File: //snap/google-cloud-cli/current/help/man/man1/gcloud_alpha_compute_instance-templates_create.1
.TH "GCLOUD_ALPHA_COMPUTE_INSTANCE\-TEMPLATES_CREATE" 1
.SH "NAME"
.HP
gcloud alpha compute instance\-templates create \- create a Compute Engine virtual machine instance template
.SH "SYNOPSIS"
.HP
\f5gcloud alpha compute instance\-templates create\fR \fINAME\fR [\fB\-\-accelerator\fR=[\fIcount\fR=\fICOUNT\fR],[\fItype\fR=\fITYPE\fR]] [\fB\-\-no\-boot\-disk\-auto\-delete\fR] [\fB\-\-boot\-disk\-device\-name\fR=\fIBOOT_DISK_DEVICE_NAME\fR] [\fB\-\-boot\-disk\-interface\fR=\fIBOOT_DISK_INTERFACE\fR] [\fB\-\-boot\-disk\-provisioned\-iops\fR=\fIBOOT_DISK_PROVISIONED_IOPS\fR] [\fB\-\-boot\-disk\-provisioned\-throughput\fR=\fIBOOT_DISK_PROVISIONED_THROUGHPUT\fR] [\fB\-\-boot\-disk\-size\fR=\fIBOOT_DISK_SIZE\fR] [\fB\-\-boot\-disk\-type\fR=\fIBOOT_DISK_TYPE\fR] [\fB\-\-can\-ip\-forward\fR] [\fB\-\-configure\-disk\fR=[\fIPROPERTY\fR=\fIVALUE\fR,...]] [\fB\-\-create\-disk\fR=[\fIPROPERTY\fR=\fIVALUE\fR,...]] [\fB\-\-description\fR=\fIDESCRIPTION\fR] [\fB\-\-discard\-local\-ssds\-at\-termination\-timestamp\fR=\fIDISCARD_LOCAL_SSDS_AT_TERMINATION_TIMESTAMP\fR] [\fB\-\-disk\fR=[\fIauto\-delete\fR=\fIAUTO\-DELETE\fR],[\fIboot\fR=\fIBOOT\fR],[\fIdevice\-name\fR=\fIDEVICE\-NAME\fR],[\fIinterface\fR=\fIINTERFACE\fR],[\fImode\fR=\fIMODE\fR],[\fIname\fR=\fINAME\fR]] [\fB\-\-enable\-display\-device\fR] [\fB\-\-[no\-]enable\-nested\-virtualization\fR] [\fB\-\-[no\-]enable\-uefi\-networking\fR] [\fB\-\-enable\-watchdog\-timer\fR] [\fB\-\-external\-ipv6\-address\fR=\fIEXTERNAL_IPV6_ADDRESS\fR] [\fB\-\-external\-ipv6\-prefix\-length\fR=\fIEXTERNAL_IPV6_PREFIX_LENGTH\fR] [\fB\-\-graceful\-shutdown\fR] [\fB\-\-graceful\-shutdown\-max\-duration\fR=\fIGRACEFUL_SHUTDOWN_MAX_DURATION\fR] [\fB\-\-host\-error\-timeout\-seconds\fR=\fIHOST_ERROR_TIMEOUT_SECONDS\fR] [\fB\-\-instance\-template\-region\fR=\fIINSTANCE_TEMPLATE_REGION\fR] [\fB\-\-instance\-termination\-action\fR=\fIINSTANCE_TERMINATION_ACTION\fR] [\fB\-\-internal\-ipv6\-address\fR=\fIINTERNAL_IPV6_ADDRESS\fR] [\fB\-\-internal\-ipv6\-prefix\-length\fR=\fIINTERNAL_IPV6_PREFIX_LENGTH\fR] [\fB\-\-ipv6\-address\fR=\fIIPV6_ADDRESS\fR] [\fB\-\-ipv6\-network\-tier\fR=\fIIPV6_NETWORK_TIER\fR] [\fB\-\-ipv6\-prefix\-length\fR=\fIIPV6_PREFIX_LENGTH\fR] [\fB\-\-key\-revocation\-action\-type\fR=\fIPOLICY\fR] [\fB\-\-labels\fR=[\fIKEY\fR=\fIVALUE\fR,...]] [\fB\-\-local\-nvdimm\fR=[\fIsize\fR=\fISIZE\fR]] [\fB\-\-local\-ssd\fR=[\fIdevice\-name\fR=\fIDEVICE\-NAME\fR],[\fIinterface\fR=\fIINTERFACE\fR],[\fIsize\fR=\fISIZE\fR]] [\fB\-\-local\-ssd\-recovery\-timeout\fR=\fILOCAL_SSD_RECOVERY_TIMEOUT\fR] [\fB\-\-machine\-type\fR=\fIMACHINE_TYPE\fR] [\fB\-\-maintenance\-interval\fR=\fIMAINTENANCE_INTERVAL\fR] [\fB\-\-max\-run\-duration\fR=\fIMAX_RUN_DURATION\fR] [\fB\-\-mesh\fR=[\fIgke\-cluster\fR=\fIGKE\-CLUSTER\fR],[\fIworkload\fR=\fIWORKLOAD\fR]] [\fB\-\-metadata\fR=\fIKEY\fR=\fIVALUE\fR,[\fIKEY\fR=\fIVALUE\fR,...]] [\fB\-\-metadata\-from\-file\fR=\fIKEY\fR=\fILOCAL_FILE_PATH\fR,[...]] [\fB\-\-min\-cpu\-platform\fR=\fIPLATFORM\fR] [\fB\-\-min\-node\-cpu\fR=\fIMIN_NODE_CPU\fR] [\fB\-\-network\fR=\fINETWORK\fR] [\fB\-\-network\-interface\fR=[\fIPROPERTY\fR=\fIVALUE\fR,...]] [\fB\-\-network\-performance\-configs\fR=[\fIPROPERTY\fR=\fIVALUE\fR,...]] [\fB\-\-network\-tier\fR=\fINETWORK_TIER\fR] [\fB\-\-numa\-node\-count\fR=\fINUMA_NODE_COUNT\fR] [\fB\-\-partner\-metadata\fR=[\fINAMESPACE\fR/\fIKEY\fR=\fIVALUE\fR,...]] [\fB\-\-partner\-metadata\-from\-file\fR=\fILOCAL_FILE_PATH\fR] [\fB\-\-performance\-monitoring\-unit\fR=\fIPERFORMANCE_MONITORING_UNIT\fR] [\fB\-\-post\-key\-revocation\-action\-type\fR=\fIPOLICY\fR] [\fB\-\-preemptible\fR] [\fB\-\-preemption\-notice\-duration\fR=\fIPREEMPTION_NOTICE_DURATION\fR] [\fB\-\-private\-ipv6\-google\-access\-type\fR=\fIPRIVATE_IPV6_GOOGLE_ACCESS_TYPE\fR] [\fB\-\-private\-network\-ip\fR=\fIPRIVATE_NETWORK_IP\fR] [\fB\-\-provisioning\-model\fR=\fIPROVISIONING_MODEL\fR] [\fB\-\-region\fR=\fIREGION\fR] [\fB\-\-resource\-manager\-tags\fR=[\fIKEY\fR=\fIVALUE\fR,...]] [\fB\-\-resource\-policies\fR=[\fIRESOURCE_POLICY\fR,...]] [\fB\-\-no\-restart\-on\-failure\fR] [\fB\-\-shielded\-integrity\-monitoring\fR] [\fB\-\-shielded\-secure\-boot\fR] [\fB\-\-shielded\-vtpm\fR] [\fB\-\-[no\-]skip\-guest\-os\-shutdown\fR] [\fB\-\-source\-instance\fR=\fISOURCE_INSTANCE\fR] [\fB\-\-source\-instance\-zone\fR=\fISOURCE_INSTANCE_ZONE\fR] [\fB\-\-stack\-type\fR=\fISTACK_TYPE\fR] [\fB\-\-subnet\fR=\fISUBNET\fR] [\fB\-\-subnet\-region\fR=\fISUBNET_REGION\fR] [\fB\-\-tags\fR=\fITAG\fR,[\fITAG\fR,...]] [\fB\-\-termination\-time\fR=\fITERMINATION_TIME\fR] [\fB\-\-threads\-per\-core\fR=\fITHREADS_PER_CORE\fR] [\fB\-\-turbo\-mode\fR=\fITURBO_MODE\fR] [\fB\-\-visible\-core\-count\fR=\fIVISIBLE_CORE_COUNT\fR] [\fB\-\-address\fR=\fIADDRESS\fR\ |\ \fB\-\-no\-address\fR] [\fB\-\-boot\-disk\-kms\-key\fR=\fIBOOT_DISK_KMS_KEY\fR\ :\ \fB\-\-boot\-disk\-kms\-keyring\fR=\fIBOOT_DISK_KMS_KEYRING\fR\ \fB\-\-boot\-disk\-kms\-location\fR=\fIBOOT_DISK_KMS_LOCATION\fR\ \fB\-\-boot\-disk\-kms\-project\fR=\fIBOOT_DISK_KMS_PROJECT\fR] [\fB\-\-confidential\-compute\fR\ |\ \fB\-\-confidential\-compute\-type\fR=\fICONFIDENTIAL_COMPUTE_TYPE\fR] [\fB\-\-custom\-cpu\fR=\fICUSTOM_CPU\fR\ \fB\-\-custom\-memory\fR=\fICUSTOM_MEMORY\fR\ :\ \fB\-\-custom\-extensions\fR\ \fB\-\-custom\-vm\-type\fR=\fICUSTOM_VM_TYPE\fR] [\fB\-\-image\-project\fR=\fIIMAGE_PROJECT\fR\ \fB\-\-image\fR=\fIIMAGE\fR\ |\ \fB\-\-image\-family\fR=\fIIMAGE_FAMILY\fR] [\fB\-\-maintenance\-policy\fR=\fIMAINTENANCE_POLICY\fR\ |\ \fB\-\-on\-host\-maintenance\fR=\fIMAINTENANCE_POLICY\fR] [\fB\-\-node\fR=\fINODE\fR\ |\ \fB\-\-node\-affinity\-file\fR=\fIPATH_TO_FILE\fR\ |\ \fB\-\-node\-group\fR=\fINODE_GROUP\fR] [\fB\-\-reservation\fR=\fIRESERVATION\fR\ \fB\-\-reservation\-affinity\fR=\fIRESERVATION_AFFINITY\fR;\ default="any"] [\fB\-\-scopes\fR=[\fISCOPE\fR,...]\ |\ \fB\-\-no\-scopes\fR] [\fB\-\-service\-account\fR=\fISERVICE_ACCOUNT\fR\ |\ \fB\-\-no\-service\-account\fR] [\fB\-\-service\-proxy\fR=[\fIenabled\fR],[\fIintercept\-all\-outbound\-traffic\fR],[\fIintercept\-dns\fR],[\fIaccess\-log\fR=\fIACCESS\-LOG\fR],[\fIexclude\-outbound\-ip\-ranges\fR=\fIEXCLUDE\-OUTBOUND\-IP\-RANGES\fR],[\fIexclude\-outbound\-port\-ranges\fR=\fIEXCLUDE\-OUTBOUND\-PORT\-RANGES\fR],[\fImesh\fR=\fIMESH\fR],[\fInetwork\fR=\fINETWORK\fR],[\fIproject\-number\fR=\fIPROJECT\-NUMBER\fR],[\fIproxy\-port\fR=\fIPROXY\-PORT\fR],[\fIscope\fR=\fISCOPE\fR],[\fIserving\-ports\fR=\fISERVING\-PORTS\fR],[\fIsource\fR=\fISOURCE\fR],[\fItracing\fR=\fITRACING\fR]\ \fB\-\-service\-proxy\-labels\fR=[\fIKEY\fR=\fIVALUE\fR,\ ...,...]] [\fIGCLOUD_WIDE_FLAG\ ...\fR]
.SH "DESCRIPTION"
\fB(ALPHA)\fR \fBgcloud alpha compute instance\-templates create\fR facilitates
the creation of Compute Engine virtual machine instance templates. Instance
templates are global resources, and can be used to create instances in any zone.
.SH "EXAMPLES"
To create an instance template named 'INSTANCE\-TEMPLATE' with the 'n2' vm type,
\'9GB' memory, and 2 CPU cores, run:
.RS 2m
$ gcloud alpha compute instance\-templates create INSTANCE\-TEMPLATE \e
\-\-custom\-vm\-type=n2 \-\-custom\-cpu=2 \-\-custom\-memory=9GB
.RE
.SH "POSITIONAL ARGUMENTS"
.RS 2m
.TP 2m
\fINAME\fR
Name of the instance template to create.
.RE
.sp
.SH "FLAGS"
.RS 2m
.TP 2m
\fB\-\-accelerator\fR=[\fIcount\fR=\fICOUNT\fR],[\fItype\fR=\fITYPE\fR]
Attaches accelerators (e.g. GPUs) to the instances.
.RS 2m
.TP 2m
\fBtype\fR
The specific type (e.g. nvidia\-tesla\-t4 for NVIDIA T4) of accelerator to
attach to the instances. Use 'gcloud compute accelerator\-types list' to learn
about all available accelerator types.
.TP 2m
\fBcount\fR
Number of accelerators to attach to each instance. The default value is 1.
.RE
.sp
.TP 2m
\fB\-\-boot\-disk\-auto\-delete\fR
Automatically delete boot disks when their instances are deleted. Enabled by
default, use \fB\-\-no\-boot\-disk\-auto\-delete\fR to disable.
.TP 2m
\fB\-\-boot\-disk\-device\-name\fR=\fIBOOT_DISK_DEVICE_NAME\fR
The name the guest operating system will see for the boot disk. This option can
only be specified if a new boot disk is being created (as opposed to mounting an
existing persistent disk).
.TP 2m
\fB\-\-boot\-disk\-interface\fR=\fIBOOT_DISK_INTERFACE\fR
Indicates the interface to use for the boot disk. The value must be one of the
following:
.RS 2m
.IP "\(em" 2m
SCSI
.IP "\(em" 2m
NVME
.RE
.sp
.TP 2m
\fB\-\-boot\-disk\-provisioned\-iops\fR=\fIBOOT_DISK_PROVISIONED_IOPS\fR
Indicates how many IOPS to provision for the disk. This sets the number of I/O
operations per second that the disk can handle.
.TP 2m
\fB\-\-boot\-disk\-provisioned\-throughput\fR=\fIBOOT_DISK_PROVISIONED_THROUGHPUT\fR
Indicates how much throughput to provision for the disk. This sets the number of
throughput mb per second that the disk can handle.
.TP 2m
\fB\-\-boot\-disk\-size\fR=\fIBOOT_DISK_SIZE\fR
The size of the boot disk. This option can only be specified if a new boot disk
is being created (as opposed to mounting an existing persistent disk). The value
must be a whole number followed by a size unit of \f5\fIKB\fR\fR for kilobyte,
\f5\fIMB\fR\fR for megabyte, \f5\fIGB\fR\fR for gigabyte, or \f5\fITB\fR\fR for
terabyte. For example, \f5\fI10GB\fR\fR will produce a 10 gigabyte disk. Disk
size must be a multiple of 1 GB. Default size unit is \f5\fIGB\fR\fR.
.TP 2m
\fB\-\-boot\-disk\-type\fR=\fIBOOT_DISK_TYPE\fR
The type of the boot disk. This option can only be specified if a new boot disk
is being created (as opposed to mounting an existing persistent disk). To get a
list of available disk types, run \f5$ gcloud compute disk\-types list\fR.
.TP 2m
\fB\-\-can\-ip\-forward\fR
If provided, allows the instances to send and receive packets with non\-matching
destination or source IP addresses.
.TP 2m
\fB\-\-configure\-disk\fR=[\fIPROPERTY\fR=\fIVALUE\fR,...]
This option has effect only when used with \f5\-\-source\-instance\fR. It allows
you to override how the source\-instance's disks are defined in the template.
.RS 2m
.TP 2m
\fBdevice\-name\fR
Name of the device for which the configuration is being overridden.
.TP 2m
\fBauto\-delete\fR
If \f5true\fR, this persistent disk will be automatically deleted when the
instance is deleted. However, if the disk is detached from the instance, this
option won't apply. If not provided, the setting is copied from the source
instance. Allowed values of the flag are: \f5false\fR, \f5no\fR, \f5true\fR, and
\f5yes\fR.
.TP 2m
\fBinstantiate\-from\fR
Specifies whether to include the disk and which image to use. Valid values are:
attach\-read\-only, blank, custom\-image, do\-not\-include, source\-image,
source\-image\-family
.TP 2m
\fBcustom\-image\fR
The custom image to use if custom\-image is specified for instantiate\-from.
.RE
.sp
.TP 2m
\fB\-\-create\-disk\fR=[\fIPROPERTY\fR=\fIVALUE\fR,...]
Creates and attaches persistent disks to the instances.
.RS 2m
.TP 2m
\fBname\fR
Specifies the name of the disk. This option cannot be specified if more than one
instance is being created.
.TP 2m
\fBdescription\fR
Optional textual description for the disk being created.
.TP 2m
\fBmode\fR
Specifies the mode of the disk. Supported options are \f5\fIro\fR\fR for
read\-only and \f5\fIrw\fR\fR for read\-write. If omitted, \f5\fIrw\fR\fR is
used as a default.
.TP 2m
\fBimage\fR
Specifies the name of the image that the disk will be initialized with. A new
disk will be created based on the given image. To view a list of public images
and projects, run \f5$ gcloud compute images list\fR. It is best practice to use
image when a specific version of an image is needed. If both image and
image\-family flags are omitted a blank disk will be created.
.TP 2m
\fBimage\-family\fR
The image family for the operating system that the boot disk will be initialized
with. Compute Engine offers multiple Linux distributions, some of which are
available as both regular and Shielded VM images. When a family is specified
instead of an image, the latest non\-deprecated image associated with that
family is used. It is best practice to use \-\-image\-family when the latest
version of an image is needed.
.TP 2m
\fBimage\-project\fR
The Google Cloud project against which all image and image family references
will be resolved. It is best practice to define image\-project. A full list of
available image projects can be generated by running \f5gcloud compute images
list\fR.
.RS 2m
.IP "\(bu" 2m
If specifying one of our public images, image\-project must be provided.
.IP "\(bu" 2m
If there are several of the same image\-family value in multiple projects,
image\-project must be specified to clarify the image to be used.
.IP "\(bu" 2m
If not specified and either image or image\-family is provided, the current
default project is used.
.RE
.sp
.TP 2m
\fBsize\fR
The size of the disk. The value must be a whole number followed by a size unit
of \f5\fIKB\fR\fR for kilobyte, \f5\fIMB\fR\fR for megabyte, \f5\fIGB\fR\fR for
gigabyte, or \f5\fITB\fR\fR for terabyte. For example, \f5\fI10GB\fR\fR will
produce a 10 gigabyte disk. Disk size must be a multiple of 1 GB. If not
specified, the default image size will be used for the new disk.
.TP 2m
\fBtype\fR
The type of the disk. To get a list of available disk types, run $ gcloud
compute disk\-types list. The default disk type is \f5\fIpd\-standard\fR\fR.
.TP 2m
\fBdevice\-name\fR
An optional name to display the disk name in the guest operating system. If
omitted, a device name of the form \f5persistent\-disk\-N\fR is used.
.TP 2m
\fBprovisioned\-iops\fR
Indicates how many IOPS to provision for the disk. This sets the number of I/O
operations per second that the disk can handle. Value must be between 10,000 and
120,000.
.TP 2m
\fBprovisioned\-throughput\fR
Indicates how much throughput to provision for the disk. This sets the number of
throughput mb per second that the disk can handle.
.TP 2m
\fBdisk\-resource\-policy\fR
Resource policy to apply to the disk. Specify a full or partial URL. For
example:
.RS 2m
.IP "\(bu" 2m
\f5\fIhttps://www.googleapis.com/compute/v1/projects/my\-project/regions/us\-central1/resourcePolicies/my\-resource\-policy\fR\fR
.IP "\(bu" 2m
\f5\fIprojects/my\-project/regions/us\-central1/resourcePolicies/my\-resource\-policy\fR\fR
.RE
.sp
For more information, see the following docs:
.RS 2m
.IP "\(bu" 2m
https://cloud.google.com/sdk/gcloud/reference/beta/compute/resource\-policies/
.IP "\(bu" 2m
https://cloud.google.com/compute/docs/disks/scheduled\-snapshots
.RE
.sp
.TP 2m
\fBauto\-delete\fR
If \f5\fIyes\fR\fR, this persistent disk will be automatically deleted when the
instance is deleted. However, if the disk is later detached from the instance,
this option won't apply. The default value for this is \f5\fIyes\fR\fR.
.TP 2m
\fBarchitecture\fR
Specifies the architecture or processor type that this disk can support. For
available processor types on Compute Engine, see
https://cloud.google.com/compute/docs/cpu\-platforms.
.TP 2m
\fBstorage\-pool\fR
The name of the storage pool in which the new disk is created. The new disk and
the storage pool must be in the same location.
.TP 2m
\fBinterface\fR
The interface to use with the disk. The value must be one of the following:
.RS 2m
.IP "\(bu" 2m
SCSI
.IP "\(bu" 2m
NVME
.RE
.sp
.TP 2m
\fBboot\fR
If \f5\fIyes\fR\fR, indicates that this is a boot disk. The instance will use
the first partition of the disk for its root file system. The default value for
this is \f5\fIno\fR\fR.
.TP 2m
\fBkms\-key\fR
Fully qualified Cloud KMS cryptokey name that will protect the disk.
This can either be the fully qualified path or the name.
The fully qualified Cloud KMS cryptokey name format is:
\f5\fIprojects/<kms\-project>/locations/<kms\-location>/keyRings/<kms\-keyring>/
cryptoKeys/<key\-name>\fR\fR.
If the value is not fully qualified then kms\-location, kms\-keyring, and
optionally kms\-project are required.
See https://cloud.google.com/compute/docs/disks/customer\-managed\-encryption
for more details.
.TP 2m
\fBkms\-project\fR
Project that contains the Cloud KMS cryptokey that will protect the disk.
If the project is not specified then the project where the disk is being created
will be used.
If this flag is set then key\-location, kms\-keyring, and kms\-key are required.
See https://cloud.google.com/compute/docs/disks/customer\-managed\-encryption
for more details.
.TP 2m
\fBkms\-location\fR
Location of the Cloud KMS cryptokey to be used for protecting the disk.
All Cloud KMS cryptokeys are reside in a 'location'. To get a list of possible
locations run 'gcloud kms locations list'. If this flag is set then kms\-keyring
and kms\-key are required. See
https://cloud.google.com/compute/docs/disks/customer\-managed\-encryption for
more details.
.TP 2m
\fBkms\-keyring\fR
The keyring which contains the Cloud KMS cryptokey that will protect the disk.
If this flag is set then kms\-location and kms\-key are required.
See https://cloud.google.com/compute/docs/disks/customer\-managed\-encryption
for more details.
.TP 2m
\fBmulti\-writer\fR
If \f5\fIyes\fR\fR, the disk is created in multi\-writer mode so that it can be
attached with read\-write access to two VMs. The default value is
\f5\fIno\fR\fR. The multi\-writer feature requires specialized filesystems,
among other restrictions. For more information, see
https://cloud.google.com/compute/docs/disks/sharing\-disks\-between\-vms.
.TP 2m
\fBreplica\-zones\fR
Required for each regional disk associated with the instance. Specify the URLs
of the zones where the disk should be replicated to. You must provide exactly
two replica zones, and one zone must be the same as the instance zone.
.TP 2m
\fBlabels\fR
List of label KEY=VALUE pairs separated by \f5:\fR character to add to the disk.
Example: \f5Key1=Value1:Key2=Value2:Key3=Value3\fR.
Keys must start with a lowercase character and contain only hyphens (\f5\-\fR),
underscores (\f5_\fR), lowercase characters, and numbers. Values must contain
only hyphens (\f5\-\fR), underscores (\f5_\fR), lowercase characters, and
numbers.
.RE
.sp
.TP 2m
\fB\-\-description\fR=\fIDESCRIPTION\fR
Specifies a textual description for the instance template.
.TP 2m
\fB\-\-discard\-local\-ssds\-at\-termination\-timestamp\fR=\fIDISCARD_LOCAL_SSDS_AT_TERMINATION_TIMESTAMP\fR
Required to be set to \f5true\fR and only allowed for VMs that have one or more
local SSDs, use \-\-instance\-termination\-action=STOP, and use either
\-\-max\-run\-duration or \-\-termination\-time.
This flag indicates the value that you want Compute Engine to use for the
\f5\-\-discard\-local\-ssd\fR flag in the automatic \f5gcloud compute instances
stop\fR command. This flag only supports the \f5true\fR value, which discards
local SSD data when automatically stopping this VM during its
\f5terminationTimestamp\fR.
For more information about the \f5\-\-discard\-local\-ssd\fR flag, see
https://cloud.google.com/compute/docs/disks/local\-ssd#stop_instance.
.TP 2m
\fB\-\-disk\fR=[\fIauto\-delete\fR=\fIAUTO\-DELETE\fR],[\fIboot\fR=\fIBOOT\fR],[\fIdevice\-name\fR=\fIDEVICE\-NAME\fR],[\fIinterface\fR=\fIINTERFACE\fR],[\fImode\fR=\fIMODE\fR],[\fIname\fR=\fINAME\fR]
Attaches an existing disk to the instances.
.RS 2m
.TP 2m
\fBname\fR
The disk to attach to the instances. If you create more than one instance, you
can only attach a disk in read\-only mode. By default, you attach a zonal disk
located in the same zone of the instance. If you want to attach a regional disk,
you must specify the disk using its URI; for example,
\f5\fIprojects/myproject/regions/us\-central1/disks/my\-regional\-disk\fR\fR.
.TP 2m
\fBmode\fR
The mode of the disk. Supported options are \f5\fIro\fR\fR for read\-only mode
and \f5\fIrw\fR\fR for read\-write mode. If omitted, \f5\fIrw\fR\fR is used as a
default value. If you use \f5\fIrw\fR\fR when creating more than one instance,
you encounter errors.
.TP 2m
\fBboot\fR
If set to \f5\fIyes\fR\fR, you attach a boot disk. The virtual machine then uses
the first partition of the disk for the root file systems. The default value for
this is \f5\fIno\fR\fR.
.TP 2m
\fBdevice\-name\fR
An optional name to display the disk name in the guest operating system. If
omitted, a device name of the form \f5persistent\-disk\-N\fR is used.
.TP 2m
\fBauto\-delete\fR
If set to \f5\fIyes\fR\fR, the persistent disk is automatically deleted when the
instance is deleted. However, if you detach the disk from the instance, deleting
the instance doesn't delete the disk. The default value is \f5\fIyes\fR\fR.
.TP 2m
\fBinterface\fR
The interface to use for the disk. The value must be one of the following:
.RS 2m
.IP "\(bu" 2m
SCSI
.IP "\(bu" 2m
NVME
.RE
.sp
.RE
.sp
.TP 2m
\fB\-\-enable\-display\-device\fR
Enable a display device on VM instances. Disabled by default.
.TP 2m
\fB\-\-[no\-]enable\-nested\-virtualization\fR
If set to true, enables nested virtualization for the instance. Use
\fB\-\-enable\-nested\-virtualization\fR to enable and
\fB\-\-no\-enable\-nested\-virtualization\fR to disable.
.TP 2m
\fB\-\-[no\-]enable\-uefi\-networking\fR
If set to true, enables UEFI networking for the instance creation. Use
\fB\-\-enable\-uefi\-networking\fR to enable and
\fB\-\-no\-enable\-uefi\-networking\fR to disable.
.TP 2m
\fB\-\-enable\-watchdog\-timer\fR
Enable a watchdog timer device on VM instances. Disabled by default.
.TP 2m
\fB\-\-external\-ipv6\-address\fR=\fIEXTERNAL_IPV6_ADDRESS\fR
Assigns the given external IPv6 address to the instance that is created. The
address must be the first IP address in the range. This option can be used only
when creating a single instance.
.TP 2m
\fB\-\-external\-ipv6\-prefix\-length\fR=\fIEXTERNAL_IPV6_PREFIX_LENGTH\fR
The prefix length of the external IPv6 address range. This field should be used
together with \f5\-\-external\-ipv6\-address\fR. Only the /96 IP address range
is supported, and the default value is 96.
.TP 2m
\fB\-\-graceful\-shutdown\fR
Enables graceful shutdown for the instance.
.TP 2m
\fB\-\-graceful\-shutdown\-max\-duration\fR=\fIGRACEFUL_SHUTDOWN_MAX_DURATION\fR
Specifies the maximum time for the graceful shutdown. After this time, the
instance is set to STOPPING even if tasks are still running. Specify the time as
the number of hours, minutes, or seconds followed by h, m, and s respectively.
For example, specify 30m for 30 minutes or 20m10s for 20 minutes and 10 seconds.
The value must be between 1 second and 1 hour.
.TP 2m
\fB\-\-host\-error\-timeout\-seconds\fR=\fIHOST_ERROR_TIMEOUT_SECONDS\fR
The timeout in seconds for host error detection. The value must be set with 30
second increments, with a range of 90 to 330 seconds. If unset, the default
behavior of the host error recovery is used.
.TP 2m
\fB\-\-instance\-template\-region\fR=\fIINSTANCE_TEMPLATE_REGION\fR
Specifies the region of the regional instance template.
.TP 2m
\fB\-\-instance\-termination\-action\fR=\fIINSTANCE_TERMINATION_ACTION\fR
Specifies the termination action that will be taken upon VM preemption
(\-\-provisioning\-model=SPOT) or automatic instance termination
(\-\-max\-run\-duration or \-\-termination\-time).
\fIINSTANCE_TERMINATION_ACTION\fR must be one of:
.RS 2m
.TP 2m
\fBDELETE\fR
Permanently delete the VM.
.TP 2m
\fBSTOP\fR
Default only for Spot VMs. Stop the VM without preserving memory. The VM can be
restarted later.
.RE
.sp
.TP 2m
\fB\-\-internal\-ipv6\-address\fR=\fIINTERNAL_IPV6_ADDRESS\fR
Assigns the given internal IPv6 address or range to the instance that is
created. The address must be the first IP address in the range or from a /96 IP
address range. This option can be used only when creating a single instance.
.TP 2m
\fB\-\-internal\-ipv6\-prefix\-length\fR=\fIINTERNAL_IPV6_PREFIX_LENGTH\fR
Optional field that indicates the prefix length of the internal IPv6 address
range. It should be used together with \-\-internal\-ipv6\-address. Only /96 IP
address range is supported and the default value is 96. If not set, either the
prefix length from \-\-internal\-ipv6\-address will be used or the default value
of 96 will be assigned.
.TP 2m
\fB\-\-ipv6\-address\fR=\fIIPV6_ADDRESS\fR
Assigns the given external IPv6 address to the instance that is created. The
address must be the first IP address in the range. This option can be used only
when creating a single instance.
.TP 2m
\fB\-\-ipv6\-network\-tier\fR=\fIIPV6_NETWORK_TIER\fR
Specifies the IPv6 network tier that will be used to configure the instance
network interface IPv6 access config. \fIIPV6_NETWORK_TIER\fR must be (only one
value is supported):
.RS 2m
.TP 2m
\fBPREMIUM\fR
High quality, Google\-grade network tier.
.RE
.sp
.TP 2m
\fB\-\-ipv6\-prefix\-length\fR=\fIIPV6_PREFIX_LENGTH\fR
The prefix length of the external IPv6 address range. This field should be used
together with \f5\-\-ipv6\-address\fR. Only the /96 IP address range is
supported, and the default value is 96.
.TP 2m
\fB\-\-key\-revocation\-action\-type\fR=\fIPOLICY\fR
Specifies the behavior of the instance when the KMS key of one of its attached
disks is revoked. The default is none. \fIPOLICY\fR must be one of:
.RS 2m
.TP 2m
\fBnone\fR
No operation is performed.
.TP 2m
\fBstop\fR
The instance is stopped when the KMS key of one of its attached disks is
revoked.
.RE
.sp
.TP 2m
\fB\-\-labels\fR=[\fIKEY\fR=\fIVALUE\fR,...]
List of label KEY=VALUE pairs to add.
Keys must start with a lowercase character and contain only hyphens (\f5\-\fR),
underscores (\f5_\fR), lowercase characters, and numbers. Values must contain
only hyphens (\f5\-\fR), underscores (\f5_\fR), lowercase characters, and
numbers.
.TP 2m
\fB\-\-local\-nvdimm\fR=[\fIsize\fR=\fISIZE\fR]
Attaches a local NVDIMM to the instances.
.RS 2m
.TP 2m
\fBsize\fR
Optional. Size of the NVDIMM disk. The value must be a whole number followed by
a size unit of \f5\fIKB\fR\fR for kilobyte, \f5\fIMB\fR\fR for megabyte,
\f5\fIGB\fR\fR for gigabyte, or \f5\fITB\fR\fR for terabyte. For example,
\f5\fI3TB\fR\fR will produce a 3 terabyte disk. Allowed values are: 3TB and 6TB
and the default is 3 TB.
.RE
.sp
.TP 2m
\fB\-\-local\-ssd\fR=[\fIdevice\-name\fR=\fIDEVICE\-NAME\fR],[\fIinterface\fR=\fIINTERFACE\fR],[\fIsize\fR=\fISIZE\fR]
Attaches a local SSD to the instances.
.RS 2m
.TP 2m
\fBdevice\-name\fR
Optional. A name that indicates the disk name the guest operating system will
see. Can only be specified if \f5interface\fR is \f5SCSI\fR. If omitted, a
device name of the form \f5\fIlocal\-ssd\-N\fR\fR will be used.
.TP 2m
\fBinterface\fR
Optional. The kind of disk interface exposed to the VM for this SSD. Valid
values are \f5\fISCSI\fR\fR and \f5\fINVME\fR\fR. SCSI is the default and is
supported by more guest operating systems. NVME might provide higher
performance.
.TP 2m
\fBsize\fR
Optional. The only valid value is \f5\fI375GB\fR\fR. Specify the
\f5\fI\-\-local\-ssd\fR\fR flag multiple times if you need multiple
\f5\fI375GB\fR\fR local SSD partitions. You can specify a maximum of 24 local
SSDs for a maximum of \f5\fI9TB\fR\fR attached to an instance.
.RE
.sp
.TP 2m
\fB\-\-local\-ssd\-recovery\-timeout\fR=\fILOCAL_SSD_RECOVERY_TIMEOUT\fR
Specifies the maximum amount of time a Local Ssd Vm should wait while recovery
of the Local Ssd state is attempted. Its value should be in between 0 and 168
hours with hour granularity and the default value being 1 hour.
.TP 2m
\fB\-\-machine\-type\fR=\fIMACHINE_TYPE\fR
Specifies the machine type used for the instances. To get a list of available
machine types, run 'gcloud compute machine\-types list'. If unspecified, the
default type is n1\-standard\-1.
.TP 2m
\fB\-\-maintenance\-interval\fR=\fIMAINTENANCE_INTERVAL\fR
Specifies the frequency of planned maintenance events.
\fIMAINTENANCE_INTERVAL\fR must be (only one value is supported):
.RS 2m
.TP 2m
\fBPERIODIC\fR
PERIODIC means the VM is a Stable Fleet VM.
.RE
.sp
.TP 2m
\fB\-\-max\-run\-duration\fR=\fIMAX_RUN_DURATION\fR
Limits how long this VM instance can run, specified as a duration relative to
the last time when the VM began running. Format the duration, MAX_RUN_DURATION,
as the number of days, hours, minutes, and seconds followed by d, h, m, and s
respectively. For example, specify \f530m\fR for a duration of 30 minutes or
specify \f51d2h3m4s\fR for a duration of 1 day, 2 hours, 3 minutes, and 4
seconds. Alternatively, to specify a timestamp, use \-\-termination\-time
instead.
If neither \-\-max\-run\-duration nor \-\-termination\-time is specified
(default), the VM instance runs until prompted by a user action or system event.
If either is specified, the VM instance is scheduled to be automatically
terminated at the VM's termination timestamp (\f5terminationTimestamp\fR) using
the action specified by \-\-instance\-termination\-action.
Note: The \f5terminationTimestamp\fR is removed whenever the VM is stopped or
suspended and redefined whenever the VM is rerun. For \-\-max\-run\-duration
specifically, the \f5terminationTimestamp\fR is the sum of MAX_RUN_DURATION and
the time when the VM last entered the \f5RUNNING\fR state, which changes
whenever the VM is rerun.
.TP 2m
\fB\-\-mesh\fR=[\fIgke\-cluster\fR=\fIGKE\-CLUSTER\fR],[\fIworkload\fR=\fIWORKLOAD\fR]
Controls whether the Anthos Service Mesh service proxy (Envoy) and agent are
installed and configured on the VM. "cloud\-platform" scope is enabled
automatically to allow the service proxy to be started. Do not use the
\f5\-\-no\-scopes\fR flag.
.RS 2m
.TP 2m
\fBgke\-cluster\fR
The location/name of the GKE cluster. The location can be a zone or a region,
e.g. \f5\fIus\-central1\-a/my\-cluster\fR\fR.
.TP 2m
\fBworkload\fR
The workload identifier of the VM. In a GKE cluster, it is the identifier
namespace/name of the \f5WorkloadGroup\fR custom resource representing the VM
workload, e.g. \f5\fIfoo/my\-workload\fR\fR.
.RE
.sp
.TP 2m
\fB\-\-metadata\fR=\fIKEY\fR=\fIVALUE\fR,[\fIKEY\fR=\fIVALUE\fR,...]
Metadata to be made available to the guest operating system running on the
instances. Each metadata entry is a key/value pair separated by an equals sign.
Each metadata key must be unique and have a max of 128 bytes in length. Each
value must have a max of 256 KB in length. Multiple arguments can be passed to
this flag, e.g., \f5\fI\-\-metadata
key\-1=value\-1,key\-2=value\-2,key\-3=value\-3\fR\fR. The combined total size
for all metadata entries is 512 KB.
In images that have Compute Engine tools installed on them, such as the official
images (https://cloud.google.com/compute/docs/images), the following metadata
keys have special meanings:
.RS 2m
.TP 2m
\fBstartup\-script\fR
Specifies a script that will be executed by the instances once they start
running. For convenience, \f5\fI\-\-metadata\-from\-file\fR\fR can be used to
pull the value from a file.
.TP 2m
\fBstartup\-script\-url\fR
Same as \f5\fIstartup\-script\fR\fR except that the script contents are pulled
from a publicly\-accessible location on the web.
For startup scripts on Windows instances, the following metadata keys have
special meanings: \f5\fIwindows\-startup\-script\-url\fR\fR,
\f5\fIwindows\-startup\-script\-cmd\fR\fR,
\f5\fIwindows\-startup\-script\-bat\fR\fR,
\f5\fIwindows\-startup\-script\-ps1\fR\fR,
\f5\fIsysprep\-specialize\-script\-url\fR\fR,
\f5\fIsysprep\-specialize\-script\-cmd\fR\fR,
\f5\fIsysprep\-specialize\-script\-bat\fR\fR, and
\f5\fIsysprep\-specialize\-script\-ps1\fR\fR. For more information, see Running
startup scripts (https://cloud.google.com/compute/docs/startupscript).
.RE
.sp
.TP 2m
\fB\-\-metadata\-from\-file\fR=\fIKEY\fR=\fILOCAL_FILE_PATH\fR,[...]
Same as \f5\fI\-\-metadata\fR\fR except that the value for the entry will be
read from a local file. This is useful for values that are too large such as
\f5\fIstartup\-script\fR\fR contents.
.TP 2m
\fB\-\-min\-cpu\-platform\fR=\fIPLATFORM\fR
When specified, the VM will be scheduled on host with specified CPU architecture
or a newer one. To list available CPU platforms in given zone, run:
.RS 2m
$ gcloud alpha compute zones describe ZONE \e
\-\-format="value(availableCpuPlatforms)"
.RE
Default setting is "AUTOMATIC".
CPU platform selection is available only in selected zones.
You can find more information on\-line:
https://cloud.google.com/compute/docs/instances/specify\-min\-cpu\-platform
.TP 2m
\fB\-\-min\-node\-cpu\fR=\fIMIN_NODE_CPU\fR
Minimum number of virtual CPUs this instance will consume when running on a
sole\-tenant node.
.TP 2m
\fB\-\-network\fR=\fINETWORK\fR
Specifies the network that the VM instances are a part of. If \f5\-\-subnet\fR
is also specified, subnet must be a subnetwork of the network specified by this
\f5\-\-network\fR flag. If neither is specified, the default network is used.
.TP 2m
\fB\-\-network\-interface\fR=[\fIPROPERTY\fR=\fIVALUE\fR,...]
Adds a network interface to the instance. Mutually exclusive with any of these
flags: \fB\-\-address\fR, \fB\-\-network\fR, \fB\-\-network\-tier\fR,
\fB\-\-subnet\fR, \fB\-\-private\-network\-ip\fR, \fB\-\-stack\-type\fR,
\fB\-\-ipv6\-network\-tier\fR, \fB\-\-internal\-ipv6\-address\fR,
\fB\-\-internal\-ipv6\-prefix\-length\fR, \fB\-\-ipv6\-address\fR,
\fB\-\-ipv6\-prefix\-length\fR, \fB\-\-external\-ipv6\-address\fR,
\fB\-\-external\-ipv6\-prefix\-length\fR, \fB\-\-ipv6\-public\-ptr\-domain\fR.
This flag can be repeated to specify multiple network interfaces.
The following keys are allowed:
.RS 2m
.TP 2m
\fBaddress\fR
Assigns the given external address to the instance that is created. Specifying
an empty string will assign an ephemeral IP. Mutually exclusive with
no\-address. If neither key is present the instance will get an ephemeral IP.
.TP 2m
\fBnetwork\fR
Specifies the network that the interface will be part of. If subnet is also
specified it must be subnetwork of this network. If neither is specified, this
defaults to the "default" network.
.TP 2m
\fBno\-address\fR
If specified the interface will have no external IP. Mutually exclusive with
address. If neither key is present the instance will get an ephemeral IP.
.TP 2m
\fBnetwork\-tier\fR
Specifies the network tier of the interface. \f5\fINETWORK_TIER\fR\fR must be
one of: \f5PREMIUM\fR, \f5STANDARD\fR. The default value is \f5PREMIUM\fR.
.TP 2m
\fBprivate\-network\-ip\fR
Assigns the given RFC1918 IP address to the interface.
.TP 2m
\fBsubnet\fR
Specifies the subnet that the interface will be part of. If network key is also
specified this must be a subnetwork of the specified network.
.TP 2m
\fBnic\-type\fR
Specifies the Network Interface Controller (NIC) type for the interface.
\f5\fINIC_TYPE\fR\fR must be one of: \f5GVNIC\fR, \f5VIRTIO_NET\fR.
.TP 2m
\fBqueue\-count\fR
Specifies the networking queue count for this interface. Both Rx and Tx queues
will be set to this number. If it's not specified, a default queue count will be
assigned. See https://cloud.google.com/compute/docs/network\-bandwidth#rx\-tx
for more details.
.TP 2m
\fBstack\-type\fR
Specifies whether IPv6 is enabled on the interface. \f5\fISTACK_TYPE\fR\fR must
be one of: \f5IPV4_ONLY\fR, \f5IPV4_IPV6\fR, \f5IPV6_ONLY\fR. The default value
is \f5IPV4_ONLY\fR.
.TP 2m
\fBipv6\-network\-tier\fR
Specifies the IPv6 network tier that will be used to configure the instance
network interface IPv6 access config. \f5\fIIPV6_NETWORK_TIER\fR\fR must be
\f5PREMIUM\fR (currently only one value is supported).
.TP 2m
\fBinternal\-ipv6\-address\fR
Assigns the given internal IPv6 address or range to the instance that is
created. The address must be the first IP address in the range or from a /96 IP
address range. This option can be used only when creating a single instance.
.TP 2m
\fBinternal\-ipv6\-prefix\-length\fR
Optional field that indicates the prefix length of the internal IPv6 address
range. It should be used together with internal\-ipv6\-address. Only /96 IP
address range is supported and the default value is 96. If not set, either the
prefix length from \-\-internal\-ipv6\-address will be used or the default value
of 96 will be assigned.
.TP 2m
\fBexternal\-ipv6\-address\fR
Assigns the given external IPv6 address to the instance that is created. The
address must be the first IP address in the range. This option can be used only
when creating a single instance.
.TP 2m
\fBexternal\-ipv6\-prefix\-length\fR
The prefix length of the external IPv6 address range. This field should be used
together with external\-ipv6\-address. Only the /96 IP address range is
supported, and the default value is 96.
.TP 2m
\fBipv6\-public\-ptr\-domain\fR
Assigns a custom PTR domain for the external IPv6 in the IPv6 access
configuration of instance. If its value is not specified, the default PTR record
will be used. This option can only be specified for the default network
interface, \f5nic0\fR.
.TP 2m
\fBaliases\fR
Specifies the IP alias ranges to allocate for this interface. If there are
multiple IP alias ranges, they are separated by semicolons.
For example:
.RS 2m
\-\-aliases="10.128.1.0/24;range1:/32"
.RE
Each IP alias range consists of a range name and a CIDR netmask (e.g. \f5/24\fR)
separated by a colon or just the netmask. The range name is the name of the
range within the network interface's subnet from which to allocate an IP alias
range. If unspecified, it defaults to the primary IP range of the subnet. The IP
allocator will pick an available range with the specified netmask and allocate
it to this network interface.
.TP 2m
\fBnetwork\-attachment\fR
Specifies the network attachment that this interface should connect to. Mutually
exclusive with \fB\-\-network\fR and \fB\-\-subnet\fR flags.
.TP 2m
\fBenable\-vpc\-scoped\-dns\fR
If specified with network_attachment, DNS resolution will be enabled over this
interface.
.TP 2m
\fBvlan\fR
VLAN ID of a Dynamic Network Interface, must be an integer in the range from 2
to 255 inclusively.
.TP 2m
\fBigmp\-query\fR
Determines if the Compute Engine Instance can receive and respond to IGMP query
packets on the specified network interface. \f5\fIIGMP_QUERY\fR\fR must be one
of: \f5IGMP_QUERY_V2\fR, \f5IGMP_QUERY_DISABLED\fR. It is disabled by default.
.RE
.sp
.TP 2m
\fB\-\-network\-performance\-configs\fR=[\fIPROPERTY\fR=\fIVALUE\fR,...]
Configures network performance settings for the instance. If this flag is not
specified, the instance will be created with its default network performance
configuration.
.RS 2m
.TP 2m
\fBtotal\-egress\-bandwidth\-tier\fR
Total egress bandwidth is the available outbound bandwidth from a VM, regardless
of whether the traffic is going to internal IP or external IP destinations. The
following tier values are allowed: [DEFAULT,TIER_1]
.RE
.sp
.TP 2m
\fB\-\-network\-tier\fR=\fINETWORK_TIER\fR
Specifies the network tier that will be used to configure the instance.
\f5\fINETWORK_TIER\fR\fR must be one of: \f5PREMIUM\fR, \f5STANDARD\fR. The
default value is \f5PREMIUM\fR.
.TP 2m
\fB\-\-numa\-node\-count\fR=\fINUMA_NODE_COUNT\fR
The number of virtual NUMA nodes for the instance. Valid values are: 0, 1, 2, 4
or 8. Setting NUMA node count to 0 means using the default setting.
.TP 2m
\fB\-\-partner\-metadata\fR=[\fINAMESPACE\fR/\fIKEY\fR=\fIVALUE\fR,...]
Partner metadata specifying namespace and its entries. The entries can be
key\-value pairs or in json format.
.TP 2m
\fB\-\-partner\-metadata\-from\-file\fR=\fILOCAL_FILE_PATH\fR
Path to a local json file containing partner metadata. Use a full or relative
path to a local file containing the value of partner_metadata.
.TP 2m
\fB\-\-performance\-monitoring\-unit\fR=\fIPERFORMANCE_MONITORING_UNIT\fR
The type of performance monitoring counters (PMCs) to enable in the instance.
\fIPERFORMANCE_MONITORING_UNIT\fR must be one of:
.RS 2m
.TP 2m
\fBarchitectural\fR
This enables architecturally defined non\-last level cache (LLC) events.
.TP 2m
\fBenhanced\fR
This enables most documented core/L2 and LLC events.
.TP 2m
\fBstandard\fR
This enables most documented core/L2 events.
.RE
.sp
.TP 2m
\fB\-\-post\-key\-revocation\-action\-type\fR=\fIPOLICY\fR
Specifies the behavior of the instance when the KMS key of one of its attached
disks is revoked. The default is noop. \fIPOLICY\fR must be one of:
.RS 2m
.TP 2m
\fBnoop\fR
No operation is performed.
.TP 2m
\fBshutdown\fR
The instance is shut down when the KMS key of one of its attached disks is
revoked.
.RE
.sp
.TP 2m
\fB\-\-preemptible\fR
If provided, instances will be preemptible and time\-limited. Instances might be
preempted to free up resources for standard VM instances, and will only be able
to run for a limited amount of time. Preemptible instances can not be restarted
and will not migrate.
.TP 2m
\fB\-\-preemption\-notice\-duration\fR=\fIPREEMPTION_NOTICE_DURATION\fR
Specifies the metadata preemption notice duration before the ACPI G2 soft off
signal is triggered for Spot VMs. e.g. 120s.
.TP 2m
\fB\-\-private\-ipv6\-google\-access\-type\fR=\fIPRIVATE_IPV6_GOOGLE_ACCESS_TYPE\fR
The private IPv6 Google access type for the VM.
\fIPRIVATE_IPV6_GOOGLE_ACCESS_TYPE\fR must be one of:
\fBenable\-bidirectional\-access\fR, \fBenable\-outbound\-vm\-access\fR,
\fBinherit\-subnetwork\fR.
.TP 2m
\fB\-\-private\-network\-ip\fR=\fIPRIVATE_NETWORK_IP\fR
Specifies the RFC1918 IP to assign to the instance. The IP should be in the
subnet or legacy network IP range.
.TP 2m
\fB\-\-provisioning\-model\fR=\fIPROVISIONING_MODEL\fR
Specifies the provisioning model for your VM instances. This choice affects the
price, availability, and how long your VM instances can run.
\fIPROVISIONING_MODEL\fR must be one of:
.RS 2m
.TP 2m
\fBFLEX_START\fR
The VM instance is provisioned using the Flex Start provisioning model and has a
limited runtime.
.TP 2m
\fBRESERVATION_BOUND\fR
The VM instances run for the entire duration of their associated reservation.
You can only specify this provisioning model if you want your VM instances to
consume a specific reservation with either a calendar reservation mode or a
dense deployment type.
.TP 2m
\fBSPOT\fR
Compute Engine may stop a Spot VM instance whenever it needs capacity. Because
Spot VM instances don't have a guaranteed runtime, they come at a discounted
price.
.TP 2m
\fBSTANDARD\fR
The default option. The STANDARD provisioning model gives you full control over
your VM instances' runtime.
.RE
.sp
.TP 2m
\fB\-\-region\fR=\fIREGION\fR
Region of the subnetwork to attach. If not specified, you might be prompted to
select a region (interactive mode only).
To avoid prompting when this flag is omitted, you can set the
\f5\fIcompute/region\fR\fR property:
.RS 2m
$ gcloud config set compute/region REGION
.RE
A list of regions can be fetched by running:
.RS 2m
$ gcloud compute regions list
.RE
To unset the property, run:
.RS 2m
$ gcloud config unset compute/region
.RE
Alternatively, the region can be stored in the environment variable
\f5\fICLOUDSDK_COMPUTE_REGION\fR\fR.
.TP 2m
\fB\-\-resource\-manager\-tags\fR=[\fIKEY\fR=\fIVALUE\fR,...]
Specifies a list of resource manager tags to apply to the instance.
.TP 2m
\fB\-\-resource\-policies\fR=[\fIRESOURCE_POLICY\fR,...]
A list of resource policy names (not URLs) to be added to each instance created
using this instance template. If you attach any resource policies to an instance
template, you can only use that instance template to create instances that are
in the same region as the resource policies. Do not include resource policies
that are located in different regions in the same instance template.
.TP 2m
\fB\-\-restart\-on\-failure\fR
The instances will be restarted if they are terminated by Compute Engine. This
does not affect terminations performed by the user. Enabled by default, use
\fB\-\-no\-restart\-on\-failure\fR to disable.
.TP 2m
\fB\-\-shielded\-integrity\-monitoring\fR
Enables monitoring and attestation of the boot integrity of the instance. The
attestation is performed against the integrity policy baseline. This baseline is
initially derived from the implicitly trusted boot image when the instance is
created. This baseline can be updated by using \f5gcloud compute instances
update \-\-shielded\-learn\-integrity\-policy\fR. On Shielded VM instances,
integrity monitoring is enabled by default. For information about how to modify
Shielded VM options, see
https://cloud.google.com/compute/docs/instances/modifying\-shielded\-vm. For
information about monitoring integrity on Shielded VM instances, see
https://cloud.google.com/compute/docs/instances/integrity\-monitoring."
.TP 2m
\fB\-\-shielded\-secure\-boot\fR
The instance boots with secure boot enabled. On Shielded VM instances, Secure
Boot is not enabled by default. For information about how to modify Shielded VM
options, see
https://cloud.google.com/compute/docs/instances/modifying\-shielded\-vm.
.TP 2m
\fB\-\-shielded\-vtpm\fR
The instance boots with the TPM (Trusted Platform Module) enabled. A TPM is a
hardware module that can be used for different security operations such as
remote attestation, encryption, and sealing of keys. On Shielded VM instances,
vTPM is enabled by default. For information about how to modify Shielded VM
options, see
https://cloud.google.com/compute/docs/instances/modifying\-shielded\-vm.
.TP 2m
\fB\-\-[no\-]skip\-guest\-os\-shutdown\fR
If enabled, then, when the instance is stopped or deleted, the instance is
immediately stopped without giving time to the guest OS to cleanly shut down.
Use \fB\-\-skip\-guest\-os\-shutdown\fR to enable and
\fB\-\-no\-skip\-guest\-os\-shutdown\fR to disable.
.TP 2m
\fB\-\-source\-instance\fR=\fISOURCE_INSTANCE\fR
The name of the source instance that the instance template will be created from.
.TP 2m
\fB\-\-source\-instance\-zone\fR=\fISOURCE_INSTANCE_ZONE\fR
Zone of the instance to operate on. Overrides the default \fBcompute/zone\fR
property value for this command invocation.
.TP 2m
\fB\-\-stack\-type\fR=\fISTACK_TYPE\fR
Specifies whether IPv6 is enabled on the default network interface. If not
specified, IPV4_ONLY will be used. \fISTACK_TYPE\fR must be one of:
.RS 2m
.TP 2m
\fBIPV4_IPV6\fR
The network interface can have both IPv4 and IPv6 addresses
.TP 2m
\fBIPV4_ONLY\fR
The network interface will be assigned IPv4 addresses
.TP 2m
\fBIPV6_ONLY\fR
The network interface will be assigned IPv6 addresses
.RE
.sp
.TP 2m
\fB\-\-subnet\fR=\fISUBNET\fR
Specifies the subnet that the VM instances are a part of. If \f5\-\-network\fR
is also specified, subnet must be a subnetwork of the network specified by the
\f5\-\-network\fR flag.
.TP 2m
\fB\-\-subnet\-region\fR=\fISUBNET_REGION\fR
Specifies the region of the subnetwork.
.TP 2m
\fB\-\-tags\fR=\fITAG\fR,[\fITAG\fR,...]
Specifies a list of tags to apply to the instance. These tags allow network
firewall rules and routes to be applied to specified VM instances. See \fBgcloud
compute firewall\-rules create\fR(1) for more details.
To read more about configuring network tags, read this guide:
https://cloud.google.com/vpc/docs/add\-remove\-network\-tags
To list instances with their respective status and tags, run:
.RS 2m
$ gcloud compute instances list \e
\-\-format='table(name,status,tags.list())'
.RE
To list instances tagged with a specific tag, \f5tag1\fR, run:
.RS 2m
$ gcloud compute instances list \-\-filter='tags:tag1'
.RE
.TP 2m
\fB\-\-termination\-time\fR=\fITERMINATION_TIME\fR
Limits how long this VM instance can run, specified as a time. Format the time,
TERMINATION_TIME, as a RFC 3339 timestamp. For more information, see
https://tools.ietf.org/html/rfc3339. Alternatively, to specify a duration, use
\-\-max\-run\-duration instead.
If neither \-\-termination\-time nor \-\-max\-run\-duration is specified
(default), the VM instance runs until prompted by a user action or system event.
If either is specified, the VM instance is scheduled to be automatically
terminated at the VM's termination timestamp (\f5terminationTimestamp\fR) using
the action specified by \-\-instance\-termination\-action.
Note: The \f5terminationTimestamp\fR is removed whenever the VM is stopped or
suspended and redefined whenever the VM is rerun. For \-\-termination\-time
specifically, the \f5terminationTimestamp\fR remains the same whenever the VM is
rerun, but any requests to rerun the VM fail if the specified timestamp is in
the past.
.TP 2m
\fB\-\-threads\-per\-core\fR=\fITHREADS_PER_CORE\fR
The number of visible threads per physical core. To disable simultaneous
multithreading (SMT) set this to 1. Valid values are: 1 or 2.
For more information about configuring SMT, see:
https://cloud.google.com/compute/docs/instances/configuring\-simultaneous\-multithreading.
.TP 2m
\fB\-\-turbo\-mode\fR=\fITURBO_MODE\fR
Turbo mode to use for the instance. Supported modes include:
.RS 2m
.IP "\(em" 2m
ALL_CORE_MAX
.RE
.sp
To achieve all\-core\-turbo frequency for more consistent CPU performance, set
the field to ALL_CORE_MAX. The field is unset by default, which results in
maximum performance single\-core boosting.
.TP 2m
\fB\-\-visible\-core\-count\fR=\fIVISIBLE_CORE_COUNT\fR
The number of physical cores to expose to the instance's guest operating system.
The number of virtual CPUs visible to the instance's guest operating system is
this number of cores multiplied by the instance's count of visible threads per
physical core.
.TP 2m
At most one of these can be specified:
.RS 2m
.TP 2m
\fB\-\-address\fR=\fIADDRESS\fR
Assigns the given external IP address to the instance that is created. This
option can only be used when creating a single instance.
.TP 2m
\fB\-\-no\-address\fR
If provided, the instances are not assigned external IP addresses. To pull
container images, you must configure private Google access if using Container
Registry or configure Cloud NAT for instances to access container images
directly. For more information, see:
.RS 2m
.IP "\(bu" 2m
https://cloud.google.com/vpc/docs/configure\-private\-google\-access
.IP "\(bu" 2m
https://cloud.google.com/nat/docs/using\-nat
.RE
.sp
.RE
.sp
.TP 2m
Key resource \- The Cloud KMS (Key Management Service) cryptokey that will be
used to protect the disk. The 'Compute Engine Service Agent' service account
must hold permission 'Cloud KMS CryptoKey Encrypter/Decrypter'. The arguments in
this group can be used to specify the attributes of this resource.
.RS 2m
.TP 2m
\fB\-\-boot\-disk\-kms\-key\fR=\fIBOOT_DISK_KMS_KEY\fR
ID of the key or fully qualified identifier for the key.
To set the \f5kms\-key\fR attribute:
.RS 2m
.IP "\(bu" 2m
provide the argument \f5\-\-boot\-disk\-kms\-key\fR on the command line.
.RE
.sp
This flag argument must be specified if any of the other arguments in this group
are specified.
.TP 2m
\fB\-\-boot\-disk\-kms\-keyring\fR=\fIBOOT_DISK_KMS_KEYRING\fR
The KMS keyring of the key.
To set the \f5kms\-keyring\fR attribute:
.RS 2m
.IP "\(bu" 2m
provide the argument \f5\-\-boot\-disk\-kms\-key\fR on the command line with a
fully specified name;
.IP "\(bu" 2m
provide the argument \f5\-\-boot\-disk\-kms\-keyring\fR on the command line.
.RE
.sp
.TP 2m
\fB\-\-boot\-disk\-kms\-location\fR=\fIBOOT_DISK_KMS_LOCATION\fR
The Google Cloud location for the key.
To set the \f5kms\-location\fR attribute:
.RS 2m
.IP "\(bu" 2m
provide the argument \f5\-\-boot\-disk\-kms\-key\fR on the command line with a
fully specified name;
.IP "\(bu" 2m
provide the argument \f5\-\-boot\-disk\-kms\-location\fR on the command line.
.RE
.sp
.TP 2m
\fB\-\-boot\-disk\-kms\-project\fR=\fIBOOT_DISK_KMS_PROJECT\fR
The Google Cloud project for the key.
To set the \f5kms\-project\fR attribute:
.RS 2m
.IP "\(bu" 2m
provide the argument \f5\-\-boot\-disk\-kms\-key\fR on the command line with a
fully specified name;
.IP "\(bu" 2m
provide the argument \f5\-\-boot\-disk\-kms\-project\fR on the command line;
.IP "\(bu" 2m
set the property \f5core/project\fR.
.RE
.sp
.RE
.sp
.TP 2m
At most one of these can be specified:
.RS 2m
.TP 2m
\fB\-\-confidential\-compute\fR
(DEPRECATED) The instance boots with Confidential Computing enabled.
Confidential Computing is based on Secure Encrypted Virtualization (SEV), an AMD
virtualization feature for running confidential instances.
The \-\-confidential\-compute flag will soon be deprecated. Please use
\f5\-\-confidential\-compute\-type=SEV\fR instead
.TP 2m
\fB\-\-confidential\-compute\-type\fR=\fICONFIDENTIAL_COMPUTE_TYPE\fR
The instance boots with Confidential Computing enabled. Confidential Computing
can be based on Secure Encrypted Virtualization (SEV) or Secure Encrypted
Virtualization \- Secure Nested Paging (SEV\-SNP), both of which are AMD
virtualization features for running confidential instances. Trust Domain
eXtension based on Intel virtualization features for running confidential
instances is also supported. \fICONFIDENTIAL_COMPUTE_TYPE\fR must be one of:
.RS 2m
.TP 2m
\fBSEV\fR
Secure Encrypted Virtualization
.TP 2m
\fBSEV_SNP\fR
Secure Encrypted Virtualization \- Secure Nested Paging
.TP 2m
\fBTDX\fR
Trust Domain eXtension
.RE
.sp
.RE
.sp
.TP 2m
Custom machine type extensions.
.RS 2m
.TP 2m
\fB\-\-custom\-cpu\fR=\fICUSTOM_CPU\fR
A whole number value specifying the number of cores that are needed in the
custom machine type.
For some machine types, shared\-core values can also be used. For example, for
E2 machine types, you can specify \f5micro\fR, \f5small\fR, or \f5medium\fR.
This flag argument must be specified if any of the other arguments in this group
are specified.
.TP 2m
\fB\-\-custom\-memory\fR=\fICUSTOM_MEMORY\fR
A whole number value indicating how much memory is desired in the custom machine
type. A size unit should be provided (eg. 3072MB or 9GB) \- if no units are
specified, GB is assumed.
This flag argument must be specified if any of the other arguments in this group
are specified.
.TP 2m
\fB\-\-custom\-extensions\fR
Use the extended custom machine type.
.TP 2m
\fB\-\-custom\-vm\-type\fR=\fICUSTOM_VM_TYPE\fR
Specifies a custom machine type. The default is \f5n1\fR. For more information
about custom machine types, see:
https://cloud.google.com/compute/docs/general\-purpose\-machines#custom_machine_types
.RE
.sp
.TP 2m
\fB\-\-image\-project\fR=\fIIMAGE_PROJECT\fR
The Google Cloud project against which all image and image family references
will be resolved. It is best practice to define image\-project. A full list of
available projects can be generated by running \f5gcloud projects list\fR.
.RS 2m
.IP "\(em" 2m
If specifying one of our public images, image\-project must be provided.
.IP "\(em" 2m
If there are several of the same image\-family value in multiple projects,
image\-project must be specified to clarify the image to be used.
.IP "\(em" 2m
If not specified and either image or image\-family is provided, the current
default project is used.
.RE
.sp
.TP 2m
At most one of these can be specified:
.RS 2m
.TP 2m
\fB\-\-image\fR=\fIIMAGE\fR
Specifies the boot image for the instances. For each instance, a new boot disk
will be created from the given image. Each boot disk will have the same name as
the instance. To view a list of public images and projects, run \f5$ gcloud
compute images list\fR. It is best practice to use \f5\-\-image\fR when a
specific version of an image is needed.
When using this option, \f5\fI\-\-boot\-disk\-device\-name\fR\fR and
\f5\fI\-\-boot\-disk\-size\fR\fR can be used to override the boot disk's device
name and size, respectively.
.TP 2m
\fB\-\-image\-family\fR=\fIIMAGE_FAMILY\fR
The image family for the operating system that the boot disk will be initialized
with. Compute Engine offers multiple Linux distributions, some of which are
available as both regular and Shielded VM images. When a family is specified
instead of an image, the latest non\-deprecated image associated with that
family is used. It is best practice to use \f5\-\-image\-family\fR when the
latest version of an image is needed.
By default, \f5\fIdebian\-12\fR\fR is assumed for this flag.
.RE
.sp
.TP 2m
Maintenance Behavior.
At most one of these can be specified:
.RS 2m
.TP 2m
\fB\-\-maintenance\-policy\fR=\fIMAINTENANCE_POLICY\fR
(DEPRECATED) Specifies the behavior of the VMs when their host machines undergo
maintenance. The default is MIGRATE. For more information, see
https://cloud.google.com/compute/docs/instances/host\-maintenance\-options.
The \-\-maintenance\-policy flag is now deprecated. Please use
\f5\-\-on\-host\-maintenance\fR instead. \fIMAINTENANCE_POLICY\fR must be one
of:
.RS 2m
.TP 2m
\fBMIGRATE\fR
The instances should be migrated to a new host. This will temporarily impact the
performance of instances during a migration event.
.TP 2m
\fBTERMINATE\fR
The instances should be terminated.
.RE
.sp
.TP 2m
\fB\-\-on\-host\-maintenance\fR=\fIMAINTENANCE_POLICY\fR
Specifies the behavior of the VMs when their host machines undergo maintenance.
The default is MIGRATE. For more information, see
https://cloud.google.com/compute/docs/instances/host\-maintenance\-options.
\fIMAINTENANCE_POLICY\fR must be one of:
.RS 2m
.TP 2m
\fBMIGRATE\fR
The instances should be migrated to a new host. This will temporarily impact the
performance of instances during a migration event.
.TP 2m
\fBTERMINATE\fR
The instances should be terminated.
.RE
.sp
.RE
.sp
.TP 2m
Sole Tenancy.
At most one of these can be specified:
.RS 2m
.TP 2m
\fB\-\-node\fR=\fINODE\fR
The name of the node to schedule this instance on.
.TP 2m
\fB\-\-node\-affinity\-file\fR=\fIPATH_TO_FILE\fR
The JSON/YAML file containing the configuration of desired nodes onto which this
instance could be scheduled. These rules filter the nodes according to their
node affinity labels. A node's affinity labels come from the node template of
the group the node is in.
The file should contain a list of a JSON/YAML objects. For an example, see
https://cloud.google.com/compute/docs/nodes/provisioning\-sole\-tenant\-vms#configure_node_affinity_labels.
The following list describes the fields:
.RS 2m
.TP 2m
\fBkey\fR
Corresponds to the node affinity label keys of the Node resource.
.TP 2m
\fBoperator\fR
Specifies the node selection type. Must be one of: \f5IN\fR: Requires Compute
Engine to seek for matched nodes. \f5NOT_IN\fR: Requires Compute Engine to avoid
certain nodes.
.TP 2m
\fBvalues\fR
Optional. A list of values which correspond to the node affinity label values of
the Node resource.
Use a full or relative path to a local file containing the value of
node_affinity_file.
.RE
.sp
.TP 2m
\fB\-\-node\-group\fR=\fINODE_GROUP\fR
The name of the node group to schedule this instance on.
.RE
.sp
.TP 2m
Specifies the reservation for instances created from this template.
.RS 2m
.TP 2m
\fB\-\-reservation\fR=\fIRESERVATION\fR
The name of the reservation, required when \f5\-\-reservation\-affinity\fR is
one of: \f5specific\fR, \f5specific\-then\-any\-reservation\fR or
\f5specific\-then\-no\-reservation\fR.
.TP 2m
\fB\-\-reservation\-affinity\fR=\fIRESERVATION_AFFINITY\fR; default="any"
The type of reservation for instances created from this template.
\fIRESERVATION_AFFINITY\fR must be one of:
.RS 2m
.TP 2m
\fBany\fR
Consume any available, matching reservation.
.TP 2m
\fBnone\fR
Do not consume from any reserved capacity.
.TP 2m
\fBspecific\fR
Must consume from a specific reservation.
.TP 2m
\fBspecific\-then\-any\-reservation\fR
Prefer to consume from a specific reservation, but still consume any available
matching reservation if the specified reservation is not available or exhausted.
.TP 2m
\fBspecific\-then\-no\-reservation\fR
Prefer to consume from a specific reservation, but still consume from the
on\-demand pool if the specified reservation is not available or exhausted.
.RE
.sp
.RE
.sp
.TP 2m
At most one of these can be specified:
.RS 2m
.TP 2m
\fB\-\-scopes\fR=[\fISCOPE\fR,...]
If not provided, the instance will be assigned the default scopes, described
below.
SCOPE can be either the full URI of the scope or an alias. \fBDefault\fR scopes
are assigned to all instances. Available aliases are:
.TS
tab( );
lB lB
l l.
Alias URI
bigquery https://www.googleapis.com/auth/bigquery
cloud-platform https://www.googleapis.com/auth/cloud-platform
cloud-source-repos https://www.googleapis.com/auth/source.full_control
cloud-source-repos-ro https://www.googleapis.com/auth/source.read_only
compute-ro https://www.googleapis.com/auth/compute.readonly
compute-rw https://www.googleapis.com/auth/compute
datastore https://www.googleapis.com/auth/datastore
default https://www.googleapis.com/auth/devstorage.read_only
https://www.googleapis.com/auth/logging.write
https://www.googleapis.com/auth/monitoring.write
https://www.googleapis.com/auth/pubsub
https://www.googleapis.com/auth/service.management.readonly
https://www.googleapis.com/auth/servicecontrol
https://www.googleapis.com/auth/trace.append
gke-default https://www.googleapis.com/auth/devstorage.read_only
https://www.googleapis.com/auth/logging.write
https://www.googleapis.com/auth/monitoring
https://www.googleapis.com/auth/service.management.readonly
https://www.googleapis.com/auth/servicecontrol
https://www.googleapis.com/auth/trace.append
logging-write https://www.googleapis.com/auth/logging.write
monitoring https://www.googleapis.com/auth/monitoring
monitoring-read https://www.googleapis.com/auth/monitoring.read
monitoring-write https://www.googleapis.com/auth/monitoring.write
pubsub https://www.googleapis.com/auth/pubsub
service-control https://www.googleapis.com/auth/servicecontrol
service-management https://www.googleapis.com/auth/service.management.readonly
sql (deprecated) https://www.googleapis.com/auth/sqlservice
sql-admin https://www.googleapis.com/auth/sqlservice.admin
storage-full https://www.googleapis.com/auth/devstorage.full_control
storage-ro https://www.googleapis.com/auth/devstorage.read_only
storage-rw https://www.googleapis.com/auth/devstorage.read_write
taskqueue https://www.googleapis.com/auth/taskqueue
trace https://www.googleapis.com/auth/trace.append
userinfo-email https://www.googleapis.com/auth/userinfo.email
.TE
DEPRECATION WARNING: https://www.googleapis.com/auth/sqlservice account scope
and \f5sql\fR alias do not provide SQL instance management capabilities and have
been deprecated. Please, use https://www.googleapis.com/auth/sqlservice.admin or
\f5sql\-admin\fR to manage your Google SQL Service instances.
.TP 2m
\fB\-\-no\-scopes\fR
Create instance without scopes
.RE
.sp
.TP 2m
At most one of these can be specified:
.RS 2m
.TP 2m
\fB\-\-service\-account\fR=\fISERVICE_ACCOUNT\fR
A service account is an identity attached to the instance. Its access tokens can
be accessed through the instance metadata server and are used to authenticate
applications on the instance. The account can be set using an email address
corresponding to the required service account.
If not provided, the instance will use the project's default service account.
.TP 2m
\fB\-\-no\-service\-account\fR
Create instance without service account
.RE
.sp
.TP 2m
\fB\-\-service\-proxy\fR=[\fIenabled\fR],[\fIintercept\-all\-outbound\-traffic\fR],[\fIintercept\-dns\fR],[\fIaccess\-log\fR=\fIACCESS\-LOG\fR],[\fIexclude\-outbound\-ip\-ranges\fR=\fIEXCLUDE\-OUTBOUND\-IP\-RANGES\fR],[\fIexclude\-outbound\-port\-ranges\fR=\fIEXCLUDE\-OUTBOUND\-PORT\-RANGES\fR],[\fImesh\fR=\fIMESH\fR],[\fInetwork\fR=\fINETWORK\fR],[\fIproject\-number\fR=\fIPROJECT\-NUMBER\fR],[\fIproxy\-port\fR=\fIPROXY\-PORT\fR],[\fIscope\fR=\fISCOPE\fR],[\fIserving\-ports\fR=\fISERVING\-PORTS\fR],[\fIsource\fR=\fISOURCE\fR],[\fItracing\fR=\fITRACING\fR]
Controls whether the Traffic Director service proxy (Envoy) and agent are
installed and configured on the VM. "cloud\-platform" scope is enabled
automatically to allow connections to the Traffic Director API. Do not use the
\-\-no\-scopes flag.
.RS 2m
.TP 2m
\fBenabled\fR
If specified, the service\-proxy software will be installed when the instance is
created. The instance is configured to work with Traffic Director.
.TP 2m
\fBserving\-ports\fR
Semi\-colon\-separated (;) list of the ports, specified inside quotation marks
("), on which the customer's application/workload is serving.
For example:
.RS 2m
serving\-ports="80;8080"
.RE
The service proxy will intercept inbound traffic, then forward it to the
specified serving port(s) on localhost. If not provided, no incoming traffic is
intercepted.
.TP 2m
\fBproxy\-port\fR
The port on which the service proxy listens. The VM intercepts traffic and
redirects it to this port to be handled by the service proxy. If omitted, the
default value is '15001'.
.TP 2m
\fBtracing\fR
Enables the service proxy to generate distributed tracing information. If set to
ON, the service proxy's control plane generates a configuration that enables
request ID\-based tracing. For more information, refer to the
\f5generate_request_id\fR documentation for the Envoy proxy. Allowed values are
\f5ON\fR and \f5OFF\fR.
.TP 2m
\fBaccess\-log\fR
The filepath for access logs sent to the service proxy by the control plane. All
incoming and outgoing requests are recorded in this file. For more information,
refer to the file access log documentation for the Envoy proxy.
.TP 2m
\fBnetwork\fR
The name of a valid VPC network. The Google Cloud Platform VPC network used by
the service proxy's control plane to generate dynamic configuration for the
service proxy.
.TP 2m
\fBintercept\-dns\fR
Enables interception of UDP traffic by the service proxy.
.TP 2m
\fBsource\fR
The Google Cloud Storage bucket location source for the Envoy. The
service\-proxy\-agent will download the archive from Envoy and install it on the
virtual machine, unpacking it into the root (/) directory of the virtual
machine. Therefore, the archive must contain not only the executable and license
files but they must be located in the correct directories within the archive.
For example: /usr/local/bin/envoy and /usr/local/doc/envoy\-LICENSE
.TP 2m
\fBintercept\-all\-outbound\-traffic\fR
Enables interception of all outgoing traffic. The traffic is intercepted by the
service proxy and then redirected to external host.
.TP 2m
\fBexclude\-outbound\-ip\-ranges\fR
Semi\-colon\-separated (;) list of the IPs or CIDRs, specified inside quotation
marks ("), that should be excluded from redirection. Only applies when
\f5intercept\-all\-outbound\-traffic\fR flag is set.
For example:
.RS 2m
exclude\-outbound\-ip\-ranges="8.8.8.8;129.168.10.0/24"
.RE
.TP 2m
\fBexclude\-outbound\-port\-ranges\fR
Semi\-colon\-separated (;) list of the ports or port ranges, specified inside
quotation marks ("), that should be excluded from redirection. Only applies when
\f5intercept\-all\-outbound\-traffic\fR flag is set.
For example:
.RS 2m
exclude\-outbound\-port\-ranges="81;8080\-8090"
.RE
.TP 2m
\fBscope\fR
Scope defines a logical configuration boundary for a Gateway resource. On VM
boot up, the service proxy reaches the Traffic Director to retrieve routing
information that corresponds to the routes attached to the gateway with this
scope name. When scope is specified, the network value is ignored. You cannot
specify \f5scope\fR and \f5mesh\fR values at the same time.
.TP 2m
\fBmesh\fR
Mesh defines a logical configuration boundary for a Mesh resource. On VM boot
up, the service proxy reaches the Traffic Director to retrieve routing
information that corresponds to the routes attached to the mesh with this mesh
name. When mesh is specified, the network value is ignored. You cannot specify
\f5scope\fR and \f5mesh\fR values at the same time.
.TP 2m
\fBproject\-number\fR
Project number defines the project where Mesh and Gateway resources are created.
If not specified, the project where the instance exists is used.
.RE
.sp
.TP 2m
\fB\-\-service\-proxy\-labels\fR=[\fIKEY\fR=\fIVALUE\fR, ...,...]
Labels that you can apply to your service proxy. These will be reflected in your
Envoy proxy's bootstrap metadata. These can be any \f5key=value\fR pairs that
you want to set as proxy metadata (for example, for use with config filtering).
You might use these flags for application and version labels: \f5app=review\fR
and/or \f5version=canary\fR.
.RE
.sp
.SH "GCLOUD WIDE FLAGS"
These flags are available to all commands: \-\-access\-token\-file, \-\-account,
\-\-billing\-project, \-\-configuration, \-\-flags\-file, \-\-flatten,
\-\-format, \-\-help, \-\-impersonate\-service\-account, \-\-log\-http,
\-\-project, \-\-quiet, \-\-trace\-token, \-\-user\-output\-enabled,
\-\-verbosity.
Run \fB$ gcloud help\fR for details.
.SH "NOTES"
This command is currently in alpha and might change without notice. If this
command fails with API permission errors despite specifying the correct project,
you might be trying to access an API with an invitation\-only early access
allowlist. These variants are also available:
.RS 2m
$ gcloud compute instance\-templates create
.RE
.RS 2m
$ gcloud beta compute instance\-templates create
.RE