Console
Start free

gcloud compute instances create-with-container

NAME
gcloud compute instances create-with-container - creates Compute Engine virtual machine instances running container images
SYNOPSIS
gcloud compute instances create-with-container INSTANCE_NAMES [INSTANCE_NAMES …] [--accelerator=[count=COUNT],[type=TYPE]] [--no-boot-disk-auto-delete] [--boot-disk-device-name=BOOT_DISK_DEVICE_NAME] [--boot-disk-interface=BOOT_DISK_INTERFACE] [--boot-disk-provisioned-iops=BOOT_DISK_PROVISIONED_IOPS] [--boot-disk-provisioned-throughput=BOOT_DISK_PROVISIONED_THROUGHPUT] [--boot-disk-size=BOOT_DISK_SIZE] [--boot-disk-type=BOOT_DISK_TYPE] [--can-ip-forward] [--container-arg=CONTAINER_ARG] [--container-command=CONTAINER_COMMAND] [--container-env=[KEY=VALUE, …,…]] [--container-env-file=CONTAINER_ENV_FILE] [--container-image=CONTAINER_IMAGE] [--container-mount-disk=[mode=MODE],[mount-path=MOUNT-PATH],[name=NAME],[partition=PARTITION]] [--container-mount-host-path=[host-path=HOSTPATH,mount-path=MOUNTPATH[,mode=MODE],…]] [--container-mount-tmpfs=[mount-path=MOUNTPATH,…]] [--container-privileged] [--container-restart-policy=POLICY; default="always"] [--container-stdin] [--container-tty] [--create-disk=[PROPERTY=VALUE,…]] [--description=DESCRIPTION] [--discard-local-ssds-at-termination-timestamp=DISCARD_LOCAL_SSDS_AT_TERMINATION_TIMESTAMP] [--disk=[auto-delete=AUTO-DELETE],[boot=BOOT],[device-name=DEVICE-NAME],[force-attach=FORCE-ATTACH],[interface=INTERFACE],[mode=MODE],[name=NAME],[scope=SCOPE]] [--[no-]enable-nested-virtualization] [--external-ipv6-address=EXTERNAL_IPV6_ADDRESS] [--external-ipv6-prefix-length=EXTERNAL_IPV6_PREFIX_LENGTH] [--host-error-timeout-seconds=HOST_ERROR_TIMEOUT_SECONDS] [--instance-termination-action=INSTANCE_TERMINATION_ACTION] [--internal-ipv6-address=INTERNAL_IPV6_ADDRESS] [--internal-ipv6-prefix-length=INTERNAL_IPV6_PREFIX_LENGTH] [--ipv6-network-tier=IPV6_NETWORK_TIER] [--labels=[KEY=VALUE,…]] [--local-ssd-recovery-timeout=LOCAL_SSD_RECOVERY_TIMEOUT] [--machine-type=MACHINE_TYPE] [--maintenance-policy=MAINTENANCE_POLICY] [--max-run-duration=MAX_RUN_DURATION] [--metadata=KEY=VALUE,[KEY=VALUE,…]] [--metadata-from-file=KEY=LOCAL_FILE_PATH,[…]] [--min-cpu-platform=PLATFORM] [--network=NETWORK] [--network-interface=[PROPERTY=VALUE,…]] [--network-performance-configs=[PROPERTY=VALUE,…]] [--network-tier=NETWORK_TIER] [--preemptible] [--private-ipv6-google-access-type=PRIVATE_IPV6_GOOGLE_ACCESS_TYPE] [--private-network-ip=PRIVATE_NETWORK_IP] [--provisioning-model=PROVISIONING_MODEL] [--request-valid-for-duration=REQUEST_VALID_FOR_DURATION] [--resource-policies=[RESOURCE_POLICY,…]] [--no-restart-on-failure] [--shielded-integrity-monitoring] [--shielded-secure-boot] [--shielded-vtpm] [--[no-]skip-guest-os-shutdown] [--source-instance-template=SOURCE_INSTANCE_TEMPLATE] [--stack-type=STACK_TYPE] [--subnet=SUBNET] [--tags=TAG,[TAG,…]] [--termination-time=TERMINATION_TIME] [--threads-per-core=THREADS_PER_CORE] [--visible-core-count=VISIBLE_CORE_COUNT] [--zone=ZONE] [--address=ADDRESS     | --no-address] [--confidential-compute     | --confidential-compute-type=CONFIDENTIAL_COMPUTE_TYPE] [--custom-cpu=CUSTOM_CPU --custom-memory=CUSTOM_MEMORY : --custom-extensions --custom-vm-type=CUSTOM_VM_TYPE] [--image-project=IMAGE_PROJECT --image=IMAGE     | --image-family=IMAGE_FAMILY] [--public-ptr     | --no-public-ptr] [--public-ptr-domain=PUBLIC_PTR_DOMAIN     | --no-public-ptr-domain] [--reservation=RESERVATION --reservation-affinity=RESERVATION_AFFINITY; default="any"] [--scopes=[SCOPE,…]     | --no-scopes] [--service-account=SERVICE_ACCOUNT     | --no-service-account] [GCLOUD_WIDE_FLAG]
DESCRIPTION
(DEPRECATED) The option to deploy a container during VM creation using the container startup agent is deprecated. Use alternative services to run containers on your VMs. Learn more at https://cloud.google.com/compute/docs/containers/migrate-containers.

gcloud compute instances create-with-container creates Compute Engine virtual machines that runs a Docker image. For example: 

gcloud compute instances create-with-container instance-1 --zone us-central1-a             --container-image=gcr.io/google-containers/busybox

creates an instance called instance-1, in the us-central1-a zone, running the 'busybox' image.

For more examples, refer to the EXAMPLES section below.
EXAMPLES
To run the gcr.io/google-containers/busybox image on an instance named 'instance-1' that executes 'echo "Hello world"' as a run command, run: 
gcloud compute instances create-with-container instance-1 --container-image=gcr.io/google-containers/busybox --container-command='echo "Hello world"'

To run the gcr.io/google-containers/busybox image in privileged mode, run: 

gcloud compute instances create-with-container instance-1 --container-image=gcr.io/google-containers/busybox --container-privileged
POSITIONAL ARGUMENTS
INSTANCE_NAMES [INSTANCE_NAMES …]
Names of the instances to create. For details on valid instance names, refer to the criteria documented under the field 'name' at: https://cloud.google.com/compute/docs/reference/rest/v1/instances
FLAGS
--accelerator=[count=COUNT],[type=TYPE]
Attaches accelerators (e.g. GPUs) to the instances.
type
The specific type (e.g. nvidia-tesla-t4 for NVIDIA T4) of accelerator to attach to the instances. Use 'gcloud compute accelerator-types list' to learn about all available accelerator types.
count
Number of accelerators to attach to each instance. The default value is 1.
--boot-disk-auto-delete
Automatically delete boot disks when their instances are deleted. Enabled by default, use --no-boot-disk-auto-delete to disable.
--boot-disk-device-name=BOOT_DISK_DEVICE_NAME
The name the guest operating system will see for the boot disk. This option can only be specified if a new boot disk is being created (as opposed to mounting an existing persistent disk).
--boot-disk-interface=BOOT_DISK_INTERFACE
Indicates the interface to use for the boot disk. The value must be one of the following:
--boot-disk-provisioned-iops=BOOT_DISK_PROVISIONED_IOPS
Indicates how many IOPS to provision for the disk. This sets the number of I/O operations per second that the disk can handle.
--boot-disk-provisioned-throughput=BOOT_DISK_PROVISIONED_THROUGHPUT
Indicates how much throughput to provision for the disk. This sets the number of throughput mb per second that the disk can handle.
--boot-disk-size=BOOT_DISK_SIZE
The size of the boot disk. This option can only be specified if a new boot disk is being created (as opposed to mounting an existing persistent disk). The value must be a whole number followed by a size unit of KB for kilobyte, MB for megabyte, GB for gigabyte, or TB for terabyte. For example, 10GB will produce a 10 gigabyte disk. Disk size must be a multiple of 1 GB. Default size unit is GB.
--boot-disk-type=BOOT_DISK_TYPE
The type of the boot disk. This option can only be specified if a new boot disk is being created (as opposed to mounting an existing persistent disk). To get a list of available disk types, run $ gcloud compute disk-types list.
--can-ip-forward
If provided, allows the instances to send and receive packets with non-matching destination or source IP addresses.
--container-arg=CONTAINER_ARG
Argument to append to container entrypoint or to override container CMD. Each argument must have a separate flag. Arguments are appended in the order of flags. Example:

Assuming the default entry point of the container (or an entry point overridden with --container-command flag) is a Bourne shell-compatible executable, in order to execute 'ls -l' command in the container, the user could use:

--container-arg="-c" --container-arg="ls -l"

Caveat: due to the nature of the argument parsing, it's impossible to provide the flag value that starts with a dash (-) without the = sign (that is, --container-arg "-c" will not work correctly).

Default: None. (no arguments appended)
--container-command=CONTAINER_COMMAND
Specifies what executable to run when the container starts (overrides default entrypoint), eg. nc. Default: None (default container entrypoint is used)
--container-env=[KEY=VALUE, …,…]
Declare environment variables KEY with value VALUE passed to container. Only the last value of KEY is taken when KEY is repeated more than once. Values, declared with --container-env flag override those with the same KEY from file, provided in --container-env-file.
--container-env-file=CONTAINER_ENV_FILE
Declare environment variables in a file. Values, declared with --container-env flag override those with the same KEY from file. File with environment variables in format used by docker (almost). This means:
--container-image=CONTAINER_IMAGE
Full container image name, which should be pulled onto VM instance, eg. docker.io/tomcat.
--container-mount-disk=[mode=MODE],[mount-path=MOUNT-PATH],[name=NAME],[partition=PARTITION]
Mounts a disk to the specified mount path in the container. Multiple ' flags are allowed. Must be used with --disk or --create-disk.
name
Name of the disk. If exactly one additional disk is attached to the instance using --disk or --create-disk, specifying disk name here is optional. The name of the single additional disk will be used by default.
mount-path
Path on container to mount to. Mount paths with spaces and commas (and other special characters) are not supported by this command.
partition
Optional. The partition of the disk to mount. Multiple partitions of a disk can be mounted. Can't be used with --create-disk.
mode
Volume mount mode: rw (read/write) or ro (read-only). Defaults to rw. Fails if the disk mode is ro and volume mount mode is rw.
--container-mount-host-path=[host-path=HOSTPATH,mount-path=MOUNTPATH[,mode=MODE],…]
Mounts a volume by using host-path.
host-path
Path on host to mount from.
mount-path
Path on container to mount to. Mount paths with spaces and commas (and other special characters) are not supported by this command.
mode
Volume mount mode: rw (read/write) or ro (read-only). Default: rw.
--container-mount-tmpfs=[mount-path=MOUNTPATH,…]
Mounts empty tmpfs into container at MOUNTPATH.
mount-path
Path on container to mount to. Mount paths with spaces and commas (and other special characters) are not supported by this command.
--container-privileged
Specify whether to run container in privileged mode. Default: --no-container-privileged.
--container-restart-policy=POLICY; default="always"
Specify whether to restart a container on exit. POLICY must be one of: never, on-failure, always.
--container-stdin
Keep container STDIN open even if not attached. Default: --no-container-stdin.
--container-tty
Allocate a pseudo-TTY for the container. Default: --no-container-tty.
--create-disk=[PROPERTY=VALUE,…]
Creates and attaches persistent disks to the instances.
name
Specifies the name of the disk. This option cannot be specified if more than one instance is being created. Must specify this option if attaching the disk to a container with --container-mount-disk.
description
Optional textual description for the disk being created.
mode
Specifies the mode of the disk. Supported options are ro for read-only and rw for read-write. If omitted, rw is used as a default. It is an error to create a disk in ro mode if attaching it to a container with --container-mount-disk.
image
Specifies the name of the image that the disk will be initialized with. A new disk will be created based on the given image. To view a list of public images and projects, run $ gcloud compute images list. It is best practice to use image when a specific version of an image is needed. If both image and image-family flags are omitted a blank disk will be created.
image-family
The image family for the operating system that the boot disk will be initialized with. Compute Engine offers multiple Linux distributions, some of which are available as both regular and Shielded VM images. When a family is specified instead of an image, the latest non-deprecated image associated with that family is used. It is best practice to use --image-family when the latest version of an image is needed.
image-project
The Google Cloud project against which all image and image family references will be resolved. It is best practice to define image-project. A full list of available image projects can be generated by running gcloud compute images list.
size
The size of the disk. The value must be a whole number followed by a size unit of KB for kilobyte, MB for megabyte, GB for gigabyte, or TB for terabyte. For example, 10GB will produce a 10 gigabyte disk. Disk size must be a multiple of 1 GB. If not specified, the default image size will be used for the new disk.
type
The type of the disk. To get a list of available disk types, run $ gcloud compute disk-types list. The default disk type is pd-standard.
device-name
An optional name to display the disk name in the guest operating system. Must be the same as name if used with --container-mount-disk. If omitted, a device name of the form persistent-disk-N is used. If omitted and used with --container-mount-disk (where the name of the container mount disk is the same as in this flag), a device name equal to disk name is used.
provisioned-iops
Indicates how many IOPS to provision for the disk. This sets the number of I/O operations per second that the disk can handle. Value must be between 10,000 and 120,000.
provisioned-throughput
Indicates how much throughput to provision for the disk. This sets the number of throughput mb per second that the disk can handle.
disk-resource-policy
Resource policy to apply to the disk. Specify a full or partial URL. For example: For more information, see the following docs:
auto-delete
If yes, this persistent disk will be automatically deleted when the instance is deleted. However, if the disk is later detached from the instance, this option won't apply. The default value for this is yes.
architecture
Specifies the architecture or processor type that this disk can support. For available processor types on Compute Engine, see https://cloud.google.com/compute/docs/cpu-platforms.
storage-pool
The name of the storage pool in which the new disk is created. The new disk and the storage pool must be in the same location.
interface
The interface to use with the disk. The value must be one of the following:
replica-zones
Required for each regional disk associated with the instance. Specify the URLs of the zones where the disk should be replicated to. You must provide exactly two replica zones, and one zone must be the same as the instance zone.
--description=DESCRIPTION
Specifies a textual description of the instances.
--discard-local-ssds-at-termination-timestamp=DISCARD_LOCAL_SSDS_AT_TERMINATION_TIMESTAMP
Required to be set to true and only allowed for VMs that have one or more local SSDs, use --instance-termination-action=STOP, and use either --max-run-duration or --termination-time.

This flag indicates the value that you want Compute Engine to use for the --discard-local-ssd flag in the automatic gcloud compute instances stop command. This flag only supports the true value, which discards local SSD data when automatically stopping this VM during its terminationTimestamp.

For more information about the --discard-local-ssd flag, see https://cloud.google.com/compute/docs/disks/local-ssd#stop_instance.
--disk=[auto-delete=AUTO-DELETE],[boot=BOOT],[device-name=DEVICE-NAME],[force-attach=FORCE-ATTACH],[interface=INTERFACE],[mode=MODE],[name=NAME],[scope=SCOPE]
Attaches an existing disk to the instances.
name
The disk to attach to the instances. If you create more than one instance, you can only attach a disk in read-only mode. By default, you attach a zonal disk located in the same zone of the instance. If you want to attach a regional disk, you must specify the disk using its URI; for example, projects/myproject/regions/us-central1/disks/my-regional-disk.
mode
The mode of the disk. Supported options are ro for read-only mode and rw for read-write mode. If omitted, rw is used as a default value. If you use rw when creating more than one instance, you encounter errors.
boot
If set to yes, you attach a boot disk. The virtual machine then uses the first partition of the disk for the root file systems. The default value for this is no.
device-name
An optional name to display the disk name in the guest operating system. Must be the same as name if used with --container-mount-disk. If omitted, a device name of the form persistent-disk-N is used. If omitted and used with --container-mount-disk (where the name of the container mount disk is the same as in this flag), a device name equal to disk name is used.
auto-delete
If set to yes, the persistent disk is automatically deleted when the instance is deleted. However, if you detach the disk from the instance, deleting the instance doesn't delete the disk. The default value is yes.
interface
The interface to use for the disk. The value must be one of the following:
  • SCSI
  • NVME
scope
Can be zonal or regional. If zonal, the disk is interpreted as a zonal disk in the same zone as the instance (default). If regional, the disk is interpreted as a regional disk in the same region as the instance. The default value for this is zonal.
force-attach
If yes, this persistent disk will force-attached to the instance even it is already attached to another instance. The default value is 'no'.
--[no-]enable-nested-virtualization
If set to true, enables nested virtualization for the instance. Use --enable-nested-virtualization to enable and --no-enable-nested-virtualization to disable.
--external-ipv6-address=EXTERNAL_IPV6_ADDRESS
Assigns the given external IPv6 address to the instance that is created. The address must be the first IP address in the range. This option can be used only when creating a single instance.
--external-ipv6-prefix-length=EXTERNAL_IPV6_PREFIX_LENGTH
The prefix length of the external IPv6 address range. This field should be used together with --external-ipv6-address. Only the /96 IP address range is supported, and the default value is 96.
--host-error-timeout-seconds=HOST_ERROR_TIMEOUT_SECONDS
The timeout in seconds for host error detection. The value must be set with 30 second increments, with a range of 90 to 330 seconds. If unset, the default behavior of the host error recovery is used.
--instance-termination-action=INSTANCE_TERMINATION_ACTION
Specifies the termination action that will be taken upon VM preemption (--provisioning-model=SPOT) or automatic instance termination (--max-run-duration or --termination-time). INSTANCE_TERMINATION_ACTION must be one of:
DELETE
Permanently delete the VM.
STOP
Default only for Spot VMs. Stop the VM without preserving memory. The VM can be restarted later.
--internal-ipv6-address=INTERNAL_IPV6_ADDRESS
Assigns the given internal IPv6 address or range to the instance that is created. The address must be the first IP address in the range or from a /96 IP address range. This option can be used only when creating a single instance.
--internal-ipv6-prefix-length=INTERNAL_IPV6_PREFIX_LENGTH
Optional field that indicates the prefix length of the internal IPv6 address range. It should be used together with --internal-ipv6-address. Only /96 IP address range is supported and the default value is 96. If not set, either the prefix length from --internal-ipv6-address will be used or the default value of 96 will be assigned.
--ipv6-network-tier=IPV6_NETWORK_TIER
Specifies the IPv6 network tier that will be used to configure the instance network interface IPv6 access config. IPV6_NETWORK_TIER must be (only one value is supported):
PREMIUM
High quality, Google-grade network tier.
--labels=[KEY=VALUE,…]
List of label KEY=VALUE pairs to add. Keys must start with a lowercase character and contain only hyphens (-), underscores (_), lowercase characters, and numbers. Values must contain only hyphens (-), underscores (_), lowercase characters, and numbers.
--local-ssd-recovery-timeout=LOCAL_SSD_RECOVERY_TIMEOUT
Specifies the maximum amount of time a Local Ssd Vm should wait while recovery of the Local Ssd state is attempted. Its value should be in between 0 and 168 hours with hour granularity and the default value being 1 hour.
--machine-type=MACHINE_TYPE
Specifies the machine type used for the instances. To get a list of available machine types, run 'gcloud compute machine-types list'. If unspecified, the default type is n1-standard-1.
--maintenance-policy=MAINTENANCE_POLICY
Specifies the behavior of the VMs when their host machines undergo maintenance. The default is MIGRATE. For more information, see https://cloud.google.com/compute/docs/instances/host-maintenance-options. MAINTENANCE_POLICY must be one of:
MIGRATE
The instances should be migrated to a new host. This will temporarily impact the performance of instances during a migration event.
TERMINATE
The instances should be terminated.
--max-run-duration=MAX_RUN_DURATION
Limits how long this VM instance can run, specified as a duration relative to the last time when the VM began running. Format the duration, MAX_RUN_DURATION, as the number of days, hours, minutes, and seconds followed by d, h, m, and s respectively. For example, specify 30m for a duration of 30 minutes or specify 1d2h3m4s for a duration of 1 day, 2 hours, 3 minutes, and 4 seconds. Alternatively, to specify a timestamp, use --termination-time instead.

If neither --max-run-duration nor --termination-time is specified (default), the VM instance runs until prompted by a user action or system event. If either is specified, the VM instance is scheduled to be automatically terminated at the VM's termination timestamp (terminationTimestamp) using the action specified by --instance-termination-action.

Note: The terminationTimestamp is removed whenever the VM is stopped or suspended and redefined whenever the VM is rerun. For --max-run-duration specifically, the terminationTimestamp is the sum of MAX_RUN_DURATION and the time when the VM last entered the RUNNING state, which changes whenever the VM is rerun.
--metadata=KEY=VALUE,[KEY=VALUE,…]
Metadata to be made available to the guest operating system running on the instances. Each metadata entry is a key/value pair separated by an equals sign. Each metadata key must be unique and have a max of 128 bytes in length. Each value must have a max of 256 KB in length. Multiple arguments can be passed to this flag, e.g., --metadata key-1=value-1,key-2=value-2,key-3=value-3. The combined total size for all metadata entries is 512 KB. In images that have Compute Engine tools installed on them, such as the official images, the following metadata keys have special meanings:
startup-script
Specifies a script that will be executed by the instances once they start running. For convenience, --metadata-from-file can be used to pull the value from a file.
startup-script-url
Same as startup-script except that the script contents are pulled from a publicly-accessible location on the web. For startup scripts on Windows instances, the following metadata keys have special meanings: windows-startup-script-url, windows-startup-script-cmd, windows-startup-script-bat, windows-startup-script-ps1, sysprep-specialize-script-url, sysprep-specialize-script-cmd, sysprep-specialize-script-bat, and sysprep-specialize-script-ps1. For more information, see Running startup scripts.
--metadata-from-file=KEY=LOCAL_FILE_PATH,[…]
Same as --metadata except that the value for the entry will be read from a local file. This is useful for values that are too large such as startup-script contents.
--min-cpu-platform=PLATFORM
When specified, the VM will be scheduled on host with specified CPU architecture or a newer one. To list available CPU platforms in given zone, run: 
gcloud compute zones describe ZONE --format="value(availableCpuPlatforms)"

Default setting is "AUTOMATIC".

CPU platform selection is available only in selected zones.

You can find more information on-line: https://cloud.google.com/compute/docs/instances/specify-min-cpu-platform
--network=NETWORK
Specifies the network that the VM instances are a part of. If --subnet is also specified, subnet must be a subnetwork of the network specified by this --network flag. If neither is specified, the default network is used.
--network-interface=[PROPERTY=VALUE,…]
Adds a network interface to the instance. Mutually exclusive with any of these flags: --address, --network, --network-tier, --subnet, --private-network-ip, --stack-type, --ipv6-network-tier, --internal-ipv6-address, --internal-ipv6-prefix-length, --ipv6-address, --ipv6-prefix-length, --external-ipv6-address, --external-ipv6-prefix-length. This flag can be repeated to specify multiple network interfaces. The following keys are allowed:
address
Assigns the given external address to the instance that is created. Specifying an empty string will assign an ephemeral IP. Mutually exclusive with no-address. If neither key is present the instance will get an ephemeral IP.
network
Specifies the network that the interface will be part of. If subnet is also specified it must be subnetwork of this network. If neither is specified, this defaults to the "default" network.
no-address
If specified the interface will have no external IP. Mutually exclusive with address. If neither key is present the instance will get an ephemeral IP.
network-tier
Specifies the network tier of the interface. NETWORK_TIER must be one of: PREMIUM, STANDARD. The default value is PREMIUM.
private-network-ip
Assigns the given RFC1918 IP address to the interface.
subnet
Specifies the subnet that the interface will be part of. If network key is also specified this must be a subnetwork of the specified network.
nic-type
Specifies the Network Interface Controller (NIC) type for the interface. NIC_TYPE must be one of: GVNIC, VIRTIO_NET.
stack-type
Specifies whether IPv6 is enabled on the interface. STACK_TYPE must be one of: IPV4_ONLY, IPV4_IPV6, IPV6_ONLY. The default value is IPV4_ONLY.
ipv6-network-tier
Specifies the IPv6 network tier that will be used to configure the instance network interface IPv6 access config. IPV6_NETWORK_TIER must be PREMIUM (currently only one value is supported).
internal-ipv6-address
Assigns the given internal IPv6 address or range to the instance that is created. The address must be the first IP address in the range or from a /96 IP address range. This option can be used only when creating a single instance.
internal-ipv6-prefix-length
Optional field that indicates the prefix length of the internal IPv6 address range. It should be used together with internal-ipv6-address. Only /96 IP address range is supported and the default value is 96. If not set, either the prefix length from --internal-ipv6-address will be used or the default value of 96 will be assigned.
external-ipv6-address
Assigns the given external IPv6 address to the instance that is created. The address must be the first IP address in the range. This option can be used only when creating a single instance.
external-ipv6-prefix-length
The prefix length of the external IPv6 address range. This field should be used together with external-ipv6-address. Only the /96 IP address range is supported, and the default value is 96.
aliases
Specifies the IP alias ranges to allocate for this interface. If there are multiple IP alias ranges, they are separated by semicolons.

For example: 

--aliases="10.128.1.0/24;range1:/32"
 Each IP alias range consists of a range name and an IP range separated by a colon, or just the IP range. The range name is the name of the range within the network interface's subnet from which to allocate an IP alias range. If unspecified, it defaults to the primary IP range of the subnet. The IP range can be a CIDR range (e.g. 192.168.100.0/24), a single IP address (e.g. 192.168.100.1), or a netmask in CIDR format (e.g. /24). If the IP range is specified by CIDR range or single IP address, it must belong to the CIDR range specified by the range name on the subnet. If the IP range is specified by netmask, the IP allocator will pick an available range with the specified netmask and allocate it to this network interface.
network-attachment
Specifies the network attachment that this interface should connect to. Mutually exclusive with --network and --subnet flags.
service-class-id
The regional Service Class ID for the producer service associated with this network interface. Can only be used with network_attachment. It is not possible to use on its own; however, network_attachment can be used without service_class_id.
vlan
VLAN ID of a Dynamic Network Interface, must be an integer in the range from 2 to 255 inclusively.
--network-performance-configs=[PROPERTY=VALUE,…]
Configures network performance settings for the instance. If this flag is not specified, the instance will be created with its default network performance configuration.
total-egress-bandwidth-tier
Total egress bandwidth is the available outbound bandwidth from a VM, regardless of whether the traffic is going to internal IP or external IP destinations. The following tier values are allowed: [DEFAULT,TIER_1]
--network-tier=NETWORK_TIER
Specifies the network tier that will be used to configure the instance. NETWORK_TIER must be one of: PREMIUM, STANDARD. The default value is PREMIUM.
--preemptible
If provided, instances will be preemptible and time-limited. Instances might be preempted to free up resources for standard VM instances, and will only be able to run for a limited amount of time. Preemptible instances can not be restarted and will not migrate.
--private-ipv6-google-access-type=PRIVATE_IPV6_GOOGLE_ACCESS_TYPE
The private IPv6 Google access type for the VM. PRIVATE_IPV6_GOOGLE_ACCESS_TYPE must be one of: enable-bidirectional-access, enable-outbound-vm-access, inherit-subnetwork.
--private-network-ip=PRIVATE_NETWORK_IP
Specifies the RFC1918 IP to assign to the instance. The IP should be in the subnet or legacy network IP range.
--provisioning-model=PROVISIONING_MODEL
Specifies the provisioning model for your VM instances. This choice affects the price, availability, and how long your VM instances can run. PROVISIONING_MODEL must be one of:
FLEX_START
The VM instance is provisioned using the Flex Start provisioning model and has a limited runtime.
RESERVATION_BOUND
The VM instances run for the entire duration of their associated reservation. You can only specify this provisioning model if you want your VM instances to consume a specific reservation with either a calendar reservation mode or a dense deployment type.
SPOT
Compute Engine may stop a Spot VM instance whenever it needs capacity. Because Spot VM instances don't have a guaranteed runtime, they come at a discounted price.
STANDARD
The default option. The STANDARD provisioning model gives you full control over your VM instances' runtime.
--request-valid-for-duration=REQUEST_VALID_FOR_DURATION
When you create an instance by using the FLEX_START provisioning model, you can specify the duration to wait for available resources. If the instance creation request is still pending after this duration, then the request fails. You specify a duration by using numbers followed by h, m, and s for hours, minutes, and seconds, respectively. For example, specify 30m for a duration of 30 minutes, or 1h2m3s for 1 hour, 2 minutes, and 3 seconds. Longer durations give you higher chances that your instance creation request succeeds when resources are in high demand.
--resource-policies=[RESOURCE_POLICY,…]
A list of resource policy names to be added to the instance. The policies must exist in the same region as the instance.
--restart-on-failure
The instances will be restarted if they are terminated by Compute Engine. This does not affect terminations performed by the user. Enabled by default, use --no-restart-on-failure to disable.
--shielded-integrity-monitoring
Enables monitoring and attestation of the boot integrity of the instance. The attestation is performed against the integrity policy baseline. This baseline is initially derived from the implicitly trusted boot image when the instance is created. This baseline can be updated by using gcloud compute instances update-container --shielded-learn-integrity-policy. On Shielded VM instances, integrity monitoring is enabled by default. For information about how to modify Shielded VM options, see https://cloud.google.com/compute/docs/instances/modifying-shielded-vm. For information about monitoring integrity on Shielded VM instances, see https://cloud.google.com/compute/docs/instances/integrity-monitoring."
--shielded-secure-boot
The instance boots with secure boot enabled. On Shielded VM instances, Secure Boot is not enabled by default. For information about how to modify Shielded VM options, see https://cloud.google.com/compute/docs/instances/modifying-shielded-vm.
--shielded-vtpm
The instance boots with the TPM (Trusted Platform Module) enabled. A TPM is a hardware module that can be used for different security operations such as remote attestation, encryption, and sealing of keys. On Shielded VM instances, vTPM is enabled by default. For information about how to modify Shielded VM options, see https://cloud.google.com/compute/docs/instances/modifying-shielded-vm.
--[no-]skip-guest-os-shutdown
If enabled, then, when the instance is stopped or deleted, the instance is immediately stopped without giving time to the guest OS to cleanly shut down. Use --skip-guest-os-shutdown to enable and --no-skip-guest-os-shutdown to disable.
--source-instance-template=SOURCE_INSTANCE_TEMPLATE
The name of the instance template that the instance will be created from. An instance template can be a global/regional resource. Users can override instance properties using other flags.
--stack-type=STACK_TYPE
Specifies whether IPv6 is enabled on the default network interface. If not specified, IPV4_ONLY will be used. STACK_TYPE must be one of:
IPV4_IPV6
The network interface can have both IPv4 and IPv6 addresses
IPV4_ONLY
The network interface will be assigned IPv4 addresses
IPV6_ONLY
The network interface will be assigned IPv6 addresses
--subnet=SUBNET
Specifies the subnet that the VM instances are a part of. If --network is also specified, subnet must be a subnetwork of the network specified by the --network flag.
--tags=TAG,[TAG,…]
Specifies a list of tags to apply to the instance. These tags allow network firewall rules and routes to be applied to specified VM instances. See gcloud compute firewall-rules create(1) for more details.

To read more about configuring network tags, read this guide: https://cloud.google.com/vpc/docs/add-remove-network-tags

To list instances with their respective status and tags, run: 

gcloud compute instances list --format='table(name,status,tags.list())'

To list instances tagged with a specific tag, tag1, run: 

gcloud compute instances list --filter='tags:tag1'
--termination-time=TERMINATION_TIME
Limits how long this VM instance can run, specified as a time. Format the time, TERMINATION_TIME, as a RFC 3339 timestamp. For more information, see https://tools.ietf.org/html/rfc3339. Alternatively, to specify a duration, use --max-run-duration instead.

If neither --termination-time nor --max-run-duration is specified (default), the VM instance runs until prompted by a user action or system event. If either is specified, the VM instance is scheduled to be automatically terminated at the VM's termination timestamp (terminationTimestamp) using the action specified by --instance-termination-action.

Note: The terminationTimestamp is removed whenever the VM is stopped or suspended and redefined whenever the VM is rerun. For --termination-time specifically, the terminationTimestamp remains the same whenever the VM is rerun, but any requests to rerun the VM fail if the specified timestamp is in the past.
--threads-per-core=THREADS_PER_CORE
The number of visible threads per physical core. To disable simultaneous multithreading (SMT) set this to 1. Valid values are: 1 or 2. For more information about configuring SMT, see: https://cloud.google.com/compute/docs/instances/configuring-simultaneous-multithreading.
--visible-core-count=VISIBLE_CORE_COUNT
The number of physical cores to expose to the instance's guest operating system. The number of virtual CPUs visible to the instance's guest operating system is this number of cores multiplied by the instance's count of visible threads per physical core.
--zone=ZONE
Zone of the instances to create. If not specified, you might be prompted to select a zone (interactive mode only). gcloud attempts to identify the appropriate zone by searching for resources in your currently active project. If the zone cannot be determined, gcloud prompts you for a selection with all available Google Cloud Platform zones.

To avoid prompting when this flag is omitted, the user can set the compute/zone property: 

gcloud config set compute/zone ZONE

A list of zones can be fetched by running: 

gcloud compute zones list

To unset the property, run: 

gcloud config unset compute/zone
 Alternatively, the zone can be stored in the environment variable CLOUDSDK_COMPUTE_ZONE. At most one of these can be specified:
--address=ADDRESS
Assigns the given external address to the instance that is created. The address might be an IP address or the name or URI of an address resource. This option can only be used when creating a single instance.
--no-address
If provided, the instances are not assigned external IP addresses. To pull container images, you must configure private Google access if using Container Registry or configure Cloud NAT for instances to access container images directly. For more information, see:
At most one of these can be specified:
--confidential-compute
(DEPRECATED) The instance boots with Confidential Computing enabled. Confidential Computing is based on Secure Encrypted Virtualization (SEV), an AMD virtualization feature for running confidential instances. The --confidential-compute flag will soon be deprecated. Please use --confidential-compute-type=SEV instead
--confidential-compute-type=CONFIDENTIAL_COMPUTE_TYPE
The instance boots with Confidential Computing enabled. Confidential Computing can be based on Secure Encrypted Virtualization (SEV) or Secure Encrypted Virtualization - Secure Nested Paging (SEV-SNP), both of which are AMD virtualization features for running confidential instances. Trust Domain eXtension based on Intel virtualization features for running confidential instances is also supported. CONFIDENTIAL_COMPUTE_TYPE must be one of:
SEV
Secure Encrypted Virtualization
SEV_SNP
Secure Encrypted Virtualization - Secure Nested Paging
TDX
Trust Domain eXtension
Custom machine type extensions.
--custom-cpu=CUSTOM_CPU
A whole number value specifying the number of cores that are needed in the custom machine type.

For some machine types, shared-core values can also be used. For example, for E2 machine types, you can specify micro, small, or medium.

This flag argument must be specified if any of the other arguments in this group are specified.
--custom-memory=CUSTOM_MEMORY
A whole number value indicating how much memory is desired in the custom machine type. A size unit should be provided (eg. 3072MB or 9GB) - if no units are specified, GB is assumed. This flag argument must be specified if any of the other arguments in this group are specified.
--custom-extensions
Use the extended custom machine type.
--custom-vm-type=CUSTOM_VM_TYPE
Specifies a custom machine type. The default is n1. For more information about custom machine types, see: https://cloud.google.com/compute/docs/general-purpose-machines#custom_machine_types
--image-project=IMAGE_PROJECT
The Google Cloud project against which all image and image family references will be resolved. It is best practice to define image-project. A full list of available projects can be generated by running gcloud projects list.
At most one of these can be specified:
--image=IMAGE
Specifies the boot image for the instances. For each instance, a new boot disk will be created from the given image. Each boot disk will have the same name as the instance. To view a list of public images and projects, run $ gcloud compute images list. It is best practice to use --image when a specific version of an image is needed. When using this option, --boot-disk-device-name and --boot-disk-size can be used to override the boot disk's device name and size, respectively.
--image-family=IMAGE_FAMILY
The image family for the operating system that the boot disk will be initialized with. Compute Engine offers multiple Linux distributions, some of which are available as both regular and Shielded VM images. When a family is specified instead of an image, the latest non-deprecated image associated with that family is used. It is best practice to use --image-family when the latest version of an image is needed. By default, debian-12 is assumed for this flag. At most one of these can be specified:
--public-ptr
Creates a DNS PTR record for the external IP of the instance.
--no-public-ptr
If provided, no DNS PTR record is created for the external IP of the instance. Mutually exclusive with public-ptr-domain.
At most one of these can be specified:
--public-ptr-domain=PUBLIC_PTR_DOMAIN
Assigns a custom PTR domain for the external IP of the instance. Mutually exclusive with no-public-ptr.
--no-public-ptr-domain
If both this flag and --public-ptr are specified, creates a DNS PTR record for the external IP of the instance with the PTR domain name being the DNS name of the instance.
Specifies the reservation for the instance.
--reservation=RESERVATION
The name of the reservation, required when --reservation-affinity=specific.
--reservation-affinity=RESERVATION_AFFINITY; default="any"
The type of reservation for the instance. RESERVATION_AFFINITY must be one of:
any
Consume any available, matching reservation.
none
Do not consume from any reserved capacity.
specific
Must consume from a specific reservation.
At most one of these can be specified:
--scopes=[SCOPE,…]
If not provided, the instance will be assigned the default scopes, described below. SCOPE can be either the full URI of the scope or an alias. Default scopes are assigned to all instances. Available aliases are:
Alias URI
bigquery https://www.googleapis.com/auth/bigquery
cloud-platform https://www.googleapis.com/auth/cloud-platform
cloud-source-repos https://www.googleapis.com/auth/source.full_control
cloud-source-repos-ro https://www.googleapis.com/auth/source.read_only
compute-ro https://www.googleapis.com/auth/compute.readonly
compute-rw https://www.googleapis.com/auth/compute
datastore https://www.googleapis.com/auth/datastore
default https://www.googleapis.com/auth/devstorage.read_only
https://www.googleapis.com/auth/logging.write
https://www.googleapis.com/auth/monitoring.write
https://www.googleapis.com/auth/pubsub
https://www.googleapis.com/auth/service.management.readonly
https://www.googleapis.com/auth/servicecontrol
https://www.googleapis.com/auth/trace.append
gke-default https://www.googleapis.com/auth/devstorage.read_only
https://www.googleapis.com/auth/logging.write
https://www.googleapis.com/auth/monitoring
https://www.googleapis.com/auth/service.management.readonly
https://www.googleapis.com/auth/servicecontrol
https://www.googleapis.com/auth/trace.append
logging-write https://www.googleapis.com/auth/logging.write
monitoring https://www.googleapis.com/auth/monitoring
monitoring-read https://www.googleapis.com/auth/monitoring.read
monitoring-write https://www.googleapis.com/auth/monitoring.write
pubsub https://www.googleapis.com/auth/pubsub
service-control https://www.googleapis.com/auth/servicecontrol
service-management https://www.googleapis.com/auth/service.management.readonly
sql (deprecated) https://www.googleapis.com/auth/sqlservice
sql-admin https://www.googleapis.com/auth/sqlservice.admin
storage-full https://www.googleapis.com/auth/devstorage.full_control
storage-ro https://www.googleapis.com/auth/devstorage.read_only
storage-rw https://www.googleapis.com/auth/devstorage.read_write
taskqueue https://www.googleapis.com/auth/taskqueue
trace https://www.googleapis.com/auth/trace.append
userinfo-email https://www.googleapis.com/auth/userinfo.email
DEPRECATION WARNING: https://www.googleapis.com/auth/sqlservice account scope and sql alias do not provide SQL instance management capabilities and have been deprecated. Please, use https://www.googleapis.com/auth/sqlservice.admin or sql-admin to manage your Google SQL Service instances.
--no-scopes
Create instance without scopes
At most one of these can be specified:
--service-account=SERVICE_ACCOUNT
A service account is an identity attached to the instance. Its access tokens can be accessed through the instance metadata server and are used to authenticate applications on the instance. The account can be set using an email address corresponding to the required service account. If not provided, the instance will use the project's default service account.
--no-service-account
Create instance without service account
GCLOUD WIDE FLAGS
These flags are available to all commands: --access-token-file, --account, --billing-project, --configuration, --flags-file, --flatten, --format, --help, --impersonate-service-account, --log-http, --project, --quiet, --trace-token, --user-output-enabled, --verbosity.

Run $ gcloud help for details.

NOTES
These variants are also available: 
gcloud alpha compute instances create-with-container
 
gcloud beta compute instances create-with-container
 
gcloud preview compute instances create-with-container