- NAME
-
- gcloud compute instance-templates create-with-container - creates a Compute Engine a virtual machine instance template that runs a Docker container
- SYNOPSIS
-
-
gcloud compute instance-templates create-with-container
NAME
[--no-boot-disk-auto-delete
] [--boot-disk-device-name
=BOOT_DISK_DEVICE_NAME
] [--boot-disk-interface
=BOOT_DISK_INTERFACE
] [--boot-disk-provisioned-iops
=BOOT_DISK_PROVISIONED_IOPS
] [--boot-disk-provisioned-throughput
=BOOT_DISK_PROVISIONED_THROUGHPUT
] [--boot-disk-size
=BOOT_DISK_SIZE
] [--boot-disk-type
=BOOT_DISK_TYPE
] [--can-ip-forward
] [--confidential-compute
] [--container-arg
=CONTAINER_ARG
] [--container-command
=CONTAINER_COMMAND
] [--container-env
=[KEY
=VALUE
, …,…]] [--container-env-file
=CONTAINER_ENV_FILE
] [--container-image
=CONTAINER_IMAGE
] [--container-mount-disk
=[mode
=MODE
],[mount-path
=MOUNT-PATH
],[name
=NAME
],[partition
=PARTITION
]] [--container-mount-host-path
=[host-path
=HOSTPATH
,mount-path
=MOUNTPATH
[,mode
=MODE
],…]] [--container-mount-tmpfs
=[mount-path
=MOUNTPATH
,…]] [--container-privileged
] [--container-restart-policy
=POLICY
; default="always"] [--container-stdin
] [--container-tty
] [--create-disk
=[PROPERTY
=VALUE
,…]] [--description
=DESCRIPTION
] [--disk
=[auto-delete
=AUTO-DELETE
],[boot
=BOOT
],[device-name
=DEVICE-NAME
],[interface
=INTERFACE
],[mode
=MODE
],[name
=NAME
]] [--external-ipv6-address
=EXTERNAL_IPV6_ADDRESS
] [--external-ipv6-prefix-length
=EXTERNAL_IPV6_PREFIX_LENGTH
] [--internal-ipv6-address
=INTERNAL_IPV6_ADDRESS
] [--internal-ipv6-prefix-length
=INTERNAL_IPV6_PREFIX_LENGTH
] [--ipv6-network-tier
=IPV6_NETWORK_TIER
] [--labels
=[KEY
=VALUE
,…]] [--machine-type
=MACHINE_TYPE
] [--maintenance-policy
=MAINTENANCE_POLICY
] [--metadata
=KEY
=VALUE
,[KEY
=VALUE
,…]] [--metadata-from-file
=KEY
=LOCAL_FILE_PATH
,[…]] [--min-cpu-platform
=PLATFORM
] [--network
=NETWORK
] [--network-interface
=[PROPERTY
=VALUE
,…]] [--network-tier
=NETWORK_TIER
] [--preemptible
] [--private-ipv6-google-access-type
=PRIVATE_IPV6_GOOGLE_ACCESS_TYPE
] [--private-network-ip
=PRIVATE_NETWORK_IP
] [--region
=REGION
] [--resource-policies
=[RESOURCE_POLICY
,…]] [--no-restart-on-failure
] [--shielded-integrity-monitoring
] [--shielded-secure-boot
] [--shielded-vtpm
] [--stack-type
=STACK_TYPE
] [--subnet
=SUBNET
] [--tags
=TAG
,[TAG
,…]] [--address
=ADDRESS
|--no-address
] [--custom-cpu
=CUSTOM_CPU
--custom-memory
=CUSTOM_MEMORY
:--custom-extensions
--custom-vm-type
=CUSTOM_VM_TYPE
] [--image-project
=IMAGE_PROJECT
--image
=IMAGE
|--image-family
=IMAGE_FAMILY
] [--reservation
=RESERVATION
--reservation-affinity
=RESERVATION_AFFINITY
; default="any"] [--scopes
=[SCOPE
,…] |--no-scopes
] [--service-account
=SERVICE_ACCOUNT
|--no-service-account
] [GCLOUD_WIDE_FLAG …
]
-
- DESCRIPTION
-
gcloud compute instance-templates create-with-container
creates a Compute Engine virtual machine instance template that runs a container image. To create an instance template named 'instance-template-1' that runs the 'busybox' image, run:gcloud compute instance-templates create-with-container instance-template-1 --container-image=gcr.io/google-containers/busybox
For more examples, refer to the
EXAMPLES
section below. - EXAMPLES
-
To create a template named 'instance-template-1' that runs the
gcr.io/google-containers/busybox image and executes 'echo "Hello world"' as a
command, run:
gcloud compute instance-templates create-with-container instance-template-1 --container-image=gcr.io/google-containers/busybox --container-command='echo "Hello world"'
To create a template running gcr.io/google-containers/busybox in privileged mode, run:
gcloud compute instance-templates create-with-container instance-template-1 --container-image=gcr.io/google-containers/busybox --container-privileged
- POSITIONAL ARGUMENTS
-
NAME
- Name of the instance template to create.
- FLAGS
-
--boot-disk-auto-delete
-
Automatically delete boot disks when their instances are deleted. Enabled by
default, use
--no-boot-disk-auto-delete
to disable. --boot-disk-device-name
=BOOT_DISK_DEVICE_NAME
- The name the guest operating system will see for the boot disk. This option can only be specified if a new boot disk is being created (as opposed to mounting an existing persistent disk).
--boot-disk-interface
=BOOT_DISK_INTERFACE
-
Indicates the interface to use for the boot disk. The value must be one of the
following:
- SCSI
- NVME
--boot-disk-provisioned-iops
=BOOT_DISK_PROVISIONED_IOPS
- Indicates how many IOPS to provision for the disk. This sets the number of I/O operations per second that the disk can handle. Value must be between 10,000 and 120,000.
--boot-disk-provisioned-throughput
=BOOT_DISK_PROVISIONED_THROUGHPUT
- Indicates how much throughput to provision for the disk. This sets the number of throughput mb per second that the disk can handle.
--boot-disk-size
=BOOT_DISK_SIZE
-
The size of the boot disk. This option can only be specified if a new boot disk
is being created (as opposed to mounting an existing persistent disk). The value
must be a whole number followed by a size unit of
for kilobyte,KB
for megabyte,MB
for gigabyte, orGB
for terabyte. For example,TB
will produce a 10 gigabyte disk. Disk size must be a multiple of 1 GB. Default size unit is10GB
.GB
--boot-disk-type
=BOOT_DISK_TYPE
-
The type of the boot disk. This option can only be specified if a new boot disk
is being created (as opposed to mounting an existing persistent disk). To get a
list of available disk types, run
$ gcloud compute disk-types list
. --can-ip-forward
- If provided, allows the instances to send and receive packets with non-matching destination or source IP addresses.
--confidential-compute
- The instance boots with Confidential Computing enabled. Confidential Computing is based on Secure Encrypted Virtualization (SEV), an AMD virtualization feature for running confidential instances.
--container-arg
=CONTAINER_ARG
-
Argument to append to container entrypoint or to override container CMD. Each
argument must have a separate flag. Arguments are appended in the order of
flags. Example:
Assuming the default entry point of the container (or an entry point overridden with --container-command flag) is a Bourne shell-compatible executable, in order to execute 'ls -l' command in the container, the user could use:
--container-arg="-c" --container-arg="ls -l"
Caveat: due to the nature of the argument parsing, it's impossible to provide the flag value that starts with a dash (
-
) without the=
sign (that is,--container-arg "-c"
will not work correctly).Default: None. (no arguments appended)
--container-command
=CONTAINER_COMMAND
-
Specifies what executable to run when the container starts (overrides default
entrypoint), eg.
nc
.Default: None (default container entrypoint is used)
--container-env
=[KEY
=VALUE
, …,…]-
Declare environment variables KEY with value VALUE passed to container. Only the
last value of KEY is taken when KEY is repeated more than once.
Values, declared with --container-env flag override those with the same KEY from file, provided in --container-env-file.
--container-env-file
=CONTAINER_ENV_FILE
-
Declare environment variables in a file. Values, declared with --container-env
flag override those with the same KEY from file.
File with environment variables in format used by docker (almost). This means:
- Lines are in format KEY=VALUE.
- Values must contain equality signs.
- Variables without values are not supported (this is different from docker format).
-
If
#
is first non-whitespace character in a line the line is ignored as a comment. - Lines with nothing but whitespace are ignored.
--container-image
=CONTAINER_IMAGE
-
Full container image name, which should be pulled onto VM instance, eg.
docker.io/tomcat
. --container-mount-disk
=[mode
=MODE
],[mount-path
=MOUNT-PATH
],[name
=NAME
],[partition
=PARTITION
]-
Mounts a disk to the specified mount path in the container. Multiple ' flags are
allowed. Must be used with
--disk
or--create-disk
.name
-
Name of the disk. If exactly one additional disk is attached to the instance
using
--disk
or--create-disk
, specifying disk name here is optional. The name of the single additional disk will be used by default. mount-path
- Path on container to mount to. Mount paths with spaces and commas (and other special characters) are not supported by this command.
partition
- Optional. The partition of the disk to mount. Multiple partitions of a disk can be mounted. Can't be used with --create-disk.
mode
-
Volume mount mode:
rw
(read/write) orro
(read-only). Defaults torw
. Fails if the disk mode isro
and volume mount mode isrw
.
--container-mount-host-path
=[host-path
=HOSTPATH
,mount-path
=MOUNTPATH
[,mode
=MODE
],…]-
Mounts a volume by using host-path.
host-path
- Path on host to mount from.
mount-path
- Path on container to mount to. Mount paths with spaces and commas (and other special characters) are not supported by this command.
mode
-
Volume mount mode: rw (read/write) or ro (read-only).
Default: rw.
--container-mount-tmpfs
=[mount-path
=MOUNTPATH
,…]-
Mounts empty tmpfs into container at MOUNTPATH.
mount-path
- Path on container to mount to. Mount paths with spaces and commas (and other special characters) are not supported by this command.
--container-privileged
-
Specify whether to run container in privileged mode.
Default:
--no-container-privileged
. --container-restart-policy
=POLICY
; default="always"-
Specify whether to restart a container on exit.
POLICY
must be one of:never
,on-failure
,always
. --container-stdin
-
Keep container STDIN open even if not attached.
Default:
--no-container-stdin
. --container-tty
-
Allocate a pseudo-TTY for the container.
Default:
--no-container-tty
. --create-disk
=[PROPERTY
=VALUE
,…]-
Creates and attaches persistent disks to the instances.
name
-
Specifies the name of the disk. This option cannot be specified if more than one
instance is being created. Must specify this option if attaching the disk to a
container with
--container-mount-disk
. description
- Optional textual description for the disk being created.
mode
-
Specifies the mode of the disk. Supported options are
for read-only andro
for read-write. If omitted,rw
is used as a default. It is an error to create a disk inrw
ro
mode if attaching it to a container with--container-mount-disk
. image
-
Specifies the name of the image that the disk will be initialized with. A new
disk will be created based on the given image. To view a list of public images
and projects, run
$ gcloud compute images list
. It is best practice to use image when a specific version of an image is needed. If both image and image-family flags are omitted a blank disk will be created. image-family
- The image family for the operating system that the boot disk will be initialized with. Compute Engine offers multiple Linux distributions, some of which are available as both regular and Shielded VM images. When a family is specified instead of an image, the latest non-deprecated image associated with that family is used. It is best practice to use --image-family when the latest version of an image is needed.
image-project
-
The Google Cloud project against which all image and image family references
will be resolved. It is best practice to define image-project. A full list of
available image projects can be generated by running
gcloud compute images list
.- If specifying one of our public images, image-project must be provided.
- If there are several of the same image-family value in multiple projects, image-project must be specified to clarify the image to be used.
- If not specified and either image or image-family is provided, the current default project is used.
size
-
The size of the disk. The value must be a whole number followed by a size unit
of
for kilobyte,KB
for megabyte,MB
for gigabyte, orGB
for terabyte. For example,TB
will produce a 10 gigabyte disk. Disk size must be a multiple of 1 GB. If not specified, the default image size will be used for the new disk.10GB
type
-
The type of the disk. To get a list of available disk types, run $ gcloud compute disk-types
list. The default disk type is
.pd-standard
device-name
-
An optional name to display the disk name in the guest operating system. Must be
the same as
name
if used with--container-mount-disk
. If omitted, a device name of the formpersistent-disk-N
is used. If omitted and used with--container-mount-disk
(where thename
of the container mount disk is the same as in this flag), a device name equal to diskname
is used. provisioned-iops
- Indicates how many IOPS to provision for the disk. This sets the number of I/O operations per second that the disk can handle. Value must be between 10,000 and 120,000.
provisioned-throughput
- Indicates how much throughput to provision for the disk. This sets the number of throughput mb per second that the disk can handle.
disk-resource-policy
-
Resource policy to apply to the disk. Specify a full or partial URL. For
example:
-
https://www.googleapis.com/compute/v1/projects/my-project/regions/us-central1/resourcePolicies/my-resource-policy
-
projects/my-project/regions/us-central1/resourcePolicies/my-resource-policy
For more information, see the following docs:
-
auto-delete
-
If
, this persistent disk will be automatically deleted when the instance is deleted. However, if the disk is later detached from the instance, this option won't apply. The default value for this isyes
.yes
architecture
- Specifies the architecture or processor type that this disk can support. For available processor types on Compute Engine, see https://cloud.google.com/compute/docs/cpu-platforms.
storage-pool
- The name of the storage pool in which the new disk is created. The new disk and the storage pool must be in the same location.
interface
-
The interface to use with the disk. The value must be one of the following:
- SCSI
- NVME
replica-zones
- Required for each regional disk associated with the instance. Specify the URLs of the zones where the disk should be replicated to. You must provide exactly two replica zones, and one zone must be the same as the instance zone.
--description
=DESCRIPTION
- Specifies a textual description for the instance template.
--disk
=[auto-delete
=AUTO-DELETE
],[boot
=BOOT
],[device-name
=DEVICE-NAME
],[interface
=INTERFACE
],[mode
=MODE
],[name
=NAME
]-
Attaches an existing disk to the instances.
name
-
The disk to attach to the instances. If you create more than one instance, you
can only attach a disk in read-only mode. By default, you attach a zonal disk
located in the same zone of the instance. If you want to attach a regional disk,
you must specify the disk using its URI; for example,
.projects/myproject/regions/us-central1/disks/my-regional-disk
mode
-
The mode of the disk. Supported options are
for read-only mode andro
for read-write mode. If omitted,rw
is used as a default value. If you userw
when creating more than one instance, you encounter errors.rw
boot
-
If set to
, you attach a boot disk. The virtual machine then uses the first partition of the disk for the root file systems. The default value for this isyes
.no
device-name
-
An optional name to display the disk name in the guest operating system. Must be
the same as
name
if used with--container-mount-disk
. If omitted, a device name of the formpersistent-disk-N
is used. If omitted and used with--container-mount-disk
(where thename
of the container mount disk is the same as in this flag), a device name equal to diskname
is used. auto-delete
-
If set to
, the persistent disk is automatically deleted when the instance is deleted. However, if you detach the disk from the instance, deleting the instance doesn't delete the disk. The default value isyes
.yes
interface
-
The interface to use for the disk. The value must be one of the following:
- SCSI
- NVME
--external-ipv6-address
=EXTERNAL_IPV6_ADDRESS
- Assigns the given external IPv6 address to the instance that is created. The address must be the first IP address in the range. This option can be used only when creating a single instance.
--external-ipv6-prefix-length
=EXTERNAL_IPV6_PREFIX_LENGTH
-
The prefix length of the external IPv6 address range. This field should be used
together with
--external-ipv6-address
. Only the /96 IP address range is supported, and the default value is 96. --internal-ipv6-address
=INTERNAL_IPV6_ADDRESS
- Assigns the given internal IPv6 address or range to the instance that is created. The address must be the first IP address in the range or from a /96 IP address range. This option can be used only when creating a single instance.
--internal-ipv6-prefix-length
=INTERNAL_IPV6_PREFIX_LENGTH
- Optional field that indicates the prefix length of the internal IPv6 address range. It should be used together with --internal-ipv6-address. Only /96 IP address range is supported and the default value is 96. If not set, either the prefix length from --internal-ipv6-address will be used or the default value of 96 will be assigned.
--ipv6-network-tier
=IPV6_NETWORK_TIER
-
Specifies the IPv6 network tier that will be used to configure the instance
network interface IPv6 access config.
IPV6_NETWORK_TIER
must be (only one value is supported):PREMIUM
- High quality, Google-grade network tier.
--labels
=[KEY
=VALUE
,…]-
List of label KEY=VALUE pairs to add.
Keys must start with a lowercase character and contain only hyphens (
-
), underscores (_
), lowercase characters, and numbers. Values must contain only hyphens (-
), underscores (_
), lowercase characters, and numbers. --machine-type
=MACHINE_TYPE
- Specifies the machine type used for the instances. To get a list of available machine types, run 'gcloud compute machine-types list'. If unspecified, the default type is n1-standard-1.
--maintenance-policy
=MAINTENANCE_POLICY
-
Specifies the behavior of the VMs when their host machines undergo maintenance.
The default is MIGRATE. For more information, see https://cloud.google.com/compute/docs/instances/host-maintenance-options.
MAINTENANCE_POLICY
must be one of:MIGRATE
- The instances should be migrated to a new host. This will temporarily impact the performance of instances during a migration event.
TERMINATE
- The instances should be terminated.
--metadata
=KEY
=VALUE
,[KEY
=VALUE
,…]-
Metadata to be made available to the guest operating system running on the
instances. Each metadata entry is a key/value pair separated by an equals sign.
Each metadata key must be unique and have a max of 128 bytes in length. Each
value must have a max of 256 KB in length. Multiple arguments can be passed to
this flag, e.g.,
. The combined total size for all metadata entries is 512 KB.--metadata key-1=value-1,key-2=value-2,key-3=value-3
In images that have Compute Engine tools installed on them, such as the official images, the following metadata keys have special meanings:
startup-script
-
Specifies a script that will be executed by the instances once they start
running. For convenience,
can be used to pull the value from a file.--metadata-from-file
startup-script-url
-
Same as
except that the script contents are pulled from a publicly-accessible location on the web. For startup scripts on Windows instances, the following metadata keys have special meanings:startup-script
,windows-startup-script-url
,windows-startup-script-cmd
,windows-startup-script-bat
,windows-startup-script-ps1
,sysprep-specialize-script-url
,sysprep-specialize-script-cmd
, andsysprep-specialize-script-bat
. For more information, see Running startup scripts.sysprep-specialize-script-ps1
--metadata-from-file
=KEY
=LOCAL_FILE_PATH
,[…]-
Same as
except that the value for the entry will be read from a local file. This is useful for values that are too large such as--metadata
contents.startup-script
--min-cpu-platform
=PLATFORM
-
When specified, the VM will be scheduled on host with specified CPU architecture
or a newer one. To list available CPU platforms in given zone, run:
gcloud compute zones describe ZONE --format="value(availableCpuPlatforms)"
Default setting is "AUTOMATIC".
CPU platform selection is available only in selected zones.
You can find more information on-line: https://cloud.google.com/compute/docs/instances/specify-min-cpu-platform
--network
=NETWORK
-
Specifies the network that the VM instances are a part of. If
--subnet
is also specified, subnet must be a subnetwork of the network specified by this--network
flag. If neither is specified, the default network is used. --network-interface
=[PROPERTY
=VALUE
,…]-
Adds a network interface to the instance. Mutually exclusive with any of these
flags:
--address
,--network
,--network-tier
,--subnet
,--private-network-ip
,--stack-type
,--ipv6-network-tier
,--internal-ipv6-address
,--internal-ipv6-prefix-length
,--ipv6-address
,--ipv6-prefix-length
,--external-ipv6-address
,--external-ipv6-prefix-length
. This flag can be repeated to specify multiple network interfaces.The following keys are allowed:
address
- Assigns the given external address to the instance that is created. Specifying an empty string will assign an ephemeral IP. Mutually exclusive with no-address. If neither key is present the instance will get an ephemeral IP.
network
- Specifies the network that the interface will be part of. If subnet is also specified it must be subnetwork of this network. If neither is specified, this defaults to the "default" network.
no-address
- If specified the interface will have no external IP. Mutually exclusive with address. If neither key is present the instance will get an ephemeral IP.
network-tier
-
Specifies the network tier of the interface.
must be one of:NETWORK_TIER
PREMIUM
,STANDARD
. The default value isPREMIUM
. private-network-ip
- Assigns the given RFC1918 IP address to the interface.
subnet
- Specifies the subnet that the interface will be part of. If network key is also specified this must be a subnetwork of the specified network.
nic-type
-
Specifies the Network Interface Controller (NIC) type for the interface.
must be one of:NIC_TYPE
GVNIC
,VIRTIO_NET
. stack-type
-
Specifies whether IPv6 is enabled on the interface.
must be one of:STACK_TYPE
IPV4_ONLY
,IPV4_IPV6
. The default value isIPV4_ONLY
. ipv6-network-tier
-
Specifies the IPv6 network tier that will be used to configure the instance
network interface IPv6 access config.
must beIPV6_NETWORK_TIER
PREMIUM
(currently only one value is supported). internal-ipv6-address
- Assigns the given internal IPv6 address or range to the instance that is created. The address must be the first IP address in the range or from a /96 IP address range. This option can be used only when creating a single instance.
internal-ipv6-prefix-length
- Optional field that indicates the prefix length of the internal IPv6 address range. It should be used together with internal-ipv6-address. Only /96 IP address range is supported and the default value is 96. If not set, either the prefix length from --internal-ipv6-address will be used or the default value of 96 will be assigned.
external-ipv6-address
- Assigns the given external IPv6 address to the instance that is created. The address must be the first IP address in the range. This option can be used only when creating a single instance.
external-ipv6-prefix-length
- The prefix length of the external IPv6 address range. This field should be used together with external-ipv6-address. Only the /96 IP address range is supported, and the default value is 96.
aliases
-
Specifies the IP alias ranges to allocate for this interface. If there are
multiple IP alias ranges, they are separated by semicolons.
For example:
--aliases="10.128.1.0/24;range1:/32"
Each IP alias range consists of a range name and a CIDR netmask (e.g./24
) separated by a colon or just the netmask. The range name is the name of the range within the network interface's subnet from which to allocate an IP alias range. If unspecified, it defaults to the primary IP range of the subnet. The IP allocator will pick an available range with the specified netmask and allocate it to this network interface. network-attachment
-
Specifies the network attachment that this interface should connect to. Mutually
exclusive with
--network
and--subnet
flags.
--network-tier
=NETWORK_TIER
-
Specifies the network tier that will be used to configure the instance.
must be one of:NETWORK_TIER
PREMIUM
,STANDARD
. The default value isPREMIUM
. --preemptible
- If provided, instances will be preemptible and time-limited. Instances might be preempted to free up resources for standard VM instances, and will only be able to run for a limited amount of time. Preemptible instances can not be restarted and will not migrate.
--private-ipv6-google-access-type
=PRIVATE_IPV6_GOOGLE_ACCESS_TYPE
-
The private IPv6 Google access type for the VM.
PRIVATE_IPV6_GOOGLE_ACCESS_TYPE
must be one of:enable-bidirectional-access
,enable-outbound-vm-access
,inherit-subnetwork
. --private-network-ip
=PRIVATE_NETWORK_IP
- Specifies the RFC1918 IP to assign to the instance. The IP should be in the subnet or legacy network IP range.
--region
=REGION
-
Region of the instance template to create. If not specified, you might be
prompted to select a region (interactive mode only).
To avoid prompting when this flag is omitted, you can set the
property:compute/region
gcloud config set compute/region REGION
A list of regions can be fetched by running:
gcloud compute regions list
To unset the property, run:
gcloud config unset compute/region
Alternatively, the region can be stored in the environment variable
.CLOUDSDK_COMPUTE_REGION
--resource-policies
=[RESOURCE_POLICY
,…]- A list of resource policy names (not URLs) to be added to each instance created using this instance template. If you attach any resource policies to an instance template, you can only use that instance template to create instances that are in the same region as the resource policies. Do not include resource policies that are located in different regions in the same instance template.
--restart-on-failure
-
The instances will be restarted if they are terminated by Compute Engine. This
does not affect terminations performed by the user. Enabled by default, use
--no-restart-on-failure
to disable. --shielded-integrity-monitoring
-
Enables monitoring and attestation of the boot integrity of the instance. The
attestation is performed against the integrity policy baseline. This baseline is
initially derived from the implicitly trusted boot image when the instance is
created. This baseline can be updated by using
gcloud compute instances update --shielded-learn-integrity-policy
. On Shielded VM instances, integrity monitoring is enabled by default. For information about how to modify Shielded VM options, see https://cloud.google.com/compute/docs/instances/modifying-shielded-vm. For information about monitoring integrity on Shielded VM instances, see https://cloud.google.com/compute/docs/instances/integrity-monitoring." --shielded-secure-boot
- The instance boots with secure boot enabled. On Shielded VM instances, Secure Boot is not enabled by default. For information about how to modify Shielded VM options, see https://cloud.google.com/compute/docs/instances/modifying-shielded-vm.
--shielded-vtpm
- The instance boots with the TPM (Trusted Platform Module) enabled. A TPM is a hardware module that can be used for different security operations such as remote attestation, encryption, and sealing of keys. On Shielded VM instances, vTPM is enabled by default. For information about how to modify Shielded VM options, see https://cloud.google.com/compute/docs/instances/modifying-shielded-vm.
--stack-type
=STACK_TYPE
-
Specifies whether IPv6 is enabled on the default network interface. If not
specified, IPV4_ONLY will be used.
STACK_TYPE
must be one of:IPV4_IPV6
- The network interface can have both IPv4 and IPv6 addresses
IPV4_ONLY
- The network interface will be assigned IPv4 addresses
--subnet
=SUBNET
-
Specifies the subnet that the VM instances are a part of. If
--network
is also specified, subnet must be a subnetwork of the network specified by the--network
flag. -
Specifies a list of tags to apply to the instance. These tags allow network
firewall rules and routes to be applied to specified VM instances. See
gcloud compute firewall-rules create
(1) for more details.To read more about configuring network tags, read this guide: https://cloud.google.com/vpc/docs/add-remove-network-tags
To list instances with their respective status and tags, run:
gcloud compute instances list --format='table(name,status,tags.list())'
To list instances tagged with a specific tag,
tag1
, run:gcloud compute instances list --filter='tags:tag1'
-
At most one of these can be specified:
--address
=ADDRESS
- Assigns the given external IP address to the instance that is created. This option can only be used when creating a single instance.
--no-address
- If provided, the instances are not assigned external IP addresses. To pull container images, you must configure private Google access if using Container Registry or configure Cloud NAT for instances to access container images directly. For more information, see:
-
Custom machine type extensions.
--custom-cpu
=CUSTOM_CPU
-
A whole number value specifying the number of cores that are needed in the
custom machine type.
For some machine types, shared-core values can also be used. For example, for E2 machine types, you can specify
micro
,small
, ormedium
.This flag argument must be specified if any of the other arguments in this group are specified.
--custom-memory
=CUSTOM_MEMORY
-
A whole number value indicating how much memory is desired in the custom machine
type. A size unit should be provided (eg. 3072MB or 9GB) - if no units are
specified, GB is assumed.
This flag argument must be specified if any of the other arguments in this group are specified.
--custom-extensions
- Use the extended custom machine type.
--custom-vm-type
=CUSTOM_VM_TYPE
-
Specifies a custom machine type. The default is
n1
. For more information about custom machine types, see: https://cloud.google.com/compute/docs/general-purpose-machines#custom_machine_types
--image-project
=IMAGE_PROJECT
-
The Google Cloud project against which all image and image family references
will be resolved. It is best practice to define image-project. A full list of
available projects can be generated by running
gcloud projects list
.- If specifying one of our public images, image-project must be provided.
- If there are several of the same image-family value in multiple projects, image-project must be specified to clarify the image to be used.
- If not specified and either image or image-family is provided, the current default project is used.
-
At most one of these can be specified:
--image
=IMAGE
-
Specifies the boot image for the instances. For each instance, a new boot disk
will be created from the given image. Each boot disk will have the same name as
the instance. To view a list of public images and projects, run
$ gcloud compute images list
. It is best practice to use--image
when a specific version of an image is needed.When using this option,
and--boot-disk-device-name
can be used to override the boot disk's device name and size, respectively.--boot-disk-size
--image-family
=IMAGE_FAMILY
-
The image family for the operating system that the boot disk will be initialized
with. Compute Engine offers multiple Linux distributions, some of which are
available as both regular and Shielded VM images. When a family is specified
instead of an image, the latest non-deprecated image associated with that family
is used. It is best practice to use
--image-family
when the latest version of an image is needed.By default,
is assumed for this flag.debian-12
-
Specifies the reservation for instances created from this template.
--reservation
=RESERVATION
-
The name of the reservation, required when
--reservation-affinity=specific
. --reservation-affinity
=RESERVATION_AFFINITY
; default="any"-
The type of reservation for instances created from this template.
RESERVATION_AFFINITY
must be one of:any
- Consume any available, matching reservation.
none
- Do not consume from any reserved capacity.
specific
- Must consume from a specific reservation.
-
At most one of these can be specified:
--scopes
=[SCOPE
,…]-
If not provided, the instance will be assigned the default scopes, described
below.
SCOPE can be either the full URI of the scope or an alias.
Default
scopes are assigned to all instances. Available aliases are:Alias URI bigquery https://www.googleapis.com/auth/bigquery cloud-platform https://www.googleapis.com/auth/cloud-platform cloud-source-repos https://www.googleapis.com/auth/source.full_control cloud-source-repos-ro https://www.googleapis.com/auth/source.read_only compute-ro https://www.googleapis.com/auth/compute.readonly compute-rw https://www.googleapis.com/auth/compute datastore https://www.googleapis.com/auth/datastore default https://www.googleapis.com/auth/devstorage.read_only https://www.googleapis.com/auth/logging.write https://www.googleapis.com/auth/monitoring.write https://www.googleapis.com/auth/pubsub https://www.googleapis.com/auth/service.management.readonly https://www.googleapis.com/auth/servicecontrol https://www.googleapis.com/auth/trace.append gke-default https://www.googleapis.com/auth/devstorage.read_only https://www.googleapis.com/auth/logging.write https://www.googleapis.com/auth/monitoring https://www.googleapis.com/auth/service.management.readonly https://www.googleapis.com/auth/servicecontrol https://www.googleapis.com/auth/trace.append logging-write https://www.googleapis.com/auth/logging.write monitoring https://www.googleapis.com/auth/monitoring monitoring-read https://www.googleapis.com/auth/monitoring.read monitoring-write https://www.googleapis.com/auth/monitoring.write pubsub https://www.googleapis.com/auth/pubsub service-control https://www.googleapis.com/auth/servicecontrol service-management https://www.googleapis.com/auth/service.management.readonly sql (deprecated) https://www.googleapis.com/auth/sqlservice sql-admin https://www.googleapis.com/auth/sqlservice.admin storage-full https://www.googleapis.com/auth/devstorage.full_control storage-ro https://www.googleapis.com/auth/devstorage.read_only storage-rw https://www.googleapis.com/auth/devstorage.read_write taskqueue https://www.googleapis.com/auth/taskqueue trace https://www.googleapis.com/auth/trace.append userinfo-email https://www.googleapis.com/auth/userinfo.email sql
alias do not provide SQL instance management capabilities and have been deprecated. Please, use https://www.googleapis.com/auth/sqlservice.admin orsql-admin
to manage your Google SQL Service instances. --no-scopes
- Create instance without scopes
-
At most one of these can be specified:
--service-account
=SERVICE_ACCOUNT
-
A service account is an identity attached to the instance. Its access tokens can
be accessed through the instance metadata server and are used to authenticate
applications on the instance. The account can be set using an email address
corresponding to the required service account.
If not provided, the instance will use the project's default service account.
--no-service-account
- Create instance without service account
- GCLOUD WIDE FLAGS
-
These flags are available to all commands:
--access-token-file
,--account
,--billing-project
,--configuration
,--flags-file
,--flatten
,--format
,--help
,--impersonate-service-account
,--log-http
,--project
,--quiet
,--trace-token
,--user-output-enabled
,--verbosity
.Run
$ gcloud help
for details. - NOTES
-
These variants are also available:
gcloud alpha compute instance-templates create-with-container
gcloud beta compute instance-templates create-with-container
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2024-11-12 UTC.