--account <ACCOUNT> | Google Cloud Platform user account to use for invocation. Overrides the default *core/account* property value for this command invocation |
--billing-project <BILLING_PROJECT> | The Google Cloud Platform project that will be charged quota for operations performed in gcloud. If you need to operate on one project, but need quota against a different project, you can use this flag to specify the billing project. If both `billing/quota_project` and `--billing-project` are specified, `--billing-project` takes precedence. Run `$ gcloud config set --help` to see more information about `billing/quota_project` |
--configuration <CONFIGURATION> | The configuration to use for this command invocation. For more
information on how to use configurations, run:
`gcloud topic configurations`. You can also use the CLOUDSDK_ACTIVE_CONFIG_NAME environment
variable to set the equivalent of this flag for a terminal
session |
--denial-of-existence <DENIAL_OF_EXISTENCE> | Requires DNSSEC enabled. _DENIAL_OF_EXISTENCE_ must be one of: *nsec*, *nsec3* |
--description <DESCRIPTION> | Short description for the managed-zone |
--dns-name <DNS_NAME> | The DNS name suffix that will be managed with the created zone |
--dnssec-state <DNSSEC_STATE> | The DNSSEC state for this managed zone. _DNSSEC_STATE_ must be one of:
+
*off*::: Disable DNSSEC for the managed zone.
*on*::: Enable DNSSEC for the managed zone.
*transfer*::: Enable DNSSEC and allow transferring a signed zone in or out.
:::
+ |
--flags-file <YAML_FILE> | A YAML or JSON file that specifies a *--flag*:*value* dictionary.
Useful for specifying complex flag values with special characters
that work with any command interpreter. Additionally, each
*--flags-file* arg is replaced by its constituent flags. See
$ gcloud topic flags-file for more information |
--flatten <KEY> | Flatten _name_[] output resource slices in _KEY_ into separate records
for each item in each slice. Multiple keys and slices may be specified.
This also flattens keys for *--format* and *--filter*. For example,
*--flatten=abc.def* flattens *abc.def[].ghi* references to
*abc.def.ghi*. A resource record containing *abc.def[]* with N elements
will expand to N records in the flattened output. This flag interacts
with other flags that are applied in this order: *--flatten*,
*--sort-by*, *--filter*, *--limit* |
--format <FORMAT> | Set the format for printing command output resources. The default is a
command-specific human-friendly output format. The supported formats
are: `config`, `csv`, `default`, `diff`, `disable`, `flattened`, `get`, `json`, `list`, `multi`, `none`, `object`, `table`, `text`, `value`, `yaml`. For more details run $ gcloud topic formats |
--forwarding-targets <IP_ADDRESSES> | List of IPv4 addresses of target name servers that the zone will forward queries to. Ignored for `public` visibility. Non-RFC1918 addresses will forward to the target through the Internet. RFC1918 addresses will forward through the VPC |
--help | Display detailed help |
--impersonate-service-account <SERVICE_ACCOUNT_EMAIL> | For this gcloud invocation, all API requests will be made as the given service account instead of the currently selected account. This is done without needing to create, download, and activate a key for the account. In order to perform operations as the service account, your currently selected account must have an IAM role that includes the iam.serviceAccounts.getAccessToken permission for the service account. The roles/iam.serviceAccountTokenCreator role has this permission or you may create a custom role. Overrides the default *auth/impersonate_service_account* property value for this command invocation |
--ksk-algorithm <KSK_ALGORITHM> | String mnemonic specifying the DNSSEC algorithm of the key-signing key. Requires DNSSEC enabled. _KSK_ALGORITHM_ must be one of: *ecdsap256sha256*, *ecdsap384sha384*, *rsasha1*, *rsasha256*, *rsasha512* |
--ksk-key-length <KSK_KEY_LENGTH> | Length of the key-signing key in bits. Requires DNSSEC enabled |
--labels <KEY=VALUE> | List of label KEY=VALUE pairs to add.
+
Keys must start with a lowercase character and contain only hyphens (`-`), underscores (```_```), lowercase characters, and numbers. Values must contain only hyphens (`-`), underscores (```_```), lowercase characters, and numbers |
--log-http | Log all HTTP server requests and responses to stderr. Overrides the default *core/log_http* property value for this command invocation |
--managed-reverse-lookup | Whether this zone is a managed reverse lookup zone, required for Cloud DNS to correctly resolve Non-RFC1918 PTR records |
--networks <NETWORK> | List of networks that the zone should be visible in if the zone visibility is [private] |
--private-forwarding-targets <IP_ADDRESSES> | List of IPv4 addresses of target name servers that the zone will forward queries to. Ignored for `public` visibility. All addresses specified for this parameter will be reached through the VPC |
--project <PROJECT_ID> | The Google Cloud Platform project ID to use for this invocation. If
omitted, then the current project is assumed; the current project can
be listed using `gcloud config list --format='text(core.project)'`
and can be set using `gcloud config set project PROJECTID`.
+
`--project` and its fallback `core/project` property play two roles
in the invocation. It specifies the project of the resource to
operate on. It also specifies the project for API enablement check,
quota, and billing. To specify a different project for quota and
billing, use `--billing-project` or `billing/quota_project` property |
--quiet | Disable all interactive prompts when running gcloud commands. If input
is required, defaults will be used, or an error will be raised.
Overrides the default core/disable_prompts property value for this
command invocation. This is equivalent to setting the environment
variable `CLOUDSDK_CORE_DISABLE_PROMPTS` to 1 |
--target-network <TARGET_NETWORK> | Network ID of the Google Compute Engine private network to forward queries to |
--target-project <TARGET_PROJECT> | Project ID of the Google Compute Engine private network to forward queries to |
--trace-token <TRACE_TOKEN> | Token used to route traces of service requests for investigation of issues. Overrides the default *core/trace_token* property value for this command invocation |
--user-output-enabled | Print user intended output to the console. Overrides the default *core/user_output_enabled* property value for this command invocation. Use *--no-user-output-enabled* to disable |
--verbosity <VERBOSITY> | Override the default verbosity for this command. Overrides the default *core/verbosity* property value for this command invocation. _VERBOSITY_ must be one of: *debug*, *info*, *warning*, *error*, *critical*, *none* |
--visibility <VISIBILITY> | Visibility of the zone. Public zones are visible to the public internet. Private zones are only visible in your internal networks denoted by the `--networks` flag. _VISIBILITY_ must be one of: *public*, *private* |
--zsk-algorithm <ZSK_ALGORITHM> | String mnemonic specifying the DNSSEC algorithm of the key-signing key. Requires DNSSEC enabled. _ZSK_ALGORITHM_ must be one of: *ecdsap256sha256*, *ecdsap384sha384*, *rsasha1*, *rsasha256*, *rsasha512* |
--zsk-key-length <ZSK_KEY_LENGTH> | Length of the zone-signing key in bits. Requires DNSSEC enabled |