Expand description
Note: Global instance templates can be used in any region. To lower the impact of outages outside your region and gain data residency within your region, use google_compute_region_instance_template.
Manages a VM instance template resource within GCE. For more information see the official documentation and API.
§Example Usage
resources:
default:
type: gcp:serviceaccount:Account
properties:
accountId: service-account-id
displayName: Service Account
defaultInstanceTemplate:
type: gcp:compute:InstanceTemplate
name: default
properties:
name: appserver-template
description: This template is used to create app server instances.
tags:
- foo
- bar
labels:
environment: dev
instanceDescription: description assigned to instances
machineType: e2-medium
canIpForward: false
scheduling:
automaticRestart: true
onHostMaintenance: MIGRATE
disks:
- sourceImage: debian-cloud/debian-11
autoDelete: true
boot: true
resourcePolicies: ${dailyBackup.id}
- source: ${foobar.name}
autoDelete: false
boot: false
networkInterfaces:
- network: default
metadata:
foo: bar
serviceAccount:
email: ${default.email}
scopes:
- cloud-platform
foobar:
type: gcp:compute:Disk
properties:
name: existing-disk
image: ${myImage.selfLink}
size: 10
type: pd-ssd
zone: us-central1-a
dailyBackup:
type: gcp:compute:ResourcePolicy
name: daily_backup
properties:
name: every-day-4am
region: us-central1
snapshotSchedulePolicy:
schedule:
dailySchedule:
daysInCycle: 1
startTime: 04:00
variables:
myImage:
fn::invoke:
function: gcp:compute:getImage
arguments:
family: debian-11
project: debian-cloud§Automatic Envoy Deployment
resources:
foobar:
type: gcp:compute:InstanceTemplate
properties:
name: appserver-template
machineType: e2-medium
canIpForward: false
tags:
- foo
- bar
disks:
- sourceImage: ${myImage.selfLink}
autoDelete: true
boot: true
networkInterfaces:
- network: default
scheduling:
preemptible: false
automaticRestart: true
metadata:
gce-software-declaration: |
{
"softwareRecipes": [{
"name": "install-gce-service-proxy-agent",
"desired_state": "INSTALLED",
"installSteps": [{
"scriptRun": {
"script": "#! /bin/bash\nZONE=$(curl --silent http://metadata.google.internal/computeMetadata/v1/instance/zone -H Metadata-Flavor:Google | cut -d/ -f4 )\nexport SERVICE_PROXY_AGENT_DIRECTORY=$(mktemp -d)\nsudo gsutil cp gs://gce-service-proxy-"$ZONE"/service-proxy-agent/releases/service-proxy-agent-0.2.tgz "$SERVICE_PROXY_AGENT_DIRECTORY" || sudo gsutil cp gs://gce-service-proxy/service-proxy-agent/releases/service-proxy-agent-0.2.tgz "$SERVICE_PROXY_AGENT_DIRECTORY"\nsudo tar -xzf "$SERVICE_PROXY_AGENT_DIRECTORY"/service-proxy-agent-0.2.tgz -C "$SERVICE_PROXY_AGENT_DIRECTORY"\n"$SERVICE_PROXY_AGENT_DIRECTORY"/service-proxy-agent/service-proxy-agent-bootstrap.sh"
}
}]
}]
}
gce-service-proxy: |
{
"api-version": "0.2",
"proxy-spec": {
"proxy-port": 15001,
"network": "my-network",
"tracing": "ON",
"access-log": "/var/log/envoy/access.log"
}
"service": {
"serving-ports": [80, 81]
},
"labels": {
"app_name": "bookserver_app",
"app_version": "STABLE"
}
}
enable-guest-attributes: 'true'
enable-osconfig: 'true'
serviceAccount:
email: ${default.email}
scopes:
- cloud-platform
labels:
gce-service-proxy: on
variables:
default:
fn::invoke:
function: gcp:compute:getDefaultServiceAccount
arguments: {}
myImage:
fn::invoke:
function: gcp:compute:getImage
arguments:
family: debian-11
project: debian-cloud§Confidential Computing
Example with Confidential Mode activated.
use pulumi_wasm_rust::Output;
use pulumi_wasm_rust::{add_export, pulumi_main};
#[pulumi_main]
fn test_main() -> Result<(), Error> {
let confidentialInstanceTemplate = instance_template::create(
"confidentialInstanceTemplate",
InstanceTemplateArgs::builder()
.confidential_instance_config(
InstanceTemplateConfidentialInstanceConfig::builder()
.confidentialInstanceType("SEV")
.enableConfidentialCompute(true)
.build_struct(),
)
.disks(
vec![
InstanceTemplateDisk::builder()
.sourceImage("ubuntu-os-cloud/ubuntu-2004-lts").build_struct(),
],
)
.machine_type("n2d-standard-2")
.min_cpu_platform("AMD Milan")
.name("my-confidential-instance-template")
.network_interfaces(
vec![
InstanceTemplateNetworkInterface::builder()
.accessConfigs(vec![InstanceTemplateNetworkInterfaceAccessConfig::builder()
.build_struct(),]).network("default").build_struct(),
],
)
.region("us-central1")
.service_account(
InstanceTemplateServiceAccount::builder()
.email("${default.email}")
.scopes(vec!["cloud-platform",])
.build_struct(),
)
.build_struct(),
);
let default = account::create(
"default",
AccountArgs::builder()
.account_id("my-custom-sa")
.display_name("Custom SA for VM Instance")
.build_struct(),
);
}§Deploying the Latest Image
A common way to use instance templates and managed instance groups is to deploy the latest image in a family, usually the latest build of your application. There are two ways to do this in the provider, and they have their pros and cons. The difference ends up being in how “latest” is interpreted. You can either deploy the latest image available when the provider runs, or you can have each instance check what the latest image is when it’s being created, either as part of a scaling event or being rebuilt by the instance group manager.
If you’re not sure, we recommend deploying the latest image available when the provider runs,
because this means all the instances in your group will be based on the same image, always,
and means that no upgrades or changes to your instances happen outside of a pulumi up.
You can achieve this by using the gcp.compute.Image
data source, which will retrieve the latest image on every pulumi apply, and will update
the template to use that specific image:
resources:
instanceTemplate:
type: gcp:compute:InstanceTemplate
name: instance_template
properties:
namePrefix: instance-template-
machineType: e2-medium
region: us-central1
disks:
- sourceImage: ${myImage.selfLink}
variables:
myImage:
fn::invoke:
function: gcp:compute:getImage
arguments:
family: debian-11
project: debian-cloudTo have instances update to the latest on every scaling event or instance re-creation, use the family as the image for the disk, and it will use GCP’s default behavior, setting the image for the template to the family:
use pulumi_wasm_rust::Output;
use pulumi_wasm_rust::{add_export, pulumi_main};
#[pulumi_main]
fn test_main() -> Result<(), Error> {
let instanceTemplate = instance_template::create(
"instanceTemplate",
InstanceTemplateArgs::builder()
.disks(
vec![
InstanceTemplateDisk::builder().sourceImage("debian-cloud/debian-11")
.build_struct(),
],
)
.machine_type("e2-medium")
.name_prefix("instance-template-")
.region("us-central1")
.build_struct(),
);
}§Import
Instance templates can be imported using any of these accepted formats:
-
projects/{{project}}/global/instanceTemplates/{{name}} -
{{project}}/{{name}} -
{{name}}
When using the pulumi import command, instance templates can be imported using one of the formats above. For example:
$ pulumi import gcp:compute/instanceTemplate:InstanceTemplate default projects/{{project}}/global/instanceTemplates/{{name}}$ pulumi import gcp:compute/instanceTemplate:InstanceTemplate default {{project}}/{{name}}$ pulumi import gcp:compute/instanceTemplate:InstanceTemplate default {{name}}Structs§
- Use builder syntax to set the inputs and finish with
build_struct().
Functions§
- Registers a new resource with the given unique name and arguments