anjuna-gcp-cli instance create
anjuna-gcp-cli instance create --instance <instance-name> --image <image-name> [OPTIONS…]
Creates a new Anjuna Confidential Container in a GCP Confidential VM.
The anjuna-gcp-cli instance create tool creates AMD SEV instances on Google Cloud.
Creating a GCP Confidential VM requires GCP compatible disk images. See anjuna-gcp-cli disk create for a description of the tools needed to create disk images.
When a GCP Confidential VM is created, GCP automatically creates a new boot disk from the specified image and attaches it to the instance. During its runtime, the instance uses the disk for persistent storage, changing the disk content.
|
Restarting the instance through the ANJ-ENCLAVE: The Confidential Container was started with a non-empty disk. Please follow the directions in the Anjuna documentation to delete the disk and create a new instance of the Confidential Container. Stopping the Confidential Container. |
Use anjuna-gcp-cli instance delete
to automatically delete the VM along with the attached boot disk.
GCP resources are created within Projects.
Thus, while working with Anjuna CLI commands that create or modify cloud resources,
either a project needs to be specified explicitly using the --project flag,
or the GOOGLE_DEFAULT_PROJECT environment variable needs to be set.
|
You must be logged in to a valid GCP account before using this command.
Use the gcloud auth list command to confirm that you are logged in to GCP,
or use gcloud init to initialize your gcloud session.
|
Options
--machine
Machine type to use; note that AMD SEV is supported on N2D instances (default: n2d-standard-2)
See N2D machine series for more information on the GCP machine types.
--network
Network to use
By default, if neither --network nor --subnet are specified,
the default network global/networks/default is used.
If there is no default network, the command will error out.
If --subnet is specified and --network is not specified,
the network is inferred from the subnet.
--subnet
Subnet to use
If --subnet is not specified, the behavior depends on the network mode:
-
In legacy mode, GCP does not support subnets.
-
In auto subnet mode, GCP automatically creates a subnet for each region.
-
In custom subnet mode, users create and manage subnets manually.
--service-account
Service Account to use
When a --service-account is specified,
anjuna-gcp-cli automatically appends https://www.googleapis.com/auth/logging.write access scope
to the list of requested scopes for use with GCP Cloud Logging.
If you do not specify a --service-account and --scopes (see below),
GCP automatically assigns
a default service account.
See https://cloud.google.com/compute/docs/access/service-accounts for more information on the use of service accounts.
--scopes
Comma separated list of Service Account Scopes to use; should be used with a service account
See https://cloud.google.com/compute/docs/access/service-accounts#accesscopesiam for more information on the use of access scopes.
Examples
$ anjuna-gcp-cli instance create \
--instance anjuna-gcp-nginx-instance \
--image anjuna-gcp-nginx-image$ anjuna-gcp-cli instance create \
--instance my-instance \
--image my-image \
--network my-network \
--subnet my-subnetwork$ anjuna-gcp-cli instance create \
--service-account my-account@my-project.iam.gserviceaccount.com \
--scopes=https://www.googleapis.com/auth/logging.read \
--scopes=https://www.googleapis.com/auth/logging.write