File: //snap/google-cloud-cli/current/help/man/man1/gcloud_compute_instances_update-container.1
.TH "GCLOUD_COMPUTE_INSTANCES_UPDATE\-CONTAINER" 1
.SH "NAME"
.HP
gcloud compute instances update\-container \- updates Compute Engine virtual machine instances running container images
.SH "SYNOPSIS"
.HP
\f5gcloud compute instances update\-container\fR \fIINSTANCE_NAME\fR [\fB\-\-container\-image\fR=\fICONTAINER_IMAGE\fR] [\fB\-\-container\-mount\-disk\fR=[\fImode\fR=\fIMODE\fR],[\fImount\-path\fR=\fIMOUNT\-PATH\fR],[\fIname\fR=\fINAME\fR],[\fIpartition\fR=\fIPARTITION\fR]] [\fB\-\-container\-privileged\fR] [\fB\-\-container\-restart\-policy\fR=\fIPOLICY\fR] [\fB\-\-container\-stdin\fR] [\fB\-\-container\-tty\fR] [\fB\-\-[no\-]shielded\-integrity\-monitoring\fR] [\fB\-\-shielded\-learn\-integrity\-policy\fR] [\fB\-\-[no\-]shielded\-secure\-boot\fR] [\fB\-\-[no\-]shielded\-vtpm\fR] [\fB\-\-zone\fR=\fIZONE\fR] [\fB\-\-clear\-container\-args\fR\ |\ \fB\-\-container\-arg\fR=\fICONTAINER_ARG\fR] [\fB\-\-clear\-container\-command\fR\ |\ \fB\-\-container\-command\fR=\fICONTAINER_COMMAND\fR] [\fB\-\-container\-env\fR=[\fIKEY\fR=\fIVALUE\fR,\ ...,...]\ \fB\-\-container\-env\-file\fR=\fICONTAINER_ENV_FILE\fR\ \fB\-\-remove\-container\-env\fR=[\fIKEY\fR,...]] [\fB\-\-container\-mount\-host\-path\fR=[\fIhost\-path\fR=\fIHOSTPATH\fR,\fImount\-path\fR=\fIMOUNTPATH\fR[,\fImode\fR=\fIMODE\fR],...]\ \fB\-\-container\-mount\-tmpfs\fR=[\fImount\-path\fR=\fIMOUNTPATH\fR,...]\ \fB\-\-remove\-container\-mounts\fR=[\fIMOUNTPATH\fR[,\fIMOUNTPATH\fR,...],...]] [\fIGCLOUD_WIDE_FLAG\ ...\fR]
.SH "DESCRIPTION"
\fB(DEPRECATED)\fR The option to deploy a container during VM creation using the
container startup agent is deprecated. Use alternative services to run
containers on your VMs. Learn more at
https://cloud.google.com/compute/docs/containers/migrate\-containers.
\fBgcloud compute instances update\-container\fR updates Compute Engine virtual
machines that runs a Docker image. For example:
.RS 2m
$ gcloud compute instances update\-container instance\-1 \e
\-\-zone us\-central1\-a \e
\-\-container\-image=gcr.io/google\-containers/busybox
.RE
updates an instance called instance\-1, in the us\-central1\-a zone, to run the
\'busybox' image.
For more examples, refer to the \fBEXAMPLES\fR section below.
.SH "EXAMPLES"
To run the gcr.io/google\-containers/busybox image on an instance named
\'instance\-1' that executes 'echo "Hello world"' as a run command, run:
.RS 2m
$ gcloud compute instances update\-container instance\-1 \e
\-\-container\-image=gcr.io/google\-containers/busybox \e
\-\-container\-command='echo "Hello world"'
.RE
To run the gcr.io/google\-containers/busybox image in privileged mode, run:
.RS 2m
$ gcloud compute instances update\-container instance\-1 \e
\-\-container\-image=gcr.io/google\-containers/busybox \e
\-\-container\-privileged
.RE
.SH "POSITIONAL ARGUMENTS"
.RS 2m
.TP 2m
\fIINSTANCE_NAME\fR
Name of the instance to update. For details on valid instance names, refer to
the criteria documented under the field 'name' at:
https://cloud.google.com/compute/docs/reference/rest/v1/instances
.RE
.sp
.SH "FLAGS"
.RS 2m
.TP 2m
\fB\-\-container\-image\fR=\fICONTAINER_IMAGE\fR
Sets container image in the declaration to the specified value.
Empty string is not allowed.
.TP 2m
\fB\-\-container\-mount\-disk\fR=[\fImode\fR=\fIMODE\fR],[\fImount\-path\fR=\fIMOUNT\-PATH\fR],[\fIname\fR=\fINAME\fR],[\fIpartition\fR=\fIPARTITION\fR]
Mounts a disk to the container by using mount\-path or updates how the volume is
mounted if the same mount path has already been declared. The disk must already
be attached to the instance with a device\-name that matches the disk name.
Multiple flags are allowed.
.RS 2m
.TP 2m
\fBname\fR
Name of the disk. Can be omitted if exactly one additional disk is attached to
the instance. The name of the single additional disk will be used by default.
.TP 2m
\fBmount\-path\fR
Path on container to mount to. Mount paths with spaces and commas (and other
special characters) are not supported by this command.
.TP 2m
\fBpartition\fR
Optional. The partition of the disk to mount. Multiple partitions of a disk can
be mounted.
.TP 2m
\fBmode\fR
Volume mount mode: \f5rw\fR (read/write) or \f5ro\fR (read\-only). Defaults to
\f5rw\fR. Fails if the disk mode is \f5ro\fR and volume mount mode is \f5rw\fR.
.RE
.sp
.TP 2m
\fB\-\-container\-privileged\fR
Sets permission to run container to the specified value.
.TP 2m
\fB\-\-container\-restart\-policy\fR=\fIPOLICY\fR
Sets container restart policy to the specified value. \fIPOLICY\fR must be one
of: \fBnever\fR, \fBon\-failure\fR, \fBalways\fR.
.TP 2m
\fB\-\-container\-stdin\fR
Sets configuration whether to keep container \f5STDIN\fR always open to the
specified value.
.TP 2m
\fB\-\-container\-tty\fR
Sets configuration whether to allocate a pseudo\-TTY for the container to the
specified value.
.TP 2m
\fB\-\-[no\-]shielded\-integrity\-monitoring\fR
Enables monitoring and attestation of the boot integrity of the instance. The
attestation is performed against the integrity policy baseline. This baseline is
initially derived from the implicitly trusted boot image when the instance is
created. This baseline can be updated by using \f5gcloud compute instances
update\-container \-\-shielded\-learn\-integrity\-policy\fR. On Shielded VM
instances, integrity monitoring is enabled by default. For information about how
to modify Shielded VM options, see
https://cloud.google.com/compute/docs/instances/modifying\-shielded\-vm. For
information about monitoring integrity on Shielded VM instances, see
https://cloud.google.com/compute/docs/instances/integrity\-monitoring." Changes
to this setting with the update command only take effect after stopping and
starting the instance. Use \fB\-\-shielded\-integrity\-monitoring\fR to enable
and \fB\-\-no\-shielded\-integrity\-monitoring\fR to disable.
.TP 2m
\fB\-\-shielded\-learn\-integrity\-policy\fR
Causes the instance to re\-learn the integrity policy baseline using the current
instance configuration. Use this flag after any planned boot\-specific changes
in the instance configuration, like kernel updates or kernel driver
installation.
.TP 2m
\fB\-\-[no\-]shielded\-secure\-boot\fR
The instance boots with secure boot enabled. On Shielded VM instances, Secure
Boot is not enabled by default. For information about how to modify Shielded VM
options, see
https://cloud.google.com/compute/docs/instances/modifying\-shielded\-vm. Changes
to this setting with the update command only take effect after stopping and
starting the instance. Use \fB\-\-shielded\-secure\-boot\fR to enable and
\fB\-\-no\-shielded\-secure\-boot\fR to disable.
.TP 2m
\fB\-\-[no\-]shielded\-vtpm\fR
The instance boots with the TPM (Trusted Platform Module) enabled. A TPM is a
hardware module that can be used for different security operations such as
remote attestation, encryption, and sealing of keys. On Shielded VM instances,
vTPM is enabled by default. For information about how to modify Shielded VM
options, see
https://cloud.google.com/compute/docs/instances/modifying\-shielded\-vm. Changes
to this setting with the update command only take effect after stopping and
starting the instance. Use \fB\-\-shielded\-vtpm\fR to enable and
\fB\-\-no\-shielded\-vtpm\fR to disable.
.TP 2m
\fB\-\-zone\fR=\fIZONE\fR
Zone of the instance to update. If not specified, you might be prompted to
select a zone (interactive mode only). \f5gcloud\fR attempts to identify the
appropriate zone by searching for resources in your currently active project. If
the zone cannot be determined, \f5gcloud\fR prompts you for a selection with all
available Google Cloud Platform zones.
To avoid prompting when this flag is omitted, the user can set the
\f5\fIcompute/zone\fR\fR property:
.RS 2m
$ gcloud config set compute/zone ZONE
.RE
A list of zones can be fetched by running:
.RS 2m
$ gcloud compute zones list
.RE
To unset the property, run:
.RS 2m
$ gcloud config unset compute/zone
.RE
Alternatively, the zone can be stored in the environment variable
\f5\fICLOUDSDK_COMPUTE_ZONE\fR\fR.
.TP 2m
At most one of these can be specified:
.RS 2m
.TP 2m
\fB\-\-clear\-container\-args\fR
Removes the list of arguments from container declaration.
Cannot be used in the same command with \f5\-\-container\-arg\fR.
.TP 2m
\fB\-\-container\-arg\fR=\fICONTAINER_ARG\fR
Completely replaces the list of arguments with the new list. Each argument must
have a separate \-\-container\-arg flag. Arguments are appended the new list in
the order of flags.
Cannot be used in the same command with \f5\-\-clear\-container\-arg\fR.
.RE
.sp
.TP 2m
At most one of these can be specified:
.RS 2m
.TP 2m
\fB\-\-clear\-container\-command\fR
Removes command from container declaration.
Cannot be used in the same command with \f5\-\-container\-command\fR.
.TP 2m
\fB\-\-container\-command\fR=\fICONTAINER_COMMAND\fR
Sets command in the declaration to the specified value. Empty string is not
allowed.
Cannot be used in the same command with \f5\-\-clear\-container\-command\fR.
.RE
.sp
.TP 2m
\fB\-\-container\-env\fR=[\fIKEY\fR=\fIVALUE\fR, ...,...]
Update environment variables \f5KEY\fR with value \f5VALUE\fR passed to
container.
.RS 2m
.IP "\(em" 2m
Sets \f5KEY\fR to the specified value.
.IP "\(em" 2m
Adds \f5KEY\fR = \f5VALUE\fR, if \f5KEY\fR is not yet declared.
.IP "\(em" 2m
Only the last value of \f5KEY\fR is taken when \f5KEY\fR is repeated more than
once.
.RE
.sp
Values, declared with \f5\-\-container\-env\fR flag override those with the same
\f5KEY\fR from file, provided in \f5\-\-container\-env\-file\fR.
.TP 2m
\fB\-\-container\-env\-file\fR=\fICONTAINER_ENV_FILE\fR
Update environment variables from a file. Same update rules as for
\f5\-\-container\-env\fR apply. Values, declared with \f5\-\-container\-env\fR
flag override those with the same \f5KEY\fR from file.
File with environment variables declarations in format used by docker (almost).
This means:
.RS 2m
.IP "\(em" 2m
Lines are in format KEY=VALUE
.IP "\(em" 2m
Values must contain equality signs.
.IP "\(em" 2m
Variables without values are not supported (this is different from docker
format).
.IP "\(em" 2m
If # is first non\-whitespace character in a line the line is ignored as a
comment.
.RE
.sp
.TP 2m
\fB\-\-remove\-container\-env\fR=[\fIKEY\fR,...]
Removes environment variables \f5KEY\fR from container declaration Does nothing,
if a variable is not present.
.TP 2m
\fB\-\-container\-mount\-host\-path\fR=[\fIhost\-path\fR=\fIHOSTPATH\fR,\fImount\-path\fR=\fIMOUNTPATH\fR[,\fImode\fR=\fIMODE\fR],...]
Mounts a volume by using host\-path.
.RS 2m
.IP "\(em" 2m
Adds a volume, if \f5mount\-path\fR is not yet declared.
.IP "\(em" 2m
Replaces a volume, if \f5mount\-path\fR is declared. All parameters
(\f5host\-path\fR, \f5mount\-path\fR, \f5mode\fR) are completely replaced.
.RE
.sp
.RS 2m
.TP 2m
\fBhost\-path\fR
Path on host to mount from.
.TP 2m
\fBmount\-path\fR
Path on container to mount to. Mount paths with spaces and commas (and other
special characters) are not supported by this command.
.TP 2m
\fBmode\fR
Volume mount mode: rw (read/write) or ro (read\-only).
Default: rw.
.RE
.sp
.TP 2m
\fB\-\-container\-mount\-tmpfs\fR=[\fImount\-path\fR=\fIMOUNTPATH\fR,...]
Mounts empty tmpfs into container at MOUNTPATH.
.RS 2m
.TP 2m
\fBmount\-path\fR
Path on container to mount to. Mount paths with spaces and commas (and other
special characters) are not supported by this command.
.RE
.sp
.TP 2m
\fB\-\-remove\-container\-mounts\fR=[\fIMOUNTPATH\fR[,\fIMOUNTPATH\fR,...],...]
Removes volume mounts (\f5host\-path\fR, \f5tmpfs\fR, \f5disk\fR) with
\f5mountPath: MOUNTPATH\fR from container declaration.
Does nothing, if a volume mount is not declared.
.RE
.sp
.SH "GCLOUD WIDE FLAGS"
These flags are available to all commands: \-\-access\-token\-file, \-\-account,
\-\-billing\-project, \-\-configuration, \-\-flags\-file, \-\-flatten,
\-\-format, \-\-help, \-\-impersonate\-service\-account, \-\-log\-http,
\-\-project, \-\-quiet, \-\-trace\-token, \-\-user\-output\-enabled,
\-\-verbosity.
Run \fB$ gcloud help\fR for details.
.SH "NOTES"
These variants are also available:
.RS 2m
$ gcloud alpha compute instances update\-container
.RE
.RS 2m
$ gcloud beta compute instances update\-container
.RE