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16) with a block size of 29
for Basic tier instances and a block size of 23 for High Scale tier instances.
The IP address range you choose must not overlap with any existing subnets from
the selected VPC network, or with the reserved IP address ranges
for any existing Filestore instances in that network.
You can see the IP address ranges for the subnets of your network by going to the VPC Network page in the Google Cloud console:
You can get the reserved IP address range for any Filestore instance on the Filestore instances page in the Google Cloud console:
Go to the Filestore instances page
Examples of valid Filestore instance IP address ranges are
10.0.0.0/29 for a Basic tier instance and 172.16.1.0/23 for a High Scale
tier instance.
What's next
- Retrieve the instance details to get the instance's IP address. You need this in order to access the Filestore file share from clients.
- Mount the Filestore file share on a Compute Engine VM instance.
- Access the Filestore file share from a Google Kubernetes Engine cluster.
- Troubleshoot instance creation issues related to Filestore.