gcloud_alpha_compute_instances

gcloud_alpha_compute_instances_update (1)

NAME

: gcloud alpha compute instances update - update a Google Compute Engine virtual machine

SYNOPSIS

gcloud alpha compute instances update INSTANCE_NAME [--[no-]deletion-protection] [--[no-]enable-display-device] [--min-cpu-platform=PLATFORM] [--update-labels=[KEY=VALUE,...]] [--zone=ZONE] [--clear-labels | --remove-labels=[KEY,...]] [--[no-]shielded-integrity-monitoring | --shielded-vm-integrity-monitoring] [--[no-]shielded-secure-boot | --shielded-vm-secure-boot] [--shielded-learn-integrity-policy | --shielded-vm-learn-integrity-policy] [--shielded-vm-vtpm | --[no-]shielded-vtpm] [GCLOUD_WIDE_FLAG ...]

DESCRIPTION

(ALPHA) gcloud alpha compute instances update updates labels and

requested CPU Platform for a Google Compute Engine virtual machine. For example:

: $ gcloud alpha compute instances update example-instance \
--zone us-central1-a --update-labels=k0=value1,k1=value2 \
--remove-labels=k3

will add/update labels k0 and k1 and remove labels with key k3.
Labels can be used to identify the instance and to filter them as in

: $ gcloud alpha compute instances list --filter='labels.k1:value2'

To list existing labels

: $ gcloud alpha compute instances describe example-instance \
--format='default(labels)'

POSITIONAL ARGUMENTS

INSTANCE_NAME: Name of the instance to update.

FLAGS

--[no-]deletion-protection

Enables deletion protection for the instance. Use --deletion-protection to enable and --no-deletion-protection to disable.

--[no-]enable-display-device

Enable a display device for instances using a Windows image. Use --enable-display-device to enable and --no-enable-display-device to disable.

--min-cpu-platform=PLATFORM

When specified, the VM will be scheduled on host with specified CPU architecture or a newer one. To list available CPU platforms in given zone, run:

: $ gcloud alpha compute zones describe ZONE \
--format="value(availableCpuPlatforms)"

Default setting is "AUTOMATIC".
CPU platform selection is available only in selected zones.
You can find more information on-line: cloud.google.com/compute/docs/instances/specify-min-cpu-platform

--update-labels=[KEY=VALUE,...]

List of label KEY=VALUE pairs to update. If a label exists its value is modified, otherwise a new label is created.
Keys must start with a lowercase character and contain only hyphens (-), underscores (_), lowercase characters, and numbers. Values must contain only hyphens (-), underscores (_), lowercase characters, and numbers.

--zone=ZONE

Zone of the instance to update. If not specified, you may be prompted to select a zone. gcloud will attempt to identify the zone by searching for resources in your project. If the zone cannot be determined, you will then be prompted with all Google Cloud Platform zones.
To avoid prompting when this flag is omitted, you can set the compute/zone property:

: $ gcloud config set compute/zone ZONE

A list of zones can be fetched by running:

: $ gcloud compute zones list

To unset the property, run:

: $ gcloud config unset compute/zone

Alternatively, the zone can be stored in the environment variable CLOUDSDK_COMPUTE_ZONE.

At most one of these may be specified:

--clear-labels

Remove all labels. If --update-labels is also specified then --clear-labels is applied first.
For example, to remove all labels:

: $ gcloud alpha compute instances update --clear-labels

To set the labels to exactly "foo" and "baz":

: $ gcloud alpha compute instances update --clear-labels \
--update-labels foo=bar,baz=qux

--remove-labels=[KEY,...]

List of label keys to remove. If a label does not exist it is silently ignored.

Shielded Instance Integrity Monitoring. At most one of these may be specified:

--[no-]shielded-integrity-monitoring: Enables monitoring and attestation of the boot integrity of the instance. The attestation is performed against the integrity policy baseline. This baseline is initially derived from the implicitly trusted boot image when the instance is created. This baseline can be updated by using --shielded-vm-learn-integrity-policy. Changes to this setting (via the update command) will only take effect after stopping and starting the instance. Use --shielded-integrity-monitoring to enable and --no-shielded-integrity-monitoring to disable.
--shielded-vm-integrity-monitoring: (DEPRECATED) Enables monitoring and attestation of the boot integrity of the instance. The attestation is performed against the integrity policy baseline. This baseline is initially derived from the implicitly trusted boot image when the instance is created. This baseline can be updated by using --shielded-vm-learn-integrity-policy. Changes to this setting (via the update command) will only take effect after stopping and starting the instance.
The --shielded-vm-integrity-monitoring flag is now deprecated. Please use --shielded-integrity-monitoring instead.

Shielded Instance Secure Boot. At most one of these may be specified:

--[no-]shielded-secure-boot: The instance will boot with secure boot enabled. Changes to this setting (via the update command) will only take effect after stopping and starting the instance. Use --shielded-secure-boot to enable and --no-shielded-secure-boot to disable.
--shielded-vm-secure-boot: (DEPRECATED) The instance will boot with secure boot enabled. Changes to this setting (via the update command) will only take effect after stopping and starting the instance.
The --shielded-vm-secure-boot flag is now deprecated. Please use --shielded-secure-boot instead.

Shielded Instance Learn Integrity Policy. At most one of these may be specified:

--shielded-learn-integrity-policy: Causes the instance to re-learn the integrity policy baseline using the current instance configuration. Use this flag after any planned boot-specific changes in the instance configuration, like kernel updates or kernel driver installation.
--shielded-vm-learn-integrity-policy: (DEPRECATED) Causes the instance to re-learn the integrity policy baseline using the current instance configuration. Use this flag after any planned boot-specific changes in the instance configuration, like kernel updates or kernel driver installation.
The --shielded-vm-learn-integrity-policy flag is now deprecated. Please use --shielded-learn-integrity-policy instead.

Shielded Instance vTPM. At most one of these may be specified:

--shielded-vm-vtpm: (DEPRECATED) The instance will boot with the TPM (Trusted Platform Module) enabled. A TPM is a hardware module that can be used for different security operations such as remote attestation, encryption and sealing of keys. Changes to this setting (via the update command) will only take effect after stopping and starting the instance.
The --shielded-vm-vtpm flag is now deprecated. Please use --shielded-vtpm instead.
--[no-]shielded-vtpm: The instance will boot with the TPM (Trusted Platform Module) enabled. A TPM is a hardware module that can be used for different security operations such as remote attestation, encryption and sealing of keys. Changes to this setting (via the update command) will only take effect after stopping and starting the instance. Use --shielded-vtpm to enable and --no-shielded-vtpm to disable.

GCLOUD WIDE FLAGS

These flags are available to all commands: --account, --configuration, --flags-file, --flatten, --format, --help, --log-http, --project, --quiet, --trace-token, --user-output-enabled, --verbosity. Run $ gcloud help for details.

NOTES

This command is currently in ALPHA and may change without notice. If this command fails with API permission errors despite specifying the right project, you will have to apply for early access and have your projects registered on the API whitelist to use it. To do so, contact Support at cloud.google.com/support These variants are also available:

: $ gcloud compute instances update $ gcloud beta compute instances update

gcloud_alpha_compute_instances_update • man page

gcloud_alpha_compute_instances_update • man page