--account <ACCOUNT> | Google Cloud Platform user account to use for invocation. Overrides the default *core/account* property value for this command invocation |
--address <ADDRESS> | Assigns the given external IP address to the instance that is created.
This option can only be used when creating a single instance |
--billing-project <BILLING_PROJECT> | The Google Cloud Platform project that will be charged quota for operations performed in gcloud. If you need to operate on one project, but need quota against a different project, you can use this flag to specify the billing project. If both `billing/quota_project` and `--billing-project` are specified, `--billing-project` takes precedence. Run `$ gcloud config set --help` to see more information about `billing/quota_project` |
--boot-disk-auto-delete | Automatically delete boot disks when their instances are deleted. Enabled by default, use *--no-boot-disk-auto-delete* to disable |
--boot-disk-device-name <BOOT_DISK_DEVICE_NAME> | The name the guest operating system will see for the boot disk. This
option can only be specified if a new boot disk is being created (as
opposed to mounting an existing persistent disk) |
--boot-disk-size <BOOT_DISK_SIZE> | The size of the boot disk. This option can only be specified if a new
boot disk is being created (as opposed to mounting an existing
persistent disk). The value must be a whole number followed by a size
unit of ``KB'' for kilobyte, ``MB'' for megabyte, ``GB'' for gigabyte,
or ``TB'' for terabyte. For example, ``10GB'' will produce a 10 gigabyte
disk. The minimum size a boot disk can have is 10 GB. Disk size must be a
multiple of 1 GB. Limit boot disk size to 2 TB to account for MBR
partition table limitations. Default size unit is ``GB'' |
--boot-disk-type <BOOT_DISK_TYPE> | The type of the boot disk. This option can only be specified if a new boot
disk is being created (as opposed to mounting an existing persistent
disk). To get a list of available disk types, run
`$ gcloud compute disk-types list` |
--can-ip-forward | If provided, allows the instances to send and receive packets with non-matching destination or source IP addresses |
--configuration <CONFIGURATION> | The configuration to use for this command invocation. For more
information on how to use configurations, run:
`gcloud topic configurations`. You can also use the CLOUDSDK_ACTIVE_CONFIG_NAME environment
variable to set the equivalent of this flag for a terminal
session |
--container-arg <CONTAINER_ARG> | Argument to append to container entrypoint or to override container CMD.
Each argument must have a separate flag. Arguments are appended in the
order of flags. Example:
+
Assuming the default entry point of the container (or an entry point
overridden with --container-command flag) is a Bourne shell-compatible
executable, in order to execute 'ls -l' command in the container,
the user could use:
+
`--container-arg="-c" --container-arg="ls -l"`
+
Caveat: due to the nature of the argument parsing, it's impossible to
provide the flag value that starts with a dash (`-`) without the `=` sign
(that is, `--container-arg "-c"` will not work correctly).
+
Default: None. (no arguments appended) |
--container-command <CONTAINER_COMMAND> | Specifies what executable to run when the container starts (overrides
default entrypoint), eg. `nc`.
+
Default: None (default container entrypoint is used) |
--container-env <KEY=VALUE, ...> | Declare environment variables KEY with value VALUE passed to container.
Only the last value of KEY is taken when KEY is repeated more than once.
+
Values, declared with --container-env flag override those with the same
KEY from file, provided in --container-env-file |
--container-env-file <CONTAINER_ENV_FILE> | Declare environment variables in a file. Values, declared with
--container-env flag override those with the same KEY from file.
+
File with environment variables in format used by docker (almost).
This means:
- Lines are in format KEY=VALUE.
- Values must contain equality signs.
- Variables without values are not supported (this is different from
docker format).
- If `#` is first non-whitespace character in a line the line is ignored
as a comment.
- Lines with nothing but whitespace are ignored |
--container-image <CONTAINER_IMAGE> | Full container image name, which should be pulled onto VM instance,
eg. `docker.io/tomcat` |
--container-mount-disk <CONTAINER_MOUNT_DISK> | Mounts a disk to the specified mount path in the container. Multiple '
flags are allowed. Must be used with `--disk` or `--create-disk`.
+
*name*::: Name of the disk. If exactly one additional disk is attached
to the instance using `--disk` or `--create-disk`, specifying disk
name here is optional. The name of the single additional disk will be
used by default.
+
*mount-path*::: Path on container to mount to. Mount paths with spaces
and commas (and other special characters) are not supported by this
command.
+
*partition*::: Optional. The partition of the disk to mount. Multiple
partitions of a disk may be mounted. May not be used with --create-disk.
+
*mode*::: Volume mount mode: `rw` (read/write) or `ro` (read-only).
Defaults to `rw`. Fails if the disk mode is `ro` and volume mount mode
is `rw` |
--container-mount-host-path <host-path=HOSTPATH,mount-path=MOUNTPATH[,mode=MODE]> | Mounts a volume by using host-path.
+
*host-path*::: Path on host to mount from.
+
*mount-path*::: Path on container to mount to. Mount paths with spaces
and commas (and other special characters) are not supported by this
command.
+
*mode*::: Volume mount mode: rw (read/write) or ro (read-only).
+
Default: rw |
--container-mount-tmpfs <mount-path=MOUNTPATH> | Mounts empty tmpfs into container at MOUNTPATH.
+
*mount-path*::: Path on container to mount to. Mount paths with spaces
and commas (and other special characters) are not supported by this
command |
--container-privileged | Specify whether to run container in privileged mode.
+
Default: `--no-container-privileged` |
--container-restart-policy <POLICY> | Specify whether to restart a container on exit. _POLICY_ must be one of: *never*, *on-failure*, *always* |
--container-stdin | Keep container STDIN open even if not attached.
+
Default: `--no-container-stdin` |
--container-tty | Allocate a pseudo-TTY for the container.
+
Default: `--no-container-tty` |
--create-disk <PROPERTY=VALUE> | Creates and attaches persistent disks to the instances.
+
*name*::: Specifies the name of the disk. This option cannot be
specified if more than one instance is being created. Must specify this option if attaching the disk to a container with `--container-mount-disk`.
+
*description*::: Optional textual description for the disk being created.
+
*mode*::: Specifies the mode of the disk. Supported options
are ``ro'' for read-only and ``rw'' for read-write. If
omitted, ``rw'' is used as a default. It is an error to create a disk in `ro` mode if attaching it to a container with `--container-mount-disk`.
+
*image*::: Specifies the name of the image that the disk will be
initialized with. A new disk will be created based on the given
image. To view a list of public images and projects, run
`$ gcloud compute images list`. It is best practice to use image when
a specific version of an image is needed. If both image and image-family
flags are omitted a blank disk will be created.
+
*image-family*::: The image family for the operating system that the boot
disk will be initialized with. Compute Engine offers multiple Linux
distributions, some of which are available as both regular and
Shielded VM images. When a family is specified instead of an image,
the latest non-deprecated image associated with that family is
used. It is best practice to use --image-family when the latest
version of an image is needed.
+
*image-project*::: The Google Cloud project against which all image and
image family references will be resolved. It is best practice to define
image-project. A full list of available projects can be generated by
running `gcloud projects list`.
+
* If specifying one of our public images, image-project must be
provided.
* If there are several of the same image-family value in multiple
projects, image-project must be specified to clarify the image to be
used.
* If not specified and either image or image-family is provided, the
current default project is used.
+
*size*::: The size of the disk. The value must be a whole number
followed by a size unit of ``KB'' for kilobyte, ``MB'' for
megabyte, ``GB'' for gigabyte, or ``TB'' for terabyte. For
example, ``10GB'' will produce a 10 gigabyte disk. Disk size must
be a multiple of 1 GB. If not specified, the default image size
will be used for the new disk.
+
*type*::: The type of the disk. To get a list of available disk
types, run $ gcloud compute disk-types list. The default disk type
is ``pd-standard''.
+
*device-name*::: An optional name that indicates the disk name the guest operating system will see. Must be the same as `name` if used with `--container-mount-disk`. If omitted, a device name of the form `persistent-disk-N` will be used. If omitted and used with `--container-mount-disk` (where the `name` of the container mount disk is the same as in this flag), a device name equal to disk `name` will be used.
+
*auto-delete*::: If ``yes'', this persistent disk will be
automatically deleted when the instance is deleted. However,
if the disk is later detached from the instance, this option
won't apply. The default value for this is ``yes'' |
--custom-cpu <CUSTOM_CPU> | A whole number value indicating how many cores are desired in the custom
machine type |
--custom-extensions | Use the extended custom machine type |
--custom-memory <CUSTOM_MEMORY> | A whole number value indicating how much memory is desired in the custom
machine type. A size unit should be provided (eg. 3072MB or 9GB) - if no
units are specified, GB is assumed |
--custom-vm-type <CUSTOM_VM_TYPE> | Specifies VM type. n1 - VMs with CPU platforms Skylake and older,
n2 - VMs with CPU platform Cascade Lake. n2 offers flexible sizing from
2 to 80 vCPUs, and 1 to 640GBs of memory.
It also features a number of performance enhancements including exposing
a more accurate NUMA topology to the guest OS. The default is `n1` |
--description <DESCRIPTION> | Specifies a textual description for the instance template |
--disk <DISK> | Attaches persistent disks to the instances. The disks
specified must already exist.
+
*name*::: The disk to attach to the instances. When creating
more than one instance and using this property, the only valid
mode for attaching the disk is read-only (see *mode* below).
+
*mode*::: Specifies the mode of the disk. Supported options
are ``ro'' for read-only and ``rw'' for read-write. If
omitted, ``rw'' is used as a default. It is an error for mode
to be ``rw'' when creating more than one instance because
read-write disks can only be attached to a single instance.
+
*boot*::: If ``yes'', indicates that this is a boot disk. The
virtual machines will use the first partition of the disk for
their root file systems. The default value for this is ``no''.
+
*device-name*::: An optional name that indicates the disk name the guest operating system will see. Must be the same as `name` if used with `--container-mount-disk`. If omitted, a device name of the form `persistent-disk-N` will be used. If omitted and used with `--container-mount-disk` (where the `name` of the container mount disk is the same as in this flag), a device name equal to disk `name` will be used.
+
*auto-delete*::: If ``yes'', this persistent disk will be
automatically deleted when the instance is deleted. However,
if the disk is later detached from the instance, this option
won't apply. The default value for this is ``yes'' |
--flags-file <YAML_FILE> | A YAML or JSON file that specifies a *--flag*:*value* dictionary.
Useful for specifying complex flag values with special characters
that work with any command interpreter. Additionally, each
*--flags-file* arg is replaced by its constituent flags. See
$ gcloud topic flags-file for more information |
--flatten <KEY> | Flatten _name_[] output resource slices in _KEY_ into separate records
for each item in each slice. Multiple keys and slices may be specified.
This also flattens keys for *--format* and *--filter*. For example,
*--flatten=abc.def* flattens *abc.def[].ghi* references to
*abc.def.ghi*. A resource record containing *abc.def[]* with N elements
will expand to N records in the flattened output. This flag interacts
with other flags that are applied in this order: *--flatten*,
*--sort-by*, *--filter*, *--limit* |
--format <FORMAT> | Set the format for printing command output resources. The default is a
command-specific human-friendly output format. The supported formats
are: `config`, `csv`, `default`, `diff`, `disable`, `flattened`, `get`, `json`, `list`, `multi`, `none`, `object`, `table`, `text`, `value`, `yaml`. For more details run $ gcloud topic formats |
--help | Display detailed help |
--image <IMAGE> | Specifies the boot image for the instances. For each
instance, a new boot disk will be created from the given
image. Each boot disk will have the same name as the
instance. To view a list of public images and projects, run
`$ gcloud compute images list`. It is best practice to use `--image`
when a specific version of an image is needed.
+
When using this option, ``--boot-disk-device-name'' and
``--boot-disk-size'' can be used to override the boot disk's
device name and size, respectively |
--image-family <IMAGE_FAMILY> | The image family for the operating system that the boot disk will
be initialized with. Compute Engine offers multiple Linux
distributions, some of which are available as both regular and
Shielded VM images. When a family is specified instead of an image,
the latest non-deprecated image associated with that family is
used. It is best practice to use `--image-family` when the latest
version of an image is needed.
+
By default, ``debian-10'' is assumed for this flag |
--image-project <IMAGE_PROJECT> | The Google Cloud project against which all image and
image family references will be resolved. It is best practice to define
image-project. A full list of available projects can be generated by
running `gcloud projects list`.
* If specifying one of our public images, image-project must be
provided.
* If there are several of the same image-family value in multiple
projects, image-project must be specified to clarify the image to be
used.
* If not specified and either image or image-family is provided, the
current default project is used |
--impersonate-service-account <SERVICE_ACCOUNT_EMAIL> | For this gcloud invocation, all API requests will be made as the given service account instead of the currently selected account. This is done without needing to create, download, and activate a key for the account. In order to perform operations as the service account, your currently selected account must have an IAM role that includes the iam.serviceAccounts.getAccessToken permission for the service account. The roles/iam.serviceAccountTokenCreator role has this permission or you may create a custom role. Overrides the default *auth/impersonate_service_account* property value for this command invocation |
--labels <KEY=VALUE> | List of label KEY=VALUE pairs to add.
+
Keys must start with a lowercase character and contain only hyphens (`-`), underscores (```_```), lowercase characters, and numbers. Values must contain only hyphens (`-`), underscores (```_```), lowercase characters, and numbers |
--log-http | Log all HTTP server requests and responses to stderr. Overrides the default *core/log_http* property value for this command invocation |
--machine-type <MACHINE_TYPE> | Specifies the machine type used for the instances. To get a
list of available machine types, run 'gcloud compute
machine-types list'. If unspecified, the default type is n1-standard-1 |
--maintenance-policy <MAINTENANCE_POLICY> | Specifies the behavior of the instances when their host machines undergo maintenance. The default is MIGRATE. _MAINTENANCE_POLICY_ must be one of:
+
*MIGRATE*::: The instances should be migrated to a new host. This will temporarily impact the performance of instances during a migration event.
*TERMINATE*::: The instances should be terminated.
:::
+ |
--metadata <KEY=VALUE> | Metadata to be made available to the guest operating system
running on the instances. Each metadata entry is a key/value
pair separated by an equals sign. Each metadata key must be unique
and have a max of 128 bytes in length. Each value must have a max of
256 KB in length. Multiple arguments can be
passed to this flag, e.g.,
``--metadata key-1=value-1,key-2=value-2,key-3=value-3''.
The combined total size for all metadata entries is 512 KB.
+
In images that have Compute Engine tools installed on them,
such as the
link:https://cloud.google.com/compute/docs/images[official images],
the following metadata keys have special meanings:
+
*startup-script*::: Specifies a script that will be executed
by the instances once they start running. For convenience,
``--metadata-from-file'' can be used to pull the value from a
file.
+
*startup-script-url*::: Same as ``startup-script'' except that
the script contents are pulled from a publicly-accessible
location on the web |
--metadata-from-file <KEY=LOCAL_FILE_PATH> | Same as ``--metadata'' except that the value for the entry will
be read from a local file. This is useful for values that are
too large such as ``startup-script'' contents |
--min-cpu-platform <PLATFORM> | When specified, the VM will be scheduled on host with specified CPU
architecture or a newer one. To list available CPU platforms in given
zone, run:
+
$ gcloud compute zones describe ZONE --format="value(availableCpuPlatforms)"
+
Default setting is "AUTOMATIC".
+
CPU platform selection is available only in selected zones.
+
You can find more information on-line:
[](https://cloud.google.com/compute/docs/instances/specify-min-cpu-platform) |
--network <NETWORK> | Specifies the network that the instances will be part of. If --subnet is
also specified subnet must be a subnetwork of network specified by
--network. If neither is specified, this defaults to the "default"
network |
--network-interface <PROPERTY=VALUE> | Adds a network interface to the instance. Mutually exclusive with any
of these flags: *--address*, *--network*, *--network-tier*, *--subnet*,
*--private-network-ip*. This flag can be repeated to specify multiple
network interfaces.
+
The following keys are allowed:
*address*::: Assigns the given external address to the instance that is
created. Specifying an empty string will assign an ephemeral IP.
Mutually exclusive with no-address. If neither key is present the
instance will get an ephemeral IP.
+
*network*::: Specifies the network that the interface will be part of.
If subnet is also specified it must be subnetwork of this network. If
neither is specified, this defaults to the "default" network.
+
*no-address*::: If specified the interface will have no external IP.
Mutually exclusive with address. If neither key is present the
instance will get an ephemeral IP.
+
*network-tier*::: Specifies the network tier of the interface.
``NETWORK_TIER'' must be one of: `PREMIUM`, `STANDARD`. The default
value is `PREMIUM`.
+
*private-network-ip*::: Assigns the given RFC1918 IP address to the
interface.
+
*subnet*::: Specifies the subnet that the interface will be part of.
If network key is also specified this must be a subnetwork of the
specified network.
+
*aliases*::: Specifies the IP alias ranges to allocate for this
interface. If there are multiple IP alias ranges, they are separated
by semicolons.
+
For example:
+
--aliases="10.128.1.0/24;range1:/32"
+
Each IP alias range consists of a range name and an CIDR netmask
(e.g. `/24`) separated by a colon, or just the netmask.
The range name is the name of the range within the network
interface's subnet from which to allocate an IP alias range. If
unspecified, it defaults to the primary IP range of the subnet.
The IP allocator will pick an available range with the specified
netmask and allocate it to this network interface |
--network-tier <NETWORK_TIER> | Specifies the network tier that will be used to configure the instance.
``NETWORK_TIER'' must be one of: `PREMIUM`, `STANDARD`. The default
value is `PREMIUM` |
--no-address | If provided, the instances are not assigned external IP
addresses. To pull container images, you must configure private
Google access if using Container Registry or configure Cloud NAT
for instances to access container images directly. For more
information, see:
* https://cloud.google.com/vpc/docs/configure-private-google-access
* https://cloud.google.com/nat/docs/using-nat |
--no-scopes | Create instance without scopes |
--no-service-account | Create instance without service account |
--preemptible | If provided, instances will be preemptible and time-limited.
Instances may be preempted to free up resources for standard VM instances,
and will only be able to run for a limited amount of time. Preemptible
instances can not be restarted and will not migrate |
--private-ipv6-google-access-type <PRIVATE_IPV6_GOOGLE_ACCESS_TYPE> | The private IPv6 Google access type for the VM. _PRIVATE_IPV6_GOOGLE_ACCESS_TYPE_ must be one of: *enable-bidirectional-access*, *enable-outbound-vm-access*, *inherit-subnetwork* |
--private-network-ip <PRIVATE_NETWORK_IP> | Specifies the RFC1918 IP to assign to the instance. The IP should be in
the subnet or legacy network IP range |
--project <PROJECT_ID> | The Google Cloud Platform project ID to use for this invocation. If
omitted, then the current project is assumed; the current project can
be listed using `gcloud config list --format='text(core.project)'`
and can be set using `gcloud config set project PROJECTID`.
+
`--project` and its fallback `core/project` property play two roles
in the invocation. It specifies the project of the resource to
operate on. It also specifies the project for API enablement check,
quota, and billing. To specify a different project for quota and
billing, use `--billing-project` or `billing/quota_project` property |
--quiet | Disable all interactive prompts when running gcloud commands. If input
is required, defaults will be used, or an error will be raised.
Overrides the default core/disable_prompts property value for this
command invocation. This is equivalent to setting the environment
variable `CLOUDSDK_CORE_DISABLE_PROMPTS` to 1 |
--region <REGION> | Region of the instance template to create. If not specified, you may be prompted to select a region.
+
To avoid prompting when this flag is omitted, you can set the
``compute/region'' property:
+
$ gcloud config set compute/region REGION
+
A list of regions can be fetched by running:
+
$ gcloud compute regions list
+
To unset the property, run:
+
$ gcloud config unset compute/region
+
Alternatively, the region can be stored in the environment
variable ``CLOUDSDK_COMPUTE_REGION'' |
--restart-on-failure | The instances will be restarted if they are terminated by Compute Engine.
This does not affect terminations performed by the user. Enabled by default, use *--no-restart-on-failure* to disable |
--scopes <SCOPE> | If not provided, the instance will be assigned the default scopes, described below.
+
SCOPE can be either the full URI of the scope or an alias. *default* scopes are
assigned to all instances. Available aliases are:
+
Alias | URI
--- | ---
bigquery | https://www.googleapis.com/auth/bigquery
cloud-platform | https://www.googleapis.com/auth/cloud-platform
cloud-source-repos | https://www.googleapis.com/auth/source.full_control
cloud-source-repos-ro | https://www.googleapis.com/auth/source.read_only
compute-ro | https://www.googleapis.com/auth/compute.readonly
compute-rw | https://www.googleapis.com/auth/compute
datastore | https://www.googleapis.com/auth/datastore
default | https://www.googleapis.com/auth/devstorage.read_only
| https://www.googleapis.com/auth/logging.write
| https://www.googleapis.com/auth/monitoring.write
| https://www.googleapis.com/auth/pubsub
| https://www.googleapis.com/auth/service.management.readonly
| https://www.googleapis.com/auth/servicecontrol
| https://www.googleapis.com/auth/trace.append
gke-default | https://www.googleapis.com/auth/devstorage.read_only
| https://www.googleapis.com/auth/logging.write
| https://www.googleapis.com/auth/monitoring
| https://www.googleapis.com/auth/service.management.readonly
| https://www.googleapis.com/auth/servicecontrol
| https://www.googleapis.com/auth/trace.append
logging-write | https://www.googleapis.com/auth/logging.write
monitoring | https://www.googleapis.com/auth/monitoring
monitoring-read | https://www.googleapis.com/auth/monitoring.read
monitoring-write | https://www.googleapis.com/auth/monitoring.write
pubsub | https://www.googleapis.com/auth/pubsub
service-control | https://www.googleapis.com/auth/servicecontrol
service-management | https://www.googleapis.com/auth/service.management.readonly
sql (deprecated) | https://www.googleapis.com/auth/sqlservice
sql-admin | https://www.googleapis.com/auth/sqlservice.admin
storage-full | https://www.googleapis.com/auth/devstorage.full_control
storage-ro | https://www.googleapis.com/auth/devstorage.read_only
storage-rw | https://www.googleapis.com/auth/devstorage.read_write
taskqueue | https://www.googleapis.com/auth/taskqueue
trace | https://www.googleapis.com/auth/trace.append
userinfo-email | https://www.googleapis.com/auth/userinfo.email
+
DEPRECATION WARNING: https://www.googleapis.com/auth/sqlservice account scope
and `sql` alias do not provide SQL instance management capabilities and have
been deprecated. Please, use https://www.googleapis.com/auth/sqlservice.admin
or `sql-admin` to manage your Google SQL Service instances.
+ |
--service-account <SERVICE_ACCOUNT> | A service account is an identity attached to the instance. Its access tokens
can be accessed through the instance metadata server and are used to
authenticate applications on the instance. The account can be set using an
email address corresponding to the required service account.
+
If not provided, the instance will use the project's default service account.
+ |
--subnet <SUBNET> | Specifies the subnet that the instances will be part of. If --network is
also specified subnet must be a subnetwork of network specified by
--network |
--tags <TAG> | Specifies a list of tags to apply to the instance. These tags allow
network firewall rules and routes to be applied to specified VM instances.
See gcloud_compute_firewall-rules_create(1) for more details.
+
To read more about configuring network tags, read this guide:
https://cloud.google.com/vpc/docs/add-remove-network-tags
+
To list instances with their respective status and tags, run:
+
$ gcloud compute instances list --format='table(name,status,tags.list())'
+
To list instances tagged with a specific tag, `tag1`, run:
+
$ gcloud compute instances list --filter='tags:tag1' |
--trace-token <TRACE_TOKEN> | Token used to route traces of service requests for investigation of issues. Overrides the default *core/trace_token* property value for this command invocation |
--user-output-enabled | Print user intended output to the console. Overrides the default *core/user_output_enabled* property value for this command invocation. Use *--no-user-output-enabled* to disable |
--verbosity <VERBOSITY> | Override the default verbosity for this command. Overrides the default *core/verbosity* property value for this command invocation. _VERBOSITY_ must be one of: *debug*, *info*, *warning*, *error*, *critical*, *none* |