gcloud alpha compute instances update-container - updates Compute Engine virtual machine instances running container images
gcloud alpha compute instances update-container INSTANCE_NAME [--container-image=CONTAINER_IMAGE] [--container-mount-disk=[mode=MODE],[mount-path=MOUNT-PATH],[name=NAME],[partition=PARTITION]] [--container-privileged] [--container-restart-policy=POLICY] [--container-stdin] [--container-tty] [--[no-]shielded-integrity-monitoring] [--shielded-learn-integrity-policy] [--[no-]shielded-secure-boot] [--[no-]shielded-vtpm] [--zone=ZONE] [--clear-container-args | --container-arg=CONTAINER_ARG] [--clear-container-command | --container-command=CONTAINER_COMMAND] [--container-env=[KEY=VALUE, ...,...] --container-env-file=CONTAINER_ENV_FILE --remove-container-env=[KEY,...]] [--container-mount-host-path=[host-path=HOSTPATH,mount-path=MOUNTPATH[,mode=MODE],...] --container-mount-tmpfs=[mount-path=MOUNTPATH,...] --remove-container-mounts=[MOUNTPATH[,MOUNTPATH,...],...]] [GCLOUD_WIDE_FLAG ...]
(ALPHA) gcloud alpha compute instances update-container updates Compute Engine virtual machines that runs a Docker image. For example:
$ gcloud alpha compute instances update-container instance-1 \ --zone us-central1-a \ --container-image=gcr.io/google-containers/busybox
updates an instance called instance-1, in the us-central1-a zone, to run the 'busybox' image.
For more examples, refer to the EXAMPLES section below.
To run the gcr.io/google-containers/busybox image on an instance named 'instance-1' that executes 'echo "Hello world"' as a run command, run:
$ gcloud alpha compute instances update-container instance-1 \ --container-image=gcr.io/google-containers/busybox \ --container-command='echo "Hello world"'
To run the gcr.io/google-containers/busybox image in privileged mode, run:
$ gcloud alpha compute instances update-container instance-1 \ --container-image=gcr.io/google-containers/busybox \ --container-privileged
- INSTANCE_NAME
Name of the instance to update. For details on valid instance names, refer to the criteria documented under the field 'name' at: https://cloud.google.com/compute/docs/reference/rest/v1/instances
- --container-image=CONTAINER_IMAGE
Sets container image in the declaration to the specified value.
Empty string is not allowed.
- --container-mount-disk=[mode=MODE],[mount-path=MOUNT-PATH],[name=NAME],[partition=PARTITION]
Mounts a disk to the container by using mount-path or updates how the volume is mounted if the same mount path has already been declared. The disk must already be attached to the instance with a device-name that matches the disk name. Multiple flags are allowed.
- name
Name of the disk. Can be omitted if exactly one additional disk is attached to the instance. The name of the single additional disk will be used by default.
- mount-path
Path on container to mount to. Mount paths with spaces and commas (and other special characters) are not supported by this command.
- partition
Optional. The partition of the disk to mount. Multiple partitions of a disk can be mounted.
- mode
Volume mount mode: rw (read/write) or ro (read-only). Defaults to rw. Fails if the disk mode is ro and volume mount mode is rw.
- --container-privileged
Sets permission to run container to the specified value.
- --container-restart-policy=POLICY
Sets container restart policy to the specified value. POLICY must be one of: never, on-failure, always.
- --container-stdin
Sets configuration whether to keep container STDIN always open to the specified value.
- --container-tty
Sets configuration whether to allocate a pseudo-TTY for the container to the specified value.
- --[no-]shielded-integrity-monitoring
Enables monitoring and attestation of the boot integrity of the instance. The attestation is performed against the integrity policy baseline. This baseline is initially derived from the implicitly trusted boot image when the instance is created. This baseline can be updated by using gcloud compute instances update-container --shielded-learn-integrity-policy. On Shielded VM instances, integrity monitoring is enabled by default. For information about how to modify Shielded VM options, see https://cloud.google.com/compute/docs/instances/modifying-shielded-vm. For information about monitoring integrity on Shielded VM instances, see https://cloud.google.com/compute/docs/instances/integrity-monitoring." Changes to this setting with the update command only take effect after stopping and starting the instance. Use --shielded-integrity-monitoring to enable and --no-shielded-integrity-monitoring to disable.
- --shielded-learn-integrity-policy
Causes the instance to re-learn the integrity policy baseline using the current instance configuration. Use this flag after any planned boot-specific changes in the instance configuration, like kernel updates or kernel driver installation.
- --[no-]shielded-secure-boot
The instance boots with secure boot enabled. On Shielded VM instances, Secure Boot is not enabled by default. For information about how to modify Shielded VM options, see https://cloud.google.com/compute/docs/instances/modifying-shielded-vm. Changes to this setting with the update command only take effect after stopping and starting the instance. Use --shielded-secure-boot to enable and --no-shielded-secure-boot to disable.
- --[no-]shielded-vtpm
The instance boots with the TPM (Trusted Platform Module) enabled. A TPM is a hardware module that can be used for different security operations such as remote attestation, encryption, and sealing of keys. On Shielded VM instances, vTPM is enabled by default. For information about how to modify Shielded VM options, see https://cloud.google.com/compute/docs/instances/modifying-shielded-vm. Changes to this setting with the update command only take effect after stopping and starting the instance. Use --shielded-vtpm to enable and --no-shielded-vtpm to disable.
- --zone=ZONE
Zone of the instance to update. If not specified, you might be prompted to select a zone (interactive mode only). gcloud attempts to identify the appropriate zone by searching for resources in your currently active project. If the zone cannot be determined, gcloud prompts you for a selection with all available Google Cloud Platform zones.
To avoid prompting when this flag is omitted, the user can set the compute/zone property:
$ gcloud config set compute/zone ZONE
A list of zones can be fetched by running:
$ gcloud compute zones list
To unset the property, run:
$ gcloud config unset compute/zone
Alternatively, the zone can be stored in the environment variable CLOUDSDK_COMPUTE_ZONE.
- At most one of these can be specified:
- --clear-container-args
Removes the list of arguments from container declaration.
Cannot be used in the same command with --container-arg.
- --container-arg=CONTAINER_ARG
Completely replaces the list of arguments with the new list. Each argument must have a separate --container-arg flag. Arguments are appended the new list in the order of flags.
Cannot be used in the same command with --clear-container-arg.
- At most one of these can be specified:
- --clear-container-command
Removes command from container declaration.
Cannot be used in the same command with --container-command.
- --container-command=CONTAINER_COMMAND
Sets command in the declaration to the specified value. Empty string is not allowed.
Cannot be used in the same command with --clear-container-command.
- --container-env=[KEY=VALUE, ...,...]
Update environment variables KEY with value VALUE passed to container.
- —
Sets KEY to the specified value.
- —
Adds KEY = VALUE, if KEY is not yet declared.
- —
Only the last value of KEY is taken when KEY is repeated more than once.
Values, declared with --container-env flag override those with the same KEY from file, provided in --container-env-file.
- --container-env-file=CONTAINER_ENV_FILE
Update environment variables from a file. Same update rules as for --container-env apply. Values, declared with --container-env flag override those with the same KEY from file.
File with environment variables declarations in format used by docker (almost). This means:
- —
Lines are in format KEY=VALUE
- —
Values must contain equality signs.
- —
Variables without values are not supported (this is different from docker format).
- —
If # is first non-whitespace character in a line the line is ignored as a comment.
- --remove-container-env=[KEY,...]
Removes environment variables KEY from container declaration Does nothing, if a variable is not present.
- --container-mount-host-path=[host-path=HOSTPATH,mount-path=MOUNTPATH[,mode=MODE],...]
Mounts a volume by using host-path.
- —
Adds a volume, if mount-path is not yet declared.
- —
Replaces a volume, if mount-path is declared. All parameters (host-path, mount-path, mode) are completely replaced.
- host-path
Path on host to mount from.
- mount-path
Path on container to mount to. Mount paths with spaces and commas (and other special characters) are not supported by this command.
- mode
Volume mount mode: rw (read/write) or ro (read-only).
Default: rw.
- --container-mount-tmpfs=[mount-path=MOUNTPATH,...]
Mounts empty tmpfs into container at MOUNTPATH.
- mount-path
Path on container to mount to. Mount paths with spaces and commas (and other special characters) are not supported by this command.
- --remove-container-mounts=[MOUNTPATH[,MOUNTPATH,...],...]
Removes volume mounts (host-path, tmpfs, disk) with mountPath: MOUNTPATH from container declaration.
Does nothing, if a volume mount is not declared.
These flags are available to all commands: --access-token-file, --account, --billing-project, --configuration, --flags-file, --flatten, --format, --help, --impersonate-service-account, --log-http, --project, --quiet, --trace-token, --user-output-enabled, --verbosity.
Run $ gcloud help for details.
This command is currently in alpha and might change without notice. If this command fails with API permission errors despite specifying the correct project, you might be trying to access an API with an invitation-only early access allowlist. These variants are also available:
$ gcloud compute instances update-container
$ gcloud beta compute instances update-container