gcloud_beta_compute_instances_update • man page

gcloud_beta_compute_instances_update (1)

NAME

: gcloud beta compute instances update - update a Google Compute Engine virtual machine

SYNOPSIS

gcloud beta compute instances update INSTANCE_NAME [--[no-]deletion-protection] [--min-cpu-platform=PLATFORM] [--update-labels=[KEY=VALUE,...]] [--zone=ZONE] [--clear-labels | --remove-labels=[KEY,...]] [--[no-]shielded-integrity-monitoring | --shielded-vm-integrity-monitoring] [--[no-]shielded-secure-boot | --shielded-vm-secure-boot] [--shielded-learn-integrity-policy | --shielded-vm-learn-integrity-policy] [--shielded-vm-vtpm | --[no-]shielded-vtpm] [GCLOUD_WIDE_FLAG ...]

DESCRIPTION

(BETA) gcloud beta compute instances update updates labels and

requested CPU Platform for a Google Compute Engine virtual machine. For example:

: $ gcloud beta compute instances update example-instance \
--zone us-central1-a --update-labels=k0=value1,k1=value2 \
--remove-labels=k3

will add/update labels k0 and k1 and remove labels with key k3.
Labels can be used to identify the instance and to filter them as in

: $ gcloud beta compute instances list --filter='labels.k1:value2'

To list existing labels

: $ gcloud beta compute instances describe example-instance \
--format='default(labels)'

POSITIONAL ARGUMENTS

INSTANCE_NAME: Name of the instance to update.

FLAGS

--[no-]deletion-protection

Enables deletion protection for the instance. Use --deletion-protection to enable and --no-deletion-protection to disable.

--min-cpu-platform=PLATFORM

When specified, the VM will be scheduled on host with specified CPU architecture or a newer one. To list available CPU platforms in given zone, run:

: $ gcloud beta compute zones describe ZONE \
--format="value(availableCpuPlatforms)"

Default setting is "AUTOMATIC".
CPU platform selection is available only in selected zones.
You can find more information on-line: cloud.google.com/compute/docs/instances/specify-min-cpu-platform

--update-labels=[KEY=VALUE,...]

List of label KEY=VALUE pairs to update. If a label exists its value is modified, otherwise a new label is created.
Keys must start with a lowercase character and contain only hyphens (-), underscores (_), lowercase characters, and numbers. Values must contain only hyphens (-), underscores (_), lowercase characters, and numbers.

--zone=ZONE

Zone of the instance to update. If not specified, you may be prompted to select a zone. gcloud will attempt to identify the zone by searching for resources in your project. If the zone cannot be determined, you will then be prompted with all Google Cloud Platform zones.
To avoid prompting when this flag is omitted, you can set the compute/zone property:

: $ gcloud config set compute/zone ZONE

A list of zones can be fetched by running:

: $ gcloud compute zones list

To unset the property, run:

: $ gcloud config unset compute/zone

Alternatively, the zone can be stored in the environment variable CLOUDSDK_COMPUTE_ZONE.

At most one of these may be specified:

--clear-labels

Remove all labels. If --update-labels is also specified then --clear-labels is applied first.
For example, to remove all labels:

: $ gcloud beta compute instances update --clear-labels

To set the labels to exactly "foo" and "baz":

: $ gcloud beta compute instances update --clear-labels \
--update-labels foo=bar,baz=qux

--remove-labels=[KEY,...]

List of label keys to remove. If a label does not exist it is silently ignored.

Shielded Instance Integrity Monitoring. At most one of these may be specified:

--[no-]shielded-integrity-monitoring: Enables monitoring and attestation of the boot integrity of the instance. The attestation is performed against the integrity policy baseline. This baseline is initially derived from the implicitly trusted boot image when the instance is created. This baseline can be updated by using --shielded-vm-learn-integrity-policy. Changes to this setting (via the update command) will only take effect after stopping and starting the instance. Use --shielded-integrity-monitoring to enable and --no-shielded-integrity-monitoring to disable.
--shielded-vm-integrity-monitoring: (DEPRECATED) Enables monitoring and attestation of the boot integrity of the instance. The attestation is performed against the integrity policy baseline. This baseline is initially derived from the implicitly trusted boot image when the instance is created. This baseline can be updated by using --shielded-vm-learn-integrity-policy. Changes to this setting (via the update command) will only take effect after stopping and starting the instance.
The --shielded-vm-integrity-monitoring flag is now deprecated. Please use --shielded-integrity-monitoring instead.

Shielded Instance Secure Boot. At most one of these may be specified:

--[no-]shielded-secure-boot: The instance will boot with secure boot enabled. Changes to this setting (via the update command) will only take effect after stopping and starting the instance. Use --shielded-secure-boot to enable and --no-shielded-secure-boot to disable.
--shielded-vm-secure-boot: (DEPRECATED) The instance will boot with secure boot enabled. Changes to this setting (via the update command) will only take effect after stopping and starting the instance.
The --shielded-vm-secure-boot flag is now deprecated. Please use --shielded-secure-boot instead.

Shielded Instance Learn Integrity Policy. At most one of these may be specified:

--shielded-learn-integrity-policy: Causes the instance to re-learn the integrity policy baseline using the current instance configuration. Use this flag after any planned boot-specific changes in the instance configuration, like kernel updates or kernel driver installation.
--shielded-vm-learn-integrity-policy: (DEPRECATED) Causes the instance to re-learn the integrity policy baseline using the current instance configuration. Use this flag after any planned boot-specific changes in the instance configuration, like kernel updates or kernel driver installation.
The --shielded-vm-learn-integrity-policy flag is now deprecated. Please use --shielded-learn-integrity-policy instead.

Shielded Instance vTPM. At most one of these may be specified:

--shielded-vm-vtpm: (DEPRECATED) The instance will boot with the TPM (Trusted Platform Module) enabled. A TPM is a hardware module that can be used for different security operations such as remote attestation, encryption and sealing of keys. Changes to this setting (via the update command) will only take effect after stopping and starting the instance.
The --shielded-vm-vtpm flag is now deprecated. Please use --shielded-vtpm instead.
--[no-]shielded-vtpm: The instance will boot with the TPM (Trusted Platform Module) enabled. A TPM is a hardware module that can be used for different security operations such as remote attestation, encryption and sealing of keys. Changes to this setting (via the update command) will only take effect after stopping and starting the instance. Use --shielded-vtpm to enable and --no-shielded-vtpm to disable.

GCLOUD WIDE FLAGS

These flags are available to all commands: --account, --configuration, --flags-file, --flatten, --format, --help, --log-http, --project, --quiet, --trace-token, --user-output-enabled, --verbosity. Run $ gcloud help for details.

NOTES

This command is currently in BETA and may change without notice. These variants are also available:

: $ gcloud compute instances update $ gcloud alpha compute instances update

gcloud_beta_compute_instances_update • man page

gcloud_beta_compute_instances_update • man page

gcloud_beta_compute_instances_update (1)

NAME

SYNOPSIS

DESCRIPTION

POSITIONAL ARGUMENTS

FLAGS

GCLOUD WIDE FLAGS

NOTES

Installed via

Man Section