NAME
    gcloud compute machine-images create - create a Compute Engine machine
        image

SYNOPSIS
    gcloud compute machine-images create IMAGE
        --source-instance=SOURCE_INSTANCE [--csek-key-file=FILE]
        [--description=DESCRIPTION] [--guest-flush]
        [--no-require-csek-key-create]
        [--resource-manager-tags=[KEY=VALUE,...]]
        [--source-disk-csek-key=[PROPERTY=VALUE,...]]
        [--source-instance-zone=SOURCE_INSTANCE_ZONE]
        [--storage-location=LOCATION]
        [--kms-key=KMS_KEY : --kms-keyring=KMS_KEYRING
          --kms-location=KMS_LOCATION --kms-project=KMS_PROJECT]
        [GCLOUD_WIDE_FLAG ...]

DESCRIPTION
    Create a Compute Engine machine image.

EXAMPLES
    To create a machine image, run:

        $ gcloud compute machine-images create my-machine-image \
            --source-instance=example-source \
            --source-instance-zone=us-central1-a

POSITIONAL ARGUMENTS
     IMAGE
        Name of the machineImage to create.

REQUIRED FLAGS
     --source-instance=SOURCE_INSTANCE
        The source instance to create a machine image from.

OPTIONAL FLAGS
     --csek-key-file=FILE
        Path to a Customer-Supplied Encryption Key (CSEK) key file that maps
        Compute Engine machine images to user managed keys to be used when
        creating, mounting, or taking snapshots of disks.

        If you pass - as value of the flag, the CSEK is read from stdin. See
        https://cloud.google.com/compute/docs/disks/customer-supplied-encryption
        for more details.

     --description=DESCRIPTION
        Specifies a text description of the machine image.

     --guest-flush
        Create an application-consistent machine image by informing the OS to
        prepare for the snapshot process.

     --require-csek-key-create
        Refuse to create machine images not protected by a user managed key in
        the key file when --csek-key-file is given. This behavior is enabled by
        default to prevent incorrect gcloud invocations from accidentally
        creating machine images with no user managed key. Disabling the check
        allows creation of some machine images without a matching
        Customer-Supplied Encryption Key in the supplied --csek-key-file. See
        https://cloud.google.com/compute/docs/disks/customer-supplied-encryption
        for more details. Enabled by default, use --no-require-csek-key-create
        to disable.

     --resource-manager-tags=[KEY=VALUE,...]
        A comma-separated list of Resource Manager tags to apply to the machine
        image.

     --source-disk-csek-key=[PROPERTY=VALUE,...]
        Customer-supplied encryption key of the disk attached to the source
        instance. Required if the source disk is protected by a
        customer-supplied encryption key. This flag can be repeated to specify
        multiple attached disks.

         disk
            URL of the disk attached to the source instance. This can be a full
            or valid partial URL

         csek-key-file
            path to customer-supplied encryption key.

     --source-instance-zone=SOURCE_INSTANCE_ZONE
        Zone of the instance to operate on. If not specified and the
        compute/zone property isn't set, you might be prompted to select a zone
        (interactive mode only).

        To avoid prompting when this flag is omitted, you can set the
        compute/zone property:

            $ gcloud config set compute/zone ZONE

        A list of zones can be fetched by running:

            $ gcloud compute zones list

        To unset the property, run:

            $ gcloud config unset compute/zone

        Alternatively, the zone can be stored in the environment variable
        CLOUDSDK_COMPUTE_ZONE.

     --storage-location=LOCATION
        Google Cloud Storage location, either regional or multi-regional, where
        machine image's content is to be stored. If absent, a nearby regional
        or multi-regional location is chosen automatically.

     Key resource - The Cloud KMS (Key Management Service) cryptokey that will
     be used to protect the machine image. The 'Compute Engine Service Agent'
     service account must hold permission 'Cloud KMS CryptoKey
     Encrypter/Decrypter'. The arguments in this group can be used to specify
     the attributes of this resource.

     --kms-key=KMS_KEY
        ID of the key or fully qualified identifier for the key.

        To set the kms-key attribute:
        ◆ provide the argument --kms-key on the command line.

        This flag argument must be specified if any of the other arguments in
        this group are specified.

     --kms-keyring=KMS_KEYRING
        The KMS keyring of the key.

        To set the kms-keyring attribute:
        ◆ provide the argument --kms-key on the command line with a fully
          specified name;
        ◆ provide the argument --kms-keyring on the command line.

     --kms-location=KMS_LOCATION
        The Google Cloud location for the key.

        To set the kms-location attribute:
        ◆ provide the argument --kms-key on the command line with a fully
          specified name;
        ◆ provide the argument --kms-location on the command line.

     --kms-project=KMS_PROJECT
        The Google Cloud project for the key.

        To set the kms-project attribute:
        ◆ provide the argument --kms-key on the command line with a fully
          specified name;
        ◆ provide the argument --kms-project on the command line;
        ◆ set the property core/project.

GCLOUD WIDE FLAGS
    These flags are available to all commands: --access-token-file, --account,
    --billing-project, --configuration, --flags-file, --flatten, --format,
    --help, --impersonate-service-account, --log-http, --project, --quiet,
    --trace-token, --user-output-enabled, --verbosity.

    Run $ gcloud help for details.

NOTES
    These variants are also available:

        $ gcloud alpha compute machine-images create

        $ gcloud beta compute machine-images create

