gcloud compute instances update - update a Compute Engine virtual machine
gcloud compute instances update INSTANCE_NAME [--[no-]deletion-protection] [--[no-]enable-display-device] [--min-cpu-platform=PLATFORM] [--[no-]shielded-integrity-monitoring] [--shielded-learn-integrity-policy] [--[no-]shielded-secure-boot] [--[no-]shielded-vtpm] [--update-labels=[KEY=VALUE,...]] [--zone=ZONE] [--clear-labels | --remove-labels=[KEY,...]] [--clear-node-affinities | --node=NODE | --node-affinity-file=NODE_AFFINITY_FILE | --node-group=NODE_GROUP] [GCLOUD_WIDE_FLAG ...]
gcloud compute instances update updates labels and requested CPU Platform for a Compute Engine virtual machine.
To modify the instance 'example-instance' in 'us-central1-a' by adding labels 'k0', with value 'value1' and label 'k1' with value 'value2' and removing labels with key 'k3', run:
$ gcloud compute instances update example-instance \ --zone=us-central1-a --update-labels=k0=value1,k1=value2 \ --remove-labels=k3
Labels can be used to identify the disk. To list disks with the 'k1:value2' label, run:
$ gcloud compute instances list --filter='labels.k1:value2'
To list only the labels when describing a resource, use --format to filter the result:
$ gcloud compute instances describe example-disk \ --format="default(labels)"
- INSTANCE_NAME
Name of the instance to update. For details on valid instance names, refer to the criteria documented under the field 'name' at: https://cloud.google.com/compute/docs/reference/rest/v1/instances
- --[no-]deletion-protection
Enables deletion protection for the instance. Use --deletion-protection to enable and --no-deletion-protection to disable.
- --[no-]enable-display-device
Enable a display device on VM instances. Use --enable-display-device to enable and --no-enable-display-device to disable.
- --min-cpu-platform=PLATFORM
When specified, the VM will be scheduled on host with specified CPU architecture or a newer one. To list available CPU platforms in given zone, run:
$ gcloud compute zones describe ZONE \ --format="value(availableCpuPlatforms)"
Default setting is "AUTOMATIC".
CPU platform selection is available only in selected zones.
You can find more information on-line: https://cloud.google.com/compute/docs/instances/specify-min-cpu-platform
- --[no-]shielded-integrity-monitoring
Enables monitoring and attestation of the boot integrity of the instance. The attestation is performed against the integrity policy baseline. This baseline is initially derived from the implicitly trusted boot image when the instance is created. This baseline can be updated by using gcloud compute instances update --shielded-learn-integrity-policy. On Shielded VM instances, integrity monitoring is enabled by default. For information about how to modify Shielded VM options, see https://cloud.google.com/compute/docs/instances/modifying-shielded-vm. For information about monitoring integrity on Shielded VM instances, see https://cloud.google.com/compute/docs/instances/integrity-monitoring." Changes to this setting with the update command only take effect after stopping and starting the instance. Use --shielded-integrity-monitoring to enable and --no-shielded-integrity-monitoring to disable.
- --shielded-learn-integrity-policy
Causes the instance to re-learn the integrity policy baseline using the current instance configuration. Use this flag after any planned boot-specific changes in the instance configuration, like kernel updates or kernel driver installation.
- --[no-]shielded-secure-boot
The instance boots with secure boot enabled. On Shielded VM instances, Secure Boot is not enabled by default. For information about how to modify Shielded VM options, see https://cloud.google.com/compute/docs/instances/modifying-shielded-vm. Changes to this setting with the update command only take effect after stopping and starting the instance. Use --shielded-secure-boot to enable and --no-shielded-secure-boot to disable.
- --[no-]shielded-vtpm
The instance boots with the TPM (Trusted Platform Module) enabled. A TPM is a hardware module that can be used for different security operations such as remote attestation, encryption, and sealing of keys. On Shielded VM instances, vTPM is enabled by default. For information about how to modify Shielded VM options, see https://cloud.google.com/compute/docs/instances/modifying-shielded-vm. Changes to this setting with the update command only take effect after stopping and starting the instance. Use --shielded-vtpm to enable and --no-shielded-vtpm to disable.
- --update-labels=[KEY=VALUE,...]
List of label KEY=VALUE pairs to update. If a label exists, its value is modified. Otherwise, a new label is created.
Keys must start with a lowercase character and contain only hyphens (-), underscores (_), lowercase characters, and numbers. Values must contain only hyphens (-), underscores (_), lowercase characters, and numbers.
- --zone=ZONE
Zone of the instance to update. If not specified, you might be prompted to select a zone (interactive mode only). gcloud attempts to identify the appropriate zone by searching for resources in your currently active project. If the zone cannot be determined, gcloud prompts you for a selection with all available Google Cloud Platform zones.
To avoid prompting when this flag is omitted, the user can set the compute/zone property:
$ gcloud config set compute/zone ZONE
A list of zones can be fetched by running:
$ gcloud compute zones list
To unset the property, run:
$ gcloud config unset compute/zone
Alternatively, the zone can be stored in the environment variable CLOUDSDK_COMPUTE_ZONE.
- At most one of these can be specified:
- --clear-labels
Remove all labels. If --update-labels is also specified then --clear-labels is applied first.
For example, to remove all labels:
$ gcloud compute instances update --clear-labels
To remove all existing labels and create two new labels, foo and baz:
$ gcloud compute instances update --clear-labels \ --update-labels foo=bar,baz=qux
- --remove-labels=[KEY,...]
List of label keys to remove. If a label does not exist it is silently ignored. If --update-labels is also specified then --update-labels is applied first.
- Sole Tenancy.
At most one of these can be specified:
- --clear-node-affinities
Removes the node affinities field from the instance. If specified, the instance node settings will be cleared. The instance will not be scheduled onto a sole-tenant node.
- --node=NODE
The name of the node to schedule this instance on.
- --node-affinity-file=NODE_AFFINITY_FILE
The JSON/YAML file containing the configuration of desired nodes onto which this instance could be scheduled. These rules filter the nodes according to their node affinity labels. A node's affinity labels come from the node template of the group the node is in.
The file should contain a list of a JSON/YAML objects. For an example, see https://cloud.google.com/compute/docs/nodes/provisioning-sole-tenant-vms#configure_node_affinity_labels. The following list describes the fields:
- key
Corresponds to the node affinity label keys of the Node resource.
- operator
Specifies the node selection type. Must be one of: IN: Requires Compute Engine to seek for matched nodes. NOT_IN: Requires Compute Engine to avoid certain nodes.
- values
Optional. A list of values which correspond to the node affinity label values of the Node resource.
- --node-group=NODE_GROUP
The name of the node group to schedule this instance on.
These flags are available to all commands: --access-token-file, --account, --billing-project, --configuration, --flags-file, --flatten, --format, --help, --impersonate-service-account, --log-http, --project, --quiet, --trace-token, --user-output-enabled, --verbosity.
Run $ gcloud help for details.
These variants are also available:
$ gcloud alpha compute instances update
$ gcloud beta compute instances update