--account <ACCOUNT> | Google Cloud Platform user account to use for invocation. Overrides the default *core/account* property value for this command invocation |
--billing-project <BILLING_PROJECT> | The Google Cloud Platform project that will be charged quota for operations performed in gcloud. If you need to operate on one project, but need quota against a different project, you can use this flag to specify the billing project. If both `billing/quota_project` and `--billing-project` are specified, `--billing-project` takes precedence. Run `$ gcloud config set --help` to see more information about `billing/quota_project` |
--configuration <CONFIGURATION> | The configuration to use for this command invocation. For more
information on how to use configurations, run:
`gcloud topic configurations`. You can also use the CLOUDSDK_ACTIVE_CONFIG_NAME environment
variable to set the equivalent of this flag for a terminal
session |
--csek-key-file <FILE> | Path to a Customer-Supplied Encryption Key (CSEK) key file that maps
Compute Engine images to user managed keys to be used when
creating, mounting, or taking snapshots of disks.
+
If you pass `-` as value of the flag, the CSEK is read from stdin.
See https://cloud.google.com/compute/docs/disks/customer-supplied-encryption for more details |
--description <DESCRIPTION> | An optional, textual description for the image being created |
--family <FAMILY> | The family of the image. When creating an instance or disk, specifying a family will cause the latest non-deprecated image in the family to be used |
--flags-file <YAML_FILE> | A YAML or JSON file that specifies a *--flag*:*value* dictionary.
Useful for specifying complex flag values with special characters
that work with any command interpreter. Additionally, each
*--flags-file* arg is replaced by its constituent flags. See
$ gcloud topic flags-file for more information |
--flatten <KEY> | Flatten _name_[] output resource slices in _KEY_ into separate records
for each item in each slice. Multiple keys and slices may be specified.
This also flattens keys for *--format* and *--filter*. For example,
*--flatten=abc.def* flattens *abc.def[].ghi* references to
*abc.def.ghi*. A resource record containing *abc.def[]* with N elements
will expand to N records in the flattened output. This flag interacts
with other flags that are applied in this order: *--flatten*,
*--sort-by*, *--filter*, *--limit* |
--forbidden-database-file <DBX_VALUE> | Comma-separated list of file paths that point to revoked X.509
certificates or raw binary files. When you create a shielded VM
from this image, these certificates or files are added to the forbidden
signature database (dbx) |
--force | By default, image creation fails when it is created from a disk that
is attached to a running instance. When this flag is used, image
creation from disk will proceed even if the disk is in use |
--format <FORMAT> | Set the format for printing command output resources. The default is a
command-specific human-friendly output format. The supported formats
are: `config`, `csv`, `default`, `diff`, `disable`, `flattened`, `get`, `json`, `list`, `multi`, `none`, `object`, `table`, `text`, `value`, `yaml`. For more details run $ gcloud topic formats |
--guest-os-features <GUEST_OS_FEATURE> | This parameter enables one or more features for VM instances that use the
image for their boot disks. See
https://cloud.google.com/compute/docs/images/create-delete-deprecate-private-images#guest-os-features
for descriptions of the supported features. _GUEST_OS_FEATURE_ must be one of: *GVNIC*, *MULTI_IP_SUBNET*, *SEV_CAPABLE*, *UEFI_COMPATIBLE*, *VIRTIO_SCSI_MULTIQUEUE*, *WINDOWS* |
--help | Display detailed help |
--impersonate-service-account <SERVICE_ACCOUNT_EMAIL> | For this gcloud invocation, all API requests will be made as the given service account instead of the currently selected account. This is done without needing to create, download, and activate a key for the account. In order to perform operations as the service account, your currently selected account must have an IAM role that includes the iam.serviceAccounts.getAccessToken permission for the service account. The roles/iam.serviceAccountTokenCreator role has this permission or you may create a custom role. Overrides the default *auth/impersonate_service_account* property value for this command invocation |
--key-exchange-key-file <KEK_VALUE> | Comma-separated list of file paths that point to X.509 certificates or raw
binary files. When you create a shielded VM from this image,
these certificates or files are used as key exchange keys (KEK) |
--kms-key <KMS_KEY> | ID of the key or fully qualified identifier for the key |
--kms-keyring <KMS_KEYRING> | The KMS keyring of the key |
--kms-location <KMS_LOCATION> | The Cloud location for the key |
--kms-project <KMS_PROJECT> | The Cloud project for the key |
--labels <KEY=VALUE> | List of label KEY=VALUE pairs to add.
+
Keys must start with a lowercase character and contain only hyphens (`-`), underscores (```_```), lowercase characters, and numbers. Values must contain only hyphens (`-`), underscores (```_```), lowercase characters, and numbers |
--licenses <LICENSES> | Comma-separated list of URIs to license resources |
--log-http | Log all HTTP server requests and responses to stderr. Overrides the default *core/log_http* property value for this command invocation |
--platform-key-file <PLATFORM_KEY_FILE> | File path that points to an X.509 certificate or raw binary file. When
you create a shielded VM from this image, this certificate or raw binary
file is used as the platform key (PK) |
--project <PROJECT_ID> | The Google Cloud Platform project ID to use for this invocation. If
omitted, then the current project is assumed; the current project can
be listed using `gcloud config list --format='text(core.project)'`
and can be set using `gcloud config set project PROJECTID`.
+
`--project` and its fallback `core/project` property play two roles
in the invocation. It specifies the project of the resource to
operate on. It also specifies the project for API enablement check,
quota, and billing. To specify a different project for quota and
billing, use `--billing-project` or `billing/quota_project` property |
--quiet | Disable all interactive prompts when running gcloud commands. If input
is required, defaults will be used, or an error will be raised.
Overrides the default core/disable_prompts property value for this
command invocation. This is equivalent to setting the environment
variable `CLOUDSDK_CORE_DISABLE_PROMPTS` to 1 |
--require-csek-key-create | Refuse to create images not protected by a user managed key in
the key file when --csek-key-file is given. This behavior is enabled
by default to prevent incorrect gcloud invocations from accidentally
creating images with no user managed key. Disabling the check
allows creation of some images without a matching
Customer-Supplied Encryption Key in the supplied --csek-key-file.
See https://cloud.google.com/compute/docs/disks/customer-supplied-encryption for more details. Enabled by default, use *--no-require-csek-key-create* to disable |
--signature-database-file <DB_VALUE> | Comma-separated list of file paths that point to valid X.509 certificates
or raw binary files. When you create a shielded VM from this
image, these certificates or files are added to the signature database
(db) |
--source-disk <SOURCE_DISK> | A source disk to create the image from. The value for this option can be
the name of a disk with the zone specified via ``--source-disk-zone''
flag |
--source-disk-zone <SOURCE_DISK_ZONE> | Zone of the source disk to operate on. If not specified and the ``compute/zone'' property isn't set, you
may be prompted to select a zone.
+
To avoid prompting when this flag is omitted, you can set the
``compute/zone'' property:
+
$ gcloud config set compute/zone ZONE
+
A list of zones can be fetched by running:
+
$ gcloud compute zones list
+
To unset the property, run:
+
$ gcloud config unset compute/zone
+
Alternatively, the zone can be stored in the environment variable
``CLOUDSDK_COMPUTE_ZONE'' |
--source-image <SOURCE_IMAGE> | The name of an image to clone. May be used with
``--source-image-project'' to clone an image in a different
project |
--source-image-family <SOURCE_IMAGE_FAMILY> | The family of the source image. This will cause the latest non-
deprecated image in the family to be used as the source image.
May be used with ``--source-image-project'' to refer to an image
family in a different project |
--source-image-project <SOURCE_IMAGE_PROJECT> | The project name of the source image. Must also specify either
``--source-image'' or ``--source-image-family'' when using
this flag |
--source-snapshot <SOURCE_SNAPSHOT> | A source snapshot to create the image from. The value for this option
can be the name of a snapshot within the same project as the destination
image |
--source-uri <SOURCE_URI> | The full Google Cloud Storage URI where the disk image is stored.
This file must be a gzip-compressed tarball whose name ends in
``.tar.gz'' |
--storage-location <LOCATION> | Specifies a Cloud Storage location, either regional or multi-regional,
where image content is to be stored. If not specified, the multi-region
location closest to the source is chosen automatically |
--trace-token <TRACE_TOKEN> | Token used to route traces of service requests for investigation of issues. Overrides the default *core/trace_token* property value for this command invocation |
--user-output-enabled | Print user intended output to the console. Overrides the default *core/user_output_enabled* property value for this command invocation. Use *--no-user-output-enabled* to disable |
--verbosity <VERBOSITY> | Override the default verbosity for this command. Overrides the default *core/verbosity* property value for this command invocation. _VERBOSITY_ must be one of: *debug*, *info*, *warning*, *error*, *critical*, *none* |