NAME

gcloud compute instances update - update a Compute Engine virtual machine

SYNOPSIS

gcloud compute instances update INSTANCE_NAME [--[no-]deletion-protection] [--[no-]enable-display-device] [--min-cpu-platform=PLATFORM] [--[no-]shielded-integrity-monitoring] [--shielded-learn-integrity-policy] [--[no-]shielded-secure-boot] [--[no-]shielded-vtpm] [--update-labels=[KEY=VALUE,...]] [--zone=ZONE] [--clear-labels | --remove-labels=[KEY,...]] [--clear-node-affinities | --node=NODE | --node-affinity-file=NODE_AFFINITY_FILE | --node-group=NODE_GROUP] [GCLOUD_WIDE_FLAG ...]

DESCRIPTION

gcloud compute instances update updates labels and requested CPU Platform for a Compute Engine virtual machine.

EXAMPLES

To modify the instance 'example-instance' in 'us-central1-a' by adding labels 'k0', with value 'value1' and label 'k1' with value 'value2' and removing labels with key 'k3', run:

$ gcloud compute instances update example-instance \ --zone=us-central1-a --update-labels=k0=value1,k1=value2 \ --remove-labels=k3

Labels can be used to identify the disk. To list disks with the 'k1:value2' label, run:

$ gcloud compute instances list --filter='labels.k1:value2'

To list only the labels when describing a resource, use --format to filter the result:

$ gcloud compute instances describe example-disk \ --format="default(labels)"

POSITIONAL ARGUMENTS

INSTANCE_NAME

Name of the instance to update. For details on valid instance names, refer to the criteria documented under the field 'name' at: https://cloud.google.com/compute/docs/reference/rest/v1/instances

FLAGS

--[no-]deletion-protection

Enables deletion protection for the instance. Use --deletion-protection to enable and --no-deletion-protection to disable.

--[no-]enable-display-device

Enable a display device on VM instances. Use --enable-display-device to enable and --no-enable-display-device to disable.

--min-cpu-platform=PLATFORM

When specified, the VM will be scheduled on host with specified CPU architecture or a newer one. To list available CPU platforms in given zone, run:

$ gcloud compute zones describe ZONE \ --format="value(availableCpuPlatforms)"

Default setting is "AUTOMATIC".

CPU platform selection is available only in selected zones.

You can find more information on-line: https://cloud.google.com/compute/docs/instances/specify-min-cpu-platform

--[no-]shielded-integrity-monitoring

Enables monitoring and attestation of the boot integrity of the instance. The attestation is performed against the integrity policy baseline. This baseline is initially derived from the implicitly trusted boot image when the instance is created. This baseline can be updated by using gcloud compute instances update --shielded-learn-integrity-policy. On Shielded VM instances, integrity monitoring is enabled by default. For information about how to modify Shielded VM options, see https://cloud.google.com/compute/docs/instances/modifying-shielded-vm. For information about monitoring integrity on Shielded VM instances, see https://cloud.google.com/compute/docs/instances/integrity-monitoring." Changes to this setting with the update command only take effect after stopping and starting the instance. Use --shielded-integrity-monitoring to enable and --no-shielded-integrity-monitoring to disable.

--shielded-learn-integrity-policy

Causes the instance to re-learn the integrity policy baseline using the current instance configuration. Use this flag after any planned boot-specific changes in the instance configuration, like kernel updates or kernel driver installation.

--[no-]shielded-secure-boot

The instance boots with secure boot enabled. On Shielded VM instances, Secure Boot is not enabled by default. For information about how to modify Shielded VM options, see https://cloud.google.com/compute/docs/instances/modifying-shielded-vm. Changes to this setting with the update command only take effect after stopping and starting the instance. Use --shielded-secure-boot to enable and --no-shielded-secure-boot to disable.

--[no-]shielded-vtpm

The instance boots with the TPM (Trusted Platform Module) enabled. A TPM is a hardware module that can be used for different security operations such as remote attestation, encryption, and sealing of keys. On Shielded VM instances, vTPM is enabled by default. For information about how to modify Shielded VM options, see https://cloud.google.com/compute/docs/instances/modifying-shielded-vm. Changes to this setting with the update command only take effect after stopping and starting the instance. Use --shielded-vtpm to enable and --no-shielded-vtpm to disable.

--update-labels=[KEY=VALUE,...]

List of label KEY=VALUE pairs to update. If a label exists, its value is modified. Otherwise, a new label is created.

Keys must start with a lowercase character and contain only hyphens (-), underscores (_), lowercase characters, and numbers. Values must contain only hyphens (-), underscores (_), lowercase characters, and numbers.

--zone=ZONE

Zone of the instance to update. If not specified, you might be prompted to select a zone (interactive mode only). gcloud attempts to identify the appropriate zone by searching for resources in your currently active project. If the zone cannot be determined, gcloud prompts you for a selection with all available Google Cloud Platform zones.

To avoid prompting when this flag is omitted, the user can set the compute/zone property:

$ gcloud config set compute/zone ZONE

A list of zones can be fetched by running:

$ gcloud compute zones list

To unset the property, run:

$ gcloud config unset compute/zone

Alternatively, the zone can be stored in the environment variable CLOUDSDK_COMPUTE_ZONE.

At most one of these can be specified:
--clear-labels

Remove all labels. If --update-labels is also specified then --clear-labels is applied first.

For example, to remove all labels:

$ gcloud compute instances update --clear-labels

To remove all existing labels and create two new labels, foo and baz:

$ gcloud compute instances update --clear-labels \ --update-labels foo=bar,baz=qux

--remove-labels=[KEY,...]

List of label keys to remove. If a label does not exist it is silently ignored. If --update-labels is also specified then --update-labels is applied first.

Sole Tenancy.

At most one of these can be specified:

--clear-node-affinities

Removes the node affinities field from the instance. If specified, the instance node settings will be cleared. The instance will not be scheduled onto a sole-tenant node.

--node=NODE

The name of the node to schedule this instance on.

--node-affinity-file=NODE_AFFINITY_FILE

The JSON/YAML file containing the configuration of desired nodes onto which this instance could be scheduled. These rules filter the nodes according to their node affinity labels. A node's affinity labels come from the node template of the group the node is in.

The file should contain a list of a JSON/YAML objects. For an example, see https://cloud.google.com/compute/docs/nodes/provisioning-sole-tenant-vms#configure_node_affinity_labels. The following list describes the fields:

key

Corresponds to the node affinity label keys of the Node resource.

operator

Specifies the node selection type. Must be one of: IN: Requires Compute Engine to seek for matched nodes. NOT_IN: Requires Compute Engine to avoid certain nodes.

values

Optional. A list of values which correspond to the node affinity label values of the Node resource.

--node-group=NODE_GROUP

The name of the node group to schedule this instance on.

GCLOUD WIDE FLAGS

These flags are available to all commands: --access-token-file, --account, --billing-project, --configuration, --flags-file, --flatten, --format, --help, --impersonate-service-account, --log-http, --project, --quiet, --trace-token, --user-output-enabled, --verbosity.

Run $ gcloud help for details.

NOTES

These variants are also available:

$ gcloud alpha compute instances update

$ gcloud beta compute instances update