gcloud compute machine-images create

NAME: gcloud compute machine-images create - create a Compute Engine machine image
SYNOPSIS: gcloud compute machine-images create IMAGE --source-instance=SOURCE_INSTANCE [--csek-key-file=FILE] [--description=DESCRIPTION] [--guest-flush] [--no-require-csek-key-create] [--source-disk-csek-key=[PROPERTY=VALUE,…]] [--source-instance-zone=SOURCE_INSTANCE_ZONE] [--storage-location=LOCATION] [--kms-key=KMS_KEY : --kms-keyring=KMS_KEYRING --kms-location=KMS_LOCATION --kms-project=KMS_PROJECT] [GCLOUD_WIDE_FLAG …]
DESCRIPTION: Create a Compute Engine machine image.
EXAMPLES: To create a machine image, run:
gcloud compute machine-images create my-machine-image --source-instance=example-source --source-instance-zone=us-central1-a
POSITIONAL ARGUMENTS: IMAGE

Name of the machineImage to create.
REQUIRED FLAGS: --source-instance=SOURCE_INSTANCE

The source instance to create a machine image from.
OPTIONAL FLAGS: --csek-key-file=FILE

Path to a Customer-Supplied Encryption Key (CSEK) key file that maps Compute Engine machine images to user managed keys to be used when creating, mounting, or taking snapshots of disks.
If you pass - as value of the flag, the CSEK is read from stdin. See https://cloud.google.com/compute/docs/disks/customer-supplied-encryption for more details.

--description=DESCRIPTION

Specifies a text description of the machine image.

--guest-flush

Create an application-consistent machine image by informing the OS to prepare for the snapshot process.

--require-csek-key-create

Refuse to create machine images not protected by a user managed key in the key file when --csek-key-file is given. This behavior is enabled by default to prevent incorrect gcloud invocations from accidentally creating machine images with no user managed key. Disabling the check allows creation of some machine images without a matching Customer-Supplied Encryption Key in the supplied --csek-key-file. See https://cloud.google.com/compute/docs/disks/customer-supplied-encryption for more details. Enabled by default, use --no-require-csek-key-create to disable.

--source-disk-csek-key=[PROPERTY=VALUE,…]

Customer-supplied encryption key of the disk attached to the source instance. Required if the source disk is protected by a customer-supplied encryption key. This flag can be repeated to specify multiple attached disks.

disk

URL of the disk attached to the source instance. This can be a full or valid partial URL

csek-key-file

path to customer-supplied encryption key.

--source-instance-zone=SOURCE_INSTANCE_ZONE

Zone of the instance to operate on. If not specified and the compute/zone property isn't set, you might be prompted to select a zone (interactive mode only).
To avoid prompting when this flag is omitted, you can set the compute/zone property:
gcloud config set compute/zone ZONE

A list of zones can be fetched by running:
gcloud compute zones list

To unset the property, run:
gcloud config unset compute/zone

Alternatively, the zone can be stored in the environment variable CLOUDSDK_COMPUTE_ZONE.

--storage-location=LOCATION

Google Cloud Storage location, either regional or multi-regional, where machine image's content is to be stored. If absent, a nearby regional or multi-regional location is chosen automatically.

Key resource - The Cloud KMS (Key Management Service) cryptokey that will be used to protect the machine image. The 'Compute Engine Service Agent' service account must hold permission 'Cloud KMS CryptoKey Encrypter/Decrypter'. The arguments in this group can be used to specify the attributes of this resource.

--kms-key=KMS_KEY

ID of the key or fully qualified identifier for the key.
To set the kms-key attribute:

provide the argument --kms-key on the command line.

This flag argument must be specified if any of the other arguments in this group are specified.

--kms-keyring=KMS_KEYRING

The KMS keyring of the key.
To set the kms-keyring attribute:

provide the argument --kms-key on the command line with a fully specified name;

provide the argument --kms-keyring on the command line.

--kms-location=KMS_LOCATION

The Google Cloud location for the key.
To set the kms-location attribute:

provide the argument --kms-key on the command line with a fully specified name;

provide the argument --kms-location on the command line.

--kms-project=KMS_PROJECT

The Google Cloud project for the key.
To set the kms-project attribute:

provide the argument --kms-key on the command line with a fully specified name;

provide the argument --kms-project on the command line;

set the property core/project.
GCLOUD WIDE FLAGS: These flags are available to all commands: --access-token-file, --account, --billing-project, --configuration, --flags-file, --flatten, --format, --help, --impersonate-service-account, --log-http, --project, --quiet, --trace-token, --user-output-enabled, --verbosity.
Run $ gcloud help for details.
NOTES: These variants are also available:
gcloud alpha compute machine-images create

gcloud beta compute machine-images create