anjuna-gcp-cli instance create

anjuna-gcp-cli instance create --instance <instance-name> --image <image-name> [OPTIONS…]

Creates a new Anjuna Confidential Container running on top of a Google Cloud Confidential VM (CVM).

The anjuna-gcp-cli instance create tool creates AMD SEV instances on Google Cloud. The instance create command will take a few minutes to complete.

Creating a Google Cloud CVM requires Google Cloud compatible disk images. See anjuna-gcp-cli disk create for a description of the tools needed to create disk images.

When a Google Cloud CVM instance is created, Google Cloud automatically creates a new boot disk from the specified image and attaches it to the instance. During its runtime, the instance uses the disk for ephemeral storage on an encrypted partition that cannot be accessed from outside of the instance. (For more details, read about encryption of a CVM’s disk.)

Use anjuna-gcp-cli instance delete to automatically delete the VM along with the attached boot disk.

Google Cloud resources are created within Projects. Thus, while working with Anjuna CLI commands that create or modify cloud resources, either a project needs to be specified explicitly using the --project flag, or the GOOGLE_DEFAULT_PROJECT environment variable needs to be set.

You must be logged in to a valid Google Cloud account before using this command. Use the gcloud auth list command to confirm that you are logged in to Google Cloud, or use gcloud init to initialize your gcloud session.

Options

Usage

anjuna-gcp-cli instance create --instance <instance-name> --image <image-name> [OPTIONS…]

`--image`

(Required) Image name to use for this instance

`--instance`

(Required) Name of the instance to create

`--machine`

Machine type to use; note that AMD SEV is supported on N2D instances (default: n2d-standard-2)

See N2D machine series for more information on the Google Cloud machine types.

`--network`

Network to use

By default, if neither --network nor --subnet are specified, the default network global/networks/default is used. If there is no default network, the command will error out.

If --subnet is specified and --network is not specified, the network is inferred from the subnet.

`--subnet`

Subnet to use

If --subnet is not specified, the behavior depends on the network mode:

In legacy mode, Google Cloud does not support subnets.
In auto subnet mode, Google Cloud automatically creates a subnet for each region.
In custom subnet mode, you create and manage subnets manually.

`--zone`

Zone to use for this instance (default: us-central1-a)

`--region`

Region to use for this instance (default: inferred from zone)

`--service-account`

Service Account to use

When a --service-account is specified, anjuna-gcp-cli automatically appends https://www.googleapis.com/auth/logging.write access scope to the list of requested scopes for use with Google Cloud Logging.

If you do not specify a --service-account and --scopes (see below), Google Cloud automatically assigns a default service account.

See this page on Service accounts for more information on their use.

`--scopes`

Comma separated list of Service Account Scopes to use; should be used with a service account.

See this page on Access scopes for more information on their use.

Global options

The following options are available for all anjuna-gcp-cli subcommands.

Global options

`-h, --help`

Prints the help information for the command

`--debug`

Prints debug messaging

`-v, --version`

Prints the anjuna-gcp-cli version

Exit status

0 on success
1 on error

Examples

$ anjuna-gcp-cli instance create \
    --instance anjuna-gcp-nginx-instance \
    --image anjuna-gcp-nginx-image

$ anjuna-gcp-cli instance create \
    --instance my-instance \
    --image my-image \
    --network my-network \
    --subnet my-subnetwork

$ anjuna-gcp-cli instance create \
    --service-account my-account@my-project.iam.gserviceaccount.com \
    --scopes=https://www.googleapis.com/auth/logging.write