gcloud alpha workstations configs create - create a workstation configuration

gcloud alpha workstations configs create(CONFIG :--cluster=CLUSTER--region=REGION)[--allow-unauthenticated-cors-preflight-requests][--allowed-ports=[ALLOWED_PORTS,…]][--async][--boost-config=[BOOST_CONFIG,…]][--boot-disk-size=BOOT_DISK_SIZE; default=50][--container-args=[CONTAINER_ARGS,…]][--container-command=[CONTAINER_COMMAND,…]][--container-env=[CONTAINER_ENV,…]][--container-run-as-user=CONTAINER_RUN_AS_USER][--container-working-dir=CONTAINER_WORKING_DIR][--disable-localhost-replacement][--disable-public-ip-addresses][--disable-ssh-to-vm][--disable-tcp-connections][--enable-audit-agent][--enable-confidential-compute][--enable-nested-virtualization][--enable-ssh-to-vm][--ephemeral-directory=[PROPERTY=VALUE,…]][--grant-workstation-admin-role-on-create][--idle-timeout=IDLE_TIMEOUT; default=7200][--instance-metadata=[INSTANCE_METADATA,…]][--labels=[LABELS,…]][--machine-type=MACHINE_TYPE; default="e2-standard-4"][--max-usable-workstations-count=MAX_USABLE_WORKSTATIONS_COUNT][--network-tags=[NETWORK_TAGS,…]][--pool-size=POOL_SIZE][--replica-zones=[REPLICA_ZONES,…]][--reservation-affinity=[RESERVATION_AFFINITY,…]][--running-timeout=RUNNING_TIMEOUT; default=7200][--service-account=SERVICE_ACCOUNT][--service-account-scopes=[SERVICE_ACCOUNT_SCOPES,…]][--shielded-integrity-monitoring][--shielded-secure-boot][--shielded-vtpm][--startup-script-uri=STARTUP_SCRIPT_URI][--vm-tags=[VM_TAGS,…]][--accelerator-count=ACCELERATOR_COUNT :--accelerator-type=ACCELERATOR_TYPE][--container-custom-image=CONTAINER_CUSTOM_IMAGE    |--container-predefined-image=CONTAINER_PREDEFINED_IMAGE; default="codeoss"][--kms-key=KMS_KEY :--kms-key-service-account=KMS_KEY_SERVICE_ACCOUNT][--no-persistent-storage    |--disk-reclaim-policy=DISK_RECLAIM_POLICY; default="delete"--disk-type=DISK_TYPE--disk-size=DISK_SIZE    |--disk-source-snapshot=DISK_SOURCE_SNAPSHOT    |--pd-disk-type=PD_DISK_TYPE; default="pd-standard"--pd-reclaim-policy=PD_RECLAIM_POLICY; default="delete"--pd-disk-size=PD_DISK_SIZE; default=200    |--pd-source-snapshot=PD_SOURCE_SNAPSHOT][GCLOUD_WIDE_FLAG …]

gcloudalphaworkstationsconfigscreateCONFIG--machine-type=e2-standard-8--container-predefined-image=intellij

To create a configuration with a Shielded VM instance that enables Secure Boot,virtual trusted platform module (vTPM) and integrity monitoring, run:

gcloudalphaworkstationsconfigscreateCONFIG--machine-type=e2-standard-4--shielded-secure-boot--shielded-vtpm--shielded-integrity-monitoring

To create a configuration with a non-default persistent disk containing 10GB ofPD SSD storage, run:

gcloudalphaworkstationsconfigscreateCONFIG--machine-type=e2-standard-4--pd-disk-type=pd-ssd--pd-disk-size=10

Config resource - The group of arguments defining a config The arguments in thisgroup can be used to specify the attributes of this resource. (NOTE) Someattributes are not given arguments in this group but can be set in other ways.

To set theproject attribute:

• provide the argumentconfig on the command line with a fullyspecified name;
• provide the argument--project on the command line;
• set the propertycore/project.

This must be specified.

CONFIG

ID of the config or fully qualified identifier for the config.

To set theconfig attribute:

• provide the argumentconfig on the command line.

This positional argument must be specified if any of the other arguments in thisgroup are specified.

--cluster=CLUSTER

The cluster for the config.

To set thecluster attribute:

• provide the argumentconfig on the command line with a fullyspecified name;
• provide the argument--cluster on the command line;
• set the propertyworkstations/cluster.

--region=REGION

The region for the config.

To set theregion attribute:

• provide the argumentconfig on the command line with a fullyspecified name;
• provide the argument--region on the command line;
• set the propertyworkstations/region.

--allow-unauthenticated-cors-preflight-requests

By default, the workstations service makes sure that all requests to theworkstation are authenticated. CORS preflight requests do not include cookies orcustom headers, and so are considered unauthenticated and blocked by theworkstations service. Enabling this option allows these unauthenticated CORSpreflight requests through to the workstation, where it becomes theresponsibility of the destination server in the workstation to validate therequest

--allowed-ports=[ALLOWED_PORTS,…]

A Single or Range of ports externally accessible in the workstation. If notspecified defaults to ports 22, 80 and ports 1024-65535.

To specify a single port, both first and last should be same.

Example:

gcloudalphaworkstationsconfigscreate--allowed-ports=first=9000,last=9090gcloudalphaworkstationsconfigscreate--allowed-ports=first=80,last=80

Setsallowed_ports value.

first

Required, setsfirst value.

last

Required, setslast value.

Shorthand Example:

--allowed-ports=first=int,last=int

JSON Example:

--allowed-ports='{"first": int, "last": int}'

File Example:

--allowed-ports=path_to_file.(yaml|json)

--async

Return immediately, without waiting for the operation in progress to complete.

--boost-config=[BOOST_CONFIG,…]

Boost Configuration(s) that workstations running with this configuration canboost up to. This includes id (required), machine-type, accelerator-type,accelerator-count, pool-size, boot-disk-size, and enable-nested-virtualization.

Example:

gcloudalphaworkstationsconfigscreate--boost-config=id=boost1,machine-type=n1-standard-4,accelerator-type=nvidia-tesla-t4,accelerator-count=1

Setsboost_config value.

accelerator-count

Setsaccelerator-count value.

accelerator-type

Setsaccelerator-type value.

boot-disk-size

Setsboot-disk-size value.

enable-nested-virtualization

Setsenable-nested-virtualization value.

id

Required, setsid value.

machine-type

Setsmachine-type value.

pool-size

Setspool-size value.

reservation-affinity

Setsreservation-affinity value.

consume-reservation-type

Setsconsume-reservation-type value.

key

Setskey value.

values

Setsvalues value.

Shorthand Example:

--boost-config=accelerator-count=int,accelerator-type=string,boot-disk-size=int,enable-nested-virtualization=boolean,id=string,machine-type=string,pool-size=int,reservation-affinity={consume-reservation-type=string,key=string,values}

JSON Example:

--boost-config='{"accelerator-count": int, "accelerator-type": "string", "boot-disk-size": int, "enable-nested-virtualization": boolean, "id": "string", "machine-type": "string", "pool-size": int, "reservation-affinity": {"consume-reservation-type": "string", "key": "string", "values"}}'

File Example:

--boost-config=path_to_file.(yaml|json)

--boot-disk-size=BOOT_DISK_SIZE; default=50

Size of the boot disk in GB.

--container-args=[CONTAINER_ARGS,…]

Arguments passed to the entrypoint.

Example:

gcloudalphaworkstationsconfigscreate--container-args=arg_1,arg_2

--container-command=[CONTAINER_COMMAND,…]

If set, overrides the default ENTRYPOINT specified by the image.

Example:

gcloudalphaworkstationsconfigscreate--container-command=executable,parameter_1,parameter_2

--container-env=[CONTAINER_ENV,…]

Environment variables passed to the container.

Example:

gcloudalphaworkstationsconfigscreate--container-env=key1=value1,key2=value2

--container-run-as-user=CONTAINER_RUN_AS_USER

If set, overrides the USER specified in the image with the given uid.

--container-working-dir=CONTAINER_WORKING_DIR

If set, overrides the default DIR specified by the image.

--disable-localhost-replacement

By default, the workstations service replaces references to localhost,127.0.0.1, and 0.0.0.0 with the workstation's hostname in http responses fromthe workstation so that applications under development run properly on theworkstation. This may intefere with some applications, and so this option allowsthat behavior to be disabled.

--disable-public-ip-addresses

Default value is false. If set, instances will have no public IP address.

--disable-ssh-to-vm

(DEPRECATED) Default value is False. If set, workstations disable SSHconnections to the root VM.

The --disable-ssh-to-vm option is deprecated; use --enable-ssh-to-vm instead.

--disable-tcp-connections

Default value is false. If set, workstations don't allow plain TCP connections.

--enable-audit-agent

Whether to enable Linuxauditd logging on the workstation. Whenenabled, a service account must also be specified that haslogging.buckets.write permission on the project.

--enable-confidential-compute

Default value is false. If set, instances will have confidential computeenabled.

--enable-nested-virtualization

Default value is false. If set, instances will have nested virtualizationenabled.

--enable-ssh-to-vm

Default value is False. If set, workstations enable SSH connections to the rootVM.

--ephemeral-directory=[PROPERTY=VALUE,…]

Ephemeral directory which won't persist across workstation sessions. Anephemeral directory is backed by a Compute Engine persistent disk whosemount-path, source-snapshot, source-image, and read-only are configurable.

mount-path

Location of this directory in the running workstation.

source-snapshot

Name of the snapshot to use as the source for the disk. Must be empty if[source_image][] is set. Must be empty if [read_only][] is false. Updating[source_snapshot][] will update content in the ephemeral directory after theworkstation is restarted.

source-image

Name of the disk image to use as the source for the disk. Must be empty if[source_snapshot][] is set. Updating [source_image][] will update content in theephemeral directory after the workstation is restarted.

read-only

Whether the disk is read only. If true, the disk may be shared by multiple VMsand [source_snapshot][] must be set. Set to false when not specified and truewhen specified.

Example:

gcloudalphaworkstationsconfigscreate--ephemeral-directory="mount-path=/home2,disk-type=pd-balanced,source-snapshot=projects/my-project/global/snapshots/snapshot,read-only=true"

--grant-workstation-admin-role-on-create

Default value is false. If set, creator of a workstation will getroles/workstations.policyAdmin role along withroles/workstations.user role on the workstation created by them.

--idle-timeout=IDLE_TIMEOUT; default=7200

How long (in seconds) to wait before automatically stopping an instance thathasn't received any user traffic. A value of 0 indicates that this instanceshould never time out due to idleness.

--instance-metadata=[INSTANCE_METADATA,…]

Custom metadata to apply to Compute Engine instances.

Example:

gcloudalphaworkstationsconfigscreate--instance-metadata=key1=value1,key2=value2

--labels=[LABELS,…]

Labels that are applied to the configuration and propagated to the underlyingCompute Engine resources.

Example:

gcloudalphaworkstationsconfigscreate--labels=label1=value1,label2=value2

--machine-type=MACHINE_TYPE; default="e2-standard-4"

Machine type determines the specifications of the Compute Engine machines thatthe workstations created under this configuration will run on.

--max-usable-workstations-count=MAX_USABLE_WORKSTATIONS_COUNT

Maximum number of workstations under this configuration a user can haveworkstations.workstation.use permission on.

If not specified, defaults to0, which indicates a user can haveunlimited number of workstations under this configuration.

--network-tags=[NETWORK_TAGS,…]

Network tags to add to the Google Compute Engine machines backing theWorkstations.

Example:

gcloudalphaworkstationsconfigscreate--network-tags=tag_1,tag_2

--pool-size=POOL_SIZE

Number of instances to pool for faster Workstation startup.

--replica-zones=[REPLICA_ZONES,…]

Specifies the zones the VM and disk resources will be replicated within theregion. If set, exactly two zones within the workstation cluster's region mustbe specified.

Example:

gcloudalphaworkstationsconfigscreate--replica-zones=us-central1-a,us-central1-f

--reservation-affinity=[RESERVATION_AFFINITY,…]

Reservation Affinity for the VM. This includes key, values, andconsumeReservationType.

Example: $ gcloud alpha workstations configs create \--reservation-affinity=key=compute.googleapis.com/\reservation-name,consumeReservationType=SPECIFIC_RESERVATION,\values=my-reservation

Setsreservation_affinity value.

consume-reservation-type

Setsconsume-reservation-type value.

key

Setskey value.

values

Setsvalues value.

Shorthand Example:

--reservation-affinity=consume-reservation-type=string,key=string,values

JSON Example:

--reservation-affinity='{"consume-reservation-type": "string", "key": "string", "values"}'

File Example:

--reservation-affinity=path_to_file.(yaml|json)

--running-timeout=RUNNING_TIMEOUT; default=7200

How long (in seconds) to wait before automatically stopping a workstation afterit started. A value of 0 indicates that workstations using this config shouldnever time out.

--service-account=SERVICE_ACCOUNT

Email address of the service account that will be used on VM instances used tosupport this config. This service account must have permission to pull thespecified container image. If not set, VMs will run without a service account,in which case the image must be publicly accessible.

--service-account-scopes=[SERVICE_ACCOUNT_SCOPES,…]

Scopes to grant to the service_account. Various scopes are automatically addedbased on feature usage. When specified, users of workstations under thisconfiguration must have iam.serviceAccounts.actAs on the service account.

--shielded-integrity-monitoring

Default value is false. If set, instances will have integrity monitoringenabled.

--shielded-secure-boot

Default value is false. If set, instances will have Secure Boot enabled.

--shielded-vtpm

Default value is false. If set, instances will have vTPM enabled.

--startup-script-uri=STARTUP_SCRIPT_URI

Link to the startup script stored in Cloud Storage. The script is executed onthe workstation VM after it is booted.

Example:

gcloudalphaworkstationsconfigscreate--startup-script-uri=gs://{bucket-name}/{object-name}

--vm-tags=[VM_TAGS,…]

Resource manager tags to be bound to the instance. Tag keys and values have thesame definition ashttps://cloud.google.com/resource-manager/docs/tags/tags-overview

Example:

gcloudalphaworkstationsconfigscreate--vm-tags=tagKeys/key1=tagValues/value1,tagKeys/key2=tagValues/value2

Accelerator settings

--accelerator-count=ACCELERATOR_COUNT

The number of accelerator cards exposed to the instance.

This flag argument must be specified if any of the other arguments in this groupare specified.

--accelerator-type=ACCELERATOR_TYPE

The type of accelerator resource to attach to the instance, for example,"nvidia-tesla-p100".

At most one of these can be specified:

--container-custom-image=CONTAINER_CUSTOM_IMAGE

A docker image for the workstation. This image must be accessible by the serviceaccount configured in this configuration (--service-account). If no serviceaccount is defined, this image must be public.

--container-predefined-image=CONTAINER_PREDEFINED_IMAGE; default="codeoss"

Code editor on base images.CONTAINER_PREDEFINED_IMAGEmust be one of:

base-image

Base image - no IDE

clion

CLion

codeoss

Code OSS

codeoss-cuda

Code OSS + CUDA toolkit

goland

GoLand

intellij

IntelliJ IDEA Ultimate

phpstorm

PhpStorm

pycharm

PyCharm Professional

rider

Rider

rubymine

RubyMine

webstorm

WebStorm

Encryption key settings

--kms-key=KMS_KEY

The customer-managed encryption key to use for this config. If not specified, aGoogle-managed encryption key is used.

This flag argument must be specified if any of the other arguments in this groupare specified.

--kms-key-service-account=KMS_KEY_SERVICE_ACCOUNT

The service account associated with the provided customer-managed encryptionkey.

At most one of these can be specified:

--no-persistent-storage

If set, workstations under this configuration will not have a persistentdirectory.

Or at least one of these can be specified:

--disk-reclaim-policy=DISK_RECLAIM_POLICY; default="delete"

What should happen to the disk after the Workstation is deleted.DISK_RECLAIM_POLICY must be one of:

delete

The persistent disk will be deleted with the Workstation.

retain

The persistent disk will be remain after the workstation is deleted and theadministrator must manually delete the disk.

--disk-type=DISK_TYPE

Type of the persistent directory.DISK_TYPE must be oneof:pd-standard,pd-balanced,pd-ssd,hyperdisk-balanced-ha.

At most one of these can be specified:

--disk-size=DISK_SIZE

Size of the persistent directory in GB.DISK_SIZE mustbe one of:10,50,100,200,500,1000.

--disk-source-snapshot=DISK_SOURCE_SNAPSHOT

Name of the snapshot to use as the source for the home disk.

Or at least one of these can be specified:

--pd-disk-type=PD_DISK_TYPE; default="pd-standard"

Type of the persistent directory.PD_DISK_TYPE must beone of:pd-standard,pd-balanced,pd-ssd.

--pd-reclaim-policy=PD_RECLAIM_POLICY; default="delete"

What should happen to the disk after the Workstation is deleted.PD_RECLAIM_POLICY must be one of:

delete

The persistent disk will be deleted with the Workstation.

retain

The persistent disk will be remain after the workstation is deleted and theadministrator must manually delete the disk.

At most one of these can be specified:

--pd-disk-size=PD_DISK_SIZE; default=200

Size of the persistent directory in GB.PD_DISK_SIZEmust be one of:10,50,100,200,500,1000.

--pd-source-snapshot=PD_SOURCE_SNAPSHOT

Name of the snapshot to use as the source for the home disk.

Run$gcloud help for details.