- NAME
-
- gcloud alpha compute images create - create Compute Engine images
- SYNOPSIS
-
-
gcloud alpha compute images create
IMAGE_NAME
(--source-disk
=SOURCE_DISK
|--source-image
=SOURCE_IMAGE
|--source-image-family
=SOURCE_IMAGE_FAMILY
|--source-snapshot
=SOURCE_SNAPSHOT
|--source-uri
=SOURCE_URI
) [--architecture
=ARCHITECTURE
] [--csek-key-file
=FILE
] [--description
=DESCRIPTION
] [--family
=FAMILY
] [--forbidden-database-file
=[DBX_VALUE
,…]] [--force
] [--force-create
] [--guest-os-features
=[GUEST_OS_FEATURE
,…]] [--key-exchange-key-file
=[KEK_VALUE
,…]] [--labels
=[KEY
=VALUE
,…]] [--licenses
=[LICENSES
,…]] [--platform-key-file
=PLATFORM_KEY_FILE
] [--no-require-csek-key-create
] [--rollout-override
=[default_rollout_time
=DEFAULT_ROLLOUT_TIME
],[location_rollout_policies
=LOCATION_ROLLOUT_POLICIES
]] [--signature-database-file
=[DB_VALUE
,…]] [--source-disk-project
=SOURCE_DISK_PROJECT
] [--source-disk-zone
=SOURCE_DISK_ZONE
] [--source-image-project
=SOURCE_IMAGE_PROJECT
] [--storage-location
=LOCATION
] [--user-licenses
=[LICENSE
,…]] [--kms-key
=KMS_KEY
:--kms-keyring
=KMS_KEYRING
--kms-location
=KMS_LOCATION
--kms-project
=KMS_PROJECT
] [GCLOUD_WIDE_FLAG …
]
-
- DESCRIPTION
-
(ALPHA)
gcloud alpha compute images create
is used to create custom disk images. The resulting image can be provided during instance or disk creation so that the instance attached to the resulting disks has access to a known set of software or files from the image.Images can be created from gzipped compressed tarball containing raw disk data, existing disks in any zone, existing images, and existing snapshots inside the same project.
Images are global resources, so they can be used across zones and projects.
To learn more about creating image tarballs, visit https://cloud.google.com/compute/docs/creating-custom-image.
- EXAMPLES
-
To create an image 'my-image' from a disk 'my-disk' in zone 'us-east1-a', run:
gcloud alpha compute images create my-image --source-disk=my-disk --source-disk-zone=us-east1-a
To create an image 'my-image' from a disk 'my-disk' in zone 'us-east1-a' with source disk project 'source-disk-project' run:
gcloud alpha compute images create my-image --source-disk=my-disk --source-disk-zone=us-east1-a --source-disk-project=source-disk-project
To create an image 'my-image' from another image 'source-image' with source image project 'source-image-project', run:
gcloud alpha compute images create my-image --source-image=source-image --source-image-project=source-image-project
To create an image 'my-image' from the latest non-deprecated image in the family 'source-image-family' with source image project 'source-image-project', run:
gcloud alpha compute images create my-image --source-image-family=source-image-family --source-image-project=source-image-project
To create an image 'my-image' from a snapshot 'source-snapshot', run:
gcloud alpha compute images create my-image --source-snapshot=source-snapshot
- POSITIONAL ARGUMENTS
-
IMAGE_NAME
- Name of the disk image to create.
- REQUIRED FLAGS
-
-
Exactly one of these must be specified:
--source-disk
=SOURCE_DISK
-
A source disk to create the image from. The value for this option can be the
name of a disk with the zone specified via
flag.--source-disk-zone
--source-image
=SOURCE_IMAGE
-
The name of an image to clone. May be used with
to clone an image in a different project.--source-image-project
--source-image-family
=SOURCE_IMAGE_FAMILY
-
The family of the source image. This will cause the latest non- deprecated image
in the family to be used as the source image. May be used with
to refer to an image family in a different project.--source-image-project
--source-snapshot
=SOURCE_SNAPSHOT
- A source snapshot to create the image from. The value for this option can be the name of a snapshot within the same project as the destination image.
--source-uri
=SOURCE_URI
-
The full Cloud Storage URI where the disk image is stored. This file must be a
gzip-compressed tarball whose name ends in
. For more information about Cloud Storage URIs, see https://cloud.google.com/storage/docs/request-endpoints#json-api..tar.gz
-
Exactly one of these must be specified:
- OPTIONAL FLAGS
-
--architecture
=ARCHITECTURE
-
Specifies the architecture or processor type that this image can support. For
available processor types on Compute Engine, see https://cloud.google.com/compute/docs/cpu-platforms.
ARCHITECTURE
must be one of:ARM64
,X86_64
. --csek-key-file
=FILE
-
Path to a Customer-Supplied Encryption Key (CSEK) key file that maps Compute
Engine images to user managed keys to be used when creating, mounting, or taking
snapshots of disks.
If you pass
-
as value of the flag, the CSEK is read from stdin. See https://cloud.google.com/compute/docs/disks/customer-supplied-encryption for more details. --description
=DESCRIPTION
- An optional, textual description for the image being created.
--family
=FAMILY
- The family of the image. When creating an instance or disk, specifying a family will cause the latest non-deprecated image in the family to be used.
--forbidden-database-file
=[DBX_VALUE
,…]- Comma-separated list of file paths that point to revoked X.509 certificates in DER format or raw binary files. When you create a Shielded VM instance from this image, these certificates or files are added to the forbidden signature database (dbx).
--force
- By default, image creation fails when it is created from a disk that is attached to a running instance. When this flag is used, image creation from disk will proceed even if the disk is in use.
--force-create
-
(DEPRECATED) DEPRECATED, use --force instead. By default, image creation fails
when it is created from a disk that is attached to a running instance. When this
flag is used, image creation from disk will proceed even if the disk is in use.
Flag force-create is deprecated. Use --force instead.
--guest-os-features
=[GUEST_OS_FEATURE
,…]-
Enables one or more features for VM instances that use the image for their boot
disks. See the descriptions of supported features at: https://cloud.google.com/compute/docs/images/create-delete-deprecate-private-images#guest-os-features.
GUEST_OS_FEATURE
must be one of:BARE_METAL_LINUX_COMPATIBLE
,GVNIC
,IDPF
,MULTI_IP_SUBNET
,SEV_CAPABLE
,SEV_LIVE_MIGRATABLE
,SEV_LIVE_MIGRATABLE_V2
,SEV_SNP_CAPABLE
,TDX_CAPABLE
,UEFI_COMPATIBLE
,VIRTIO_SCSI_MULTIQUEUE
,WINDOWS
. --key-exchange-key-file
=[KEK_VALUE
,…]- Comma-separated list of file paths that point to X.509 certificates in DER format or raw binary files. When you create a Shielded VM instance from this image, these certificates or files are used as key exchange keys (KEK).
--labels
=[KEY
=VALUE
,…]-
List of label KEY=VALUE pairs to add.
Keys must start with a lowercase character and contain only hyphens (
-
), underscores (_
), lowercase characters, and numbers. Values must contain only hyphens (-
), underscores (_
), lowercase characters, and numbers. --licenses
=[LICENSES
,…]- Comma-separated list of URIs to license resources.
--platform-key-file
=PLATFORM_KEY_FILE
- File path that points to an X.509 certificate in DER format or raw binary file. When you create a Shielded VM instance from this image, this certificate or raw binary file is used as the platform key (PK).
--require-csek-key-create
-
Refuse to create images not protected by a user managed key in the key file when
--csek-key-file is given. This behavior is enabled by default to prevent
incorrect gcloud invocations from accidentally creating images with no user
managed key. Disabling the check allows creation of some images without a
matching Customer-Supplied Encryption Key in the supplied --csek-key-file. See
https://cloud.google.com/compute/docs/disks/customer-supplied-encryption
for more details. Enabled by default, use
--no-require-csek-key-create
to disable. --rollout-override
=[default_rollout_time
=DEFAULT_ROLLOUT_TIME
],[location_rollout_policies
=LOCATION_ROLLOUT_POLICIES
]-
A rollout policy for the image. A rollout policy is used to restrict the zones
where this image is accessible when using a zonal image family reference. When
specified, the rollout policy overrides per-zone references to the image through
the associated image family. When the rollout policy does not include the user
specified zone, or if the zone is rolled out, this image is accessible.
default_rollout_time This is an optional RFC3339 timestamp on or after which the update is considered rolled out to any zone that is not explicitly stated.
location_rollout_policies Location based rollout policies to apply to the resource. Currently only zone names are supported as the key and must be represented as valid URLs, like: zones/us-central1-a. The value expects an RFC3339 timestamp on or after which the update is considered rolled out to the specified location.
--signature-database-file
=[DB_VALUE
,…]- Comma-separated list of file paths that point to valid X.509 certificates in DER format or raw binary files. When you create a Shielded VM instance from this image, these certificates or files are added to the signature database (db).
--source-disk-project
=SOURCE_DISK_PROJECT
- Project name of the source disk. Must also specify --source-disk when using this flag.
--source-disk-zone
=SOURCE_DISK_ZONE
-
Zone of the source disk to operate on. If not specified and the
property isn't set, you might be prompted to select a zone (interactive mode only).compute/zone
To avoid prompting when this flag is omitted, you can set the
property:compute/zone
gcloud config set compute/zone ZONE
A list of zones can be fetched by running:
gcloud compute zones list
To unset the property, run:
gcloud config unset compute/zone
Alternatively, the zone can be stored in the environment variable
.CLOUDSDK_COMPUTE_ZONE
--source-image-project
=SOURCE_IMAGE_PROJECT
-
The project name of the source image. Must also specify either
or--source-image
when using this flag.--source-image-family
--storage-location
=LOCATION
- Specifies a Cloud Storage location, either regional or multi-regional, where image content is to be stored. If not specified, the multi-region location closest to the source is chosen automatically.
--user-licenses
=[LICENSE
,…]- URI for the license resource. For multiple licenses, you can provide a comma-separated list of URIs.
-
Key resource - The Cloud KMS (Key Management Service) cryptokey that will be
used to protect the image. The 'Compute Engine Service Agent' service account
must hold permission 'Cloud KMS CryptoKey Encrypter/Decrypter'. The arguments in
this group can be used to specify the attributes of this resource.
--kms-key
=KMS_KEY
-
ID of the key or fully qualified identifier for the key.
To set the
kms-key
attribute:-
provide the argument
--kms-key
on the command line.
This flag argument must be specified if any of the other arguments in this group are specified.
-
provide the argument
--kms-keyring
=KMS_KEYRING
-
The KMS keyring of the key.
To set the
kms-keyring
attribute:-
provide the argument
--kms-key
on the command line with a fully specified name; -
provide the argument
--kms-keyring
on the command line.
-
provide the argument
--kms-location
=KMS_LOCATION
-
The Google Cloud location for the key.
To set the
kms-location
attribute:-
provide the argument
--kms-key
on the command line with a fully specified name; -
provide the argument
--kms-location
on the command line.
-
provide the argument
--kms-project
=KMS_PROJECT
-
The Google Cloud project for the key.
To set the
kms-project
attribute:-
provide the argument
--kms-key
on the command line with a fully specified name; -
provide the argument
--kms-project
on the command line; -
set the property
core/project
.
-
provide the argument
- GCLOUD WIDE FLAGS
-
These flags are available to all commands:
--access-token-file
,--account
,--billing-project
,--configuration
,--flags-file
,--flatten
,--format
,--help
,--impersonate-service-account
,--log-http
,--project
,--quiet
,--trace-token
,--user-output-enabled
,--verbosity
.Run
$ gcloud help
for details. - NOTES
-
This command is currently in alpha and might change without notice. If this
command fails with API permission errors despite specifying the correct project,
you might be trying to access an API with an invitation-only early access
allowlist. These variants are also available:
gcloud compute images create
gcloud beta compute images create
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2024-05-29 UTC.