Container-Optimized OS: Qwik Start

Join Sign in

Container-Optimized OS: Qwik Start

30 minutes 1 Credit


Google Cloud self-paced labs logo


Container-Optimized OS is an operating system image for your Compute Engine VMs that is optimized for running Docker containers, and is Google's recommended OS for running containers on Google Cloud. In this lab you will create a Container-Optimized instance using the Cloud Console and the CLI.

Since it comes with all container-related dependencies preinstalled, Container-Optimized OS allows your cluster to quickly scale up or down in response to traffic or workload changes, optimizing your spend and improving your reliability.

Container-Optimized OS powers many Google Cloud services such as Kubernetes Engine and Cloud SQL, making it Google's go-to solution for container workloads.

Setup and requirements

Before you click the Start Lab button

Read these instructions. Labs are timed and you cannot pause them. The timer, which starts when you click Start Lab, shows how long Google Cloud resources will be made available to you.

This hands-on lab lets you do the lab activities yourself in a real cloud environment, not in a simulation or demo environment. It does so by giving you new, temporary credentials that you use to sign in and access Google Cloud for the duration of the lab.

To complete this lab, you need:

  • Access to a standard internet browser (Chrome browser recommended).
Note: Use an Incognito or private browser window to run this lab. This prevents any conflicts between your personal account and the Student account, which may cause extra charges incurred to your personal account.
  • Time to complete the lab---remember, once you start, you cannot pause a lab.
Note: If you already have your own personal Google Cloud account or project, do not use it for this lab to avoid extra charges to your account.

How to start your lab and sign in to the Google Cloud Console

  1. Click the Start Lab button. If you need to pay for the lab, a pop-up opens for you to select your payment method. On the left is the Lab Details panel with the following:

    • The Open Google Console button
    • Time remaining
    • The temporary credentials that you must use for this lab
    • Other information, if needed, to step through this lab
  2. Click Open Google Console. The lab spins up resources, and then opens another tab that shows the Sign in page.

    Tip: Arrange the tabs in separate windows, side-by-side.

    Note: If you see the Choose an account dialog, click Use Another Account.
  3. If necessary, copy the Username from the Lab Details panel and paste it into the Sign in dialog. Click Next.

  4. Copy the Password from the Lab Details panel and paste it into the Welcome dialog. Click Next.

    Important: You must use the credentials from the left panel. Do not use your Google Cloud Skills Boost credentials. Note: Using your own Google Cloud account for this lab may incur extra charges.
  5. Click through the subsequent pages:

    • Accept the terms and conditions.
    • Do not add recovery options or two-factor authentication (because this is a temporary account).
    • Do not sign up for free trials.

After a few moments, the Cloud Console opens in this tab.

Note: You can view the menu with a list of Google Cloud Products and Services by clicking the Navigation menu at the top-left. Navigation menu icon

Activate Cloud Shell

Cloud Shell is a virtual machine that is loaded with development tools. It offers a persistent 5GB home directory and runs on the Google Cloud. Cloud Shell provides command-line access to your Google Cloud resources.

  1. Click Activate Cloud Shell Activate Cloud Shell icon at the top of the Google Cloud console.

When you are connected, you are already authenticated, and the project is set to your PROJECT_ID. The output contains a line that declares the PROJECT_ID for this session:

Your Cloud Platform project in this session is set to YOUR_PROJECT_ID

gcloud is the command-line tool for Google Cloud. It comes pre-installed on Cloud Shell and supports tab-completion.

  1. (Optional) You can list the active account name with this command:

gcloud auth list
  1. Click Authorize.

  2. Your output should now look like this:


ACTIVE: * ACCOUNT: To set the active account, run: $ gcloud config set account `ACCOUNT`
  1. (Optional) You can list the project ID with this command:

gcloud config list project


[core] project = <project_ID>

Example output:

[core] project = qwiklabs-gcp-44776a13dea667a6 Note: For full documentation of gcloud, in Google Cloud, refer to the gcloud CLI overview guide.

Container-Optimized OS benefits

  • Run Containers Out of the Box: Container-Optimized OS instances come pre-installed with the Docker runtime and cloud-init. With a Container-Optimized OS instance, you can bring up your Docker container at the same time you create your VM, with no on-host setup required.

  • Smaller attack surface: Container-Optimized OS has a smaller footprint, reducing your instance's potential attack surface.

  • Locked-down by default: Container-Optimized OS instances include a locked-down firewall and other security settings by default.

  • Automatic Updates: Container-Optimized OS instances are configured to automatically download weekly updates in the background; only a reboot is necessary to use the latest updates.

Use cases for Container-Optimized OS

Container-Optimized OS can be used to run most Docker containers. You should consider using Container-Optimized OS as the operating system for your Compute Engine instance if you have the following needs:

  • You need support for Docker containers or Kubernetes with minimal setup.

  • You need an operating system that has a small footprint and is security hardened for containers.

  • You need an operating system that is tested and verified for running Kubernetes on your Compute Engine instances.

Container-Optimized OS features

Compute Engine provides several public VM images that you can use to create instances and run your container workloads. Some of these public VM images have a minimalistic container-optimized operating system that includes newer versions of Docker, rkt, or Kubernetes preinstalled. The following public image families are designed specifically to run containers:

  • Container-Optimized OS from Google
  • Includes: Docker, Kubernetes
  • Image project: cos-cloud
  • Image family: cos-stable
  • CoreOS
  • Includes: Docker, rkt, Kubernetes
  • Image project: coreos-cloud
  • Image family: coreos-stable
  • Ubuntu
  • Includes: LXD
  • Image project: ubuntu-os-cloud
  • Image family: ubuntu-1604-lts
  • Windows
  • Includes: Docker
  • Image project: windows-cloud
  • Image family: windows-1709-core-for-containers

In a production environment, if you need to run specific container tools and technologies on images that do not include them by default, install those technologies manually.

Task 1. Create an instance using the console

To run a Compute Engine instance with the Container-Optimized OS and a Docker container of your choice.

  1. Click on Compute Engine > VM instances, then click on Create.

VM instances page displaying the Create button

There are many parameters you can configure when creating a new instance.

  1. For this lab use the following:





Machine Type

1 vCPU

This is a (n1-standard-1), 3.75GB RAM instance


Check the box labeled Deploy a container image to this instance

Container Image


Boot disk

Container-Optimized OS (default value)


Check Allow HTTP traffic

  1. Click Create.

Your Container-Optimized OS instance with the Docker container is up and running.

Test completed task

Click Check my progress to verify your performed task.

Creating an instance using the console

Task 2. Verify your Docker environment

  1. Click SSH on the containerized-vm line to SSH into the containerized-vm instance.

  2. List all available Docker containers:

sudo docker ps

Example output:

CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES c62d762ed91b nginx "nginx -g 'daemon ..." 15 minutes ago Up 15 minutes containerized-vm
  1. On the VM instance console, click on the External IP for containerized-vm instance, which will open a new tab.

You should see this default Nginx web page:

Welcome to nginx! page

You can also see the web page by adding the External IP to http://EXTERNAL_IP in a new browser window or tab.

Task 3. Create an instance using CLI

Now you use the Cloud Shell command line to create a Container-Optimized OS instance.

  1. In Cloud Shell, enter the following command to see what Container-Optimized OS images are available on Google Cloud to create an instance:

gcloud compute images list \ --project cos-cloud \ --no-standard-images
  1. Use the gcloud compute instances create command with --image and --image-project flags to create a cos node image instance:

gcloud beta compute instances create-with-container containerized-vm2 \ --image cos-stable-72-11316-136-0 \ --image-project cos-cloud \ --container-image nginx \ --container-restart-policy always \ --zone us-central1-a \ --machine-type n1-standard-1

In the above example, cos-stable-72-11316-136-0 is one of the available cos releases. Please use the latest available image from cos-stable family and replace it with an image for your VM instance. It is recommended to use --preemptible flag for one-off experimental instances.

Test completed task

Click Check my progress to verify your performed task.

Creating an instance using CLI
  1. In the Cloud Shell enter the following commands to create firewall rules to allow HTTP traffic from the internet and to enable all internal traffic within the VPC:

gcloud compute firewall-rules create allow-containerized-internal\ --allow tcp:80 \ --source-ranges \ --network default

Test completed task

Click Check my progress to verify your performed task.

Create firewall rules to allow HTTP traffic from the internet

For this step, you need the external IP address of your containerized-vm2 instance.

  1. You can look up the address in the VM Instances page in the Cloud Platform Console.

  2. In a browser, enter your external IP address to verify that nginx is running:


You should see Welcome to nginx!


Finish your quest

This self-paced lab is part of the Baseline: Deploy & Develop. quest. A quest is a series of related labs that form a learning path. Completing this quest earns you a badge to recognize your achievement. You can make your badge or badges public and link to them in your online resume or social media account. Enroll in this Quest or any quest that contains this lab and get immediate completion credit. See the Google Cloud Skills Boost catalog to see all available quests.

Next steps / Learn more

This lab is also part of a series of labs called Qwik Starts. These labs are designed to give you a little taste of the many features available with Google Cloud. Search for "Qwik Starts" in the lab catalog to find the next lab you'd like to take!

Google Cloud training and certification

...helps you make the most of Google Cloud technologies. Our classes include technical skills and best practices to help you get up to speed quickly and continue your learning journey. We offer fundamental to advanced level training, with on-demand, live, and virtual options to suit your busy schedule. Certifications help you validate and prove your skill and expertise in Google Cloud technologies.

Manual Last Updated September 15, 2022

Lab Last Tested November 15, 2019

Copyright 2023 Google LLC All rights reserved. Google and the Google logo are trademarks of Google LLC. All other company and product names may be trademarks of the respective companies with which they are associated.