gcloud alpha workstations configs update

NAME
gcloud alpha workstations configs update - updates a workstation configuration
SYNOPSIS
gcloud alpha workstations configs update (CONFIG : --cluster=CLUSTER --region=REGION) [--allowed-ports=[ALLOWED_PORTS,…]] [--async] [--boost-config=[BOOST_CONFIG,…]] [--boot-disk-size=BOOT_DISK_SIZE] [--container-args=[CONTAINER_ARGS,…]] [--container-command=[CONTAINER_COMMAND,…]] [--container-env=[CONTAINER_ENV,…]] [--container-run-as-user=CONTAINER_RUN_AS_USER] [--container-working-dir=CONTAINER_WORKING_DIR] [--disable-public-ip-addresses] [--enable-audit-agent] [--enable-confidential-compute] [--enable-nested-virtualization] [--grant-workstation-admin-role-on-create] [--idle-timeout=IDLE_TIMEOUT] [--labels=[LABELS,…]] [--machine-type=MACHINE_TYPE] [--max-usable-workstations-count=MAX_USABLE_WORKSTATIONS_COUNT] [--network-tags=[NETWORK_TAGS,…]] [--pool-size=POOL_SIZE] [--running-timeout=RUNNING_TIMEOUT] [--service-account=SERVICE_ACCOUNT] [--service-account-scopes=[SERVICE_ACCOUNT_SCOPES,…]] [--shielded-integrity-monitoring] [--shielded-secure-boot] [--shielded-vtpm] [--vm-tags=[VM_TAGS,…]] [--accelerator-count=ACCELERATOR_COUNT : --accelerator-type=ACCELERATOR_TYPE] [--allow-unauthenticated-cors-preflight-requests     | --disallow-unauthenticated-cors-preflight-requests] [--container-custom-image=CONTAINER_CUSTOM_IMAGE     | --container-predefined-image=CONTAINER_PREDEFINED_IMAGE] [--disable-ssh-to-vm     | --enable-ssh-to-vm] [--disable-tcp-connections     | --enable-tcp-connections] [GCLOUD_WIDE_FLAG]
DESCRIPTION
(ALPHA) Updates a workstation configuration.
EXAMPLES
To update a configuration with the 'e2-standard-8' machine type and a IntelliJ image, run:
gcloud alpha workstations configs update CONFIG --machine-type=e2-standard-8 --container-predefined-image=intellij

To update a configuration to disable Secure Boot, virtual trusted platform module (vTPM) and integrity monitoring, run:

gcloud alpha workstations configs update CONFIG --no-shielded-secure-boot --no-shielded-vtpm --no-shielded-integrity-monitoring
POSITIONAL ARGUMENTS
Config resource - The group of arguments defining a config The arguments in this group can be used to specify the attributes of this resource. (NOTE) Some attributes are not given arguments in this group but can be set in other ways.

To set the project attribute:

  • provide the argument config on the command line with a fully specified name;
  • provide the argument --project on the command line;
  • set the property core/project.

This must be specified.

CONFIG
ID of the config or fully qualified identifier for the config.

To set the config attribute:

  • provide the argument config on the command line.

This positional argument must be specified if any of the other arguments in this group are specified.

--cluster=CLUSTER
The cluster for the config.

To set the cluster attribute:

  • provide the argument config on the command line with a fully specified name;
  • provide the argument --cluster on the command line;
  • set the property workstations/cluster.
--region=REGION
The region for the config.

To set the region attribute:

  • provide the argument config on the command line with a fully specified name;
  • provide the argument --region on the command line;
  • set the property workstations/region.
FLAGS
--allowed-ports=[ALLOWED_PORTS,…]
A Single or Range of ports externally accessible in the workstation. If not specified defaults to ports 22, 80 and ports 1024-65535.

To specify a single port, both first and last should be same.

Example:

gcloud alpha workstations configs update --allowed-ports=first=9000,last=9090
gcloud alpha workstations configs update --allowed-ports=first=80,last=80

Sets allowed_ports value.

first
Required, Sets first value.
last
Required, Sets last value.
Shorthand Example:
--allowed-ports=first=int,last=int

JSON Example:

--allowed-ports='{"first": int, "last": int}'

File Example:

--allowed-ports=path_to_file.(yaml|json)
--async
Return immediately, without waiting for the operation in progress to complete.
--boost-config=[BOOST_CONFIG,…]
Boost Configuration(s) that workstations running with this configuration can boost up to. This includes id (required), machine-type, accelerator-type, accelerator-count, pool-size, boot-disk-size, and enable-nested-virtualization.

Example:

gcloud alpha workstations configs update --boost-config=id=boost1,machine-type=n1-standard-4,accelerator-type=nvidia-tesla-t4,accelerator-count=1

Sets boost_config value.

accelerator-count
Sets accelerator-count value.
accelerator-type
Sets accelerator-type value.
boot-disk-size
Sets boot-disk-size value.
enable-nested-virtualization
Sets enable-nested-virtualization value.
id
Required, Sets id value.
machine-type
Sets machine-type value.
pool-size
Sets pool-size value.
Shorthand Example:
--boost-config=accelerator-count=int,accelerator-type=string,boot-disk-size=int,enable-nested-virtualization=boolean,id=string,machine-type=string,pool-size=int

JSON Example:

--boost-config='{"accelerator-count": int, "accelerator-type": "string", "boot-disk-size": int, "enable-nested-virtualization": boolean, "id": "string", "machine-type": "string", "pool-size": int}'

File Example:

--boost-config=path_to_file.(yaml|json)
--boot-disk-size=BOOT_DISK_SIZE
Size of the boot disk in GB.
--container-args=[CONTAINER_ARGS,…]
Arguments passed to the entrypoint.

Example:

gcloud alpha workstations configs update --container-args=arg_1,arg_2
--container-command=[CONTAINER_COMMAND,…]
If set, overrides the default ENTRYPOINT specified by the image.

Example:

gcloud alpha workstations configs update --container-command=executable,parameter_1,parameter_2
--container-env=[CONTAINER_ENV,…]
Environment variables passed to the container.

Example:

gcloud alpha workstations configs update --container-env=key1=value1,key2=value2
--container-run-as-user=CONTAINER_RUN_AS_USER
If set, overrides the USER specified in the image with the given uid.
--container-working-dir=CONTAINER_WORKING_DIR
If set, overrides the default DIR specified by the image.
--disable-public-ip-addresses
Default value is false. If set, instances will have no public IP address.
--enable-audit-agent
Whether to enable Linux auditd logging on the workstation. When enabled, a service account must also be specified that has logging.buckets.write permission on the project.
--enable-confidential-compute
Default value is false. If set, instances will have confidential compute enabled.
--enable-nested-virtualization
Default value is false. If set, instances will have nested virtualization enabled.
--grant-workstation-admin-role-on-create
Default value is false. If set, creator of a workstation will get roles/workstations.policyAdmin role along with roles/workstations.user role on the workstation created by them.
--idle-timeout=IDLE_TIMEOUT
How long (in seconds) to wait before automatically stopping an instance that hasn't received any user traffic. A value of 0 indicates that this instance should never time out due to idleness.
--labels=[LABELS,…]
Labels that are applied to the configuration and propagated to the underlying Compute Engine resources.

Example:

gcloud alpha workstations configs update --labels=label1=value1,label2=value2
--machine-type=MACHINE_TYPE
Machine type determines the specifications of the Compute Engine machines that the workstations created under this configuration will run on.
--max-usable-workstations-count=MAX_USABLE_WORKSTATIONS_COUNT
Maximum number of workstations under this configuration a user can have workstations.workstation.use permission on.

If not specified, defaults to 0, which indicates a user can have unlimited number of workstations under this configuration.

--network-tags=[NETWORK_TAGS,…]
Network tags to add to the Google Compute Engine machines backing the Workstations.

Example:

gcloud alpha workstations configs update --network-tags=tag_1,tag_2
--pool-size=POOL_SIZE
Number of instances to pool for faster Workstation startup.
--running-timeout=RUNNING_TIMEOUT
How long (in seconds) to wait before automatically stopping a workstation after it started. A value of 0 indicates that workstations using this config should never time out.
--service-account=SERVICE_ACCOUNT
Email address of the service account that will be used on VM instances used to support this config. This service account must have permission to pull the specified container image. If not set, VMs will run without a service account, in which case the image must be publicly accessible.
--service-account-scopes=[SERVICE_ACCOUNT_SCOPES,…]
Scopes to grant to the service_account. Various scopes are automatically added based on feature usage. When specified, users of workstations under this configuration must have iam.serviceAccounts.actAs on the service account.
--shielded-integrity-monitoring
Default value is false. If set, instances will have integrity monitoring enabled.
--shielded-secure-boot
Default value is false. If set, instances will have Secure Boot enabled.
--shielded-vtpm
Default value is false. If set, instances will have vTPM enabled.
--vm-tags=[VM_TAGS,…]
Resource manager tags to be bound to the instance. Tag keys and values have the same definition as https://cloud.google.com/resource-manager/docs/tags/tags-overview

Example:

gcloud alpha workstations configs update --vm-tags=tagKeys/key1=tagValues/value1,tagKeys/key2=tagValues/value2
Accelerator settings
--accelerator-count=ACCELERATOR_COUNT
The number of accelerator cards exposed to the instance.

This flag argument must be specified if any of the other arguments in this group are specified.

--accelerator-type=ACCELERATOR_TYPE
The type of accelerator resource to attach to the instance, for example, "nvidia-tesla-p100".
At most one of these can be specified:
--allow-unauthenticated-cors-preflight-requests
By default, the workstations service makes sure that all requests to the workstation are authenticated. CORS preflight requests do not include cookies or custom headers, and so are considered unauthenticated and blocked by the workstations service. Enabling this option allows these unauthenticated CORS preflight requests through to the workstation, where it becomes the responsibility of the destination server in the workstation to validate the request
--disallow-unauthenticated-cors-preflight-requests
If set, requires that all requests to the workstation are authenticated.
At most one of these can be specified:
--container-custom-image=CONTAINER_CUSTOM_IMAGE
A docker image for the workstation. This image must be accessible by the service account configured in this configuration (--service-account). If no service account is defined, this image must be public.
--container-predefined-image=CONTAINER_PREDEFINED_IMAGE
Code editor on base images. CONTAINER_PREDEFINED_IMAGE must be one of:
base-image
Base image - no IDE
clion
CLion
codeoss
Code OSS
codeoss-cuda
Code OSS + CUDA toolkit
goland
GoLand
intellij
IntelliJ IDEA Ultimate
phpstorm
PhpStorm
pycharm
PyCharm Professional
rider
Rider
rubymine
RubyMine
webstorm
WebStorm
At most one of these can be specified:
--disable-ssh-to-vm
If set, workstations disable SSH connections to the root VM.
--enable-ssh-to-vm
If set, workstations enable SSH connections to the root VM.
At most one of these can be specified:
--disable-tcp-connections
If set, workstations don't allow plain TCP connections.
--enable-tcp-connections
If set, workstations allow plain TCP connections.
GCLOUD WIDE FLAGS
These flags are available to all commands: --access-token-file, --account, --billing-project, --configuration, --flags-file, --flatten, --format, --help, --impersonate-service-account, --log-http, --project, --quiet, --trace-token, --user-output-enabled, --verbosity.

Run $ gcloud help for details.

NOTES
This command is currently in alpha and might change without notice. If this command fails with API permission errors despite specifying the correct project, you might be trying to access an API with an invitation-only early access allowlist. These variants are also available:
gcloud workstations configs update
gcloud beta workstations configs update