gcloud alpha compute machine-images create - create a Compute Engine machine image
gcloud alpha compute machine-images create IMAGE --source-instance=SOURCE_INSTANCE [--csek-key-file=FILE] [--description=DESCRIPTION] [--guest-flush] [--no-require-csek-key-create] [--source-disk-csek-key=[PROPERTY=VALUE,...]] [--source-instance-zone=SOURCE_INSTANCE_ZONE] [--storage-location=LOCATION] [--kms-key=KMS_KEY : --kms-keyring=KMS_KEYRING --kms-location=KMS_LOCATION --kms-project=KMS_PROJECT] [GCLOUD_WIDE_FLAG ...]
(ALPHA) Create a Compute Engine machine image.
To create a machine image, run:
$ gcloud alpha compute machine-images create my-machine-image \ --source-instance=example-source \ --source-instance-zone=us-central1-a
- IMAGE
Name of the machineImage to create.
- --source-instance=SOURCE_INSTANCE
The source instance to create a machine image from.
- --csek-key-file=FILE
Path to a Customer-Supplied Encryption Key (CSEK) key file that maps Compute Engine machine images to user managed keys to be used when creating, mounting, or taking snapshots of disks.
If you pass - as value of the flag, the CSEK is read from stdin. See https://cloud.google.com/compute/docs/disks/customer-supplied-encryption for more details.
- --description=DESCRIPTION
Specifies a text description of the machine image.
- --guest-flush
Create an application-consistent machine image by informing the OS to prepare for the snapshot process.
- --require-csek-key-create
Refuse to create machine images not protected by a user managed key in the key file when --csek-key-file is given. This behavior is enabled by default to prevent incorrect gcloud invocations from accidentally creating machine images with no user managed key. Disabling the check allows creation of some machine images without a matching Customer-Supplied Encryption Key in the supplied --csek-key-file. See https://cloud.google.com/compute/docs/disks/customer-supplied-encryption for more details. Enabled by default, use --no-require-csek-key-create to disable.
- --source-disk-csek-key=[PROPERTY=VALUE,...]
Customer-supplied encryption key of the disk attached to the source instance. Required if the source disk is protected by a customer-supplied encryption key. This flag can be repeated to specify multiple attached disks.
- disk
URL of the disk attached to the source instance. This can be a full or valid partial URL
- csek-key-file
path to customer-supplied encryption key.
- --source-instance-zone=SOURCE_INSTANCE_ZONE
Zone of the instance to operate on. If not specified and the compute/zone property isn't set, you might be prompted to select a zone (interactive mode only).
To avoid prompting when this flag is omitted, you can set the compute/zone property:
$ gcloud config set compute/zone ZONE
A list of zones can be fetched by running:
$ gcloud compute zones list
To unset the property, run:
$ gcloud config unset compute/zone
Alternatively, the zone can be stored in the environment variable CLOUDSDK_COMPUTE_ZONE.
- --storage-location=LOCATION
Google Cloud Storage location, either regional or multi-regional, where machine image's content is to be stored. If absent, a nearby regional or multi-regional location is chosen automatically.
- Key resource - The Cloud KMS (Key Management Service) cryptokey that will be
used to protect the machine image. The arguments in this group can be used to specify the attributes of this resource.
- --kms-key=KMS_KEY
ID of the key or fully qualified identifier for the key. To set the kms-key attribute:
provide the argument --kms-key on the command line.
This flag argument must be specified if any of the other arguments in this group are specified.
- --kms-keyring=KMS_KEYRING
The KMS keyring of the key. To set the kms-keyring attribute:
provide the argument --kms-key on the command line with a fully specified name;
provide the argument --kms-keyring on the command line.
- --kms-location=KMS_LOCATION
The Cloud location for the key. To set the kms-location attribute:
provide the argument --kms-key on the command line with a fully specified name;
provide the argument --kms-location on the command line.
- --kms-project=KMS_PROJECT
The Cloud project for the key. To set the kms-project attribute:
provide the argument --kms-key on the command line with a fully specified name;
provide the argument --kms-project on the command line;
set the property core/project.
These flags are available to all commands: --access-token-file, --account, --billing-project, --configuration, --flags-file, --flatten, --format, --help, --impersonate-service-account, --log-http, --project, --quiet, --trace-token, --user-output-enabled, --verbosity.
Run $ gcloud help for details.
This command is currently in alpha and might change without notice. If this command fails with API permission errors despite specifying the correct project, you might be trying to access an API with an invitation-only early access allowlist. These variants are also available:
$ gcloud compute machine-images create
$ gcloud beta compute machine-images create