Changing provisioning model for Spot VMs

Table of Contents

Spot VMs is a great way to reduce cost for interruptible, stateless and fault-tolerant workloads like batch processing or containers. Starting these types of VMs follows the same principles as regular VMs. The following snippet launches a C4A Spot VM:

gcloud compute instances create spotty \
    --machine-type c4a-standard-1 \
    --create-disk auto-delete=yes,boot=yes,image-project=debian-cloud,image-family=debian-13-arm64,type=hyperdisk-balanced,size=10 \
    --network-interface nic-type=GVNIC,stack-type=IPV4_ONLY,subnet=default,no-address \
    --provisioning-model SPOT \
    --instance-termination-action STOP \
    --shielded-secure-boot \
    --shielded-vtpm \
    --shielded-integrity-monitoring

But what happens if the nature of your workload changes over time? Or you need to ensure that processing is completed within a certain timeframe? How can you change the provisioning model of a VM configured with a preemtible provisioning model? It is actually quiet simple (once you know how).

You may have started looking at the options to change the VM configuration using Cloud Console but unfortunately it won’t let you change the provisioning model, even claiming it is not possible to do so:

Changing the provisioning model of a VM in Cloud Console

Changing the provisioning model using `gcloud`
#

Fortunately, gcloud paired with the right options is able to change the schedulung configuration of a VM. The only requirement is that the VM is turned off when executing the command.

gcloud compute instances set-scheduling spotty \
    --provisioning-model STANDARD \
    --maintenance-policy MIGRATE \
    --no-preemptible \
    --clear-instance-termination-action

As the SPOT provisioning model implies preemptibility and a default termination action both of these attributes on the VM need to be updated when updating the configuration of the VM.

Protect disk snapshots against accidental deletion or malicious tampering

15 February 2024·1421 words·7 mins

It could happen. Total mahem. An administrative pricipal for a project was accidentally leaked. An attacker has taken you projects hostage. You need to recover and fast. Restoring project access is the least of your worries your concern is to restore services. Luckily you have all workloads protected with snapshots! All deleted by the attacker! This is an exaggerated and hypothetical scenario but I have seen similar things happening. In this article I’m exploring an approach to protect against such a scenario.

IAP command chaining

25 February 2022·584 words·3 mins

Identity-Aware Proxy (IAP) is a powerful tool in the tool chain of Google Cloud administrators and users. It can be used to control access to cloud-based and on-premises applications and VMs running on Google Cloud.

Manually re-balance VMs on sole-tenant nodes with "Migrate within node group" maintenance policy set

6 September 2021·574 words·3 mins

Sole-tenant nodes are an important service on Google Cloud Platform to run workloads that require workload isolation or need to comply to specific licensing requirements that demand dedicated infrastructure. A detailed description what a Sole-Tenant Node is and how it is different from general fleet VMs can be found in the Compute Engine documentation.

Changing the provisioning model using gcloud#

Related

Changing the provisioning model using `gcloud`
#