Manoj Kumar
- Jan 28
- 6 min read

Install Proxmox VE 7 on Compute Engine - Google Cloud(GCP)

Prerequisites:

You will need the following items to complete this tutorial.

Enabling nested virtualization
A VPC Firewall and Rules - Both Ingress and Egress rules.
A Compute Engine (VM) Instance up and running with Debian 11 (Bullseye).
Static IP Address for Compute Engine VM Instance.
Hostname - Fully-Qualified Domain Name.

How To Install Proxmox VE 6 on Compute Engine | Debian 10 (Buster). Visit the link below.

https://www.incapio.com/post/install-proxmox-ve-on-compute-engine-google-cloud-gcp

Introduction

Proxmox Virtual Environment (also known as Proxmox VE or PVE) is a virtualization management software server.
It's a Debian-based Linux system with a modified Ubuntu LTS kernel that lets you deploy and manage virtual machines and containers.
A web console and command-line tools are included with Proxmox VE and a REST API for third-party applications.
KVM provides full virtualization and supports two types of virtualization: container-based and LXC-based virtualization (beginning with version 4.0 replacing OpenVZ used in versions up to 3.4, included). In addition, it comes with a web-based management interface.
Proxmox VE is covered by the GNU Affero General Public License, version 3.

Step - 1: Enabling Nested Virtualization on Compute Engine VM Instance Image

Nested virtualization allows you to run virtual machine (VM) instances within other virtual machines (VM) instances, allowing you to create your own virtualization environments.

Select the preferred project in the cloud console to enable nested virtualization and activate the cloud shell terminal.
In the terminal, look for the available Debian images. Then, copy and paste the following code into the cloud shell to see the available Debian images.

$ gcloud compute images list --filter=debian

Output

NAME: debian-10-buster-v20220118
PROJECT: debian-cloud 
FAMILY: debian-10
DEPRECATED:
STATUS:READY

NAME: debian-11-bullseye-v20220120
PROJECT: debian-cloud 
FAMILY: debian-11
DEPRECATED:
STATUS:READY

NAME: debian-9-stretch-v20220118
PROJECT: debian-cloud 
FAMILY: debian-9
DEPRECATED:
STATUS:READY

To enable nested virtualization on Debian Bullseye, you must create a Debian image that supports nested virtualization.
To enable nested virtualization, run the below command in the cloud shell.
Syntax

gcloud compute images create image-name \ 
--source-image-family=debian-11 \ 
--source-image-project=debian-cloud \ --licenses=https://compute.googleapis.com/compute/v1/projects/vm-options/global/licenses/enable-vmx

Example

gcloud compute images create debian-bullseye-proxmox \
--source-image-family=debian-11 \
--source-image-project=debian-cloud \
--licenses=https://compute.googleapis.com/compute/v1/projects/vm-options/global/licenses/enable-vmx

Output

$ gcloud compute images create debian-bullseye-proxmox \
> --source-image-family=debian-11 \
> --source-image-project=debian-cloud \
> --licenses=https://compute.googleapis.com/compute/v1/projects/vm-options/global/licenses/enable-vmx
Created [https://www.googleapis.com/compute/v1/projects/elegant-canto-331917/global/images/debian-bullseye-proxmox].
NAME: debian-bullseye-proxmox
PROJECT: elegant-canto-331917
FAMILY:
DEPRECATED:
STATUS: READY

Navigate to the compute engine and images interface in the cloud console to test the image deployment process.

Step - 2: Create VPC Network and Firewall Rules for Proxmox VE 7.

In the Google Cloud Console, go to the VPC networks page.
First, create a VPC network by clicking the Create VPC network button.
Then, give your network a name.
For the Subnet construction mode, select Custom.
Set the following configuration options for a subnet in the New subnet section:
Provide a Name for the subnet.
Choose a region.
Enter a range of IP addresses. That is the subnet's principal IPv4 range.
If you choose a range, that must be an RFC 1918 address.
Click Done.
Next, Select zero or more predefined firewall rules in the IPv4 and IPv6 firewall rules tabs in the Firewall rules section. The rules cover the most typical scenarios for connecting to instances.
For the VPC network, select Dynamic routing mode.
MTU (maximum transmission unit): Choose between 1460 (the default) and 1500 for the MTU of the network.
Then click the Create button.

Alternatively, you can construct a VPC network using the corresponding command line. In the example below, --project=elegant-canto-331917 is our Google Cloud project name, and also

--network=vpc-for-proxmox-seven is the VPC network name.

Substitute our project and VPC network name with yours.

gcloud compute networks create vpc-for-proxmox-seven --project=elegant-canto-331917 --subnet-mode=custom --mtu=1460 --bgp-routing-mode=regional

gcloud compute networks subnets create proxmox --project=elegant-canto-331917 --range=10.0.25.0/24 --network=vpc-for-proxmox-seven --region=us-central1

gcloud compute firewall-rules create vpc-for-proxmox-seven-allow-custom --project=elegant-canto-331917 --network=projects/elegant-canto-331917/global/networks/vpc-for-proxmox-seven --description=Allows\ connection\ from\ any\ source\ to\ any\ instance\ on\ the\ network\ using\ custom\ protocols. --direction=INGRESS --priority=65534 --source-ranges=10.0.25.0/24 --action=ALLOW --rules=all

gcloud compute firewall-rules create vpc-for-proxmox-seven-allow-icmp --project=elegant-canto-331917 --network=projects/elegant-canto-331917/global/networks/vpc-for-proxmox-seven --description=Allows\ ICMP\ connections\ from\ any\ source\ to\ any\ instance\ on\ the\ network. --direction=INGRESS --priority=65534 --source-ranges=0.0.0.0/0 --action=ALLOW --rules=icmp

gcloud compute firewall-rules create vpc-for-proxmox-seven-allow-rdp --project=elegant-canto-331917 --network=projects/elegant-canto-331917/global/networks/vpc-for-proxmox-seven --description=Allows\ RDP\ connections\ from\ any\ source\ to\ any\ instance\ on\ the\ network\ using\ port\ 3389. --direction=INGRESS --priority=65534 --source-ranges=0.0.0.0/0 --action=ALLOW --rules=tcp:3389

gcloud compute firewall-rules create vpc-for-proxmox-seven-allow-ssh --project=elegant-canto-331917 --network=projects/elegant-canto-331917/global/networks/vpc-for-proxmox-seven --description=Allows\ TCP\ connections\ from\ any\ source\ to\ any\ instance\ on\ the\ network\ using\ port\ 22. --direction=INGRESS --priority=65534 --source-ranges=0.0.0.0/0 --action=ALLOW --rules=tcp:22

Finally, add a custom firewall with both ingress and egress rules for proxmox
Ingress

gcloud compute --project=elegant-canto-331917 firewall-rules create proxmox-ingress --direction=INGRESS --priority=1000 --network=vpc-for-proxmox-seven --action=ALLOW --rules=all --source-ranges=0.0.0.0/0

Egress

gcloud compute --project=elegant-canto-331917 firewall-rules create proxmox-egress --direction=EGRESS --priority=1000 --network=vpc-for-proxmox-seven --action=ALLOW --rules=all --destination-ranges=0.0.0.0/0

Step - 3: Create a Compute Engine VM Instance from the Custom Image

Create a VM instance with nested virtualization enabled from the custom image.

In the cloud console, Navigate to the VM instances interface.
In the VM instance interface, Click on "Create Instance."
In the create instance interface, type the instance name, for instance, proxmox-on-compute-engine.
In the create instance interface, choose the region and zone.
Nested virtualization will not work effectively unless you choose a zone that supports Intel Haswell or later.
Choose N1 as the series and n1-standard-4 as the machine type in the machine configuration section (4v CPU, 15GB Memory). (Please note that machine types E2 and N2D are not supported.)

Select Intel Haswell or Later as the CPU Platform in the Machine configuration section.

Assign a Boot Disk

In the create instance interface, scroll down to the boot disk section.
In the boot disk section, click on Change.
In the boot disk interface, click on custom images tab.
In the custom image interface, click select a project and choose your project.
In the custom image interface and image section, choose the image to debian-bullseye-proxmox. (Please Note: Choose the custom image that you created earlier with nested virtualization)
In the custom image interface and boot disk type, select the boot disk type to "balanced persistent disk."
In the custom image interface and size(GB), increase to 20GB.

In the custom image interface, click on select to finalize the boot disk.

Assign a hostname and a static IP address.

In the create instance interface, scroll down to the Networking section.
In the Networking section, type the hostname for the proxmox server, for instance, "proxseven.incapio.org.in."

In the Networking section, enable IP forwarding.
Scroll down to the network interfaces section and delete the default field in the create instance interface.
Add a new network interface and select the proxmox vpc interface created earlier.
In the Ephemeral IP section, click on create IP address.
In the "reserve a new static IP address interface," type name proxmox-static-IP-address.

In the create instance interface, scroll down to the bottom of the page and click on the "create" option to deploy a new proxmox compute engine VM instance.

Step - 4: Installing Proxmox VE 7 on Compute Engine

How can I tell if the Compute Engine VM instance has nested virtualization enabled?

Then, click the SSH option to open the secure shell window on the Proxmox instance under the VM instance interface.
Run the command below in the secure shell window to see if the VM instance has nested virtualization enabled. If nested virtualization is enabled. The presence of a nonzero response shows the presence of nested virtualization.

grep -cw vmx /proc/cpuinfo

Output

info@proxseven:~$ grep -cw vmx /proc/cpuinfo
8
info@proxseven:~$

Install Proxmox on Debian 11 (Bullseye)

You can use the hostname command to see if your setup is correct:
Syntax:

hostname --ip-address
192.168.15.77 # should return your IP address here
hostname -f
prox4m1.proxmox.com prox4m1 # should return your hostname here

Output

info@proxseven:~$ hostname --ip-address
10.0.25.2
info@proxseven:~$ hostname -f
proxseven.incapio.org.in 
info@proxseven:~$

Installing Proxmox VE 7 from command line

At first, switch to root user using the below command.
Syntax:

sudo su -

Output:

info@proxseven:~$ sudo su -
root@proxseven:~#

Add the Proxmox VE repository:

echo "deb [arch=amd64] http://download.proxmox.com/debian/pve bullseye pve-no-subscription" > /etc/apt/sources.list.d/pve-install-repo.list

As root (or sudo), add the Proxmox VE repository key:

wget https://enterprise.proxmox.com/debian/proxmox-release-bullseye.gpg -O /etc/apt/trusted.gpg.d/proxmox-release-bullseye.gpg

Run the following commands to update your repository and system:

apt update && apt full-upgrade

Install the packages for Proxmox VE 7.

apt install proxmox-ve postfix open-iscsi

Accessing Proxmox via the web interface:

Go to https://youripaddress:8006 to access the admin web interface. If you're starting from scratch and haven't yet added any users, log in using the root account and your linux root password, selecting "PAM Authentication."

Syntax:

https://vm-instance-external-ip:8006

Example:

https://34.136.10.31:8006

Skip the security warning in the browser and navigate to log in.
To log in as a root user, you need the root password; run the below command to update the root password.
Syntax:

root@uscentral:~# passwd root

Output:

root@uscentral:~# passwd root
New password: 
Retype new password: 
passwd: password updated successfully
root@uscentral:~#

Step - 5: Hostname (FQDN) Configuration

To configure hostname, you may require a domain. (Register a domain or else use an existing domain.)
Login to your domain hosting provider, and add an "A Record" in the domain DNS that points to VM instance External IP.

Conclusion:

Here are some recommended tips and tricks.

Once the FQDN configuration is done, register an ACME account and request a new certificate for proxmox.