By using a combination of customimage familiesandrolling updates,you can enable one-click OS image upgrades on yourmanaged instance group (MIG).

Using the one-click OS image upgrade provides a number of benefits, including:

• Works with all VM machine types and all instance group sizes.
• Supports both Windows and Linux images and containers.
• Instances are recreated based on their current instance template, oroptionally, based on a new template, so you can preserve custom startupscripts and metadata.
• Works withstateful MIGs, soyou can optionally preserve data on non-boot disks.
• The rollout of an update to the new OS version happens automatically,without the need for additional user input after the initial request.
• Supports batch updates with an optional health check.

Before you begin

• If you haven't already, set upauthentication. Authentication verifies your identity for access to Google Cloud services and APIs. To run code or samples from a local development environment, you can authenticate to Compute Engine by selecting one of the following options:

  1. Install the Google Cloud CLI. After installation,initialize the Google Cloud CLI by running the following command:

     gcloudinit

     If you're using an external identity provider (IdP), you must first sign in to the gcloud CLI with your federated identity.

     Note: If you installed the gcloud CLI previously, make sure you have the latest version by runninggcloud components update.
  2. Set a default region and zone.

How does one-click OS image upgrade work?

When you invoke an update, the MIG replaces the boot disks for all VMs inthe group with the latest available OS image version from your custom imagefamily. The MIG preserves metadata and startup scripts that you set up in theinstance template for each VM in the group. Non-boot disks are recreated basedon their specification in the instance template. For information aboutpreserving data, seeConfiguring stateful disks in MIGs.

To limit application disruption, you can perform updatesin batches, keeping a specific percent of VMs running during the update. Toincrease reliability, you can configure an application-based health check foryour MIG: the group waits for a healthy response from an application on updatedVMs before proceeding with further updates to other VMs.

Note: Container-Optimized OS also supports one-clickauto-updates.

Before you begin

• Install or update to the latest version of theGoogle Cloud CLI.

• Make sure you havecreated an instance template that points to an image family. Google recommends that you usecustom image familiesto reduce the risk of rolling out an image version that is incompatible withyour application. You can ensure that only compatible image versions arerolled out by adding images to your custom image family only aftercompatibility testing with your application.

  When your instance template points to an image family, the MIG alwayscreates instances from the latest image in the family, for example:

  • When the MIG adds new instances because you or the MIG's autoscalerincreased the MIG's size.
  • When the MIG recreates an instance, triggered manually or by autohealing.
  Note: if you don't want the MIG to create instances from the latest image inan image family, create an instance template that points to a specificimage. When you want to use a newer version of the image, create a newinstance template that specifies the new image, then update the MIG with thenew template by using arolling update.

• Test the new image with your app before adding it to your image family androlling it out.

• Optionally,create an application-based health check for your MIG. An application-based health check verifies that yourapplication is responding as expected on each of the VMs in the MIG.You can configure your update to allow no more than one unavailable VM.If an application does not respond as expected, then the MIG marks that VMas unavailable, and your rollout does not proceed.

Performing one-click OS image upgrades for MIGs

To update all the VMs in a MIG to the latest image from a custom image family,complete the following steps:

1. Start a rolling replace with the following command.

   gcloud compute instance-groups managed rolling-action replaceinstance-group-name \    [--max-surge=max-surge ] [--max-unavailable=max-unavailable]

   Replace the following:

   • instance-group-name: the name of the MIG tooperate on.
   • max-surge: the maximum additional number ofVMs that can be temporarily created during the update process.This can be a fixed number (for example,5) or a percentage of thesize of the MIG (for example,10%).
   • max-unavailable: the maximum number of VMsthat can be unavailable during the update process. This can be a fixednumber (5) or a percentage of the size of the MIG (10%).

   You can combine health checks by using the--max-unavailable and--max-surgeoptionsto stop further updates if they cause VMs to become unavailable.

2. Monitor the update by using thewait-untilsubcommand to check that the MIG'sstatus.versionTarget.isReached field isset totrue.

   gcloud compute instance-groups managed wait-untilinstance-group-name --version-target-reached

   Replace the following:

   • instance-group-name: the name of the MIG tooperate on.

   The command returns when the group is updated.

   You can alsolist instancesto see each instance's status.

   gcloud compute instance-groups managed list-instancesinstance-group-name

   The command returns a list of instances and their details, includingstatus,health state,andcurrent actions for each VM. When all VMs areRUNNING and have no current action, thenthe MIG is up-to-date andstable.

3. In case you need to roll back to a previous OS image, you must create aninstance template and specify the image you want to use. Thenstart a rolling update to update all managed instances to use that template. For more information,seeRolling back an update.

Example

This example covers the following tasks:

1. Create an instance template for easy OS image updates:
   • Specify a customimage family in the instance template.
2. Create a MIG based on the template.
3. Set up a health check to limit disruption by an image update.
4. Add a new image to an image family.
5. Invoke an OS update with a single command.
6. Monitor the update.

Use the following steps to enable and perform one-click OS upgrades on a MIG:

1. Create an instance template that specifies a custom image family. The imagefamily should contain tested and trusted images. Each VM that the MIGcreates from the template uses the latest available image from this family.

   gcloud compute instance-templates create example-template \    --machine-type n1-standard-4 \    --image-family my-image-family \    --image-project my-project \    --tags=http-server

   Note: If you don't want the MIG to create instances from the latest image inan image family, create an instance template that points to a specificimage. When you want to use a newer version of the image, you must create anew instance template that specifies the new image, then update the MIG withthe new template by using a rolling update.
   • Arolling update updates the VM based on a latest version of the instance template that you set for the MIG.
   • Arolling replace replaces the VM and re-uses the managed instance's current instance template.

2. Create a MIG based on the instance template. This example starts the MIGwith three instances based onexample-template. Because the instancetemplate specifies an image family, the MIG creates each VM with thelatest image from the family.

   gcloud compute instance-groups managed create example-group \  --base-instance-name example \  --size 3 \  --zone us-east1-b \  --template example-template

3. Optional: Configure and enable an application-based health check. If yourapp doesn't respond after an image update, you can use the health checkstatus combined with themaxUnavailable setting to stop the MIG from further rollouts.

   1. Create a health check that looks for an HTTP200 response onthe request path/health. The GitHub app that is on each instanceserves that path.

      gcloud compute health-checks create http example-autohealer-check \    --check-interval 10 \    --timeout 5 \    --healthy-threshold 2 \    --unhealthy-threshold 3 \    --request-path "/health"

   2. Create a firewall rule to allow the health checker probes to access theinstances. The health checker probes come from addresses in the ranges:130.211.0.0/22 and35.191.0.0/16

      gcloud compute firewall-rules create default-allow-http-health-check \    --network default \    --allow tcp:80 \    --source-ranges 130.211.0.0/22,35.191.0.0/16

   3. Add the health check to your MIG.

      gcloud compute instance-groups managed update example-group \    --zone us-east1-b --health-check example-autohealer-check

4. When an update is available, tested, and determined to be compatible withyour app, create a new image, and use the--family flag to include thatimage in the custom image family.

   gcloud compute images my-image-v2 \    --source-disk boot-disk-1 \    --source-disk-zone us-central1-f \    --family my-image-family

   In this example, the latest image inmy-image-family is nowmy-image-v2,which is based on the source diskboot-disk-1.

5. Invoke a rolling replace to replace all VMs in the MIG. The MIG replaceseach VM based on the group's instance template. The instance templatespecifiesmy-image-family, so each VM gets the latest image in the family(my-image-v2).

   You canconfigure the level of disruption that the update causes. In this example, the MIGcreates one additional VM above the group's target size, and it does notremove any existing VMs until that one VM is up and running.

   gcloud compute instance-groups managed rolling-action replace example-group \    --max-surge 1 --max-unavailable 0

6. If you want to monitor the status of the updates, use thewait-until commandwith the--version-target-reached flag. The command returns whenthe group is updated.

   gcloud compute instance-groups managed wait-until --version-target-reached example-group \    --zone us-east1-Waiting for group to reach version target...Version target is reached

   You can also use thelist-instances commandto see thestatus,health state,current actions,instance template, and version for each VM.

   gcloud compute instance-groups managed list-instances example-group \    --zone us-east1-bNAME       ZONE        STATUS   HEALTH_STATE  ACTION     INSTANCE_TEMPLATE  VERSION_NAME                        LAST_ERRORtest-211p  us-east1-b  RUNNING  HEALTHY       NONE       example-template   0/2020-01-30 13:34:28.843377+00:00test-t5qb  us-east1-b  RUNNING  UNKNOWN       VERIFYING  example-template   0/2020-01-30 13:34:28.843377+00:00test-x331  us-east1-b  RUNNING  HEALTHY       NONE       example-template   0/2020-01-20 20:39:51.819399+00:00

7. If you need torollback to a previous image, use the following steps:

   1. Create a new instance template that specifies the image that you want.
   2. Start a rolling update to apply the instance template.

What's next

• Learn more aboutimage family best practices.
• Learn more aboutinstance groups.
• Learn more aboutinstance templates.
• Learn more aboutrolling updatesin MIGs.