gcp.compute.GlobalForwardingRule
Explore with Pulumi AI
Represents a GlobalForwardingRule resource. Global forwarding rules are used to forward traffic to the correct load balancer for HTTP load balancing. Global forwarding rules can only be used for HTTP load balancing.
For more information, see https://cloud.google.com/compute/docs/load-balancing/http/
Example Usage
External Ssl Proxy Lb Mig Backend
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
import * as tls from "@pulumi/tls";
// External SSL proxy load balancer with managed instance group backend
// VPC
const _default = new gcp.compute.Network("default", {
name: "ssl-proxy-xlb-network",
autoCreateSubnetworks: false,
});
// backend subnet
const defaultSubnetwork = new gcp.compute.Subnetwork("default", {
name: "ssl-proxy-xlb-subnet",
ipCidrRange: "10.0.1.0/24",
region: "us-central1",
network: _default.id,
});
// reserved IP address
const defaultGlobalAddress = new gcp.compute.GlobalAddress("default", {name: "ssl-proxy-xlb-ip"});
// Self-signed regional SSL certificate for testing
const defaultPrivateKey = new tls.PrivateKey("default", {
algorithm: "RSA",
rsaBits: 2048,
});
const defaultSelfSignedCert = new tls.SelfSignedCert("default", {
keyAlgorithm: defaultPrivateKey.algorithm,
privateKeyPem: defaultPrivateKey.privateKeyPem,
validityPeriodHours: 12,
earlyRenewalHours: 3,
allowedUses: [
"key_encipherment",
"digital_signature",
"server_auth",
],
dnsNames: ["example.com"],
subject: {
commonName: "example.com",
organization: "ACME Examples, Inc",
},
});
const defaultSSLCertificate = new gcp.compute.SSLCertificate("default", {
name: "default-cert",
privateKey: defaultPrivateKey.privateKeyPem,
certificate: defaultSelfSignedCert.certPem,
});
const defaultHealthCheck = new gcp.compute.HealthCheck("default", {
name: "ssl-proxy-health-check",
timeoutSec: 1,
checkIntervalSec: 1,
tcpHealthCheck: {
port: 443,
},
});
// instance template
const defaultInstanceTemplate = new gcp.compute.InstanceTemplate("default", {
networkInterfaces: [{
accessConfigs: [{}],
network: _default.id,
subnetwork: defaultSubnetwork.id,
}],
name: "ssl-proxy-xlb-mig-template",
machineType: "e2-small",
tags: ["allow-health-check"],
disks: [{
sourceImage: "debian-cloud/debian-10",
autoDelete: true,
boot: true,
}],
metadata: {
"startup-script": `#! /bin/bash
set -euo pipefail
export DEBIAN_FRONTEND=noninteractive
sudo apt-get update
sudo apt-get install -y apache2 jq
sudo a2ensite default-ssl
sudo a2enmod ssl
sudo service apache2 restart
NAME=(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/hostname")
IP=(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/0/ip")
METADATA=(curl -f -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/attributes/?recursive=True" | jq 'del(.["startup-script"])')
cat <<EOF > /var/www/html/index.html
<h1>SSL Load Balancer</h1>
<pre>
Name: NAME
IP: IP
Metadata: METADATA
</pre>
EOF
`,
},
});
// MIG
const defaultInstanceGroupManager = new gcp.compute.InstanceGroupManager("default", {
name: "ssl-proxy-xlb-mig1",
zone: "us-central1-c",
namedPorts: [{
name: "tcp",
port: 443,
}],
versions: [{
instanceTemplate: defaultInstanceTemplate.id,
name: "primary",
}],
baseInstanceName: "vm",
targetSize: 2,
});
// backend service
const defaultBackendService = new gcp.compute.BackendService("default", {
name: "ssl-proxy-xlb-backend-service",
protocol: "SSL",
portName: "tcp",
loadBalancingScheme: "EXTERNAL",
timeoutSec: 10,
healthChecks: defaultHealthCheck.id,
backends: [{
group: defaultInstanceGroupManager.instanceGroup,
balancingMode: "UTILIZATION",
maxUtilization: 1,
capacityScaler: 1,
}],
});
const defaultTargetSSLProxy = new gcp.compute.TargetSSLProxy("default", {
name: "test-proxy",
backendService: defaultBackendService.id,
sslCertificates: [defaultSSLCertificate.id],
});
// forwarding rule
const defaultGlobalForwardingRule = new gcp.compute.GlobalForwardingRule("default", {
name: "ssl-proxy-xlb-forwarding-rule",
ipProtocol: "TCP",
loadBalancingScheme: "EXTERNAL",
portRange: "443",
target: defaultTargetSSLProxy.id,
ipAddress: defaultGlobalAddress.id,
});
// allow access from health check ranges
const defaultFirewall = new gcp.compute.Firewall("default", {
name: "ssl-proxy-xlb-fw-allow-hc",
direction: "INGRESS",
network: _default.id,
sourceRanges: [
"130.211.0.0/22",
"35.191.0.0/16",
],
allows: [{
protocol: "tcp",
}],
targetTags: ["allow-health-check"],
});
import pulumi
import pulumi_gcp as gcp
import pulumi_tls as tls
# External SSL proxy load balancer with managed instance group backend
# VPC
default = gcp.compute.Network("default",
name="ssl-proxy-xlb-network",
auto_create_subnetworks=False)
# backend subnet
default_subnetwork = gcp.compute.Subnetwork("default",
name="ssl-proxy-xlb-subnet",
ip_cidr_range="10.0.1.0/24",
region="us-central1",
network=default.id)
# reserved IP address
default_global_address = gcp.compute.GlobalAddress("default", name="ssl-proxy-xlb-ip")
# Self-signed regional SSL certificate for testing
default_private_key = tls.PrivateKey("default",
algorithm="RSA",
rsa_bits=2048)
default_self_signed_cert = tls.SelfSignedCert("default",
key_algorithm=default_private_key.algorithm,
private_key_pem=default_private_key.private_key_pem,
validity_period_hours=12,
early_renewal_hours=3,
allowed_uses=[
"key_encipherment",
"digital_signature",
"server_auth",
],
dns_names=["example.com"],
subject=tls.SelfSignedCertSubjectArgs(
common_name="example.com",
organization="ACME Examples, Inc",
))
default_ssl_certificate = gcp.compute.SSLCertificate("default",
name="default-cert",
private_key=default_private_key.private_key_pem,
certificate=default_self_signed_cert.cert_pem)
default_health_check = gcp.compute.HealthCheck("default",
name="ssl-proxy-health-check",
timeout_sec=1,
check_interval_sec=1,
tcp_health_check=gcp.compute.HealthCheckTcpHealthCheckArgs(
port=443,
))
# instance template
default_instance_template = gcp.compute.InstanceTemplate("default",
network_interfaces=[gcp.compute.InstanceTemplateNetworkInterfaceArgs(
access_configs=[gcp.compute.InstanceTemplateNetworkInterfaceAccessConfigArgs()],
network=default.id,
subnetwork=default_subnetwork.id,
)],
name="ssl-proxy-xlb-mig-template",
machine_type="e2-small",
tags=["allow-health-check"],
disks=[gcp.compute.InstanceTemplateDiskArgs(
source_image="debian-cloud/debian-10",
auto_delete=True,
boot=True,
)],
metadata={
"startup-script": """#! /bin/bash
set -euo pipefail
export DEBIAN_FRONTEND=noninteractive
sudo apt-get update
sudo apt-get install -y apache2 jq
sudo a2ensite default-ssl
sudo a2enmod ssl
sudo service apache2 restart
NAME=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/hostname")
IP=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/0/ip")
METADATA=$(curl -f -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/attributes/?recursive=True" | jq 'del(.["startup-script"])')
cat <<EOF > /var/www/html/index.html
<h1>SSL Load Balancer</h1>
<pre>
Name: $NAME
IP: $IP
Metadata: $METADATA
</pre>
EOF
""",
})
# MIG
default_instance_group_manager = gcp.compute.InstanceGroupManager("default",
name="ssl-proxy-xlb-mig1",
zone="us-central1-c",
named_ports=[gcp.compute.InstanceGroupManagerNamedPortArgs(
name="tcp",
port=443,
)],
versions=[gcp.compute.InstanceGroupManagerVersionArgs(
instance_template=default_instance_template.id,
name="primary",
)],
base_instance_name="vm",
target_size=2)
# backend service
default_backend_service = gcp.compute.BackendService("default",
name="ssl-proxy-xlb-backend-service",
protocol="SSL",
port_name="tcp",
load_balancing_scheme="EXTERNAL",
timeout_sec=10,
health_checks=default_health_check.id,
backends=[gcp.compute.BackendServiceBackendArgs(
group=default_instance_group_manager.instance_group,
balancing_mode="UTILIZATION",
max_utilization=1,
capacity_scaler=1,
)])
default_target_ssl_proxy = gcp.compute.TargetSSLProxy("default",
name="test-proxy",
backend_service=default_backend_service.id,
ssl_certificates=[default_ssl_certificate.id])
# forwarding rule
default_global_forwarding_rule = gcp.compute.GlobalForwardingRule("default",
name="ssl-proxy-xlb-forwarding-rule",
ip_protocol="TCP",
load_balancing_scheme="EXTERNAL",
port_range="443",
target=default_target_ssl_proxy.id,
ip_address=default_global_address.id)
# allow access from health check ranges
default_firewall = gcp.compute.Firewall("default",
name="ssl-proxy-xlb-fw-allow-hc",
direction="INGRESS",
network=default.id,
source_ranges=[
"130.211.0.0/22",
"35.191.0.0/16",
],
allows=[gcp.compute.FirewallAllowArgs(
protocol="tcp",
)],
target_tags=["allow-health-check"])
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute"
"github.com/pulumi/pulumi-tls/sdk/v4/go/tls"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
// External SSL proxy load balancer with managed instance group backend
// VPC
_, err := compute.NewNetwork(ctx, "default", &compute.NetworkArgs{
Name: pulumi.String("ssl-proxy-xlb-network"),
AutoCreateSubnetworks: pulumi.Bool(false),
})
if err != nil {
return err
}
// backend subnet
defaultSubnetwork, err := compute.NewSubnetwork(ctx, "default", &compute.SubnetworkArgs{
Name: pulumi.String("ssl-proxy-xlb-subnet"),
IpCidrRange: pulumi.String("10.0.1.0/24"),
Region: pulumi.String("us-central1"),
Network: _default.ID(),
})
if err != nil {
return err
}
// reserved IP address
defaultGlobalAddress, err := compute.NewGlobalAddress(ctx, "default", &compute.GlobalAddressArgs{
Name: pulumi.String("ssl-proxy-xlb-ip"),
})
if err != nil {
return err
}
// Self-signed regional SSL certificate for testing
defaultPrivateKey, err := tls.NewPrivateKey(ctx, "default", &tls.PrivateKeyArgs{
Algorithm: pulumi.String("RSA"),
RsaBits: pulumi.Int(2048),
})
if err != nil {
return err
}
defaultSelfSignedCert, err := tls.NewSelfSignedCert(ctx, "default", &tls.SelfSignedCertArgs{
KeyAlgorithm: defaultPrivateKey.Algorithm,
PrivateKeyPem: defaultPrivateKey.PrivateKeyPem,
ValidityPeriodHours: pulumi.Int(12),
EarlyRenewalHours: pulumi.Int(3),
AllowedUses: pulumi.StringArray{
pulumi.String("key_encipherment"),
pulumi.String("digital_signature"),
pulumi.String("server_auth"),
},
DnsNames: pulumi.StringArray{
pulumi.String("example.com"),
},
Subject: &tls.SelfSignedCertSubjectArgs{
CommonName: pulumi.String("example.com"),
Organization: pulumi.String("ACME Examples, Inc"),
},
})
if err != nil {
return err
}
defaultSSLCertificate, err := compute.NewSSLCertificate(ctx, "default", &compute.SSLCertificateArgs{
Name: pulumi.String("default-cert"),
PrivateKey: defaultPrivateKey.PrivateKeyPem,
Certificate: defaultSelfSignedCert.CertPem,
})
if err != nil {
return err
}
defaultHealthCheck, err := compute.NewHealthCheck(ctx, "default", &compute.HealthCheckArgs{
Name: pulumi.String("ssl-proxy-health-check"),
TimeoutSec: pulumi.Int(1),
CheckIntervalSec: pulumi.Int(1),
TcpHealthCheck: &compute.HealthCheckTcpHealthCheckArgs{
Port: pulumi.Int(443),
},
})
if err != nil {
return err
}
// instance template
defaultInstanceTemplate, err := compute.NewInstanceTemplate(ctx, "default", &compute.InstanceTemplateArgs{
NetworkInterfaces: compute.InstanceTemplateNetworkInterfaceArray{
&compute.InstanceTemplateNetworkInterfaceArgs{
AccessConfigs: compute.InstanceTemplateNetworkInterfaceAccessConfigArray{
nil,
},
Network: _default.ID(),
Subnetwork: defaultSubnetwork.ID(),
},
},
Name: pulumi.String("ssl-proxy-xlb-mig-template"),
MachineType: pulumi.String("e2-small"),
Tags: pulumi.StringArray{
pulumi.String("allow-health-check"),
},
Disks: compute.InstanceTemplateDiskArray{
&compute.InstanceTemplateDiskArgs{
SourceImage: pulumi.String("debian-cloud/debian-10"),
AutoDelete: pulumi.Bool(true),
Boot: pulumi.Bool(true),
},
},
Metadata: pulumi.Map{
"startup-script": pulumi.Any(`#! /bin/bash
set -euo pipefail
export DEBIAN_FRONTEND=noninteractive
sudo apt-get update
sudo apt-get install -y apache2 jq
sudo a2ensite default-ssl
sudo a2enmod ssl
sudo service apache2 restart
NAME=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/hostname")
IP=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/0/ip")
METADATA=$(curl -f -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/attributes/?recursive=True" | jq 'del(.["startup-script"])')
cat <<EOF > /var/www/html/index.html
<h1>SSL Load Balancer</h1>
<pre>
Name: $NAME
IP: $IP
Metadata: $METADATA
</pre>
EOF
`),
},
})
if err != nil {
return err
}
// MIG
defaultInstanceGroupManager, err := compute.NewInstanceGroupManager(ctx, "default", &compute.InstanceGroupManagerArgs{
Name: pulumi.String("ssl-proxy-xlb-mig1"),
Zone: pulumi.String("us-central1-c"),
NamedPorts: compute.InstanceGroupManagerNamedPortArray{
&compute.InstanceGroupManagerNamedPortArgs{
Name: pulumi.String("tcp"),
Port: pulumi.Int(443),
},
},
Versions: compute.InstanceGroupManagerVersionArray{
&compute.InstanceGroupManagerVersionArgs{
InstanceTemplate: defaultInstanceTemplate.ID(),
Name: pulumi.String("primary"),
},
},
BaseInstanceName: pulumi.String("vm"),
TargetSize: pulumi.Int(2),
})
if err != nil {
return err
}
// backend service
defaultBackendService, err := compute.NewBackendService(ctx, "default", &compute.BackendServiceArgs{
Name: pulumi.String("ssl-proxy-xlb-backend-service"),
Protocol: pulumi.String("SSL"),
PortName: pulumi.String("tcp"),
LoadBalancingScheme: pulumi.String("EXTERNAL"),
TimeoutSec: pulumi.Int(10),
HealthChecks: defaultHealthCheck.ID(),
Backends: compute.BackendServiceBackendArray{
&compute.BackendServiceBackendArgs{
Group: defaultInstanceGroupManager.InstanceGroup,
BalancingMode: pulumi.String("UTILIZATION"),
MaxUtilization: pulumi.Float64(1),
CapacityScaler: pulumi.Float64(1),
},
},
})
if err != nil {
return err
}
defaultTargetSSLProxy, err := compute.NewTargetSSLProxy(ctx, "default", &compute.TargetSSLProxyArgs{
Name: pulumi.String("test-proxy"),
BackendService: defaultBackendService.ID(),
SslCertificates: pulumi.StringArray{
defaultSSLCertificate.ID(),
},
})
if err != nil {
return err
}
// forwarding rule
_, err = compute.NewGlobalForwardingRule(ctx, "default", &compute.GlobalForwardingRuleArgs{
Name: pulumi.String("ssl-proxy-xlb-forwarding-rule"),
IpProtocol: pulumi.String("TCP"),
LoadBalancingScheme: pulumi.String("EXTERNAL"),
PortRange: pulumi.String("443"),
Target: defaultTargetSSLProxy.ID(),
IpAddress: defaultGlobalAddress.ID(),
})
if err != nil {
return err
}
// allow access from health check ranges
_, err = compute.NewFirewall(ctx, "default", &compute.FirewallArgs{
Name: pulumi.String("ssl-proxy-xlb-fw-allow-hc"),
Direction: pulumi.String("INGRESS"),
Network: _default.ID(),
SourceRanges: pulumi.StringArray{
pulumi.String("130.211.0.0/22"),
pulumi.String("35.191.0.0/16"),
},
Allows: compute.FirewallAllowArray{
&compute.FirewallAllowArgs{
Protocol: pulumi.String("tcp"),
},
},
TargetTags: pulumi.StringArray{
pulumi.String("allow-health-check"),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
using Tls = Pulumi.Tls;
return await Deployment.RunAsync(() =>
{
// External SSL proxy load balancer with managed instance group backend
// VPC
var @default = new Gcp.Compute.Network("default", new()
{
Name = "ssl-proxy-xlb-network",
AutoCreateSubnetworks = false,
});
// backend subnet
var defaultSubnetwork = new Gcp.Compute.Subnetwork("default", new()
{
Name = "ssl-proxy-xlb-subnet",
IpCidrRange = "10.0.1.0/24",
Region = "us-central1",
Network = @default.Id,
});
// reserved IP address
var defaultGlobalAddress = new Gcp.Compute.GlobalAddress("default", new()
{
Name = "ssl-proxy-xlb-ip",
});
// Self-signed regional SSL certificate for testing
var defaultPrivateKey = new Tls.PrivateKey("default", new()
{
Algorithm = "RSA",
RsaBits = 2048,
});
var defaultSelfSignedCert = new Tls.SelfSignedCert("default", new()
{
KeyAlgorithm = defaultPrivateKey.Algorithm,
PrivateKeyPem = defaultPrivateKey.PrivateKeyPem,
ValidityPeriodHours = 12,
EarlyRenewalHours = 3,
AllowedUses = new[]
{
"key_encipherment",
"digital_signature",
"server_auth",
},
DnsNames = new[]
{
"example.com",
},
Subject = new Tls.Inputs.SelfSignedCertSubjectArgs
{
CommonName = "example.com",
Organization = "ACME Examples, Inc",
},
});
var defaultSSLCertificate = new Gcp.Compute.SSLCertificate("default", new()
{
Name = "default-cert",
PrivateKey = defaultPrivateKey.PrivateKeyPem,
Certificate = defaultSelfSignedCert.CertPem,
});
var defaultHealthCheck = new Gcp.Compute.HealthCheck("default", new()
{
Name = "ssl-proxy-health-check",
TimeoutSec = 1,
CheckIntervalSec = 1,
TcpHealthCheck = new Gcp.Compute.Inputs.HealthCheckTcpHealthCheckArgs
{
Port = 443,
},
});
// instance template
var defaultInstanceTemplate = new Gcp.Compute.InstanceTemplate("default", new()
{
NetworkInterfaces = new[]
{
new Gcp.Compute.Inputs.InstanceTemplateNetworkInterfaceArgs
{
AccessConfigs = new[]
{
null,
},
Network = @default.Id,
Subnetwork = defaultSubnetwork.Id,
},
},
Name = "ssl-proxy-xlb-mig-template",
MachineType = "e2-small",
Tags = new[]
{
"allow-health-check",
},
Disks = new[]
{
new Gcp.Compute.Inputs.InstanceTemplateDiskArgs
{
SourceImage = "debian-cloud/debian-10",
AutoDelete = true,
Boot = true,
},
},
Metadata =
{
{ "startup-script", @"#! /bin/bash
set -euo pipefail
export DEBIAN_FRONTEND=noninteractive
sudo apt-get update
sudo apt-get install -y apache2 jq
sudo a2ensite default-ssl
sudo a2enmod ssl
sudo service apache2 restart
NAME=$(curl -H ""Metadata-Flavor: Google"" ""http://metadata.google.internal/computeMetadata/v1/instance/hostname"")
IP=$(curl -H ""Metadata-Flavor: Google"" ""http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/0/ip"")
METADATA=$(curl -f -H ""Metadata-Flavor: Google"" ""http://metadata.google.internal/computeMetadata/v1/instance/attributes/?recursive=True"" | jq 'del(.[""startup-script""])')
cat <<EOF > /var/www/html/index.html
<h1>SSL Load Balancer</h1>
<pre>
Name: $NAME
IP: $IP
Metadata: $METADATA
</pre>
EOF
" },
},
});
// MIG
var defaultInstanceGroupManager = new Gcp.Compute.InstanceGroupManager("default", new()
{
Name = "ssl-proxy-xlb-mig1",
Zone = "us-central1-c",
NamedPorts = new[]
{
new Gcp.Compute.Inputs.InstanceGroupManagerNamedPortArgs
{
Name = "tcp",
Port = 443,
},
},
Versions = new[]
{
new Gcp.Compute.Inputs.InstanceGroupManagerVersionArgs
{
InstanceTemplate = defaultInstanceTemplate.Id,
Name = "primary",
},
},
BaseInstanceName = "vm",
TargetSize = 2,
});
// backend service
var defaultBackendService = new Gcp.Compute.BackendService("default", new()
{
Name = "ssl-proxy-xlb-backend-service",
Protocol = "SSL",
PortName = "tcp",
LoadBalancingScheme = "EXTERNAL",
TimeoutSec = 10,
HealthChecks = defaultHealthCheck.Id,
Backends = new[]
{
new Gcp.Compute.Inputs.BackendServiceBackendArgs
{
Group = defaultInstanceGroupManager.InstanceGroup,
BalancingMode = "UTILIZATION",
MaxUtilization = 1,
CapacityScaler = 1,
},
},
});
var defaultTargetSSLProxy = new Gcp.Compute.TargetSSLProxy("default", new()
{
Name = "test-proxy",
BackendService = defaultBackendService.Id,
SslCertificates = new[]
{
defaultSSLCertificate.Id,
},
});
// forwarding rule
var defaultGlobalForwardingRule = new Gcp.Compute.GlobalForwardingRule("default", new()
{
Name = "ssl-proxy-xlb-forwarding-rule",
IpProtocol = "TCP",
LoadBalancingScheme = "EXTERNAL",
PortRange = "443",
Target = defaultTargetSSLProxy.Id,
IpAddress = defaultGlobalAddress.Id,
});
// allow access from health check ranges
var defaultFirewall = new Gcp.Compute.Firewall("default", new()
{
Name = "ssl-proxy-xlb-fw-allow-hc",
Direction = "INGRESS",
Network = @default.Id,
SourceRanges = new[]
{
"130.211.0.0/22",
"35.191.0.0/16",
},
Allows = new[]
{
new Gcp.Compute.Inputs.FirewallAllowArgs
{
Protocol = "tcp",
},
},
TargetTags = new[]
{
"allow-health-check",
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.compute.Network;
import com.pulumi.gcp.compute.NetworkArgs;
import com.pulumi.gcp.compute.Subnetwork;
import com.pulumi.gcp.compute.SubnetworkArgs;
import com.pulumi.gcp.compute.GlobalAddress;
import com.pulumi.gcp.compute.GlobalAddressArgs;
import com.pulumi.tls.PrivateKey;
import com.pulumi.tls.PrivateKeyArgs;
import com.pulumi.tls.SelfSignedCert;
import com.pulumi.tls.SelfSignedCertArgs;
import com.pulumi.tls.inputs.SelfSignedCertSubjectArgs;
import com.pulumi.gcp.compute.SSLCertificate;
import com.pulumi.gcp.compute.SSLCertificateArgs;
import com.pulumi.gcp.compute.HealthCheck;
import com.pulumi.gcp.compute.HealthCheckArgs;
import com.pulumi.gcp.compute.inputs.HealthCheckTcpHealthCheckArgs;
import com.pulumi.gcp.compute.InstanceTemplate;
import com.pulumi.gcp.compute.InstanceTemplateArgs;
import com.pulumi.gcp.compute.inputs.InstanceTemplateNetworkInterfaceArgs;
import com.pulumi.gcp.compute.inputs.InstanceTemplateDiskArgs;
import com.pulumi.gcp.compute.InstanceGroupManager;
import com.pulumi.gcp.compute.InstanceGroupManagerArgs;
import com.pulumi.gcp.compute.inputs.InstanceGroupManagerNamedPortArgs;
import com.pulumi.gcp.compute.inputs.InstanceGroupManagerVersionArgs;
import com.pulumi.gcp.compute.BackendService;
import com.pulumi.gcp.compute.BackendServiceArgs;
import com.pulumi.gcp.compute.inputs.BackendServiceBackendArgs;
import com.pulumi.gcp.compute.TargetSSLProxy;
import com.pulumi.gcp.compute.TargetSSLProxyArgs;
import com.pulumi.gcp.compute.GlobalForwardingRule;
import com.pulumi.gcp.compute.GlobalForwardingRuleArgs;
import com.pulumi.gcp.compute.Firewall;
import com.pulumi.gcp.compute.FirewallArgs;
import com.pulumi.gcp.compute.inputs.FirewallAllowArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
// External SSL proxy load balancer with managed instance group backend
// VPC
var default_ = new Network("default", NetworkArgs.builder()
.name("ssl-proxy-xlb-network")
.autoCreateSubnetworks(false)
.build());
// backend subnet
var defaultSubnetwork = new Subnetwork("defaultSubnetwork", SubnetworkArgs.builder()
.name("ssl-proxy-xlb-subnet")
.ipCidrRange("10.0.1.0/24")
.region("us-central1")
.network(default_.id())
.build());
// reserved IP address
var defaultGlobalAddress = new GlobalAddress("defaultGlobalAddress", GlobalAddressArgs.builder()
.name("ssl-proxy-xlb-ip")
.build());
// Self-signed regional SSL certificate for testing
var defaultPrivateKey = new PrivateKey("defaultPrivateKey", PrivateKeyArgs.builder()
.algorithm("RSA")
.rsaBits(2048)
.build());
var defaultSelfSignedCert = new SelfSignedCert("defaultSelfSignedCert", SelfSignedCertArgs.builder()
.keyAlgorithm(defaultPrivateKey.algorithm())
.privateKeyPem(defaultPrivateKey.privateKeyPem())
.validityPeriodHours(12)
.earlyRenewalHours(3)
.allowedUses(
"key_encipherment",
"digital_signature",
"server_auth")
.dnsNames("example.com")
.subject(SelfSignedCertSubjectArgs.builder()
.commonName("example.com")
.organization("ACME Examples, Inc")
.build())
.build());
var defaultSSLCertificate = new SSLCertificate("defaultSSLCertificate", SSLCertificateArgs.builder()
.name("default-cert")
.privateKey(defaultPrivateKey.privateKeyPem())
.certificate(defaultSelfSignedCert.certPem())
.build());
var defaultHealthCheck = new HealthCheck("defaultHealthCheck", HealthCheckArgs.builder()
.name("ssl-proxy-health-check")
.timeoutSec(1)
.checkIntervalSec(1)
.tcpHealthCheck(HealthCheckTcpHealthCheckArgs.builder()
.port("443")
.build())
.build());
// instance template
var defaultInstanceTemplate = new InstanceTemplate("defaultInstanceTemplate", InstanceTemplateArgs.builder()
.networkInterfaces(InstanceTemplateNetworkInterfaceArgs.builder()
.accessConfigs()
.network(default_.id())
.subnetwork(defaultSubnetwork.id())
.build())
.name("ssl-proxy-xlb-mig-template")
.machineType("e2-small")
.tags("allow-health-check")
.disks(InstanceTemplateDiskArgs.builder()
.sourceImage("debian-cloud/debian-10")
.autoDelete(true)
.boot(true)
.build())
.metadata(Map.of("startup-script", """
#! /bin/bash
set -euo pipefail
export DEBIAN_FRONTEND=noninteractive
sudo apt-get update
sudo apt-get install -y apache2 jq
sudo a2ensite default-ssl
sudo a2enmod ssl
sudo service apache2 restart
NAME=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/hostname")
IP=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/0/ip")
METADATA=$(curl -f -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/attributes/?recursive=True" | jq 'del(.["startup-script"])')
cat <<EOF > /var/www/html/index.html
<h1>SSL Load Balancer</h1>
<pre>
Name: $NAME
IP: $IP
Metadata: $METADATA
</pre>
EOF
"""))
.build());
// MIG
var defaultInstanceGroupManager = new InstanceGroupManager("defaultInstanceGroupManager", InstanceGroupManagerArgs.builder()
.name("ssl-proxy-xlb-mig1")
.zone("us-central1-c")
.namedPorts(InstanceGroupManagerNamedPortArgs.builder()
.name("tcp")
.port(443)
.build())
.versions(InstanceGroupManagerVersionArgs.builder()
.instanceTemplate(defaultInstanceTemplate.id())
.name("primary")
.build())
.baseInstanceName("vm")
.targetSize(2)
.build());
// backend service
var defaultBackendService = new BackendService("defaultBackendService", BackendServiceArgs.builder()
.name("ssl-proxy-xlb-backend-service")
.protocol("SSL")
.portName("tcp")
.loadBalancingScheme("EXTERNAL")
.timeoutSec(10)
.healthChecks(defaultHealthCheck.id())
.backends(BackendServiceBackendArgs.builder()
.group(defaultInstanceGroupManager.instanceGroup())
.balancingMode("UTILIZATION")
.maxUtilization(1)
.capacityScaler(1)
.build())
.build());
var defaultTargetSSLProxy = new TargetSSLProxy("defaultTargetSSLProxy", TargetSSLProxyArgs.builder()
.name("test-proxy")
.backendService(defaultBackendService.id())
.sslCertificates(defaultSSLCertificate.id())
.build());
// forwarding rule
var defaultGlobalForwardingRule = new GlobalForwardingRule("defaultGlobalForwardingRule", GlobalForwardingRuleArgs.builder()
.name("ssl-proxy-xlb-forwarding-rule")
.ipProtocol("TCP")
.loadBalancingScheme("EXTERNAL")
.portRange("443")
.target(defaultTargetSSLProxy.id())
.ipAddress(defaultGlobalAddress.id())
.build());
// allow access from health check ranges
var defaultFirewall = new Firewall("defaultFirewall", FirewallArgs.builder()
.name("ssl-proxy-xlb-fw-allow-hc")
.direction("INGRESS")
.network(default_.id())
.sourceRanges(
"130.211.0.0/22",
"35.191.0.0/16")
.allows(FirewallAllowArgs.builder()
.protocol("tcp")
.build())
.targetTags("allow-health-check")
.build());
}
}
resources:
# External SSL proxy load balancer with managed instance group backend
# VPC
default:
type: gcp:compute:Network
properties:
name: ssl-proxy-xlb-network
autoCreateSubnetworks: false
# backend subnet
defaultSubnetwork:
type: gcp:compute:Subnetwork
name: default
properties:
name: ssl-proxy-xlb-subnet
ipCidrRange: 10.0.1.0/24
region: us-central1
network: ${default.id}
# reserved IP address
defaultGlobalAddress:
type: gcp:compute:GlobalAddress
name: default
properties:
name: ssl-proxy-xlb-ip
# Self-signed regional SSL certificate for testing
defaultPrivateKey:
type: tls:PrivateKey
name: default
properties:
algorithm: RSA
rsaBits: 2048
defaultSelfSignedCert:
type: tls:SelfSignedCert
name: default
properties:
keyAlgorithm: ${defaultPrivateKey.algorithm}
privateKeyPem: ${defaultPrivateKey.privateKeyPem}
validityPeriodHours: 12 # Generate a new certificate if Terraform is run within three
# # hours of the certificate's expiration time.
earlyRenewalHours: 3 # Reasonable set of uses for a server SSL certificate.
allowedUses:
- key_encipherment
- digital_signature
- server_auth
dnsNames:
- example.com
subject:
commonName: example.com
organization: ACME Examples, Inc
defaultSSLCertificate:
type: gcp:compute:SSLCertificate
name: default
properties:
name: default-cert
privateKey: ${defaultPrivateKey.privateKeyPem}
certificate: ${defaultSelfSignedCert.certPem}
defaultTargetSSLProxy:
type: gcp:compute:TargetSSLProxy
name: default
properties:
name: test-proxy
backendService: ${defaultBackendService.id}
sslCertificates:
- ${defaultSSLCertificate.id}
# forwarding rule
defaultGlobalForwardingRule:
type: gcp:compute:GlobalForwardingRule
name: default
properties:
name: ssl-proxy-xlb-forwarding-rule
ipProtocol: TCP
loadBalancingScheme: EXTERNAL
portRange: '443'
target: ${defaultTargetSSLProxy.id}
ipAddress: ${defaultGlobalAddress.id}
# backend service
defaultBackendService:
type: gcp:compute:BackendService
name: default
properties:
name: ssl-proxy-xlb-backend-service
protocol: SSL
portName: tcp
loadBalancingScheme: EXTERNAL
timeoutSec: 10
healthChecks: ${defaultHealthCheck.id}
backends:
- group: ${defaultInstanceGroupManager.instanceGroup}
balancingMode: UTILIZATION
maxUtilization: 1
capacityScaler: 1
defaultHealthCheck:
type: gcp:compute:HealthCheck
name: default
properties:
name: ssl-proxy-health-check
timeoutSec: 1
checkIntervalSec: 1
tcpHealthCheck:
port: '443'
# instance template
defaultInstanceTemplate:
type: gcp:compute:InstanceTemplate
name: default
properties:
networkInterfaces:
- accessConfigs:
- {}
network: ${default.id}
subnetwork: ${defaultSubnetwork.id}
name: ssl-proxy-xlb-mig-template
machineType: e2-small
tags:
- allow-health-check
disks:
- sourceImage: debian-cloud/debian-10
autoDelete: true
boot: true
metadata:
startup-script: |
#! /bin/bash
set -euo pipefail
export DEBIAN_FRONTEND=noninteractive
sudo apt-get update
sudo apt-get install -y apache2 jq
sudo a2ensite default-ssl
sudo a2enmod ssl
sudo service apache2 restart
NAME=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/hostname")
IP=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/0/ip")
METADATA=$(curl -f -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/attributes/?recursive=True" | jq 'del(.["startup-script"])')
cat <<EOF > /var/www/html/index.html
<h1>SSL Load Balancer</h1>
<pre>
Name: $NAME
IP: $IP
Metadata: $METADATA
</pre>
EOF
# MIG
defaultInstanceGroupManager:
type: gcp:compute:InstanceGroupManager
name: default
properties:
name: ssl-proxy-xlb-mig1
zone: us-central1-c
namedPorts:
- name: tcp
port: 443
versions:
- instanceTemplate: ${defaultInstanceTemplate.id}
name: primary
baseInstanceName: vm
targetSize: 2
# allow access from health check ranges
defaultFirewall:
type: gcp:compute:Firewall
name: default
properties:
name: ssl-proxy-xlb-fw-allow-hc
direction: INGRESS
network: ${default.id}
sourceRanges:
- 130.211.0.0/22
- 35.191.0.0/16
allows:
- protocol: tcp
targetTags:
- allow-health-check
External Tcp Proxy Lb Mig Backend
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
// External TCP proxy load balancer with managed instance group backend
// VPC
const _default = new gcp.compute.Network("default", {
name: "tcp-proxy-xlb-network",
autoCreateSubnetworks: false,
});
// backend subnet
const defaultSubnetwork = new gcp.compute.Subnetwork("default", {
name: "tcp-proxy-xlb-subnet",
ipCidrRange: "10.0.1.0/24",
region: "us-central1",
network: _default.id,
});
// reserved IP address
const defaultGlobalAddress = new gcp.compute.GlobalAddress("default", {name: "tcp-proxy-xlb-ip"});
const defaultHealthCheck = new gcp.compute.HealthCheck("default", {
name: "tcp-proxy-health-check",
timeoutSec: 1,
checkIntervalSec: 1,
tcpHealthCheck: {
port: 80,
},
});
// instance template
const defaultInstanceTemplate = new gcp.compute.InstanceTemplate("default", {
networkInterfaces: [{
accessConfigs: [{}],
network: _default.id,
subnetwork: defaultSubnetwork.id,
}],
name: "tcp-proxy-xlb-mig-template",
machineType: "e2-small",
tags: ["allow-health-check"],
disks: [{
sourceImage: "debian-cloud/debian-10",
autoDelete: true,
boot: true,
}],
metadata: {
"startup-script": `#! /bin/bash
set -euo pipefail
export DEBIAN_FRONTEND=noninteractive
apt-get update
apt-get install -y nginx-light jq
NAME=(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/hostname")
IP=(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/0/ip")
METADATA=(curl -f -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/attributes/?recursive=True" | jq 'del(.["startup-script"])')
cat <<EOF > /var/www/html/index.html
<pre>
Name: NAME
IP: IP
Metadata: METADATA
</pre>
EOF
`,
},
});
// MIG
const defaultInstanceGroupManager = new gcp.compute.InstanceGroupManager("default", {
name: "tcp-proxy-xlb-mig1",
zone: "us-central1-c",
namedPorts: [{
name: "tcp",
port: 80,
}],
versions: [{
instanceTemplate: defaultInstanceTemplate.id,
name: "primary",
}],
baseInstanceName: "vm",
targetSize: 2,
});
// backend service
const defaultBackendService = new gcp.compute.BackendService("default", {
name: "tcp-proxy-xlb-backend-service",
protocol: "TCP",
portName: "tcp",
loadBalancingScheme: "EXTERNAL",
timeoutSec: 10,
healthChecks: defaultHealthCheck.id,
backends: [{
group: defaultInstanceGroupManager.instanceGroup,
balancingMode: "UTILIZATION",
maxUtilization: 1,
capacityScaler: 1,
}],
});
const defaultTargetTCPProxy = new gcp.compute.TargetTCPProxy("default", {
name: "test-proxy-health-check",
backendService: defaultBackendService.id,
});
// forwarding rule
const defaultGlobalForwardingRule = new gcp.compute.GlobalForwardingRule("default", {
name: "tcp-proxy-xlb-forwarding-rule",
ipProtocol: "TCP",
loadBalancingScheme: "EXTERNAL",
portRange: "110",
target: defaultTargetTCPProxy.id,
ipAddress: defaultGlobalAddress.id,
});
// allow access from health check ranges
const defaultFirewall = new gcp.compute.Firewall("default", {
name: "tcp-proxy-xlb-fw-allow-hc",
direction: "INGRESS",
network: _default.id,
sourceRanges: [
"130.211.0.0/22",
"35.191.0.0/16",
],
allows: [{
protocol: "tcp",
}],
targetTags: ["allow-health-check"],
});
import pulumi
import pulumi_gcp as gcp
# External TCP proxy load balancer with managed instance group backend
# VPC
default = gcp.compute.Network("default",
name="tcp-proxy-xlb-network",
auto_create_subnetworks=False)
# backend subnet
default_subnetwork = gcp.compute.Subnetwork("default",
name="tcp-proxy-xlb-subnet",
ip_cidr_range="10.0.1.0/24",
region="us-central1",
network=default.id)
# reserved IP address
default_global_address = gcp.compute.GlobalAddress("default", name="tcp-proxy-xlb-ip")
default_health_check = gcp.compute.HealthCheck("default",
name="tcp-proxy-health-check",
timeout_sec=1,
check_interval_sec=1,
tcp_health_check=gcp.compute.HealthCheckTcpHealthCheckArgs(
port=80,
))
# instance template
default_instance_template = gcp.compute.InstanceTemplate("default",
network_interfaces=[gcp.compute.InstanceTemplateNetworkInterfaceArgs(
access_configs=[gcp.compute.InstanceTemplateNetworkInterfaceAccessConfigArgs()],
network=default.id,
subnetwork=default_subnetwork.id,
)],
name="tcp-proxy-xlb-mig-template",
machine_type="e2-small",
tags=["allow-health-check"],
disks=[gcp.compute.InstanceTemplateDiskArgs(
source_image="debian-cloud/debian-10",
auto_delete=True,
boot=True,
)],
metadata={
"startup-script": """#! /bin/bash
set -euo pipefail
export DEBIAN_FRONTEND=noninteractive
apt-get update
apt-get install -y nginx-light jq
NAME=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/hostname")
IP=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/0/ip")
METADATA=$(curl -f -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/attributes/?recursive=True" | jq 'del(.["startup-script"])')
cat <<EOF > /var/www/html/index.html
<pre>
Name: $NAME
IP: $IP
Metadata: $METADATA
</pre>
EOF
""",
})
# MIG
default_instance_group_manager = gcp.compute.InstanceGroupManager("default",
name="tcp-proxy-xlb-mig1",
zone="us-central1-c",
named_ports=[gcp.compute.InstanceGroupManagerNamedPortArgs(
name="tcp",
port=80,
)],
versions=[gcp.compute.InstanceGroupManagerVersionArgs(
instance_template=default_instance_template.id,
name="primary",
)],
base_instance_name="vm",
target_size=2)
# backend service
default_backend_service = gcp.compute.BackendService("default",
name="tcp-proxy-xlb-backend-service",
protocol="TCP",
port_name="tcp",
load_balancing_scheme="EXTERNAL",
timeout_sec=10,
health_checks=default_health_check.id,
backends=[gcp.compute.BackendServiceBackendArgs(
group=default_instance_group_manager.instance_group,
balancing_mode="UTILIZATION",
max_utilization=1,
capacity_scaler=1,
)])
default_target_tcp_proxy = gcp.compute.TargetTCPProxy("default",
name="test-proxy-health-check",
backend_service=default_backend_service.id)
# forwarding rule
default_global_forwarding_rule = gcp.compute.GlobalForwardingRule("default",
name="tcp-proxy-xlb-forwarding-rule",
ip_protocol="TCP",
load_balancing_scheme="EXTERNAL",
port_range="110",
target=default_target_tcp_proxy.id,
ip_address=default_global_address.id)
# allow access from health check ranges
default_firewall = gcp.compute.Firewall("default",
name="tcp-proxy-xlb-fw-allow-hc",
direction="INGRESS",
network=default.id,
source_ranges=[
"130.211.0.0/22",
"35.191.0.0/16",
],
allows=[gcp.compute.FirewallAllowArgs(
protocol="tcp",
)],
target_tags=["allow-health-check"])
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
// External TCP proxy load balancer with managed instance group backend
// VPC
_, err := compute.NewNetwork(ctx, "default", &compute.NetworkArgs{
Name: pulumi.String("tcp-proxy-xlb-network"),
AutoCreateSubnetworks: pulumi.Bool(false),
})
if err != nil {
return err
}
// backend subnet
defaultSubnetwork, err := compute.NewSubnetwork(ctx, "default", &compute.SubnetworkArgs{
Name: pulumi.String("tcp-proxy-xlb-subnet"),
IpCidrRange: pulumi.String("10.0.1.0/24"),
Region: pulumi.String("us-central1"),
Network: _default.ID(),
})
if err != nil {
return err
}
// reserved IP address
defaultGlobalAddress, err := compute.NewGlobalAddress(ctx, "default", &compute.GlobalAddressArgs{
Name: pulumi.String("tcp-proxy-xlb-ip"),
})
if err != nil {
return err
}
defaultHealthCheck, err := compute.NewHealthCheck(ctx, "default", &compute.HealthCheckArgs{
Name: pulumi.String("tcp-proxy-health-check"),
TimeoutSec: pulumi.Int(1),
CheckIntervalSec: pulumi.Int(1),
TcpHealthCheck: &compute.HealthCheckTcpHealthCheckArgs{
Port: pulumi.Int(80),
},
})
if err != nil {
return err
}
// instance template
defaultInstanceTemplate, err := compute.NewInstanceTemplate(ctx, "default", &compute.InstanceTemplateArgs{
NetworkInterfaces: compute.InstanceTemplateNetworkInterfaceArray{
&compute.InstanceTemplateNetworkInterfaceArgs{
AccessConfigs: compute.InstanceTemplateNetworkInterfaceAccessConfigArray{
nil,
},
Network: _default.ID(),
Subnetwork: defaultSubnetwork.ID(),
},
},
Name: pulumi.String("tcp-proxy-xlb-mig-template"),
MachineType: pulumi.String("e2-small"),
Tags: pulumi.StringArray{
pulumi.String("allow-health-check"),
},
Disks: compute.InstanceTemplateDiskArray{
&compute.InstanceTemplateDiskArgs{
SourceImage: pulumi.String("debian-cloud/debian-10"),
AutoDelete: pulumi.Bool(true),
Boot: pulumi.Bool(true),
},
},
Metadata: pulumi.Map{
"startup-script": pulumi.Any(`#! /bin/bash
set -euo pipefail
export DEBIAN_FRONTEND=noninteractive
apt-get update
apt-get install -y nginx-light jq
NAME=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/hostname")
IP=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/0/ip")
METADATA=$(curl -f -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/attributes/?recursive=True" | jq 'del(.["startup-script"])')
cat <<EOF > /var/www/html/index.html
<pre>
Name: $NAME
IP: $IP
Metadata: $METADATA
</pre>
EOF
`),
},
})
if err != nil {
return err
}
// MIG
defaultInstanceGroupManager, err := compute.NewInstanceGroupManager(ctx, "default", &compute.InstanceGroupManagerArgs{
Name: pulumi.String("tcp-proxy-xlb-mig1"),
Zone: pulumi.String("us-central1-c"),
NamedPorts: compute.InstanceGroupManagerNamedPortArray{
&compute.InstanceGroupManagerNamedPortArgs{
Name: pulumi.String("tcp"),
Port: pulumi.Int(80),
},
},
Versions: compute.InstanceGroupManagerVersionArray{
&compute.InstanceGroupManagerVersionArgs{
InstanceTemplate: defaultInstanceTemplate.ID(),
Name: pulumi.String("primary"),
},
},
BaseInstanceName: pulumi.String("vm"),
TargetSize: pulumi.Int(2),
})
if err != nil {
return err
}
// backend service
defaultBackendService, err := compute.NewBackendService(ctx, "default", &compute.BackendServiceArgs{
Name: pulumi.String("tcp-proxy-xlb-backend-service"),
Protocol: pulumi.String("TCP"),
PortName: pulumi.String("tcp"),
LoadBalancingScheme: pulumi.String("EXTERNAL"),
TimeoutSec: pulumi.Int(10),
HealthChecks: defaultHealthCheck.ID(),
Backends: compute.BackendServiceBackendArray{
&compute.BackendServiceBackendArgs{
Group: defaultInstanceGroupManager.InstanceGroup,
BalancingMode: pulumi.String("UTILIZATION"),
MaxUtilization: pulumi.Float64(1),
CapacityScaler: pulumi.Float64(1),
},
},
})
if err != nil {
return err
}
defaultTargetTCPProxy, err := compute.NewTargetTCPProxy(ctx, "default", &compute.TargetTCPProxyArgs{
Name: pulumi.String("test-proxy-health-check"),
BackendService: defaultBackendService.ID(),
})
if err != nil {
return err
}
// forwarding rule
_, err = compute.NewGlobalForwardingRule(ctx, "default", &compute.GlobalForwardingRuleArgs{
Name: pulumi.String("tcp-proxy-xlb-forwarding-rule"),
IpProtocol: pulumi.String("TCP"),
LoadBalancingScheme: pulumi.String("EXTERNAL"),
PortRange: pulumi.String("110"),
Target: defaultTargetTCPProxy.ID(),
IpAddress: defaultGlobalAddress.ID(),
})
if err != nil {
return err
}
// allow access from health check ranges
_, err = compute.NewFirewall(ctx, "default", &compute.FirewallArgs{
Name: pulumi.String("tcp-proxy-xlb-fw-allow-hc"),
Direction: pulumi.String("INGRESS"),
Network: _default.ID(),
SourceRanges: pulumi.StringArray{
pulumi.String("130.211.0.0/22"),
pulumi.String("35.191.0.0/16"),
},
Allows: compute.FirewallAllowArray{
&compute.FirewallAllowArgs{
Protocol: pulumi.String("tcp"),
},
},
TargetTags: pulumi.StringArray{
pulumi.String("allow-health-check"),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
// External TCP proxy load balancer with managed instance group backend
// VPC
var @default = new Gcp.Compute.Network("default", new()
{
Name = "tcp-proxy-xlb-network",
AutoCreateSubnetworks = false,
});
// backend subnet
var defaultSubnetwork = new Gcp.Compute.Subnetwork("default", new()
{
Name = "tcp-proxy-xlb-subnet",
IpCidrRange = "10.0.1.0/24",
Region = "us-central1",
Network = @default.Id,
});
// reserved IP address
var defaultGlobalAddress = new Gcp.Compute.GlobalAddress("default", new()
{
Name = "tcp-proxy-xlb-ip",
});
var defaultHealthCheck = new Gcp.Compute.HealthCheck("default", new()
{
Name = "tcp-proxy-health-check",
TimeoutSec = 1,
CheckIntervalSec = 1,
TcpHealthCheck = new Gcp.Compute.Inputs.HealthCheckTcpHealthCheckArgs
{
Port = 80,
},
});
// instance template
var defaultInstanceTemplate = new Gcp.Compute.InstanceTemplate("default", new()
{
NetworkInterfaces = new[]
{
new Gcp.Compute.Inputs.InstanceTemplateNetworkInterfaceArgs
{
AccessConfigs = new[]
{
null,
},
Network = @default.Id,
Subnetwork = defaultSubnetwork.Id,
},
},
Name = "tcp-proxy-xlb-mig-template",
MachineType = "e2-small",
Tags = new[]
{
"allow-health-check",
},
Disks = new[]
{
new Gcp.Compute.Inputs.InstanceTemplateDiskArgs
{
SourceImage = "debian-cloud/debian-10",
AutoDelete = true,
Boot = true,
},
},
Metadata =
{
{ "startup-script", @"#! /bin/bash
set -euo pipefail
export DEBIAN_FRONTEND=noninteractive
apt-get update
apt-get install -y nginx-light jq
NAME=$(curl -H ""Metadata-Flavor: Google"" ""http://metadata.google.internal/computeMetadata/v1/instance/hostname"")
IP=$(curl -H ""Metadata-Flavor: Google"" ""http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/0/ip"")
METADATA=$(curl -f -H ""Metadata-Flavor: Google"" ""http://metadata.google.internal/computeMetadata/v1/instance/attributes/?recursive=True"" | jq 'del(.[""startup-script""])')
cat <<EOF > /var/www/html/index.html
<pre>
Name: $NAME
IP: $IP
Metadata: $METADATA
</pre>
EOF
" },
},
});
// MIG
var defaultInstanceGroupManager = new Gcp.Compute.InstanceGroupManager("default", new()
{
Name = "tcp-proxy-xlb-mig1",
Zone = "us-central1-c",
NamedPorts = new[]
{
new Gcp.Compute.Inputs.InstanceGroupManagerNamedPortArgs
{
Name = "tcp",
Port = 80,
},
},
Versions = new[]
{
new Gcp.Compute.Inputs.InstanceGroupManagerVersionArgs
{
InstanceTemplate = defaultInstanceTemplate.Id,
Name = "primary",
},
},
BaseInstanceName = "vm",
TargetSize = 2,
});
// backend service
var defaultBackendService = new Gcp.Compute.BackendService("default", new()
{
Name = "tcp-proxy-xlb-backend-service",
Protocol = "TCP",
PortName = "tcp",
LoadBalancingScheme = "EXTERNAL",
TimeoutSec = 10,
HealthChecks = defaultHealthCheck.Id,
Backends = new[]
{
new Gcp.Compute.Inputs.BackendServiceBackendArgs
{
Group = defaultInstanceGroupManager.InstanceGroup,
BalancingMode = "UTILIZATION",
MaxUtilization = 1,
CapacityScaler = 1,
},
},
});
var defaultTargetTCPProxy = new Gcp.Compute.TargetTCPProxy("default", new()
{
Name = "test-proxy-health-check",
BackendService = defaultBackendService.Id,
});
// forwarding rule
var defaultGlobalForwardingRule = new Gcp.Compute.GlobalForwardingRule("default", new()
{
Name = "tcp-proxy-xlb-forwarding-rule",
IpProtocol = "TCP",
LoadBalancingScheme = "EXTERNAL",
PortRange = "110",
Target = defaultTargetTCPProxy.Id,
IpAddress = defaultGlobalAddress.Id,
});
// allow access from health check ranges
var defaultFirewall = new Gcp.Compute.Firewall("default", new()
{
Name = "tcp-proxy-xlb-fw-allow-hc",
Direction = "INGRESS",
Network = @default.Id,
SourceRanges = new[]
{
"130.211.0.0/22",
"35.191.0.0/16",
},
Allows = new[]
{
new Gcp.Compute.Inputs.FirewallAllowArgs
{
Protocol = "tcp",
},
},
TargetTags = new[]
{
"allow-health-check",
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.compute.Network;
import com.pulumi.gcp.compute.NetworkArgs;
import com.pulumi.gcp.compute.Subnetwork;
import com.pulumi.gcp.compute.SubnetworkArgs;
import com.pulumi.gcp.compute.GlobalAddress;
import com.pulumi.gcp.compute.GlobalAddressArgs;
import com.pulumi.gcp.compute.HealthCheck;
import com.pulumi.gcp.compute.HealthCheckArgs;
import com.pulumi.gcp.compute.inputs.HealthCheckTcpHealthCheckArgs;
import com.pulumi.gcp.compute.InstanceTemplate;
import com.pulumi.gcp.compute.InstanceTemplateArgs;
import com.pulumi.gcp.compute.inputs.InstanceTemplateNetworkInterfaceArgs;
import com.pulumi.gcp.compute.inputs.InstanceTemplateDiskArgs;
import com.pulumi.gcp.compute.InstanceGroupManager;
import com.pulumi.gcp.compute.InstanceGroupManagerArgs;
import com.pulumi.gcp.compute.inputs.InstanceGroupManagerNamedPortArgs;
import com.pulumi.gcp.compute.inputs.InstanceGroupManagerVersionArgs;
import com.pulumi.gcp.compute.BackendService;
import com.pulumi.gcp.compute.BackendServiceArgs;
import com.pulumi.gcp.compute.inputs.BackendServiceBackendArgs;
import com.pulumi.gcp.compute.TargetTCPProxy;
import com.pulumi.gcp.compute.TargetTCPProxyArgs;
import com.pulumi.gcp.compute.GlobalForwardingRule;
import com.pulumi.gcp.compute.GlobalForwardingRuleArgs;
import com.pulumi.gcp.compute.Firewall;
import com.pulumi.gcp.compute.FirewallArgs;
import com.pulumi.gcp.compute.inputs.FirewallAllowArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
// External TCP proxy load balancer with managed instance group backend
// VPC
var default_ = new Network("default", NetworkArgs.builder()
.name("tcp-proxy-xlb-network")
.autoCreateSubnetworks(false)
.build());
// backend subnet
var defaultSubnetwork = new Subnetwork("defaultSubnetwork", SubnetworkArgs.builder()
.name("tcp-proxy-xlb-subnet")
.ipCidrRange("10.0.1.0/24")
.region("us-central1")
.network(default_.id())
.build());
// reserved IP address
var defaultGlobalAddress = new GlobalAddress("defaultGlobalAddress", GlobalAddressArgs.builder()
.name("tcp-proxy-xlb-ip")
.build());
var defaultHealthCheck = new HealthCheck("defaultHealthCheck", HealthCheckArgs.builder()
.name("tcp-proxy-health-check")
.timeoutSec(1)
.checkIntervalSec(1)
.tcpHealthCheck(HealthCheckTcpHealthCheckArgs.builder()
.port("80")
.build())
.build());
// instance template
var defaultInstanceTemplate = new InstanceTemplate("defaultInstanceTemplate", InstanceTemplateArgs.builder()
.networkInterfaces(InstanceTemplateNetworkInterfaceArgs.builder()
.accessConfigs()
.network(default_.id())
.subnetwork(defaultSubnetwork.id())
.build())
.name("tcp-proxy-xlb-mig-template")
.machineType("e2-small")
.tags("allow-health-check")
.disks(InstanceTemplateDiskArgs.builder()
.sourceImage("debian-cloud/debian-10")
.autoDelete(true)
.boot(true)
.build())
.metadata(Map.of("startup-script", """
#! /bin/bash
set -euo pipefail
export DEBIAN_FRONTEND=noninteractive
apt-get update
apt-get install -y nginx-light jq
NAME=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/hostname")
IP=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/0/ip")
METADATA=$(curl -f -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/attributes/?recursive=True" | jq 'del(.["startup-script"])')
cat <<EOF > /var/www/html/index.html
<pre>
Name: $NAME
IP: $IP
Metadata: $METADATA
</pre>
EOF
"""))
.build());
// MIG
var defaultInstanceGroupManager = new InstanceGroupManager("defaultInstanceGroupManager", InstanceGroupManagerArgs.builder()
.name("tcp-proxy-xlb-mig1")
.zone("us-central1-c")
.namedPorts(InstanceGroupManagerNamedPortArgs.builder()
.name("tcp")
.port(80)
.build())
.versions(InstanceGroupManagerVersionArgs.builder()
.instanceTemplate(defaultInstanceTemplate.id())
.name("primary")
.build())
.baseInstanceName("vm")
.targetSize(2)
.build());
// backend service
var defaultBackendService = new BackendService("defaultBackendService", BackendServiceArgs.builder()
.name("tcp-proxy-xlb-backend-service")
.protocol("TCP")
.portName("tcp")
.loadBalancingScheme("EXTERNAL")
.timeoutSec(10)
.healthChecks(defaultHealthCheck.id())
.backends(BackendServiceBackendArgs.builder()
.group(defaultInstanceGroupManager.instanceGroup())
.balancingMode("UTILIZATION")
.maxUtilization(1)
.capacityScaler(1)
.build())
.build());
var defaultTargetTCPProxy = new TargetTCPProxy("defaultTargetTCPProxy", TargetTCPProxyArgs.builder()
.name("test-proxy-health-check")
.backendService(defaultBackendService.id())
.build());
// forwarding rule
var defaultGlobalForwardingRule = new GlobalForwardingRule("defaultGlobalForwardingRule", GlobalForwardingRuleArgs.builder()
.name("tcp-proxy-xlb-forwarding-rule")
.ipProtocol("TCP")
.loadBalancingScheme("EXTERNAL")
.portRange("110")
.target(defaultTargetTCPProxy.id())
.ipAddress(defaultGlobalAddress.id())
.build());
// allow access from health check ranges
var defaultFirewall = new Firewall("defaultFirewall", FirewallArgs.builder()
.name("tcp-proxy-xlb-fw-allow-hc")
.direction("INGRESS")
.network(default_.id())
.sourceRanges(
"130.211.0.0/22",
"35.191.0.0/16")
.allows(FirewallAllowArgs.builder()
.protocol("tcp")
.build())
.targetTags("allow-health-check")
.build());
}
}
resources:
# External TCP proxy load balancer with managed instance group backend
# VPC
default:
type: gcp:compute:Network
properties:
name: tcp-proxy-xlb-network
autoCreateSubnetworks: false
# backend subnet
defaultSubnetwork:
type: gcp:compute:Subnetwork
name: default
properties:
name: tcp-proxy-xlb-subnet
ipCidrRange: 10.0.1.0/24
region: us-central1
network: ${default.id}
# reserved IP address
defaultGlobalAddress:
type: gcp:compute:GlobalAddress
name: default
properties:
name: tcp-proxy-xlb-ip
# forwarding rule
defaultGlobalForwardingRule:
type: gcp:compute:GlobalForwardingRule
name: default
properties:
name: tcp-proxy-xlb-forwarding-rule
ipProtocol: TCP
loadBalancingScheme: EXTERNAL
portRange: '110'
target: ${defaultTargetTCPProxy.id}
ipAddress: ${defaultGlobalAddress.id}
defaultTargetTCPProxy:
type: gcp:compute:TargetTCPProxy
name: default
properties:
name: test-proxy-health-check
backendService: ${defaultBackendService.id}
# backend service
defaultBackendService:
type: gcp:compute:BackendService
name: default
properties:
name: tcp-proxy-xlb-backend-service
protocol: TCP
portName: tcp
loadBalancingScheme: EXTERNAL
timeoutSec: 10
healthChecks: ${defaultHealthCheck.id}
backends:
- group: ${defaultInstanceGroupManager.instanceGroup}
balancingMode: UTILIZATION
maxUtilization: 1
capacityScaler: 1
defaultHealthCheck:
type: gcp:compute:HealthCheck
name: default
properties:
name: tcp-proxy-health-check
timeoutSec: 1
checkIntervalSec: 1
tcpHealthCheck:
port: '80'
# instance template
defaultInstanceTemplate:
type: gcp:compute:InstanceTemplate
name: default
properties:
networkInterfaces:
- accessConfigs:
- {}
network: ${default.id}
subnetwork: ${defaultSubnetwork.id}
name: tcp-proxy-xlb-mig-template
machineType: e2-small
tags:
- allow-health-check
disks:
- sourceImage: debian-cloud/debian-10
autoDelete: true
boot: true
metadata:
startup-script: |
#! /bin/bash
set -euo pipefail
export DEBIAN_FRONTEND=noninteractive
apt-get update
apt-get install -y nginx-light jq
NAME=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/hostname")
IP=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/0/ip")
METADATA=$(curl -f -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/attributes/?recursive=True" | jq 'del(.["startup-script"])')
cat <<EOF > /var/www/html/index.html
<pre>
Name: $NAME
IP: $IP
Metadata: $METADATA
</pre>
EOF
# MIG
defaultInstanceGroupManager:
type: gcp:compute:InstanceGroupManager
name: default
properties:
name: tcp-proxy-xlb-mig1
zone: us-central1-c
namedPorts:
- name: tcp
port: 80
versions:
- instanceTemplate: ${defaultInstanceTemplate.id}
name: primary
baseInstanceName: vm
targetSize: 2
# allow access from health check ranges
defaultFirewall:
type: gcp:compute:Firewall
name: default
properties:
name: tcp-proxy-xlb-fw-allow-hc
direction: INGRESS
network: ${default.id}
sourceRanges:
- 130.211.0.0/22
- 35.191.0.0/16
allows:
- protocol: tcp
targetTags:
- allow-health-check
External Http Lb Mig Backend Custom Header
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
// External HTTP load balancer with a CDN-enabled managed instance group backend
// and custom request and response headers
// VPC
const _default = new gcp.compute.Network("default", {
name: "l7-xlb-network",
autoCreateSubnetworks: false,
});
// backend subnet
const defaultSubnetwork = new gcp.compute.Subnetwork("default", {
name: "l7-xlb-subnet",
ipCidrRange: "10.0.1.0/24",
region: "us-central1",
network: _default.id,
});
// reserved IP address
const defaultGlobalAddress = new gcp.compute.GlobalAddress("default", {name: "l7-xlb-static-ip"});
// health check
const defaultHealthCheck = new gcp.compute.HealthCheck("default", {
name: "l7-xlb-hc",
httpHealthCheck: {
portSpecification: "USE_SERVING_PORT",
},
});
// instance template
const defaultInstanceTemplate = new gcp.compute.InstanceTemplate("default", {
networkInterfaces: [{
accessConfigs: [{}],
network: _default.id,
subnetwork: defaultSubnetwork.id,
}],
name: "l7-xlb-mig-template",
machineType: "e2-small",
tags: ["allow-health-check"],
disks: [{
sourceImage: "debian-cloud/debian-10",
autoDelete: true,
boot: true,
}],
metadata: {
"startup-script": `#! /bin/bash
set -euo pipefail
export DEBIAN_FRONTEND=noninteractive
apt-get update
apt-get install -y nginx-light jq
NAME=(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/hostname")
IP=(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/0/ip")
METADATA=(curl -f -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/attributes/?recursive=True" | jq 'del(.["startup-script"])')
cat <<EOF > /var/www/html/index.html
<pre>
Name: NAME
IP: IP
Metadata: METADATA
</pre>
EOF
`,
},
});
// MIG
const defaultInstanceGroupManager = new gcp.compute.InstanceGroupManager("default", {
name: "l7-xlb-mig1",
zone: "us-central1-c",
namedPorts: [{
name: "http",
port: 8080,
}],
versions: [{
instanceTemplate: defaultInstanceTemplate.id,
name: "primary",
}],
baseInstanceName: "vm",
targetSize: 2,
});
// backend service with custom request and response headers
const defaultBackendService = new gcp.compute.BackendService("default", {
name: "l7-xlb-backend-service",
protocol: "HTTP",
portName: "my-port",
loadBalancingScheme: "EXTERNAL",
timeoutSec: 10,
enableCdn: true,
customRequestHeaders: ["X-Client-Geo-Location: {client_region_subdivision}, {client_city}"],
customResponseHeaders: ["X-Cache-Hit: {cdn_cache_status}"],
healthChecks: defaultHealthCheck.id,
backends: [{
group: defaultInstanceGroupManager.instanceGroup,
balancingMode: "UTILIZATION",
capacityScaler: 1,
}],
});
// url map
const defaultURLMap = new gcp.compute.URLMap("default", {
name: "l7-xlb-url-map",
defaultService: defaultBackendService.id,
});
// http proxy
const defaultTargetHttpProxy = new gcp.compute.TargetHttpProxy("default", {
name: "l7-xlb-target-http-proxy",
urlMap: defaultURLMap.id,
});
// forwarding rule
const defaultGlobalForwardingRule = new gcp.compute.GlobalForwardingRule("default", {
name: "l7-xlb-forwarding-rule",
ipProtocol: "TCP",
loadBalancingScheme: "EXTERNAL",
portRange: "80",
target: defaultTargetHttpProxy.id,
ipAddress: defaultGlobalAddress.id,
});
// allow access from health check ranges
const defaultFirewall = new gcp.compute.Firewall("default", {
name: "l7-xlb-fw-allow-hc",
direction: "INGRESS",
network: _default.id,
sourceRanges: [
"130.211.0.0/22",
"35.191.0.0/16",
],
allows: [{
protocol: "tcp",
}],
targetTags: ["allow-health-check"],
});
import pulumi
import pulumi_gcp as gcp
# External HTTP load balancer with a CDN-enabled managed instance group backend
# and custom request and response headers
# VPC
default = gcp.compute.Network("default",
name="l7-xlb-network",
auto_create_subnetworks=False)
# backend subnet
default_subnetwork = gcp.compute.Subnetwork("default",
name="l7-xlb-subnet",
ip_cidr_range="10.0.1.0/24",
region="us-central1",
network=default.id)
# reserved IP address
default_global_address = gcp.compute.GlobalAddress("default", name="l7-xlb-static-ip")
# health check
default_health_check = gcp.compute.HealthCheck("default",
name="l7-xlb-hc",
http_health_check=gcp.compute.HealthCheckHttpHealthCheckArgs(
port_specification="USE_SERVING_PORT",
))
# instance template
default_instance_template = gcp.compute.InstanceTemplate("default",
network_interfaces=[gcp.compute.InstanceTemplateNetworkInterfaceArgs(
access_configs=[gcp.compute.InstanceTemplateNetworkInterfaceAccessConfigArgs()],
network=default.id,
subnetwork=default_subnetwork.id,
)],
name="l7-xlb-mig-template",
machine_type="e2-small",
tags=["allow-health-check"],
disks=[gcp.compute.InstanceTemplateDiskArgs(
source_image="debian-cloud/debian-10",
auto_delete=True,
boot=True,
)],
metadata={
"startup-script": """#! /bin/bash
set -euo pipefail
export DEBIAN_FRONTEND=noninteractive
apt-get update
apt-get install -y nginx-light jq
NAME=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/hostname")
IP=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/0/ip")
METADATA=$(curl -f -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/attributes/?recursive=True" | jq 'del(.["startup-script"])')
cat <<EOF > /var/www/html/index.html
<pre>
Name: $NAME
IP: $IP
Metadata: $METADATA
</pre>
EOF
""",
})
# MIG
default_instance_group_manager = gcp.compute.InstanceGroupManager("default",
name="l7-xlb-mig1",
zone="us-central1-c",
named_ports=[gcp.compute.InstanceGroupManagerNamedPortArgs(
name="http",
port=8080,
)],
versions=[gcp.compute.InstanceGroupManagerVersionArgs(
instance_template=default_instance_template.id,
name="primary",
)],
base_instance_name="vm",
target_size=2)
# backend service with custom request and response headers
default_backend_service = gcp.compute.BackendService("default",
name="l7-xlb-backend-service",
protocol="HTTP",
port_name="my-port",
load_balancing_scheme="EXTERNAL",
timeout_sec=10,
enable_cdn=True,
custom_request_headers=["X-Client-Geo-Location: {client_region_subdivision}, {client_city}"],
custom_response_headers=["X-Cache-Hit: {cdn_cache_status}"],
health_checks=default_health_check.id,
backends=[gcp.compute.BackendServiceBackendArgs(
group=default_instance_group_manager.instance_group,
balancing_mode="UTILIZATION",
capacity_scaler=1,
)])
# url map
default_url_map = gcp.compute.URLMap("default",
name="l7-xlb-url-map",
default_service=default_backend_service.id)
# http proxy
default_target_http_proxy = gcp.compute.TargetHttpProxy("default",
name="l7-xlb-target-http-proxy",
url_map=default_url_map.id)
# forwarding rule
default_global_forwarding_rule = gcp.compute.GlobalForwardingRule("default",
name="l7-xlb-forwarding-rule",
ip_protocol="TCP",
load_balancing_scheme="EXTERNAL",
port_range="80",
target=default_target_http_proxy.id,
ip_address=default_global_address.id)
# allow access from health check ranges
default_firewall = gcp.compute.Firewall("default",
name="l7-xlb-fw-allow-hc",
direction="INGRESS",
network=default.id,
source_ranges=[
"130.211.0.0/22",
"35.191.0.0/16",
],
allows=[gcp.compute.FirewallAllowArgs(
protocol="tcp",
)],
target_tags=["allow-health-check"])
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
// External HTTP load balancer with a CDN-enabled managed instance group backend
// and custom request and response headers
// VPC
_, err := compute.NewNetwork(ctx, "default", &compute.NetworkArgs{
Name: pulumi.String("l7-xlb-network"),
AutoCreateSubnetworks: pulumi.Bool(false),
})
if err != nil {
return err
}
// backend subnet
defaultSubnetwork, err := compute.NewSubnetwork(ctx, "default", &compute.SubnetworkArgs{
Name: pulumi.String("l7-xlb-subnet"),
IpCidrRange: pulumi.String("10.0.1.0/24"),
Region: pulumi.String("us-central1"),
Network: _default.ID(),
})
if err != nil {
return err
}
// reserved IP address
defaultGlobalAddress, err := compute.NewGlobalAddress(ctx, "default", &compute.GlobalAddressArgs{
Name: pulumi.String("l7-xlb-static-ip"),
})
if err != nil {
return err
}
// health check
defaultHealthCheck, err := compute.NewHealthCheck(ctx, "default", &compute.HealthCheckArgs{
Name: pulumi.String("l7-xlb-hc"),
HttpHealthCheck: &compute.HealthCheckHttpHealthCheckArgs{
PortSpecification: pulumi.String("USE_SERVING_PORT"),
},
})
if err != nil {
return err
}
// instance template
defaultInstanceTemplate, err := compute.NewInstanceTemplate(ctx, "default", &compute.InstanceTemplateArgs{
NetworkInterfaces: compute.InstanceTemplateNetworkInterfaceArray{
&compute.InstanceTemplateNetworkInterfaceArgs{
AccessConfigs: compute.InstanceTemplateNetworkInterfaceAccessConfigArray{
nil,
},
Network: _default.ID(),
Subnetwork: defaultSubnetwork.ID(),
},
},
Name: pulumi.String("l7-xlb-mig-template"),
MachineType: pulumi.String("e2-small"),
Tags: pulumi.StringArray{
pulumi.String("allow-health-check"),
},
Disks: compute.InstanceTemplateDiskArray{
&compute.InstanceTemplateDiskArgs{
SourceImage: pulumi.String("debian-cloud/debian-10"),
AutoDelete: pulumi.Bool(true),
Boot: pulumi.Bool(true),
},
},
Metadata: pulumi.Map{
"startup-script": pulumi.Any(`#! /bin/bash
set -euo pipefail
export DEBIAN_FRONTEND=noninteractive
apt-get update
apt-get install -y nginx-light jq
NAME=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/hostname")
IP=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/0/ip")
METADATA=$(curl -f -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/attributes/?recursive=True" | jq 'del(.["startup-script"])')
cat <<EOF > /var/www/html/index.html
<pre>
Name: $NAME
IP: $IP
Metadata: $METADATA
</pre>
EOF
`),
},
})
if err != nil {
return err
}
// MIG
defaultInstanceGroupManager, err := compute.NewInstanceGroupManager(ctx, "default", &compute.InstanceGroupManagerArgs{
Name: pulumi.String("l7-xlb-mig1"),
Zone: pulumi.String("us-central1-c"),
NamedPorts: compute.InstanceGroupManagerNamedPortArray{
&compute.InstanceGroupManagerNamedPortArgs{
Name: pulumi.String("http"),
Port: pulumi.Int(8080),
},
},
Versions: compute.InstanceGroupManagerVersionArray{
&compute.InstanceGroupManagerVersionArgs{
InstanceTemplate: defaultInstanceTemplate.ID(),
Name: pulumi.String("primary"),
},
},
BaseInstanceName: pulumi.String("vm"),
TargetSize: pulumi.Int(2),
})
if err != nil {
return err
}
// backend service with custom request and response headers
defaultBackendService, err := compute.NewBackendService(ctx, "default", &compute.BackendServiceArgs{
Name: pulumi.String("l7-xlb-backend-service"),
Protocol: pulumi.String("HTTP"),
PortName: pulumi.String("my-port"),
LoadBalancingScheme: pulumi.String("EXTERNAL"),
TimeoutSec: pulumi.Int(10),
EnableCdn: pulumi.Bool(true),
CustomRequestHeaders: pulumi.StringArray{
pulumi.String("X-Client-Geo-Location: {client_region_subdivision}, {client_city}"),
},
CustomResponseHeaders: pulumi.StringArray{
pulumi.String("X-Cache-Hit: {cdn_cache_status}"),
},
HealthChecks: defaultHealthCheck.ID(),
Backends: compute.BackendServiceBackendArray{
&compute.BackendServiceBackendArgs{
Group: defaultInstanceGroupManager.InstanceGroup,
BalancingMode: pulumi.String("UTILIZATION"),
CapacityScaler: pulumi.Float64(1),
},
},
})
if err != nil {
return err
}
// url map
defaultURLMap, err := compute.NewURLMap(ctx, "default", &compute.URLMapArgs{
Name: pulumi.String("l7-xlb-url-map"),
DefaultService: defaultBackendService.ID(),
})
if err != nil {
return err
}
// http proxy
defaultTargetHttpProxy, err := compute.NewTargetHttpProxy(ctx, "default", &compute.TargetHttpProxyArgs{
Name: pulumi.String("l7-xlb-target-http-proxy"),
UrlMap: defaultURLMap.ID(),
})
if err != nil {
return err
}
// forwarding rule
_, err = compute.NewGlobalForwardingRule(ctx, "default", &compute.GlobalForwardingRuleArgs{
Name: pulumi.String("l7-xlb-forwarding-rule"),
IpProtocol: pulumi.String("TCP"),
LoadBalancingScheme: pulumi.String("EXTERNAL"),
PortRange: pulumi.String("80"),
Target: defaultTargetHttpProxy.ID(),
IpAddress: defaultGlobalAddress.ID(),
})
if err != nil {
return err
}
// allow access from health check ranges
_, err = compute.NewFirewall(ctx, "default", &compute.FirewallArgs{
Name: pulumi.String("l7-xlb-fw-allow-hc"),
Direction: pulumi.String("INGRESS"),
Network: _default.ID(),
SourceRanges: pulumi.StringArray{
pulumi.String("130.211.0.0/22"),
pulumi.String("35.191.0.0/16"),
},
Allows: compute.FirewallAllowArray{
&compute.FirewallAllowArgs{
Protocol: pulumi.String("tcp"),
},
},
TargetTags: pulumi.StringArray{
pulumi.String("allow-health-check"),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
// External HTTP load balancer with a CDN-enabled managed instance group backend
// and custom request and response headers
// VPC
var @default = new Gcp.Compute.Network("default", new()
{
Name = "l7-xlb-network",
AutoCreateSubnetworks = false,
});
// backend subnet
var defaultSubnetwork = new Gcp.Compute.Subnetwork("default", new()
{
Name = "l7-xlb-subnet",
IpCidrRange = "10.0.1.0/24",
Region = "us-central1",
Network = @default.Id,
});
// reserved IP address
var defaultGlobalAddress = new Gcp.Compute.GlobalAddress("default", new()
{
Name = "l7-xlb-static-ip",
});
// health check
var defaultHealthCheck = new Gcp.Compute.HealthCheck("default", new()
{
Name = "l7-xlb-hc",
HttpHealthCheck = new Gcp.Compute.Inputs.HealthCheckHttpHealthCheckArgs
{
PortSpecification = "USE_SERVING_PORT",
},
});
// instance template
var defaultInstanceTemplate = new Gcp.Compute.InstanceTemplate("default", new()
{
NetworkInterfaces = new[]
{
new Gcp.Compute.Inputs.InstanceTemplateNetworkInterfaceArgs
{
AccessConfigs = new[]
{
null,
},
Network = @default.Id,
Subnetwork = defaultSubnetwork.Id,
},
},
Name = "l7-xlb-mig-template",
MachineType = "e2-small",
Tags = new[]
{
"allow-health-check",
},
Disks = new[]
{
new Gcp.Compute.Inputs.InstanceTemplateDiskArgs
{
SourceImage = "debian-cloud/debian-10",
AutoDelete = true,
Boot = true,
},
},
Metadata =
{
{ "startup-script", @"#! /bin/bash
set -euo pipefail
export DEBIAN_FRONTEND=noninteractive
apt-get update
apt-get install -y nginx-light jq
NAME=$(curl -H ""Metadata-Flavor: Google"" ""http://metadata.google.internal/computeMetadata/v1/instance/hostname"")
IP=$(curl -H ""Metadata-Flavor: Google"" ""http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/0/ip"")
METADATA=$(curl -f -H ""Metadata-Flavor: Google"" ""http://metadata.google.internal/computeMetadata/v1/instance/attributes/?recursive=True"" | jq 'del(.[""startup-script""])')
cat <<EOF > /var/www/html/index.html
<pre>
Name: $NAME
IP: $IP
Metadata: $METADATA
</pre>
EOF
" },
},
});
// MIG
var defaultInstanceGroupManager = new Gcp.Compute.InstanceGroupManager("default", new()
{
Name = "l7-xlb-mig1",
Zone = "us-central1-c",
NamedPorts = new[]
{
new Gcp.Compute.Inputs.InstanceGroupManagerNamedPortArgs
{
Name = "http",
Port = 8080,
},
},
Versions = new[]
{
new Gcp.Compute.Inputs.InstanceGroupManagerVersionArgs
{
InstanceTemplate = defaultInstanceTemplate.Id,
Name = "primary",
},
},
BaseInstanceName = "vm",
TargetSize = 2,
});
// backend service with custom request and response headers
var defaultBackendService = new Gcp.Compute.BackendService("default", new()
{
Name = "l7-xlb-backend-service",
Protocol = "HTTP",
PortName = "my-port",
LoadBalancingScheme = "EXTERNAL",
TimeoutSec = 10,
EnableCdn = true,
CustomRequestHeaders = new[]
{
"X-Client-Geo-Location: {client_region_subdivision}, {client_city}",
},
CustomResponseHeaders = new[]
{
"X-Cache-Hit: {cdn_cache_status}",
},
HealthChecks = defaultHealthCheck.Id,
Backends = new[]
{
new Gcp.Compute.Inputs.BackendServiceBackendArgs
{
Group = defaultInstanceGroupManager.InstanceGroup,
BalancingMode = "UTILIZATION",
CapacityScaler = 1,
},
},
});
// url map
var defaultURLMap = new Gcp.Compute.URLMap("default", new()
{
Name = "l7-xlb-url-map",
DefaultService = defaultBackendService.Id,
});
// http proxy
var defaultTargetHttpProxy = new Gcp.Compute.TargetHttpProxy("default", new()
{
Name = "l7-xlb-target-http-proxy",
UrlMap = defaultURLMap.Id,
});
// forwarding rule
var defaultGlobalForwardingRule = new Gcp.Compute.GlobalForwardingRule("default", new()
{
Name = "l7-xlb-forwarding-rule",
IpProtocol = "TCP",
LoadBalancingScheme = "EXTERNAL",
PortRange = "80",
Target = defaultTargetHttpProxy.Id,
IpAddress = defaultGlobalAddress.Id,
});
// allow access from health check ranges
var defaultFirewall = new Gcp.Compute.Firewall("default", new()
{
Name = "l7-xlb-fw-allow-hc",
Direction = "INGRESS",
Network = @default.Id,
SourceRanges = new[]
{
"130.211.0.0/22",
"35.191.0.0/16",
},
Allows = new[]
{
new Gcp.Compute.Inputs.FirewallAllowArgs
{
Protocol = "tcp",
},
},
TargetTags = new[]
{
"allow-health-check",
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.compute.Network;
import com.pulumi.gcp.compute.NetworkArgs;
import com.pulumi.gcp.compute.Subnetwork;
import com.pulumi.gcp.compute.SubnetworkArgs;
import com.pulumi.gcp.compute.GlobalAddress;
import com.pulumi.gcp.compute.GlobalAddressArgs;
import com.pulumi.gcp.compute.HealthCheck;
import com.pulumi.gcp.compute.HealthCheckArgs;
import com.pulumi.gcp.compute.inputs.HealthCheckHttpHealthCheckArgs;
import com.pulumi.gcp.compute.InstanceTemplate;
import com.pulumi.gcp.compute.InstanceTemplateArgs;
import com.pulumi.gcp.compute.inputs.InstanceTemplateNetworkInterfaceArgs;
import com.pulumi.gcp.compute.inputs.InstanceTemplateDiskArgs;
import com.pulumi.gcp.compute.InstanceGroupManager;
import com.pulumi.gcp.compute.InstanceGroupManagerArgs;
import com.pulumi.gcp.compute.inputs.InstanceGroupManagerNamedPortArgs;
import com.pulumi.gcp.compute.inputs.InstanceGroupManagerVersionArgs;
import com.pulumi.gcp.compute.BackendService;
import com.pulumi.gcp.compute.BackendServiceArgs;
import com.pulumi.gcp.compute.inputs.BackendServiceBackendArgs;
import com.pulumi.gcp.compute.URLMap;
import com.pulumi.gcp.compute.URLMapArgs;
import com.pulumi.gcp.compute.TargetHttpProxy;
import com.pulumi.gcp.compute.TargetHttpProxyArgs;
import com.pulumi.gcp.compute.GlobalForwardingRule;
import com.pulumi.gcp.compute.GlobalForwardingRuleArgs;
import com.pulumi.gcp.compute.Firewall;
import com.pulumi.gcp.compute.FirewallArgs;
import com.pulumi.gcp.compute.inputs.FirewallAllowArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
// External HTTP load balancer with a CDN-enabled managed instance group backend
// and custom request and response headers
// VPC
var default_ = new Network("default", NetworkArgs.builder()
.name("l7-xlb-network")
.autoCreateSubnetworks(false)
.build());
// backend subnet
var defaultSubnetwork = new Subnetwork("defaultSubnetwork", SubnetworkArgs.builder()
.name("l7-xlb-subnet")
.ipCidrRange("10.0.1.0/24")
.region("us-central1")
.network(default_.id())
.build());
// reserved IP address
var defaultGlobalAddress = new GlobalAddress("defaultGlobalAddress", GlobalAddressArgs.builder()
.name("l7-xlb-static-ip")
.build());
// health check
var defaultHealthCheck = new HealthCheck("defaultHealthCheck", HealthCheckArgs.builder()
.name("l7-xlb-hc")
.httpHealthCheck(HealthCheckHttpHealthCheckArgs.builder()
.portSpecification("USE_SERVING_PORT")
.build())
.build());
// instance template
var defaultInstanceTemplate = new InstanceTemplate("defaultInstanceTemplate", InstanceTemplateArgs.builder()
.networkInterfaces(InstanceTemplateNetworkInterfaceArgs.builder()
.accessConfigs()
.network(default_.id())
.subnetwork(defaultSubnetwork.id())
.build())
.name("l7-xlb-mig-template")
.machineType("e2-small")
.tags("allow-health-check")
.disks(InstanceTemplateDiskArgs.builder()
.sourceImage("debian-cloud/debian-10")
.autoDelete(true)
.boot(true)
.build())
.metadata(Map.of("startup-script", """
#! /bin/bash
set -euo pipefail
export DEBIAN_FRONTEND=noninteractive
apt-get update
apt-get install -y nginx-light jq
NAME=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/hostname")
IP=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/0/ip")
METADATA=$(curl -f -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/attributes/?recursive=True" | jq 'del(.["startup-script"])')
cat <<EOF > /var/www/html/index.html
<pre>
Name: $NAME
IP: $IP
Metadata: $METADATA
</pre>
EOF
"""))
.build());
// MIG
var defaultInstanceGroupManager = new InstanceGroupManager("defaultInstanceGroupManager", InstanceGroupManagerArgs.builder()
.name("l7-xlb-mig1")
.zone("us-central1-c")
.namedPorts(InstanceGroupManagerNamedPortArgs.builder()
.name("http")
.port(8080)
.build())
.versions(InstanceGroupManagerVersionArgs.builder()
.instanceTemplate(defaultInstanceTemplate.id())
.name("primary")
.build())
.baseInstanceName("vm")
.targetSize(2)
.build());
// backend service with custom request and response headers
var defaultBackendService = new BackendService("defaultBackendService", BackendServiceArgs.builder()
.name("l7-xlb-backend-service")
.protocol("HTTP")
.portName("my-port")
.loadBalancingScheme("EXTERNAL")
.timeoutSec(10)
.enableCdn(true)
.customRequestHeaders("X-Client-Geo-Location: {client_region_subdivision}, {client_city}")
.customResponseHeaders("X-Cache-Hit: {cdn_cache_status}")
.healthChecks(defaultHealthCheck.id())
.backends(BackendServiceBackendArgs.builder()
.group(defaultInstanceGroupManager.instanceGroup())
.balancingMode("UTILIZATION")
.capacityScaler(1)
.build())
.build());
// url map
var defaultURLMap = new URLMap("defaultURLMap", URLMapArgs.builder()
.name("l7-xlb-url-map")
.defaultService(defaultBackendService.id())
.build());
// http proxy
var defaultTargetHttpProxy = new TargetHttpProxy("defaultTargetHttpProxy", TargetHttpProxyArgs.builder()
.name("l7-xlb-target-http-proxy")
.urlMap(defaultURLMap.id())
.build());
// forwarding rule
var defaultGlobalForwardingRule = new GlobalForwardingRule("defaultGlobalForwardingRule", GlobalForwardingRuleArgs.builder()
.name("l7-xlb-forwarding-rule")
.ipProtocol("TCP")
.loadBalancingScheme("EXTERNAL")
.portRange("80")
.target(defaultTargetHttpProxy.id())
.ipAddress(defaultGlobalAddress.id())
.build());
// allow access from health check ranges
var defaultFirewall = new Firewall("defaultFirewall", FirewallArgs.builder()
.name("l7-xlb-fw-allow-hc")
.direction("INGRESS")
.network(default_.id())
.sourceRanges(
"130.211.0.0/22",
"35.191.0.0/16")
.allows(FirewallAllowArgs.builder()
.protocol("tcp")
.build())
.targetTags("allow-health-check")
.build());
}
}
resources:
# External HTTP load balancer with a CDN-enabled managed instance group backend
# and custom request and response headers
# VPC
default:
type: gcp:compute:Network
properties:
name: l7-xlb-network
autoCreateSubnetworks: false
# backend subnet
defaultSubnetwork:
type: gcp:compute:Subnetwork
name: default
properties:
name: l7-xlb-subnet
ipCidrRange: 10.0.1.0/24
region: us-central1
network: ${default.id}
# reserved IP address
defaultGlobalAddress:
type: gcp:compute:GlobalAddress
name: default
properties:
name: l7-xlb-static-ip
# forwarding rule
defaultGlobalForwardingRule:
type: gcp:compute:GlobalForwardingRule
name: default
properties:
name: l7-xlb-forwarding-rule
ipProtocol: TCP
loadBalancingScheme: EXTERNAL
portRange: '80'
target: ${defaultTargetHttpProxy.id}
ipAddress: ${defaultGlobalAddress.id}
# http proxy
defaultTargetHttpProxy:
type: gcp:compute:TargetHttpProxy
name: default
properties:
name: l7-xlb-target-http-proxy
urlMap: ${defaultURLMap.id}
# url map
defaultURLMap:
type: gcp:compute:URLMap
name: default
properties:
name: l7-xlb-url-map
defaultService: ${defaultBackendService.id}
# backend service with custom request and response headers
defaultBackendService:
type: gcp:compute:BackendService
name: default
properties:
name: l7-xlb-backend-service
protocol: HTTP
portName: my-port
loadBalancingScheme: EXTERNAL
timeoutSec: 10
enableCdn: true
customRequestHeaders:
- 'X-Client-Geo-Location: {client_region_subdivision}, {client_city}'
customResponseHeaders:
- 'X-Cache-Hit: {cdn_cache_status}'
healthChecks: ${defaultHealthCheck.id}
backends:
- group: ${defaultInstanceGroupManager.instanceGroup}
balancingMode: UTILIZATION
capacityScaler: 1
# instance template
defaultInstanceTemplate:
type: gcp:compute:InstanceTemplate
name: default
properties:
networkInterfaces:
- accessConfigs:
- {}
network: ${default.id}
subnetwork: ${defaultSubnetwork.id}
name: l7-xlb-mig-template
machineType: e2-small
tags:
- allow-health-check
disks:
- sourceImage: debian-cloud/debian-10
autoDelete: true
boot: true
metadata:
startup-script: |
#! /bin/bash
set -euo pipefail
export DEBIAN_FRONTEND=noninteractive
apt-get update
apt-get install -y nginx-light jq
NAME=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/hostname")
IP=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/0/ip")
METADATA=$(curl -f -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/attributes/?recursive=True" | jq 'del(.["startup-script"])')
cat <<EOF > /var/www/html/index.html
<pre>
Name: $NAME
IP: $IP
Metadata: $METADATA
</pre>
EOF
# health check
defaultHealthCheck:
type: gcp:compute:HealthCheck
name: default
properties:
name: l7-xlb-hc
httpHealthCheck:
portSpecification: USE_SERVING_PORT
# MIG
defaultInstanceGroupManager:
type: gcp:compute:InstanceGroupManager
name: default
properties:
name: l7-xlb-mig1
zone: us-central1-c
namedPorts:
- name: http
port: 8080
versions:
- instanceTemplate: ${defaultInstanceTemplate.id}
name: primary
baseInstanceName: vm
targetSize: 2
# allow access from health check ranges
defaultFirewall:
type: gcp:compute:Firewall
name: default
properties:
name: l7-xlb-fw-allow-hc
direction: INGRESS
network: ${default.id}
sourceRanges:
- 130.211.0.0/22
- 35.191.0.0/16
allows:
- protocol: tcp
targetTags:
- allow-health-check
Global Forwarding Rule Http
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const defaultHttpHealthCheck = new gcp.compute.HttpHealthCheck("default", {
name: "check-backend",
requestPath: "/",
checkIntervalSec: 1,
timeoutSec: 1,
});
const defaultBackendService = new gcp.compute.BackendService("default", {
name: "backend",
portName: "http",
protocol: "HTTP",
timeoutSec: 10,
healthChecks: defaultHttpHealthCheck.id,
});
const defaultURLMap = new gcp.compute.URLMap("default", {
name: "url-map-target-proxy",
description: "a description",
defaultService: defaultBackendService.id,
hostRules: [{
hosts: ["mysite.com"],
pathMatcher: "allpaths",
}],
pathMatchers: [{
name: "allpaths",
defaultService: defaultBackendService.id,
pathRules: [{
paths: ["/*"],
service: defaultBackendService.id,
}],
}],
});
const defaultTargetHttpProxy = new gcp.compute.TargetHttpProxy("default", {
name: "target-proxy",
description: "a description",
urlMap: defaultURLMap.id,
});
const _default = new gcp.compute.GlobalForwardingRule("default", {
name: "global-rule",
target: defaultTargetHttpProxy.id,
portRange: "80",
});
import pulumi
import pulumi_gcp as gcp
default_http_health_check = gcp.compute.HttpHealthCheck("default",
name="check-backend",
request_path="/",
check_interval_sec=1,
timeout_sec=1)
default_backend_service = gcp.compute.BackendService("default",
name="backend",
port_name="http",
protocol="HTTP",
timeout_sec=10,
health_checks=default_http_health_check.id)
default_url_map = gcp.compute.URLMap("default",
name="url-map-target-proxy",
description="a description",
default_service=default_backend_service.id,
host_rules=[gcp.compute.URLMapHostRuleArgs(
hosts=["mysite.com"],
path_matcher="allpaths",
)],
path_matchers=[gcp.compute.URLMapPathMatcherArgs(
name="allpaths",
default_service=default_backend_service.id,
path_rules=[gcp.compute.URLMapPathMatcherPathRuleArgs(
paths=["/*"],
service=default_backend_service.id,
)],
)])
default_target_http_proxy = gcp.compute.TargetHttpProxy("default",
name="target-proxy",
description="a description",
url_map=default_url_map.id)
default = gcp.compute.GlobalForwardingRule("default",
name="global-rule",
target=default_target_http_proxy.id,
port_range="80")
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
defaultHttpHealthCheck, err := compute.NewHttpHealthCheck(ctx, "default", &compute.HttpHealthCheckArgs{
Name: pulumi.String("check-backend"),
RequestPath: pulumi.String("/"),
CheckIntervalSec: pulumi.Int(1),
TimeoutSec: pulumi.Int(1),
})
if err != nil {
return err
}
defaultBackendService, err := compute.NewBackendService(ctx, "default", &compute.BackendServiceArgs{
Name: pulumi.String("backend"),
PortName: pulumi.String("http"),
Protocol: pulumi.String("HTTP"),
TimeoutSec: pulumi.Int(10),
HealthChecks: defaultHttpHealthCheck.ID(),
})
if err != nil {
return err
}
defaultURLMap, err := compute.NewURLMap(ctx, "default", &compute.URLMapArgs{
Name: pulumi.String("url-map-target-proxy"),
Description: pulumi.String("a description"),
DefaultService: defaultBackendService.ID(),
HostRules: compute.URLMapHostRuleArray{
&compute.URLMapHostRuleArgs{
Hosts: pulumi.StringArray{
pulumi.String("mysite.com"),
},
PathMatcher: pulumi.String("allpaths"),
},
},
PathMatchers: compute.URLMapPathMatcherArray{
&compute.URLMapPathMatcherArgs{
Name: pulumi.String("allpaths"),
DefaultService: defaultBackendService.ID(),
PathRules: compute.URLMapPathMatcherPathRuleArray{
&compute.URLMapPathMatcherPathRuleArgs{
Paths: pulumi.StringArray{
pulumi.String("/*"),
},
Service: defaultBackendService.ID(),
},
},
},
},
})
if err != nil {
return err
}
defaultTargetHttpProxy, err := compute.NewTargetHttpProxy(ctx, "default", &compute.TargetHttpProxyArgs{
Name: pulumi.String("target-proxy"),
Description: pulumi.String("a description"),
UrlMap: defaultURLMap.ID(),
})
if err != nil {
return err
}
_, err = compute.NewGlobalForwardingRule(ctx, "default", &compute.GlobalForwardingRuleArgs{
Name: pulumi.String("global-rule"),
Target: defaultTargetHttpProxy.ID(),
PortRange: pulumi.String("80"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var defaultHttpHealthCheck = new Gcp.Compute.HttpHealthCheck("default", new()
{
Name = "check-backend",
RequestPath = "/",
CheckIntervalSec = 1,
TimeoutSec = 1,
});
var defaultBackendService = new Gcp.Compute.BackendService("default", new()
{
Name = "backend",
PortName = "http",
Protocol = "HTTP",
TimeoutSec = 10,
HealthChecks = defaultHttpHealthCheck.Id,
});
var defaultURLMap = new Gcp.Compute.URLMap("default", new()
{
Name = "url-map-target-proxy",
Description = "a description",
DefaultService = defaultBackendService.Id,
HostRules = new[]
{
new Gcp.Compute.Inputs.URLMapHostRuleArgs
{
Hosts = new[]
{
"mysite.com",
},
PathMatcher = "allpaths",
},
},
PathMatchers = new[]
{
new Gcp.Compute.Inputs.URLMapPathMatcherArgs
{
Name = "allpaths",
DefaultService = defaultBackendService.Id,
PathRules = new[]
{
new Gcp.Compute.Inputs.URLMapPathMatcherPathRuleArgs
{
Paths = new[]
{
"/*",
},
Service = defaultBackendService.Id,
},
},
},
},
});
var defaultTargetHttpProxy = new Gcp.Compute.TargetHttpProxy("default", new()
{
Name = "target-proxy",
Description = "a description",
UrlMap = defaultURLMap.Id,
});
var @default = new Gcp.Compute.GlobalForwardingRule("default", new()
{
Name = "global-rule",
Target = defaultTargetHttpProxy.Id,
PortRange = "80",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.compute.HttpHealthCheck;
import com.pulumi.gcp.compute.HttpHealthCheckArgs;
import com.pulumi.gcp.compute.BackendService;
import com.pulumi.gcp.compute.BackendServiceArgs;
import com.pulumi.gcp.compute.URLMap;
import com.pulumi.gcp.compute.URLMapArgs;
import com.pulumi.gcp.compute.inputs.URLMapHostRuleArgs;
import com.pulumi.gcp.compute.inputs.URLMapPathMatcherArgs;
import com.pulumi.gcp.compute.TargetHttpProxy;
import com.pulumi.gcp.compute.TargetHttpProxyArgs;
import com.pulumi.gcp.compute.GlobalForwardingRule;
import com.pulumi.gcp.compute.GlobalForwardingRuleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var defaultHttpHealthCheck = new HttpHealthCheck("defaultHttpHealthCheck", HttpHealthCheckArgs.builder()
.name("check-backend")
.requestPath("/")
.checkIntervalSec(1)
.timeoutSec(1)
.build());
var defaultBackendService = new BackendService("defaultBackendService", BackendServiceArgs.builder()
.name("backend")
.portName("http")
.protocol("HTTP")
.timeoutSec(10)
.healthChecks(defaultHttpHealthCheck.id())
.build());
var defaultURLMap = new URLMap("defaultURLMap", URLMapArgs.builder()
.name("url-map-target-proxy")
.description("a description")
.defaultService(defaultBackendService.id())
.hostRules(URLMapHostRuleArgs.builder()
.hosts("mysite.com")
.pathMatcher("allpaths")
.build())
.pathMatchers(URLMapPathMatcherArgs.builder()
.name("allpaths")
.defaultService(defaultBackendService.id())
.pathRules(URLMapPathMatcherPathRuleArgs.builder()
.paths("/*")
.service(defaultBackendService.id())
.build())
.build())
.build());
var defaultTargetHttpProxy = new TargetHttpProxy("defaultTargetHttpProxy", TargetHttpProxyArgs.builder()
.name("target-proxy")
.description("a description")
.urlMap(defaultURLMap.id())
.build());
var default_ = new GlobalForwardingRule("default", GlobalForwardingRuleArgs.builder()
.name("global-rule")
.target(defaultTargetHttpProxy.id())
.portRange("80")
.build());
}
}
resources:
default:
type: gcp:compute:GlobalForwardingRule
properties:
name: global-rule
target: ${defaultTargetHttpProxy.id}
portRange: '80'
defaultTargetHttpProxy:
type: gcp:compute:TargetHttpProxy
name: default
properties:
name: target-proxy
description: a description
urlMap: ${defaultURLMap.id}
defaultURLMap:
type: gcp:compute:URLMap
name: default
properties:
name: url-map-target-proxy
description: a description
defaultService: ${defaultBackendService.id}
hostRules:
- hosts:
- mysite.com
pathMatcher: allpaths
pathMatchers:
- name: allpaths
defaultService: ${defaultBackendService.id}
pathRules:
- paths:
- /*
service: ${defaultBackendService.id}
defaultBackendService:
type: gcp:compute:BackendService
name: default
properties:
name: backend
portName: http
protocol: HTTP
timeoutSec: 10
healthChecks: ${defaultHttpHealthCheck.id}
defaultHttpHealthCheck:
type: gcp:compute:HttpHealthCheck
name: default
properties:
name: check-backend
requestPath: /
checkIntervalSec: 1
timeoutSec: 1
Global Forwarding Rule Internal
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const debianImage = gcp.compute.getImage({
family: "debian-11",
project: "debian-cloud",
});
const instanceTemplate = new gcp.compute.InstanceTemplate("instance_template", {
name: "template-backend",
machineType: "e2-medium",
networkInterfaces: [{
network: "default",
}],
disks: [{
sourceImage: debianImage.then(debianImage => debianImage.selfLink),
autoDelete: true,
boot: true,
}],
});
const igm = new gcp.compute.InstanceGroupManager("igm", {
name: "igm-internal",
versions: [{
instanceTemplate: instanceTemplate.id,
name: "primary",
}],
baseInstanceName: "internal-glb",
zone: "us-central1-f",
targetSize: 1,
});
const defaultHealthCheck = new gcp.compute.HealthCheck("default", {
name: "check-backend",
checkIntervalSec: 1,
timeoutSec: 1,
tcpHealthCheck: {
port: 80,
},
});
const defaultBackendService = new gcp.compute.BackendService("default", {
name: "backend",
portName: "http",
protocol: "HTTP",
timeoutSec: 10,
loadBalancingScheme: "INTERNAL_SELF_MANAGED",
backends: [{
group: igm.instanceGroup,
balancingMode: "RATE",
capacityScaler: 0.4,
maxRatePerInstance: 50,
}],
healthChecks: defaultHealthCheck.id,
});
const defaultURLMap = new gcp.compute.URLMap("default", {
name: "url-map-target-proxy",
description: "a description",
defaultService: defaultBackendService.id,
hostRules: [{
hosts: ["mysite.com"],
pathMatcher: "allpaths",
}],
pathMatchers: [{
name: "allpaths",
defaultService: defaultBackendService.id,
pathRules: [{
paths: ["/*"],
service: defaultBackendService.id,
}],
}],
});
const defaultTargetHttpProxy = new gcp.compute.TargetHttpProxy("default", {
name: "target-proxy",
description: "a description",
urlMap: defaultURLMap.id,
});
const _default = new gcp.compute.GlobalForwardingRule("default", {
name: "global-rule",
target: defaultTargetHttpProxy.id,
portRange: "80",
loadBalancingScheme: "INTERNAL_SELF_MANAGED",
ipAddress: "0.0.0.0",
metadataFilters: [{
filterMatchCriteria: "MATCH_ANY",
filterLabels: [{
name: "PLANET",
value: "MARS",
}],
}],
});
import pulumi
import pulumi_gcp as gcp
debian_image = gcp.compute.get_image(family="debian-11",
project="debian-cloud")
instance_template = gcp.compute.InstanceTemplate("instance_template",
name="template-backend",
machine_type="e2-medium",
network_interfaces=[gcp.compute.InstanceTemplateNetworkInterfaceArgs(
network="default",
)],
disks=[gcp.compute.InstanceTemplateDiskArgs(
source_image=debian_image.self_link,
auto_delete=True,
boot=True,
)])
igm = gcp.compute.InstanceGroupManager("igm",
name="igm-internal",
versions=[gcp.compute.InstanceGroupManagerVersionArgs(
instance_template=instance_template.id,
name="primary",
)],
base_instance_name="internal-glb",
zone="us-central1-f",
target_size=1)
default_health_check = gcp.compute.HealthCheck("default",
name="check-backend",
check_interval_sec=1,
timeout_sec=1,
tcp_health_check=gcp.compute.HealthCheckTcpHealthCheckArgs(
port=80,
))
default_backend_service = gcp.compute.BackendService("default",
name="backend",
port_name="http",
protocol="HTTP",
timeout_sec=10,
load_balancing_scheme="INTERNAL_SELF_MANAGED",
backends=[gcp.compute.BackendServiceBackendArgs(
group=igm.instance_group,
balancing_mode="RATE",
capacity_scaler=0.4,
max_rate_per_instance=50,
)],
health_checks=default_health_check.id)
default_url_map = gcp.compute.URLMap("default",
name="url-map-target-proxy",
description="a description",
default_service=default_backend_service.id,
host_rules=[gcp.compute.URLMapHostRuleArgs(
hosts=["mysite.com"],
path_matcher="allpaths",
)],
path_matchers=[gcp.compute.URLMapPathMatcherArgs(
name="allpaths",
default_service=default_backend_service.id,
path_rules=[gcp.compute.URLMapPathMatcherPathRuleArgs(
paths=["/*"],
service=default_backend_service.id,
)],
)])
default_target_http_proxy = gcp.compute.TargetHttpProxy("default",
name="target-proxy",
description="a description",
url_map=default_url_map.id)
default = gcp.compute.GlobalForwardingRule("default",
name="global-rule",
target=default_target_http_proxy.id,
port_range="80",
load_balancing_scheme="INTERNAL_SELF_MANAGED",
ip_address="0.0.0.0",
metadata_filters=[gcp.compute.GlobalForwardingRuleMetadataFilterArgs(
filter_match_criteria="MATCH_ANY",
filter_labels=[gcp.compute.GlobalForwardingRuleMetadataFilterFilterLabelArgs(
name="PLANET",
value="MARS",
)],
)])
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
debianImage, err := compute.LookupImage(ctx, &compute.LookupImageArgs{
Family: pulumi.StringRef("debian-11"),
Project: pulumi.StringRef("debian-cloud"),
}, nil)
if err != nil {
return err
}
instanceTemplate, err := compute.NewInstanceTemplate(ctx, "instance_template", &compute.InstanceTemplateArgs{
Name: pulumi.String("template-backend"),
MachineType: pulumi.String("e2-medium"),
NetworkInterfaces: compute.InstanceTemplateNetworkInterfaceArray{
&compute.InstanceTemplateNetworkInterfaceArgs{
Network: pulumi.String("default"),
},
},
Disks: compute.InstanceTemplateDiskArray{
&compute.InstanceTemplateDiskArgs{
SourceImage: pulumi.String(debianImage.SelfLink),
AutoDelete: pulumi.Bool(true),
Boot: pulumi.Bool(true),
},
},
})
if err != nil {
return err
}
igm, err := compute.NewInstanceGroupManager(ctx, "igm", &compute.InstanceGroupManagerArgs{
Name: pulumi.String("igm-internal"),
Versions: compute.InstanceGroupManagerVersionArray{
&compute.InstanceGroupManagerVersionArgs{
InstanceTemplate: instanceTemplate.ID(),
Name: pulumi.String("primary"),
},
},
BaseInstanceName: pulumi.String("internal-glb"),
Zone: pulumi.String("us-central1-f"),
TargetSize: pulumi.Int(1),
})
if err != nil {
return err
}
defaultHealthCheck, err := compute.NewHealthCheck(ctx, "default", &compute.HealthCheckArgs{
Name: pulumi.String("check-backend"),
CheckIntervalSec: pulumi.Int(1),
TimeoutSec: pulumi.Int(1),
TcpHealthCheck: &compute.HealthCheckTcpHealthCheckArgs{
Port: pulumi.Int(80),
},
})
if err != nil {
return err
}
defaultBackendService, err := compute.NewBackendService(ctx, "default", &compute.BackendServiceArgs{
Name: pulumi.String("backend"),
PortName: pulumi.String("http"),
Protocol: pulumi.String("HTTP"),
TimeoutSec: pulumi.Int(10),
LoadBalancingScheme: pulumi.String("INTERNAL_SELF_MANAGED"),
Backends: compute.BackendServiceBackendArray{
&compute.BackendServiceBackendArgs{
Group: igm.InstanceGroup,
BalancingMode: pulumi.String("RATE"),
CapacityScaler: pulumi.Float64(0.4),
MaxRatePerInstance: pulumi.Float64(50),
},
},
HealthChecks: defaultHealthCheck.ID(),
})
if err != nil {
return err
}
defaultURLMap, err := compute.NewURLMap(ctx, "default", &compute.URLMapArgs{
Name: pulumi.String("url-map-target-proxy"),
Description: pulumi.String("a description"),
DefaultService: defaultBackendService.ID(),
HostRules: compute.URLMapHostRuleArray{
&compute.URLMapHostRuleArgs{
Hosts: pulumi.StringArray{
pulumi.String("mysite.com"),
},
PathMatcher: pulumi.String("allpaths"),
},
},
PathMatchers: compute.URLMapPathMatcherArray{
&compute.URLMapPathMatcherArgs{
Name: pulumi.String("allpaths"),
DefaultService: defaultBackendService.ID(),
PathRules: compute.URLMapPathMatcherPathRuleArray{
&compute.URLMapPathMatcherPathRuleArgs{
Paths: pulumi.StringArray{
pulumi.String("/*"),
},
Service: defaultBackendService.ID(),
},
},
},
},
})
if err != nil {
return err
}
defaultTargetHttpProxy, err := compute.NewTargetHttpProxy(ctx, "default", &compute.TargetHttpProxyArgs{
Name: pulumi.String("target-proxy"),
Description: pulumi.String("a description"),
UrlMap: defaultURLMap.ID(),
})
if err != nil {
return err
}
_, err = compute.NewGlobalForwardingRule(ctx, "default", &compute.GlobalForwardingRuleArgs{
Name: pulumi.String("global-rule"),
Target: defaultTargetHttpProxy.ID(),
PortRange: pulumi.String("80"),
LoadBalancingScheme: pulumi.String("INTERNAL_SELF_MANAGED"),
IpAddress: pulumi.String("0.0.0.0"),
MetadataFilters: compute.GlobalForwardingRuleMetadataFilterArray{
&compute.GlobalForwardingRuleMetadataFilterArgs{
FilterMatchCriteria: pulumi.String("MATCH_ANY"),
FilterLabels: compute.GlobalForwardingRuleMetadataFilterFilterLabelArray{
&compute.GlobalForwardingRuleMetadataFilterFilterLabelArgs{
Name: pulumi.String("PLANET"),
Value: pulumi.String("MARS"),
},
},
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var debianImage = Gcp.Compute.GetImage.Invoke(new()
{
Family = "debian-11",
Project = "debian-cloud",
});
var instanceTemplate = new Gcp.Compute.InstanceTemplate("instance_template", new()
{
Name = "template-backend",
MachineType = "e2-medium",
NetworkInterfaces = new[]
{
new Gcp.Compute.Inputs.InstanceTemplateNetworkInterfaceArgs
{
Network = "default",
},
},
Disks = new[]
{
new Gcp.Compute.Inputs.InstanceTemplateDiskArgs
{
SourceImage = debianImage.Apply(getImageResult => getImageResult.SelfLink),
AutoDelete = true,
Boot = true,
},
},
});
var igm = new Gcp.Compute.InstanceGroupManager("igm", new()
{
Name = "igm-internal",
Versions = new[]
{
new Gcp.Compute.Inputs.InstanceGroupManagerVersionArgs
{
InstanceTemplate = instanceTemplate.Id,
Name = "primary",
},
},
BaseInstanceName = "internal-glb",
Zone = "us-central1-f",
TargetSize = 1,
});
var defaultHealthCheck = new Gcp.Compute.HealthCheck("default", new()
{
Name = "check-backend",
CheckIntervalSec = 1,
TimeoutSec = 1,
TcpHealthCheck = new Gcp.Compute.Inputs.HealthCheckTcpHealthCheckArgs
{
Port = 80,
},
});
var defaultBackendService = new Gcp.Compute.BackendService("default", new()
{
Name = "backend",
PortName = "http",
Protocol = "HTTP",
TimeoutSec = 10,
LoadBalancingScheme = "INTERNAL_SELF_MANAGED",
Backends = new[]
{
new Gcp.Compute.Inputs.BackendServiceBackendArgs
{
Group = igm.InstanceGroup,
BalancingMode = "RATE",
CapacityScaler = 0.4,
MaxRatePerInstance = 50,
},
},
HealthChecks = defaultHealthCheck.Id,
});
var defaultURLMap = new Gcp.Compute.URLMap("default", new()
{
Name = "url-map-target-proxy",
Description = "a description",
DefaultService = defaultBackendService.Id,
HostRules = new[]
{
new Gcp.Compute.Inputs.URLMapHostRuleArgs
{
Hosts = new[]
{
"mysite.com",
},
PathMatcher = "allpaths",
},
},
PathMatchers = new[]
{
new Gcp.Compute.Inputs.URLMapPathMatcherArgs
{
Name = "allpaths",
DefaultService = defaultBackendService.Id,
PathRules = new[]
{
new Gcp.Compute.Inputs.URLMapPathMatcherPathRuleArgs
{
Paths = new[]
{
"/*",
},
Service = defaultBackendService.Id,
},
},
},
},
});
var defaultTargetHttpProxy = new Gcp.Compute.TargetHttpProxy("default", new()
{
Name = "target-proxy",
Description = "a description",
UrlMap = defaultURLMap.Id,
});
var @default = new Gcp.Compute.GlobalForwardingRule("default", new()
{
Name = "global-rule",
Target = defaultTargetHttpProxy.Id,
PortRange = "80",
LoadBalancingScheme = "INTERNAL_SELF_MANAGED",
IpAddress = "0.0.0.0",
MetadataFilters = new[]
{
new Gcp.Compute.Inputs.GlobalForwardingRuleMetadataFilterArgs
{
FilterMatchCriteria = "MATCH_ANY",
FilterLabels = new[]
{
new Gcp.Compute.Inputs.GlobalForwardingRuleMetadataFilterFilterLabelArgs
{
Name = "PLANET",
Value = "MARS",
},
},
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.compute.ComputeFunctions;
import com.pulumi.gcp.compute.inputs.GetImageArgs;
import com.pulumi.gcp.compute.InstanceTemplate;
import com.pulumi.gcp.compute.InstanceTemplateArgs;
import com.pulumi.gcp.compute.inputs.InstanceTemplateNetworkInterfaceArgs;
import com.pulumi.gcp.compute.inputs.InstanceTemplateDiskArgs;
import com.pulumi.gcp.compute.InstanceGroupManager;
import com.pulumi.gcp.compute.InstanceGroupManagerArgs;
import com.pulumi.gcp.compute.inputs.InstanceGroupManagerVersionArgs;
import com.pulumi.gcp.compute.HealthCheck;
import com.pulumi.gcp.compute.HealthCheckArgs;
import com.pulumi.gcp.compute.inputs.HealthCheckTcpHealthCheckArgs;
import com.pulumi.gcp.compute.BackendService;
import com.pulumi.gcp.compute.BackendServiceArgs;
import com.pulumi.gcp.compute.inputs.BackendServiceBackendArgs;
import com.pulumi.gcp.compute.URLMap;
import com.pulumi.gcp.compute.URLMapArgs;
import com.pulumi.gcp.compute.inputs.URLMapHostRuleArgs;
import com.pulumi.gcp.compute.inputs.URLMapPathMatcherArgs;
import com.pulumi.gcp.compute.TargetHttpProxy;
import com.pulumi.gcp.compute.TargetHttpProxyArgs;
import com.pulumi.gcp.compute.GlobalForwardingRule;
import com.pulumi.gcp.compute.GlobalForwardingRuleArgs;
import com.pulumi.gcp.compute.inputs.GlobalForwardingRuleMetadataFilterArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var debianImage = ComputeFunctions.getImage(GetImageArgs.builder()
.family("debian-11")
.project("debian-cloud")
.build());
var instanceTemplate = new InstanceTemplate("instanceTemplate", InstanceTemplateArgs.builder()
.name("template-backend")
.machineType("e2-medium")
.networkInterfaces(InstanceTemplateNetworkInterfaceArgs.builder()
.network("default")
.build())
.disks(InstanceTemplateDiskArgs.builder()
.sourceImage(debianImage.applyValue(getImageResult -> getImageResult.selfLink()))
.autoDelete(true)
.boot(true)
.build())
.build());
var igm = new InstanceGroupManager("igm", InstanceGroupManagerArgs.builder()
.name("igm-internal")
.versions(InstanceGroupManagerVersionArgs.builder()
.instanceTemplate(instanceTemplate.id())
.name("primary")
.build())
.baseInstanceName("internal-glb")
.zone("us-central1-f")
.targetSize(1)
.build());
var defaultHealthCheck = new HealthCheck("defaultHealthCheck", HealthCheckArgs.builder()
.name("check-backend")
.checkIntervalSec(1)
.timeoutSec(1)
.tcpHealthCheck(HealthCheckTcpHealthCheckArgs.builder()
.port("80")
.build())
.build());
var defaultBackendService = new BackendService("defaultBackendService", BackendServiceArgs.builder()
.name("backend")
.portName("http")
.protocol("HTTP")
.timeoutSec(10)
.loadBalancingScheme("INTERNAL_SELF_MANAGED")
.backends(BackendServiceBackendArgs.builder()
.group(igm.instanceGroup())
.balancingMode("RATE")
.capacityScaler(0.4)
.maxRatePerInstance(50)
.build())
.healthChecks(defaultHealthCheck.id())
.build());
var defaultURLMap = new URLMap("defaultURLMap", URLMapArgs.builder()
.name("url-map-target-proxy")
.description("a description")
.defaultService(defaultBackendService.id())
.hostRules(URLMapHostRuleArgs.builder()
.hosts("mysite.com")
.pathMatcher("allpaths")
.build())
.pathMatchers(URLMapPathMatcherArgs.builder()
.name("allpaths")
.defaultService(defaultBackendService.id())
.pathRules(URLMapPathMatcherPathRuleArgs.builder()
.paths("/*")
.service(defaultBackendService.id())
.build())
.build())
.build());
var defaultTargetHttpProxy = new TargetHttpProxy("defaultTargetHttpProxy", TargetHttpProxyArgs.builder()
.name("target-proxy")
.description("a description")
.urlMap(defaultURLMap.id())
.build());
var default_ = new GlobalForwardingRule("default", GlobalForwardingRuleArgs.builder()
.name("global-rule")
.target(defaultTargetHttpProxy.id())
.portRange("80")
.loadBalancingScheme("INTERNAL_SELF_MANAGED")
.ipAddress("0.0.0.0")
.metadataFilters(GlobalForwardingRuleMetadataFilterArgs.builder()
.filterMatchCriteria("MATCH_ANY")
.filterLabels(GlobalForwardingRuleMetadataFilterFilterLabelArgs.builder()
.name("PLANET")
.value("MARS")
.build())
.build())
.build());
}
}
resources:
default:
type: gcp:compute:GlobalForwardingRule
properties:
name: global-rule
target: ${defaultTargetHttpProxy.id}
portRange: '80'
loadBalancingScheme: INTERNAL_SELF_MANAGED
ipAddress: 0.0.0.0
metadataFilters:
- filterMatchCriteria: MATCH_ANY
filterLabels:
- name: PLANET
value: MARS
defaultTargetHttpProxy:
type: gcp:compute:TargetHttpProxy
name: default
properties:
name: target-proxy
description: a description
urlMap: ${defaultURLMap.id}
defaultURLMap:
type: gcp:compute:URLMap
name: default
properties:
name: url-map-target-proxy
description: a description
defaultService: ${defaultBackendService.id}
hostRules:
- hosts:
- mysite.com
pathMatcher: allpaths
pathMatchers:
- name: allpaths
defaultService: ${defaultBackendService.id}
pathRules:
- paths:
- /*
service: ${defaultBackendService.id}
defaultBackendService:
type: gcp:compute:BackendService
name: default
properties:
name: backend
portName: http
protocol: HTTP
timeoutSec: 10
loadBalancingScheme: INTERNAL_SELF_MANAGED
backends:
- group: ${igm.instanceGroup}
balancingMode: RATE
capacityScaler: 0.4
maxRatePerInstance: 50
healthChecks: ${defaultHealthCheck.id}
igm:
type: gcp:compute:InstanceGroupManager
properties:
name: igm-internal
versions:
- instanceTemplate: ${instanceTemplate.id}
name: primary
baseInstanceName: internal-glb
zone: us-central1-f
targetSize: 1
instanceTemplate:
type: gcp:compute:InstanceTemplate
name: instance_template
properties:
name: template-backend
machineType: e2-medium
networkInterfaces:
- network: default
disks:
- sourceImage: ${debianImage.selfLink}
autoDelete: true
boot: true
defaultHealthCheck:
type: gcp:compute:HealthCheck
name: default
properties:
name: check-backend
checkIntervalSec: 1
timeoutSec: 1
tcpHealthCheck:
port: '80'
variables:
debianImage:
fn::invoke:
Function: gcp:compute:getImage
Arguments:
family: debian-11
project: debian-cloud
Global Forwarding Rule External Managed
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const defaultBackendService = new gcp.compute.BackendService("default", {
name: "backend",
portName: "http",
protocol: "HTTP",
timeoutSec: 10,
loadBalancingScheme: "EXTERNAL_MANAGED",
});
const defaultURLMap = new gcp.compute.URLMap("default", {
name: "url-map-target-proxy",
description: "a description",
defaultService: defaultBackendService.id,
hostRules: [{
hosts: ["mysite.com"],
pathMatcher: "allpaths",
}],
pathMatchers: [{
name: "allpaths",
defaultService: defaultBackendService.id,
pathRules: [{
paths: ["/*"],
service: defaultBackendService.id,
}],
}],
});
const defaultTargetHttpProxy = new gcp.compute.TargetHttpProxy("default", {
name: "target-proxy",
description: "a description",
urlMap: defaultURLMap.id,
});
const _default = new gcp.compute.GlobalForwardingRule("default", {
name: "global-rule",
target: defaultTargetHttpProxy.id,
portRange: "80",
loadBalancingScheme: "EXTERNAL_MANAGED",
});
import pulumi
import pulumi_gcp as gcp
default_backend_service = gcp.compute.BackendService("default",
name="backend",
port_name="http",
protocol="HTTP",
timeout_sec=10,
load_balancing_scheme="EXTERNAL_MANAGED")
default_url_map = gcp.compute.URLMap("default",
name="url-map-target-proxy",
description="a description",
default_service=default_backend_service.id,
host_rules=[gcp.compute.URLMapHostRuleArgs(
hosts=["mysite.com"],
path_matcher="allpaths",
)],
path_matchers=[gcp.compute.URLMapPathMatcherArgs(
name="allpaths",
default_service=default_backend_service.id,
path_rules=[gcp.compute.URLMapPathMatcherPathRuleArgs(
paths=["/*"],
service=default_backend_service.id,
)],
)])
default_target_http_proxy = gcp.compute.TargetHttpProxy("default",
name="target-proxy",
description="a description",
url_map=default_url_map.id)
default = gcp.compute.GlobalForwardingRule("default",
name="global-rule",
target=default_target_http_proxy.id,
port_range="80",
load_balancing_scheme="EXTERNAL_MANAGED")
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
defaultBackendService, err := compute.NewBackendService(ctx, "default", &compute.BackendServiceArgs{
Name: pulumi.String("backend"),
PortName: pulumi.String("http"),
Protocol: pulumi.String("HTTP"),
TimeoutSec: pulumi.Int(10),
LoadBalancingScheme: pulumi.String("EXTERNAL_MANAGED"),
})
if err != nil {
return err
}
defaultURLMap, err := compute.NewURLMap(ctx, "default", &compute.URLMapArgs{
Name: pulumi.String("url-map-target-proxy"),
Description: pulumi.String("a description"),
DefaultService: defaultBackendService.ID(),
HostRules: compute.URLMapHostRuleArray{
&compute.URLMapHostRuleArgs{
Hosts: pulumi.StringArray{
pulumi.String("mysite.com"),
},
PathMatcher: pulumi.String("allpaths"),
},
},
PathMatchers: compute.URLMapPathMatcherArray{
&compute.URLMapPathMatcherArgs{
Name: pulumi.String("allpaths"),
DefaultService: defaultBackendService.ID(),
PathRules: compute.URLMapPathMatcherPathRuleArray{
&compute.URLMapPathMatcherPathRuleArgs{
Paths: pulumi.StringArray{
pulumi.String("/*"),
},
Service: defaultBackendService.ID(),
},
},
},
},
})
if err != nil {
return err
}
defaultTargetHttpProxy, err := compute.NewTargetHttpProxy(ctx, "default", &compute.TargetHttpProxyArgs{
Name: pulumi.String("target-proxy"),
Description: pulumi.String("a description"),
UrlMap: defaultURLMap.ID(),
})
if err != nil {
return err
}
_, err = compute.NewGlobalForwardingRule(ctx, "default", &compute.GlobalForwardingRuleArgs{
Name: pulumi.String("global-rule"),
Target: defaultTargetHttpProxy.ID(),
PortRange: pulumi.String("80"),
LoadBalancingScheme: pulumi.String("EXTERNAL_MANAGED"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var defaultBackendService = new Gcp.Compute.BackendService("default", new()
{
Name = "backend",
PortName = "http",
Protocol = "HTTP",
TimeoutSec = 10,
LoadBalancingScheme = "EXTERNAL_MANAGED",
});
var defaultURLMap = new Gcp.Compute.URLMap("default", new()
{
Name = "url-map-target-proxy",
Description = "a description",
DefaultService = defaultBackendService.Id,
HostRules = new[]
{
new Gcp.Compute.Inputs.URLMapHostRuleArgs
{
Hosts = new[]
{
"mysite.com",
},
PathMatcher = "allpaths",
},
},
PathMatchers = new[]
{
new Gcp.Compute.Inputs.URLMapPathMatcherArgs
{
Name = "allpaths",
DefaultService = defaultBackendService.Id,
PathRules = new[]
{
new Gcp.Compute.Inputs.URLMapPathMatcherPathRuleArgs
{
Paths = new[]
{
"/*",
},
Service = defaultBackendService.Id,
},
},
},
},
});
var defaultTargetHttpProxy = new Gcp.Compute.TargetHttpProxy("default", new()
{
Name = "target-proxy",
Description = "a description",
UrlMap = defaultURLMap.Id,
});
var @default = new Gcp.Compute.GlobalForwardingRule("default", new()
{
Name = "global-rule",
Target = defaultTargetHttpProxy.Id,
PortRange = "80",
LoadBalancingScheme = "EXTERNAL_MANAGED",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.compute.BackendService;
import com.pulumi.gcp.compute.BackendServiceArgs;
import com.pulumi.gcp.compute.URLMap;
import com.pulumi.gcp.compute.URLMapArgs;
import com.pulumi.gcp.compute.inputs.URLMapHostRuleArgs;
import com.pulumi.gcp.compute.inputs.URLMapPathMatcherArgs;
import com.pulumi.gcp.compute.TargetHttpProxy;
import com.pulumi.gcp.compute.TargetHttpProxyArgs;
import com.pulumi.gcp.compute.GlobalForwardingRule;
import com.pulumi.gcp.compute.GlobalForwardingRuleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var defaultBackendService = new BackendService("defaultBackendService", BackendServiceArgs.builder()
.name("backend")
.portName("http")
.protocol("HTTP")
.timeoutSec(10)
.loadBalancingScheme("EXTERNAL_MANAGED")
.build());
var defaultURLMap = new URLMap("defaultURLMap", URLMapArgs.builder()
.name("url-map-target-proxy")
.description("a description")
.defaultService(defaultBackendService.id())
.hostRules(URLMapHostRuleArgs.builder()
.hosts("mysite.com")
.pathMatcher("allpaths")
.build())
.pathMatchers(URLMapPathMatcherArgs.builder()
.name("allpaths")
.defaultService(defaultBackendService.id())
.pathRules(URLMapPathMatcherPathRuleArgs.builder()
.paths("/*")
.service(defaultBackendService.id())
.build())
.build())
.build());
var defaultTargetHttpProxy = new TargetHttpProxy("defaultTargetHttpProxy", TargetHttpProxyArgs.builder()
.name("target-proxy")
.description("a description")
.urlMap(defaultURLMap.id())
.build());
var default_ = new GlobalForwardingRule("default", GlobalForwardingRuleArgs.builder()
.name("global-rule")
.target(defaultTargetHttpProxy.id())
.portRange("80")
.loadBalancingScheme("EXTERNAL_MANAGED")
.build());
}
}
resources:
default:
type: gcp:compute:GlobalForwardingRule
properties:
name: global-rule
target: ${defaultTargetHttpProxy.id}
portRange: '80'
loadBalancingScheme: EXTERNAL_MANAGED
defaultTargetHttpProxy:
type: gcp:compute:TargetHttpProxy
name: default
properties:
name: target-proxy
description: a description
urlMap: ${defaultURLMap.id}
defaultURLMap:
type: gcp:compute:URLMap
name: default
properties:
name: url-map-target-proxy
description: a description
defaultService: ${defaultBackendService.id}
hostRules:
- hosts:
- mysite.com
pathMatcher: allpaths
pathMatchers:
- name: allpaths
defaultService: ${defaultBackendService.id}
pathRules:
- paths:
- /*
service: ${defaultBackendService.id}
defaultBackendService:
type: gcp:compute:BackendService
name: default
properties:
name: backend
portName: http
protocol: HTTP
timeoutSec: 10
loadBalancingScheme: EXTERNAL_MANAGED
Global Forwarding Rule Hybrid
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const config = new pulumi.Config();
const subnetworkCidr = config.get("subnetworkCidr") || "10.0.0.0/24";
const _default = new gcp.compute.Network("default", {name: "my-network"});
const internal = new gcp.compute.Network("internal", {
name: "my-internal-network",
autoCreateSubnetworks: false,
});
const internalSubnetwork = new gcp.compute.Subnetwork("internal", {
name: "my-subnetwork",
network: internal.id,
ipCidrRange: subnetworkCidr,
region: "us-central1",
privateIpGoogleAccess: true,
});
// Zonal NEG with GCE_VM_IP_PORT
const defaultNetworkEndpointGroup = new gcp.compute.NetworkEndpointGroup("default", {
name: "default-neg",
network: _default.id,
defaultPort: 90,
zone: "us-central1-a",
networkEndpointType: "GCE_VM_IP_PORT",
});
// Zonal NEG with GCE_VM_IP
const internalNetworkEndpointGroup = new gcp.compute.NetworkEndpointGroup("internal", {
name: "internal-neg",
network: internal.id,
subnetwork: internalSubnetwork.id,
zone: "us-central1-a",
networkEndpointType: "GCE_VM_IP",
});
// Hybrid connectivity NEG
const hybrid = new gcp.compute.NetworkEndpointGroup("hybrid", {
name: "hybrid-neg",
network: _default.id,
defaultPort: 90,
zone: "us-central1-a",
networkEndpointType: "NON_GCP_PRIVATE_IP_PORT",
});
const hybrid_endpoint = new gcp.compute.NetworkEndpoint("hybrid-endpoint", {
networkEndpointGroup: hybrid.name,
port: hybrid.defaultPort,
ipAddress: "127.0.0.1",
});
const defaultHealthCheck = new gcp.compute.HealthCheck("default", {
name: "health-check",
timeoutSec: 1,
checkIntervalSec: 1,
tcpHealthCheck: {
port: 80,
},
});
// Backend service for Zonal NEG
const defaultBackendService = new gcp.compute.BackendService("default", {
name: "backend-default",
portName: "http",
protocol: "HTTP",
timeoutSec: 10,
backends: [{
group: defaultNetworkEndpointGroup.id,
balancingMode: "RATE",
maxRatePerEndpoint: 10,
}],
healthChecks: defaultHealthCheck.id,
});
// Backgend service for Hybrid NEG
const hybridBackendService = new gcp.compute.BackendService("hybrid", {
name: "backend-hybrid",
portName: "http",
protocol: "HTTP",
timeoutSec: 10,
backends: [{
group: hybrid.id,
balancingMode: "RATE",
maxRatePerEndpoint: 10,
}],
healthChecks: defaultHealthCheck.id,
});
const defaultURLMap = new gcp.compute.URLMap("default", {
name: "url-map-target-proxy",
description: "a description",
defaultService: defaultBackendService.id,
hostRules: [{
hosts: ["mysite.com"],
pathMatcher: "allpaths",
}],
pathMatchers: [{
name: "allpaths",
defaultService: defaultBackendService.id,
pathRules: [
{
paths: ["/*"],
service: defaultBackendService.id,
},
{
paths: ["/hybrid"],
service: hybridBackendService.id,
},
],
}],
});
const defaultTargetHttpProxy = new gcp.compute.TargetHttpProxy("default", {
name: "target-proxy",
description: "a description",
urlMap: defaultURLMap.id,
});
const defaultGlobalForwardingRule = new gcp.compute.GlobalForwardingRule("default", {
name: "global-rule",
target: defaultTargetHttpProxy.id,
portRange: "80",
});
import pulumi
import pulumi_gcp as gcp
config = pulumi.Config()
subnetwork_cidr = config.get("subnetworkCidr")
if subnetwork_cidr is None:
subnetwork_cidr = "10.0.0.0/24"
default = gcp.compute.Network("default", name="my-network")
internal = gcp.compute.Network("internal",
name="my-internal-network",
auto_create_subnetworks=False)
internal_subnetwork = gcp.compute.Subnetwork("internal",
name="my-subnetwork",
network=internal.id,
ip_cidr_range=subnetwork_cidr,
region="us-central1",
private_ip_google_access=True)
# Zonal NEG with GCE_VM_IP_PORT
default_network_endpoint_group = gcp.compute.NetworkEndpointGroup("default",
name="default-neg",
network=default.id,
default_port=90,
zone="us-central1-a",
network_endpoint_type="GCE_VM_IP_PORT")
# Zonal NEG with GCE_VM_IP
internal_network_endpoint_group = gcp.compute.NetworkEndpointGroup("internal",
name="internal-neg",
network=internal.id,
subnetwork=internal_subnetwork.id,
zone="us-central1-a",
network_endpoint_type="GCE_VM_IP")
# Hybrid connectivity NEG
hybrid = gcp.compute.NetworkEndpointGroup("hybrid",
name="hybrid-neg",
network=default.id,
default_port=90,
zone="us-central1-a",
network_endpoint_type="NON_GCP_PRIVATE_IP_PORT")
hybrid_endpoint = gcp.compute.NetworkEndpoint("hybrid-endpoint",
network_endpoint_group=hybrid.name,
port=hybrid.default_port,
ip_address="127.0.0.1")
default_health_check = gcp.compute.HealthCheck("default",
name="health-check",
timeout_sec=1,
check_interval_sec=1,
tcp_health_check=gcp.compute.HealthCheckTcpHealthCheckArgs(
port=80,
))
# Backend service for Zonal NEG
default_backend_service = gcp.compute.BackendService("default",
name="backend-default",
port_name="http",
protocol="HTTP",
timeout_sec=10,
backends=[gcp.compute.BackendServiceBackendArgs(
group=default_network_endpoint_group.id,
balancing_mode="RATE",
max_rate_per_endpoint=10,
)],
health_checks=default_health_check.id)
# Backgend service for Hybrid NEG
hybrid_backend_service = gcp.compute.BackendService("hybrid",
name="backend-hybrid",
port_name="http",
protocol="HTTP",
timeout_sec=10,
backends=[gcp.compute.BackendServiceBackendArgs(
group=hybrid.id,
balancing_mode="RATE",
max_rate_per_endpoint=10,
)],
health_checks=default_health_check.id)
default_url_map = gcp.compute.URLMap("default",
name="url-map-target-proxy",
description="a description",
default_service=default_backend_service.id,
host_rules=[gcp.compute.URLMapHostRuleArgs(
hosts=["mysite.com"],
path_matcher="allpaths",
)],
path_matchers=[gcp.compute.URLMapPathMatcherArgs(
name="allpaths",
default_service=default_backend_service.id,
path_rules=[
gcp.compute.URLMapPathMatcherPathRuleArgs(
paths=["/*"],
service=default_backend_service.id,
),
gcp.compute.URLMapPathMatcherPathRuleArgs(
paths=["/hybrid"],
service=hybrid_backend_service.id,
),
],
)])
default_target_http_proxy = gcp.compute.TargetHttpProxy("default",
name="target-proxy",
description="a description",
url_map=default_url_map.id)
default_global_forwarding_rule = gcp.compute.GlobalForwardingRule("default",
name="global-rule",
target=default_target_http_proxy.id,
port_range="80")
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
cfg := config.New(ctx, "")
subnetworkCidr := "10.0.0.0/24"
if param := cfg.Get("subnetworkCidr"); param != "" {
subnetworkCidr = param
}
_, err := compute.NewNetwork(ctx, "default", &compute.NetworkArgs{
Name: pulumi.String("my-network"),
})
if err != nil {
return err
}
internal, err := compute.NewNetwork(ctx, "internal", &compute.NetworkArgs{
Name: pulumi.String("my-internal-network"),
AutoCreateSubnetworks: pulumi.Bool(false),
})
if err != nil {
return err
}
internalSubnetwork, err := compute.NewSubnetwork(ctx, "internal", &compute.SubnetworkArgs{
Name: pulumi.String("my-subnetwork"),
Network: internal.ID(),
IpCidrRange: pulumi.String(subnetworkCidr),
Region: pulumi.String("us-central1"),
PrivateIpGoogleAccess: pulumi.Bool(true),
})
if err != nil {
return err
}
// Zonal NEG with GCE_VM_IP_PORT
defaultNetworkEndpointGroup, err := compute.NewNetworkEndpointGroup(ctx, "default", &compute.NetworkEndpointGroupArgs{
Name: pulumi.String("default-neg"),
Network: _default.ID(),
DefaultPort: pulumi.Int(90),
Zone: pulumi.String("us-central1-a"),
NetworkEndpointType: pulumi.String("GCE_VM_IP_PORT"),
})
if err != nil {
return err
}
// Zonal NEG with GCE_VM_IP
_, err = compute.NewNetworkEndpointGroup(ctx, "internal", &compute.NetworkEndpointGroupArgs{
Name: pulumi.String("internal-neg"),
Network: internal.ID(),
Subnetwork: internalSubnetwork.ID(),
Zone: pulumi.String("us-central1-a"),
NetworkEndpointType: pulumi.String("GCE_VM_IP"),
})
if err != nil {
return err
}
// Hybrid connectivity NEG
hybrid, err := compute.NewNetworkEndpointGroup(ctx, "hybrid", &compute.NetworkEndpointGroupArgs{
Name: pulumi.String("hybrid-neg"),
Network: _default.ID(),
DefaultPort: pulumi.Int(90),
Zone: pulumi.String("us-central1-a"),
NetworkEndpointType: pulumi.String("NON_GCP_PRIVATE_IP_PORT"),
})
if err != nil {
return err
}
_, err = compute.NewNetworkEndpoint(ctx, "hybrid-endpoint", &compute.NetworkEndpointArgs{
NetworkEndpointGroup: hybrid.Name,
Port: hybrid.DefaultPort,
IpAddress: pulumi.String("127.0.0.1"),
})
if err != nil {
return err
}
defaultHealthCheck, err := compute.NewHealthCheck(ctx, "default", &compute.HealthCheckArgs{
Name: pulumi.String("health-check"),
TimeoutSec: pulumi.Int(1),
CheckIntervalSec: pulumi.Int(1),
TcpHealthCheck: &compute.HealthCheckTcpHealthCheckArgs{
Port: pulumi.Int(80),
},
})
if err != nil {
return err
}
// Backend service for Zonal NEG
defaultBackendService, err := compute.NewBackendService(ctx, "default", &compute.BackendServiceArgs{
Name: pulumi.String("backend-default"),
PortName: pulumi.String("http"),
Protocol: pulumi.String("HTTP"),
TimeoutSec: pulumi.Int(10),
Backends: compute.BackendServiceBackendArray{
&compute.BackendServiceBackendArgs{
Group: defaultNetworkEndpointGroup.ID(),
BalancingMode: pulumi.String("RATE"),
MaxRatePerEndpoint: pulumi.Float64(10),
},
},
HealthChecks: defaultHealthCheck.ID(),
})
if err != nil {
return err
}
// Backgend service for Hybrid NEG
hybridBackendService, err := compute.NewBackendService(ctx, "hybrid", &compute.BackendServiceArgs{
Name: pulumi.String("backend-hybrid"),
PortName: pulumi.String("http"),
Protocol: pulumi.String("HTTP"),
TimeoutSec: pulumi.Int(10),
Backends: compute.BackendServiceBackendArray{
&compute.BackendServiceBackendArgs{
Group: hybrid.ID(),
BalancingMode: pulumi.String("RATE"),
MaxRatePerEndpoint: pulumi.Float64(10),
},
},
HealthChecks: defaultHealthCheck.ID(),
})
if err != nil {
return err
}
defaultURLMap, err := compute.NewURLMap(ctx, "default", &compute.URLMapArgs{
Name: pulumi.String("url-map-target-proxy"),
Description: pulumi.String("a description"),
DefaultService: defaultBackendService.ID(),
HostRules: compute.URLMapHostRuleArray{
&compute.URLMapHostRuleArgs{
Hosts: pulumi.StringArray{
pulumi.String("mysite.com"),
},
PathMatcher: pulumi.String("allpaths"),
},
},
PathMatchers: compute.URLMapPathMatcherArray{
&compute.URLMapPathMatcherArgs{
Name: pulumi.String("allpaths"),
DefaultService: defaultBackendService.ID(),
PathRules: compute.URLMapPathMatcherPathRuleArray{
&compute.URLMapPathMatcherPathRuleArgs{
Paths: pulumi.StringArray{
pulumi.String("/*"),
},
Service: defaultBackendService.ID(),
},
&compute.URLMapPathMatcherPathRuleArgs{
Paths: pulumi.StringArray{
pulumi.String("/hybrid"),
},
Service: hybridBackendService.ID(),
},
},
},
},
})
if err != nil {
return err
}
defaultTargetHttpProxy, err := compute.NewTargetHttpProxy(ctx, "default", &compute.TargetHttpProxyArgs{
Name: pulumi.String("target-proxy"),
Description: pulumi.String("a description"),
UrlMap: defaultURLMap.ID(),
})
if err != nil {
return err
}
_, err = compute.NewGlobalForwardingRule(ctx, "default", &compute.GlobalForwardingRuleArgs{
Name: pulumi.String("global-rule"),
Target: defaultTargetHttpProxy.ID(),
PortRange: pulumi.String("80"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var config = new Config();
var subnetworkCidr = config.Get("subnetworkCidr") ?? "10.0.0.0/24";
var @default = new Gcp.Compute.Network("default", new()
{
Name = "my-network",
});
var @internal = new Gcp.Compute.Network("internal", new()
{
Name = "my-internal-network",
AutoCreateSubnetworks = false,
});
var internalSubnetwork = new Gcp.Compute.Subnetwork("internal", new()
{
Name = "my-subnetwork",
Network = @internal.Id,
IpCidrRange = subnetworkCidr,
Region = "us-central1",
PrivateIpGoogleAccess = true,
});
// Zonal NEG with GCE_VM_IP_PORT
var defaultNetworkEndpointGroup = new Gcp.Compute.NetworkEndpointGroup("default", new()
{
Name = "default-neg",
Network = @default.Id,
DefaultPort = 90,
Zone = "us-central1-a",
NetworkEndpointType = "GCE_VM_IP_PORT",
});
// Zonal NEG with GCE_VM_IP
var internalNetworkEndpointGroup = new Gcp.Compute.NetworkEndpointGroup("internal", new()
{
Name = "internal-neg",
Network = @internal.Id,
Subnetwork = internalSubnetwork.Id,
Zone = "us-central1-a",
NetworkEndpointType = "GCE_VM_IP",
});
// Hybrid connectivity NEG
var hybrid = new Gcp.Compute.NetworkEndpointGroup("hybrid", new()
{
Name = "hybrid-neg",
Network = @default.Id,
DefaultPort = 90,
Zone = "us-central1-a",
NetworkEndpointType = "NON_GCP_PRIVATE_IP_PORT",
});
var hybrid_endpoint = new Gcp.Compute.NetworkEndpoint("hybrid-endpoint", new()
{
NetworkEndpointGroup = hybrid.Name,
Port = hybrid.DefaultPort,
IpAddress = "127.0.0.1",
});
var defaultHealthCheck = new Gcp.Compute.HealthCheck("default", new()
{
Name = "health-check",
TimeoutSec = 1,
CheckIntervalSec = 1,
TcpHealthCheck = new Gcp.Compute.Inputs.HealthCheckTcpHealthCheckArgs
{
Port = 80,
},
});
// Backend service for Zonal NEG
var defaultBackendService = new Gcp.Compute.BackendService("default", new()
{
Name = "backend-default",
PortName = "http",
Protocol = "HTTP",
TimeoutSec = 10,
Backends = new[]
{
new Gcp.Compute.Inputs.BackendServiceBackendArgs
{
Group = defaultNetworkEndpointGroup.Id,
BalancingMode = "RATE",
MaxRatePerEndpoint = 10,
},
},
HealthChecks = defaultHealthCheck.Id,
});
// Backgend service for Hybrid NEG
var hybridBackendService = new Gcp.Compute.BackendService("hybrid", new()
{
Name = "backend-hybrid",
PortName = "http",
Protocol = "HTTP",
TimeoutSec = 10,
Backends = new[]
{
new Gcp.Compute.Inputs.BackendServiceBackendArgs
{
Group = hybrid.Id,
BalancingMode = "RATE",
MaxRatePerEndpoint = 10,
},
},
HealthChecks = defaultHealthCheck.Id,
});
var defaultURLMap = new Gcp.Compute.URLMap("default", new()
{
Name = "url-map-target-proxy",
Description = "a description",
DefaultService = defaultBackendService.Id,
HostRules = new[]
{
new Gcp.Compute.Inputs.URLMapHostRuleArgs
{
Hosts = new[]
{
"mysite.com",
},
PathMatcher = "allpaths",
},
},
PathMatchers = new[]
{
new Gcp.Compute.Inputs.URLMapPathMatcherArgs
{
Name = "allpaths",
DefaultService = defaultBackendService.Id,
PathRules = new[]
{
new Gcp.Compute.Inputs.URLMapPathMatcherPathRuleArgs
{
Paths = new[]
{
"/*",
},
Service = defaultBackendService.Id,
},
new Gcp.Compute.Inputs.URLMapPathMatcherPathRuleArgs
{
Paths = new[]
{
"/hybrid",
},
Service = hybridBackendService.Id,
},
},
},
},
});
var defaultTargetHttpProxy = new Gcp.Compute.TargetHttpProxy("default", new()
{
Name = "target-proxy",
Description = "a description",
UrlMap = defaultURLMap.Id,
});
var defaultGlobalForwardingRule = new Gcp.Compute.GlobalForwardingRule("default", new()
{
Name = "global-rule",
Target = defaultTargetHttpProxy.Id,
PortRange = "80",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.compute.Network;
import com.pulumi.gcp.compute.NetworkArgs;
import com.pulumi.gcp.compute.Subnetwork;
import com.pulumi.gcp.compute.SubnetworkArgs;
import com.pulumi.gcp.compute.NetworkEndpointGroup;
import com.pulumi.gcp.compute.NetworkEndpointGroupArgs;
import com.pulumi.gcp.compute.NetworkEndpoint;
import com.pulumi.gcp.compute.NetworkEndpointArgs;
import com.pulumi.gcp.compute.HealthCheck;
import com.pulumi.gcp.compute.HealthCheckArgs;
import com.pulumi.gcp.compute.inputs.HealthCheckTcpHealthCheckArgs;
import com.pulumi.gcp.compute.BackendService;
import com.pulumi.gcp.compute.BackendServiceArgs;
import com.pulumi.gcp.compute.inputs.BackendServiceBackendArgs;
import com.pulumi.gcp.compute.URLMap;
import com.pulumi.gcp.compute.URLMapArgs;
import com.pulumi.gcp.compute.inputs.URLMapHostRuleArgs;
import com.pulumi.gcp.compute.inputs.URLMapPathMatcherArgs;
import com.pulumi.gcp.compute.TargetHttpProxy;
import com.pulumi.gcp.compute.TargetHttpProxyArgs;
import com.pulumi.gcp.compute.GlobalForwardingRule;
import com.pulumi.gcp.compute.GlobalForwardingRuleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var config = ctx.config();
final var subnetworkCidr = config.get("subnetworkCidr").orElse("10.0.0.0/24");
var default_ = new Network("default", NetworkArgs.builder()
.name("my-network")
.build());
var internal = new Network("internal", NetworkArgs.builder()
.name("my-internal-network")
.autoCreateSubnetworks(false)
.build());
var internalSubnetwork = new Subnetwork("internalSubnetwork", SubnetworkArgs.builder()
.name("my-subnetwork")
.network(internal.id())
.ipCidrRange(subnetworkCidr)
.region("us-central1")
.privateIpGoogleAccess(true)
.build());
// Zonal NEG with GCE_VM_IP_PORT
var defaultNetworkEndpointGroup = new NetworkEndpointGroup("defaultNetworkEndpointGroup", NetworkEndpointGroupArgs.builder()
.name("default-neg")
.network(default_.id())
.defaultPort("90")
.zone("us-central1-a")
.networkEndpointType("GCE_VM_IP_PORT")
.build());
// Zonal NEG with GCE_VM_IP
var internalNetworkEndpointGroup = new NetworkEndpointGroup("internalNetworkEndpointGroup", NetworkEndpointGroupArgs.builder()
.name("internal-neg")
.network(internal.id())
.subnetwork(internalSubnetwork.id())
.zone("us-central1-a")
.networkEndpointType("GCE_VM_IP")
.build());
// Hybrid connectivity NEG
var hybrid = new NetworkEndpointGroup("hybrid", NetworkEndpointGroupArgs.builder()
.name("hybrid-neg")
.network(default_.id())
.defaultPort("90")
.zone("us-central1-a")
.networkEndpointType("NON_GCP_PRIVATE_IP_PORT")
.build());
var hybrid_endpoint = new NetworkEndpoint("hybrid-endpoint", NetworkEndpointArgs.builder()
.networkEndpointGroup(hybrid.name())
.port(hybrid.defaultPort())
.ipAddress("127.0.0.1")
.build());
var defaultHealthCheck = new HealthCheck("defaultHealthCheck", HealthCheckArgs.builder()
.name("health-check")
.timeoutSec(1)
.checkIntervalSec(1)
.tcpHealthCheck(HealthCheckTcpHealthCheckArgs.builder()
.port("80")
.build())
.build());
// Backend service for Zonal NEG
var defaultBackendService = new BackendService("defaultBackendService", BackendServiceArgs.builder()
.name("backend-default")
.portName("http")
.protocol("HTTP")
.timeoutSec(10)
.backends(BackendServiceBackendArgs.builder()
.group(defaultNetworkEndpointGroup.id())
.balancingMode("RATE")
.maxRatePerEndpoint(10)
.build())
.healthChecks(defaultHealthCheck.id())
.build());
// Backgend service for Hybrid NEG
var hybridBackendService = new BackendService("hybridBackendService", BackendServiceArgs.builder()
.name("backend-hybrid")
.portName("http")
.protocol("HTTP")
.timeoutSec(10)
.backends(BackendServiceBackendArgs.builder()
.group(hybrid.id())
.balancingMode("RATE")
.maxRatePerEndpoint(10)
.build())
.healthChecks(defaultHealthCheck.id())
.build());
var defaultURLMap = new URLMap("defaultURLMap", URLMapArgs.builder()
.name("url-map-target-proxy")
.description("a description")
.defaultService(defaultBackendService.id())
.hostRules(URLMapHostRuleArgs.builder()
.hosts("mysite.com")
.pathMatcher("allpaths")
.build())
.pathMatchers(URLMapPathMatcherArgs.builder()
.name("allpaths")
.defaultService(defaultBackendService.id())
.pathRules(
URLMapPathMatcherPathRuleArgs.builder()
.paths("/*")
.service(defaultBackendService.id())
.build(),
URLMapPathMatcherPathRuleArgs.builder()
.paths("/hybrid")
.service(hybridBackendService.id())
.build())
.build())
.build());
var defaultTargetHttpProxy = new TargetHttpProxy("defaultTargetHttpProxy", TargetHttpProxyArgs.builder()
.name("target-proxy")
.description("a description")
.urlMap(defaultURLMap.id())
.build());
var defaultGlobalForwardingRule = new GlobalForwardingRule("defaultGlobalForwardingRule", GlobalForwardingRuleArgs.builder()
.name("global-rule")
.target(defaultTargetHttpProxy.id())
.portRange("80")
.build());
}
}
configuration:
# Roughly mirrors https://cloud.google.com/load-balancing/docs/https/setting-up-ext-https-hybrid
subnetworkCidr:
type: string
default: 10.0.0.0/24
resources:
default:
type: gcp:compute:Network
properties:
name: my-network
internal:
type: gcp:compute:Network
properties:
name: my-internal-network
autoCreateSubnetworks: false
internalSubnetwork:
type: gcp:compute:Subnetwork
name: internal
properties:
name: my-subnetwork
network: ${internal.id}
ipCidrRange: ${subnetworkCidr}
region: us-central1
privateIpGoogleAccess: true
# Zonal NEG with GCE_VM_IP_PORT
defaultNetworkEndpointGroup:
type: gcp:compute:NetworkEndpointGroup
name: default
properties:
name: default-neg
network: ${default.id}
defaultPort: '90'
zone: us-central1-a
networkEndpointType: GCE_VM_IP_PORT
# Zonal NEG with GCE_VM_IP
internalNetworkEndpointGroup:
type: gcp:compute:NetworkEndpointGroup
name: internal
properties:
name: internal-neg
network: ${internal.id}
subnetwork: ${internalSubnetwork.id}
zone: us-central1-a
networkEndpointType: GCE_VM_IP
# Hybrid connectivity NEG
hybrid:
type: gcp:compute:NetworkEndpointGroup
properties:
name: hybrid-neg
network: ${default.id}
defaultPort: '90'
zone: us-central1-a
networkEndpointType: NON_GCP_PRIVATE_IP_PORT
hybrid-endpoint:
type: gcp:compute:NetworkEndpoint
properties:
networkEndpointGroup: ${hybrid.name}
port: ${hybrid.defaultPort}
ipAddress: 127.0.0.1
# Backend service for Zonal NEG
defaultBackendService:
type: gcp:compute:BackendService
name: default
properties:
name: backend-default
portName: http
protocol: HTTP
timeoutSec: 10
backends:
- group: ${defaultNetworkEndpointGroup.id}
balancingMode: RATE
maxRatePerEndpoint: 10
healthChecks: ${defaultHealthCheck.id}
# Backgend service for Hybrid NEG
hybridBackendService:
type: gcp:compute:BackendService
name: hybrid
properties:
name: backend-hybrid
portName: http
protocol: HTTP
timeoutSec: 10
backends:
- group: ${hybrid.id}
balancingMode: RATE
maxRatePerEndpoint: 10
healthChecks: ${defaultHealthCheck.id}
defaultHealthCheck:
type: gcp:compute:HealthCheck
name: default
properties:
name: health-check
timeoutSec: 1
checkIntervalSec: 1
tcpHealthCheck:
port: '80'
defaultURLMap:
type: gcp:compute:URLMap
name: default
properties:
name: url-map-target-proxy
description: a description
defaultService: ${defaultBackendService.id}
hostRules:
- hosts:
- mysite.com
pathMatcher: allpaths
pathMatchers:
- name: allpaths
defaultService: ${defaultBackendService.id}
pathRules:
- paths:
- /*
service: ${defaultBackendService.id}
- paths:
- /hybrid
service: ${hybridBackendService.id}
defaultTargetHttpProxy:
type: gcp:compute:TargetHttpProxy
name: default
properties:
name: target-proxy
description: a description
urlMap: ${defaultURLMap.id}
defaultGlobalForwardingRule:
type: gcp:compute:GlobalForwardingRule
name: default
properties:
name: global-rule
target: ${defaultTargetHttpProxy.id}
portRange: '80'
Global Internal Http Lb With Mig Backend
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
// Global Internal HTTP load balancer with a managed instance group backend
// VPC network
const gilbNetwork = new gcp.compute.Network("gilb_network", {
name: "l7-gilb-network",
autoCreateSubnetworks: false,
});
// proxy-only subnet
const proxySubnet = new gcp.compute.Subnetwork("proxy_subnet", {
name: "l7-gilb-proxy-subnet",
ipCidrRange: "10.0.0.0/24",
region: "europe-west1",
purpose: "GLOBAL_MANAGED_PROXY",
role: "ACTIVE",
network: gilbNetwork.id,
});
// backend subnet
const gilbSubnet = new gcp.compute.Subnetwork("gilb_subnet", {
name: "l7-gilb-subnet",
ipCidrRange: "10.0.1.0/24",
region: "europe-west1",
network: gilbNetwork.id,
});
// health check
const defaultHealthCheck = new gcp.compute.HealthCheck("default", {
name: "l7-gilb-hc",
httpHealthCheck: {
portSpecification: "USE_SERVING_PORT",
},
});
// instance template
const instanceTemplate = new gcp.compute.InstanceTemplate("instance_template", {
networkInterfaces: [{
accessConfigs: [{}],
network: gilbNetwork.id,
subnetwork: gilbSubnet.id,
}],
name: "l7-gilb-mig-template",
machineType: "e2-small",
tags: ["http-server"],
disks: [{
sourceImage: "debian-cloud/debian-10",
autoDelete: true,
boot: true,
}],
metadata: {
"startup-script": `#! /bin/bash
set -euo pipefail
export DEBIAN_FRONTEND=noninteractive
apt-get update
apt-get install -y nginx-light jq
NAME=(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/hostname")
IP=(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/0/ip")
METADATA=(curl -f -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/attributes/?recursive=True" | jq 'del(.["startup-script"])')
cat <<EOF > /var/www/html/index.html
<pre>
Name: NAME
IP: IP
Metadata: METADATA
</pre>
EOF
`,
},
});
// MIG
const mig = new gcp.compute.InstanceGroupManager("mig", {
name: "l7-gilb-mig1",
zone: "europe-west1-b",
versions: [{
instanceTemplate: instanceTemplate.id,
name: "primary",
}],
baseInstanceName: "vm",
targetSize: 2,
});
// backend service
const defaultBackendService = new gcp.compute.BackendService("default", {
name: "l7-gilb-backend-subnet",
protocol: "HTTP",
loadBalancingScheme: "INTERNAL_MANAGED",
timeoutSec: 10,
healthChecks: defaultHealthCheck.id,
backends: [{
group: mig.instanceGroup,
balancingMode: "UTILIZATION",
capacityScaler: 1,
}],
});
// URL map
const defaultURLMap = new gcp.compute.URLMap("default", {
name: "l7-gilb-url-map",
defaultService: defaultBackendService.id,
});
// HTTP target proxy
const _default = new gcp.compute.TargetHttpProxy("default", {
name: "l7-gilb-target-http-proxy",
urlMap: defaultURLMap.id,
});
// forwarding rule
const googleComputeForwardingRule = new gcp.compute.GlobalForwardingRule("google_compute_forwarding_rule", {
name: "l7-gilb-forwarding-rule",
ipProtocol: "TCP",
loadBalancingScheme: "INTERNAL_MANAGED",
portRange: "80",
target: _default.id,
network: gilbNetwork.id,
subnetwork: gilbSubnet.id,
});
// allow all access from IAP and health check ranges
const fw_iap = new gcp.compute.Firewall("fw-iap", {
name: "l7-gilb-fw-allow-iap-hc",
direction: "INGRESS",
network: gilbNetwork.id,
sourceRanges: [
"130.211.0.0/22",
"35.191.0.0/16",
"35.235.240.0/20",
],
allows: [{
protocol: "tcp",
}],
});
// allow http from proxy subnet to backends
const fw_gilb_to_backends = new gcp.compute.Firewall("fw-gilb-to-backends", {
name: "l7-gilb-fw-allow-gilb-to-backends",
direction: "INGRESS",
network: gilbNetwork.id,
sourceRanges: ["10.0.0.0/24"],
targetTags: ["http-server"],
allows: [{
protocol: "tcp",
ports: [
"80",
"443",
"8080",
],
}],
});
// test instance
const vm_test = new gcp.compute.Instance("vm-test", {
name: "l7-gilb-test-vm",
zone: "europe-west1-b",
machineType: "e2-small",
networkInterfaces: [{
network: gilbNetwork.id,
subnetwork: gilbSubnet.id,
}],
bootDisk: {
initializeParams: {
image: "debian-cloud/debian-10",
},
},
});
import pulumi
import pulumi_gcp as gcp
# Global Internal HTTP load balancer with a managed instance group backend
# VPC network
gilb_network = gcp.compute.Network("gilb_network",
name="l7-gilb-network",
auto_create_subnetworks=False)
# proxy-only subnet
proxy_subnet = gcp.compute.Subnetwork("proxy_subnet",
name="l7-gilb-proxy-subnet",
ip_cidr_range="10.0.0.0/24",
region="europe-west1",
purpose="GLOBAL_MANAGED_PROXY",
role="ACTIVE",
network=gilb_network.id)
# backend subnet
gilb_subnet = gcp.compute.Subnetwork("gilb_subnet",
name="l7-gilb-subnet",
ip_cidr_range="10.0.1.0/24",
region="europe-west1",
network=gilb_network.id)
# health check
default_health_check = gcp.compute.HealthCheck("default",
name="l7-gilb-hc",
http_health_check=gcp.compute.HealthCheckHttpHealthCheckArgs(
port_specification="USE_SERVING_PORT",
))
# instance template
instance_template = gcp.compute.InstanceTemplate("instance_template",
network_interfaces=[gcp.compute.InstanceTemplateNetworkInterfaceArgs(
access_configs=[gcp.compute.InstanceTemplateNetworkInterfaceAccessConfigArgs()],
network=gilb_network.id,
subnetwork=gilb_subnet.id,
)],
name="l7-gilb-mig-template",
machine_type="e2-small",
tags=["http-server"],
disks=[gcp.compute.InstanceTemplateDiskArgs(
source_image="debian-cloud/debian-10",
auto_delete=True,
boot=True,
)],
metadata={
"startup-script": """#! /bin/bash
set -euo pipefail
export DEBIAN_FRONTEND=noninteractive
apt-get update
apt-get install -y nginx-light jq
NAME=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/hostname")
IP=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/0/ip")
METADATA=$(curl -f -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/attributes/?recursive=True" | jq 'del(.["startup-script"])')
cat <<EOF > /var/www/html/index.html
<pre>
Name: $NAME
IP: $IP
Metadata: $METADATA
</pre>
EOF
""",
})
# MIG
mig = gcp.compute.InstanceGroupManager("mig",
name="l7-gilb-mig1",
zone="europe-west1-b",
versions=[gcp.compute.InstanceGroupManagerVersionArgs(
instance_template=instance_template.id,
name="primary",
)],
base_instance_name="vm",
target_size=2)
# backend service
default_backend_service = gcp.compute.BackendService("default",
name="l7-gilb-backend-subnet",
protocol="HTTP",
load_balancing_scheme="INTERNAL_MANAGED",
timeout_sec=10,
health_checks=default_health_check.id,
backends=[gcp.compute.BackendServiceBackendArgs(
group=mig.instance_group,
balancing_mode="UTILIZATION",
capacity_scaler=1,
)])
# URL map
default_url_map = gcp.compute.URLMap("default",
name="l7-gilb-url-map",
default_service=default_backend_service.id)
# HTTP target proxy
default = gcp.compute.TargetHttpProxy("default",
name="l7-gilb-target-http-proxy",
url_map=default_url_map.id)
# forwarding rule
google_compute_forwarding_rule = gcp.compute.GlobalForwardingRule("google_compute_forwarding_rule",
name="l7-gilb-forwarding-rule",
ip_protocol="TCP",
load_balancing_scheme="INTERNAL_MANAGED",
port_range="80",
target=default.id,
network=gilb_network.id,
subnetwork=gilb_subnet.id)
# allow all access from IAP and health check ranges
fw_iap = gcp.compute.Firewall("fw-iap",
name="l7-gilb-fw-allow-iap-hc",
direction="INGRESS",
network=gilb_network.id,
source_ranges=[
"130.211.0.0/22",
"35.191.0.0/16",
"35.235.240.0/20",
],
allows=[gcp.compute.FirewallAllowArgs(
protocol="tcp",
)])
# allow http from proxy subnet to backends
fw_gilb_to_backends = gcp.compute.Firewall("fw-gilb-to-backends",
name="l7-gilb-fw-allow-gilb-to-backends",
direction="INGRESS",
network=gilb_network.id,
source_ranges=["10.0.0.0/24"],
target_tags=["http-server"],
allows=[gcp.compute.FirewallAllowArgs(
protocol="tcp",
ports=[
"80",
"443",
"8080",
],
)])
# test instance
vm_test = gcp.compute.Instance("vm-test",
name="l7-gilb-test-vm",
zone="europe-west1-b",
machine_type="e2-small",
network_interfaces=[gcp.compute.InstanceNetworkInterfaceArgs(
network=gilb_network.id,
subnetwork=gilb_subnet.id,
)],
boot_disk=gcp.compute.InstanceBootDiskArgs(
initialize_params=gcp.compute.InstanceBootDiskInitializeParamsArgs(
image="debian-cloud/debian-10",
),
))
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
// Global Internal HTTP load balancer with a managed instance group backend
// VPC network
gilbNetwork, err := compute.NewNetwork(ctx, "gilb_network", &compute.NetworkArgs{
Name: pulumi.String("l7-gilb-network"),
AutoCreateSubnetworks: pulumi.Bool(false),
})
if err != nil {
return err
}
// proxy-only subnet
_, err = compute.NewSubnetwork(ctx, "proxy_subnet", &compute.SubnetworkArgs{
Name: pulumi.String("l7-gilb-proxy-subnet"),
IpCidrRange: pulumi.String("10.0.0.0/24"),
Region: pulumi.String("europe-west1"),
Purpose: pulumi.String("GLOBAL_MANAGED_PROXY"),
Role: pulumi.String("ACTIVE"),
Network: gilbNetwork.ID(),
})
if err != nil {
return err
}
// backend subnet
gilbSubnet, err := compute.NewSubnetwork(ctx, "gilb_subnet", &compute.SubnetworkArgs{
Name: pulumi.String("l7-gilb-subnet"),
IpCidrRange: pulumi.String("10.0.1.0/24"),
Region: pulumi.String("europe-west1"),
Network: gilbNetwork.ID(),
})
if err != nil {
return err
}
// health check
defaultHealthCheck, err := compute.NewHealthCheck(ctx, "default", &compute.HealthCheckArgs{
Name: pulumi.String("l7-gilb-hc"),
HttpHealthCheck: &compute.HealthCheckHttpHealthCheckArgs{
PortSpecification: pulumi.String("USE_SERVING_PORT"),
},
})
if err != nil {
return err
}
// instance template
instanceTemplate, err := compute.NewInstanceTemplate(ctx, "instance_template", &compute.InstanceTemplateArgs{
NetworkInterfaces: compute.InstanceTemplateNetworkInterfaceArray{
&compute.InstanceTemplateNetworkInterfaceArgs{
AccessConfigs: compute.InstanceTemplateNetworkInterfaceAccessConfigArray{
nil,
},
Network: gilbNetwork.ID(),
Subnetwork: gilbSubnet.ID(),
},
},
Name: pulumi.String("l7-gilb-mig-template"),
MachineType: pulumi.String("e2-small"),
Tags: pulumi.StringArray{
pulumi.String("http-server"),
},
Disks: compute.InstanceTemplateDiskArray{
&compute.InstanceTemplateDiskArgs{
SourceImage: pulumi.String("debian-cloud/debian-10"),
AutoDelete: pulumi.Bool(true),
Boot: pulumi.Bool(true),
},
},
Metadata: pulumi.Map{
"startup-script": pulumi.Any(`#! /bin/bash
set -euo pipefail
export DEBIAN_FRONTEND=noninteractive
apt-get update
apt-get install -y nginx-light jq
NAME=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/hostname")
IP=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/0/ip")
METADATA=$(curl -f -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/attributes/?recursive=True" | jq 'del(.["startup-script"])')
cat <<EOF > /var/www/html/index.html
<pre>
Name: $NAME
IP: $IP
Metadata: $METADATA
</pre>
EOF
`),
},
})
if err != nil {
return err
}
// MIG
mig, err := compute.NewInstanceGroupManager(ctx, "mig", &compute.InstanceGroupManagerArgs{
Name: pulumi.String("l7-gilb-mig1"),
Zone: pulumi.String("europe-west1-b"),
Versions: compute.InstanceGroupManagerVersionArray{
&compute.InstanceGroupManagerVersionArgs{
InstanceTemplate: instanceTemplate.ID(),
Name: pulumi.String("primary"),
},
},
BaseInstanceName: pulumi.String("vm"),
TargetSize: pulumi.Int(2),
})
if err != nil {
return err
}
// backend service
defaultBackendService, err := compute.NewBackendService(ctx, "default", &compute.BackendServiceArgs{
Name: pulumi.String("l7-gilb-backend-subnet"),
Protocol: pulumi.String("HTTP"),
LoadBalancingScheme: pulumi.String("INTERNAL_MANAGED"),
TimeoutSec: pulumi.Int(10),
HealthChecks: defaultHealthCheck.ID(),
Backends: compute.BackendServiceBackendArray{
&compute.BackendServiceBackendArgs{
Group: mig.InstanceGroup,
BalancingMode: pulumi.String("UTILIZATION"),
CapacityScaler: pulumi.Float64(1),
},
},
})
if err != nil {
return err
}
// URL map
defaultURLMap, err := compute.NewURLMap(ctx, "default", &compute.URLMapArgs{
Name: pulumi.String("l7-gilb-url-map"),
DefaultService: defaultBackendService.ID(),
})
if err != nil {
return err
}
// HTTP target proxy
_, err = compute.NewTargetHttpProxy(ctx, "default", &compute.TargetHttpProxyArgs{
Name: pulumi.String("l7-gilb-target-http-proxy"),
UrlMap: defaultURLMap.ID(),
})
if err != nil {
return err
}
// forwarding rule
_, err = compute.NewGlobalForwardingRule(ctx, "google_compute_forwarding_rule", &compute.GlobalForwardingRuleArgs{
Name: pulumi.String("l7-gilb-forwarding-rule"),
IpProtocol: pulumi.String("TCP"),
LoadBalancingScheme: pulumi.String("INTERNAL_MANAGED"),
PortRange: pulumi.String("80"),
Target: _default.ID(),
Network: gilbNetwork.ID(),
Subnetwork: gilbSubnet.ID(),
})
if err != nil {
return err
}
// allow all access from IAP and health check ranges
_, err = compute.NewFirewall(ctx, "fw-iap", &compute.FirewallArgs{
Name: pulumi.String("l7-gilb-fw-allow-iap-hc"),
Direction: pulumi.String("INGRESS"),
Network: gilbNetwork.ID(),
SourceRanges: pulumi.StringArray{
pulumi.String("130.211.0.0/22"),
pulumi.String("35.191.0.0/16"),
pulumi.String("35.235.240.0/20"),
},
Allows: compute.FirewallAllowArray{
&compute.FirewallAllowArgs{
Protocol: pulumi.String("tcp"),
},
},
})
if err != nil {
return err
}
// allow http from proxy subnet to backends
_, err = compute.NewFirewall(ctx, "fw-gilb-to-backends", &compute.FirewallArgs{
Name: pulumi.String("l7-gilb-fw-allow-gilb-to-backends"),
Direction: pulumi.String("INGRESS"),
Network: gilbNetwork.ID(),
SourceRanges: pulumi.StringArray{
pulumi.String("10.0.0.0/24"),
},
TargetTags: pulumi.StringArray{
pulumi.String("http-server"),
},
Allows: compute.FirewallAllowArray{
&compute.FirewallAllowArgs{
Protocol: pulumi.String("tcp"),
Ports: pulumi.StringArray{
pulumi.String("80"),
pulumi.String("443"),
pulumi.String("8080"),
},
},
},
})
if err != nil {
return err
}
// test instance
_, err = compute.NewInstance(ctx, "vm-test", &compute.InstanceArgs{
Name: pulumi.String("l7-gilb-test-vm"),
Zone: pulumi.String("europe-west1-b"),
MachineType: pulumi.String("e2-small"),
NetworkInterfaces: compute.InstanceNetworkInterfaceArray{
&compute.InstanceNetworkInterfaceArgs{
Network: gilbNetwork.ID(),
Subnetwork: gilbSubnet.ID(),
},
},
BootDisk: &compute.InstanceBootDiskArgs{
InitializeParams: &compute.InstanceBootDiskInitializeParamsArgs{
Image: pulumi.String("debian-cloud/debian-10"),
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
// Global Internal HTTP load balancer with a managed instance group backend
// VPC network
var gilbNetwork = new Gcp.Compute.Network("gilb_network", new()
{
Name = "l7-gilb-network",
AutoCreateSubnetworks = false,
});
// proxy-only subnet
var proxySubnet = new Gcp.Compute.Subnetwork("proxy_subnet", new()
{
Name = "l7-gilb-proxy-subnet",
IpCidrRange = "10.0.0.0/24",
Region = "europe-west1",
Purpose = "GLOBAL_MANAGED_PROXY",
Role = "ACTIVE",
Network = gilbNetwork.Id,
});
// backend subnet
var gilbSubnet = new Gcp.Compute.Subnetwork("gilb_subnet", new()
{
Name = "l7-gilb-subnet",
IpCidrRange = "10.0.1.0/24",
Region = "europe-west1",
Network = gilbNetwork.Id,
});
// health check
var defaultHealthCheck = new Gcp.Compute.HealthCheck("default", new()
{
Name = "l7-gilb-hc",
HttpHealthCheck = new Gcp.Compute.Inputs.HealthCheckHttpHealthCheckArgs
{
PortSpecification = "USE_SERVING_PORT",
},
});
// instance template
var instanceTemplate = new Gcp.Compute.InstanceTemplate("instance_template", new()
{
NetworkInterfaces = new[]
{
new Gcp.Compute.Inputs.InstanceTemplateNetworkInterfaceArgs
{
AccessConfigs = new[]
{
null,
},
Network = gilbNetwork.Id,
Subnetwork = gilbSubnet.Id,
},
},
Name = "l7-gilb-mig-template",
MachineType = "e2-small",
Tags = new[]
{
"http-server",
},
Disks = new[]
{
new Gcp.Compute.Inputs.InstanceTemplateDiskArgs
{
SourceImage = "debian-cloud/debian-10",
AutoDelete = true,
Boot = true,
},
},
Metadata =
{
{ "startup-script", @"#! /bin/bash
set -euo pipefail
export DEBIAN_FRONTEND=noninteractive
apt-get update
apt-get install -y nginx-light jq
NAME=$(curl -H ""Metadata-Flavor: Google"" ""http://metadata.google.internal/computeMetadata/v1/instance/hostname"")
IP=$(curl -H ""Metadata-Flavor: Google"" ""http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/0/ip"")
METADATA=$(curl -f -H ""Metadata-Flavor: Google"" ""http://metadata.google.internal/computeMetadata/v1/instance/attributes/?recursive=True"" | jq 'del(.[""startup-script""])')
cat <<EOF > /var/www/html/index.html
<pre>
Name: $NAME
IP: $IP
Metadata: $METADATA
</pre>
EOF
" },
},
});
// MIG
var mig = new Gcp.Compute.InstanceGroupManager("mig", new()
{
Name = "l7-gilb-mig1",
Zone = "europe-west1-b",
Versions = new[]
{
new Gcp.Compute.Inputs.InstanceGroupManagerVersionArgs
{
InstanceTemplate = instanceTemplate.Id,
Name = "primary",
},
},
BaseInstanceName = "vm",
TargetSize = 2,
});
// backend service
var defaultBackendService = new Gcp.Compute.BackendService("default", new()
{
Name = "l7-gilb-backend-subnet",
Protocol = "HTTP",
LoadBalancingScheme = "INTERNAL_MANAGED",
TimeoutSec = 10,
HealthChecks = defaultHealthCheck.Id,
Backends = new[]
{
new Gcp.Compute.Inputs.BackendServiceBackendArgs
{
Group = mig.InstanceGroup,
BalancingMode = "UTILIZATION",
CapacityScaler = 1,
},
},
});
// URL map
var defaultURLMap = new Gcp.Compute.URLMap("default", new()
{
Name = "l7-gilb-url-map",
DefaultService = defaultBackendService.Id,
});
// HTTP target proxy
var @default = new Gcp.Compute.TargetHttpProxy("default", new()
{
Name = "l7-gilb-target-http-proxy",
UrlMap = defaultURLMap.Id,
});
// forwarding rule
var googleComputeForwardingRule = new Gcp.Compute.GlobalForwardingRule("google_compute_forwarding_rule", new()
{
Name = "l7-gilb-forwarding-rule",
IpProtocol = "TCP",
LoadBalancingScheme = "INTERNAL_MANAGED",
PortRange = "80",
Target = @default.Id,
Network = gilbNetwork.Id,
Subnetwork = gilbSubnet.Id,
});
// allow all access from IAP and health check ranges
var fw_iap = new Gcp.Compute.Firewall("fw-iap", new()
{
Name = "l7-gilb-fw-allow-iap-hc",
Direction = "INGRESS",
Network = gilbNetwork.Id,
SourceRanges = new[]
{
"130.211.0.0/22",
"35.191.0.0/16",
"35.235.240.0/20",
},
Allows = new[]
{
new Gcp.Compute.Inputs.FirewallAllowArgs
{
Protocol = "tcp",
},
},
});
// allow http from proxy subnet to backends
var fw_gilb_to_backends = new Gcp.Compute.Firewall("fw-gilb-to-backends", new()
{
Name = "l7-gilb-fw-allow-gilb-to-backends",
Direction = "INGRESS",
Network = gilbNetwork.Id,
SourceRanges = new[]
{
"10.0.0.0/24",
},
TargetTags = new[]
{
"http-server",
},
Allows = new[]
{
new Gcp.Compute.Inputs.FirewallAllowArgs
{
Protocol = "tcp",
Ports = new[]
{
"80",
"443",
"8080",
},
},
},
});
// test instance
var vm_test = new Gcp.Compute.Instance("vm-test", new()
{
Name = "l7-gilb-test-vm",
Zone = "europe-west1-b",
MachineType = "e2-small",
NetworkInterfaces = new[]
{
new Gcp.Compute.Inputs.InstanceNetworkInterfaceArgs
{
Network = gilbNetwork.Id,
Subnetwork = gilbSubnet.Id,
},
},
BootDisk = new Gcp.Compute.Inputs.InstanceBootDiskArgs
{
InitializeParams = new Gcp.Compute.Inputs.InstanceBootDiskInitializeParamsArgs
{
Image = "debian-cloud/debian-10",
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.compute.Network;
import com.pulumi.gcp.compute.NetworkArgs;
import com.pulumi.gcp.compute.Subnetwork;
import com.pulumi.gcp.compute.SubnetworkArgs;
import com.pulumi.gcp.compute.HealthCheck;
import com.pulumi.gcp.compute.HealthCheckArgs;
import com.pulumi.gcp.compute.inputs.HealthCheckHttpHealthCheckArgs;
import com.pulumi.gcp.compute.InstanceTemplate;
import com.pulumi.gcp.compute.InstanceTemplateArgs;
import com.pulumi.gcp.compute.inputs.InstanceTemplateNetworkInterfaceArgs;
import com.pulumi.gcp.compute.inputs.InstanceTemplateDiskArgs;
import com.pulumi.gcp.compute.InstanceGroupManager;
import com.pulumi.gcp.compute.InstanceGroupManagerArgs;
import com.pulumi.gcp.compute.inputs.InstanceGroupManagerVersionArgs;
import com.pulumi.gcp.compute.BackendService;
import com.pulumi.gcp.compute.BackendServiceArgs;
import com.pulumi.gcp.compute.inputs.BackendServiceBackendArgs;
import com.pulumi.gcp.compute.URLMap;
import com.pulumi.gcp.compute.URLMapArgs;
import com.pulumi.gcp.compute.TargetHttpProxy;
import com.pulumi.gcp.compute.TargetHttpProxyArgs;
import com.pulumi.gcp.compute.GlobalForwardingRule;
import com.pulumi.gcp.compute.GlobalForwardingRuleArgs;
import com.pulumi.gcp.compute.Firewall;
import com.pulumi.gcp.compute.FirewallArgs;
import com.pulumi.gcp.compute.inputs.FirewallAllowArgs;
import com.pulumi.gcp.compute.Instance;
import com.pulumi.gcp.compute.InstanceArgs;
import com.pulumi.gcp.compute.inputs.InstanceNetworkInterfaceArgs;
import com.pulumi.gcp.compute.inputs.InstanceBootDiskArgs;
import com.pulumi.gcp.compute.inputs.InstanceBootDiskInitializeParamsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
// Global Internal HTTP load balancer with a managed instance group backend
// VPC network
var gilbNetwork = new Network("gilbNetwork", NetworkArgs.builder()
.name("l7-gilb-network")
.autoCreateSubnetworks(false)
.build());
// proxy-only subnet
var proxySubnet = new Subnetwork("proxySubnet", SubnetworkArgs.builder()
.name("l7-gilb-proxy-subnet")
.ipCidrRange("10.0.0.0/24")
.region("europe-west1")
.purpose("GLOBAL_MANAGED_PROXY")
.role("ACTIVE")
.network(gilbNetwork.id())
.build());
// backend subnet
var gilbSubnet = new Subnetwork("gilbSubnet", SubnetworkArgs.builder()
.name("l7-gilb-subnet")
.ipCidrRange("10.0.1.0/24")
.region("europe-west1")
.network(gilbNetwork.id())
.build());
// health check
var defaultHealthCheck = new HealthCheck("defaultHealthCheck", HealthCheckArgs.builder()
.name("l7-gilb-hc")
.httpHealthCheck(HealthCheckHttpHealthCheckArgs.builder()
.portSpecification("USE_SERVING_PORT")
.build())
.build());
// instance template
var instanceTemplate = new InstanceTemplate("instanceTemplate", InstanceTemplateArgs.builder()
.networkInterfaces(InstanceTemplateNetworkInterfaceArgs.builder()
.accessConfigs()
.network(gilbNetwork.id())
.subnetwork(gilbSubnet.id())
.build())
.name("l7-gilb-mig-template")
.machineType("e2-small")
.tags("http-server")
.disks(InstanceTemplateDiskArgs.builder()
.sourceImage("debian-cloud/debian-10")
.autoDelete(true)
.boot(true)
.build())
.metadata(Map.of("startup-script", """
#! /bin/bash
set -euo pipefail
export DEBIAN_FRONTEND=noninteractive
apt-get update
apt-get install -y nginx-light jq
NAME=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/hostname")
IP=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/0/ip")
METADATA=$(curl -f -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/attributes/?recursive=True" | jq 'del(.["startup-script"])')
cat <<EOF > /var/www/html/index.html
<pre>
Name: $NAME
IP: $IP
Metadata: $METADATA
</pre>
EOF
"""))
.build());
// MIG
var mig = new InstanceGroupManager("mig", InstanceGroupManagerArgs.builder()
.name("l7-gilb-mig1")
.zone("europe-west1-b")
.versions(InstanceGroupManagerVersionArgs.builder()
.instanceTemplate(instanceTemplate.id())
.name("primary")
.build())
.baseInstanceName("vm")
.targetSize(2)
.build());
// backend service
var defaultBackendService = new BackendService("defaultBackendService", BackendServiceArgs.builder()
.name("l7-gilb-backend-subnet")
.protocol("HTTP")
.loadBalancingScheme("INTERNAL_MANAGED")
.timeoutSec(10)
.healthChecks(defaultHealthCheck.id())
.backends(BackendServiceBackendArgs.builder()
.group(mig.instanceGroup())
.balancingMode("UTILIZATION")
.capacityScaler(1)
.build())
.build());
// URL map
var defaultURLMap = new URLMap("defaultURLMap", URLMapArgs.builder()
.name("l7-gilb-url-map")
.defaultService(defaultBackendService.id())
.build());
// HTTP target proxy
var default_ = new TargetHttpProxy("default", TargetHttpProxyArgs.builder()
.name("l7-gilb-target-http-proxy")
.urlMap(defaultURLMap.id())
.build());
// forwarding rule
var googleComputeForwardingRule = new GlobalForwardingRule("googleComputeForwardingRule", GlobalForwardingRuleArgs.builder()
.name("l7-gilb-forwarding-rule")
.ipProtocol("TCP")
.loadBalancingScheme("INTERNAL_MANAGED")
.portRange("80")
.target(default_.id())
.network(gilbNetwork.id())
.subnetwork(gilbSubnet.id())
.build());
// allow all access from IAP and health check ranges
var fw_iap = new Firewall("fw-iap", FirewallArgs.builder()
.name("l7-gilb-fw-allow-iap-hc")
.direction("INGRESS")
.network(gilbNetwork.id())
.sourceRanges(
"130.211.0.0/22",
"35.191.0.0/16",
"35.235.240.0/20")
.allows(FirewallAllowArgs.builder()
.protocol("tcp")
.build())
.build());
// allow http from proxy subnet to backends
var fw_gilb_to_backends = new Firewall("fw-gilb-to-backends", FirewallArgs.builder()
.name("l7-gilb-fw-allow-gilb-to-backends")
.direction("INGRESS")
.network(gilbNetwork.id())
.sourceRanges("10.0.0.0/24")
.targetTags("http-server")
.allows(FirewallAllowArgs.builder()
.protocol("tcp")
.ports(
"80",
"443",
"8080")
.build())
.build());
// test instance
var vm_test = new Instance("vm-test", InstanceArgs.builder()
.name("l7-gilb-test-vm")
.zone("europe-west1-b")
.machineType("e2-small")
.networkInterfaces(InstanceNetworkInterfaceArgs.builder()
.network(gilbNetwork.id())
.subnetwork(gilbSubnet.id())
.build())
.bootDisk(InstanceBootDiskArgs.builder()
.initializeParams(InstanceBootDiskInitializeParamsArgs.builder()
.image("debian-cloud/debian-10")
.build())
.build())
.build());
}
}
resources:
# Global Internal HTTP load balancer with a managed instance group backend
# VPC network
gilbNetwork:
type: gcp:compute:Network
name: gilb_network
properties:
name: l7-gilb-network
autoCreateSubnetworks: false
# proxy-only subnet
proxySubnet:
type: gcp:compute:Subnetwork
name: proxy_subnet
properties:
name: l7-gilb-proxy-subnet
ipCidrRange: 10.0.0.0/24
region: europe-west1
purpose: GLOBAL_MANAGED_PROXY
role: ACTIVE
network: ${gilbNetwork.id}
# backend subnet
gilbSubnet:
type: gcp:compute:Subnetwork
name: gilb_subnet
properties:
name: l7-gilb-subnet
ipCidrRange: 10.0.1.0/24
region: europe-west1
network: ${gilbNetwork.id}
# forwarding rule
googleComputeForwardingRule:
type: gcp:compute:GlobalForwardingRule
name: google_compute_forwarding_rule
properties:
name: l7-gilb-forwarding-rule
ipProtocol: TCP
loadBalancingScheme: INTERNAL_MANAGED
portRange: '80'
target: ${default.id}
network: ${gilbNetwork.id}
subnetwork: ${gilbSubnet.id}
# HTTP target proxy
default:
type: gcp:compute:TargetHttpProxy
properties:
name: l7-gilb-target-http-proxy
urlMap: ${defaultURLMap.id}
# URL map
defaultURLMap:
type: gcp:compute:URLMap
name: default
properties:
name: l7-gilb-url-map
defaultService: ${defaultBackendService.id}
# backend service
defaultBackendService:
type: gcp:compute:BackendService
name: default
properties:
name: l7-gilb-backend-subnet
protocol: HTTP
loadBalancingScheme: INTERNAL_MANAGED
timeoutSec: 10
healthChecks: ${defaultHealthCheck.id}
backends:
- group: ${mig.instanceGroup}
balancingMode: UTILIZATION
capacityScaler: 1
# instance template
instanceTemplate:
type: gcp:compute:InstanceTemplate
name: instance_template
properties:
networkInterfaces:
- accessConfigs:
- {}
network: ${gilbNetwork.id}
subnetwork: ${gilbSubnet.id}
name: l7-gilb-mig-template
machineType: e2-small
tags:
- http-server
disks:
- sourceImage: debian-cloud/debian-10
autoDelete: true
boot: true
metadata:
startup-script: |
#! /bin/bash
set -euo pipefail
export DEBIAN_FRONTEND=noninteractive
apt-get update
apt-get install -y nginx-light jq
NAME=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/hostname")
IP=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/0/ip")
METADATA=$(curl -f -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/attributes/?recursive=True" | jq 'del(.["startup-script"])')
cat <<EOF > /var/www/html/index.html
<pre>
Name: $NAME
IP: $IP
Metadata: $METADATA
</pre>
EOF
# health check
defaultHealthCheck:
type: gcp:compute:HealthCheck
name: default
properties:
name: l7-gilb-hc
httpHealthCheck:
portSpecification: USE_SERVING_PORT
# MIG
mig:
type: gcp:compute:InstanceGroupManager
properties:
name: l7-gilb-mig1
zone: europe-west1-b
versions:
- instanceTemplate: ${instanceTemplate.id}
name: primary
baseInstanceName: vm
targetSize: 2
# allow all access from IAP and health check ranges
fw-iap:
type: gcp:compute:Firewall
properties:
name: l7-gilb-fw-allow-iap-hc
direction: INGRESS
network: ${gilbNetwork.id}
sourceRanges:
- 130.211.0.0/22
- 35.191.0.0/16
- 35.235.240.0/20
allows:
- protocol: tcp
# allow http from proxy subnet to backends
fw-gilb-to-backends:
type: gcp:compute:Firewall
properties:
name: l7-gilb-fw-allow-gilb-to-backends
direction: INGRESS
network: ${gilbNetwork.id}
sourceRanges:
- 10.0.0.0/24
targetTags:
- http-server
allows:
- protocol: tcp
ports:
- '80'
- '443'
- '8080'
# test instance
vm-test:
type: gcp:compute:Instance
properties:
name: l7-gilb-test-vm
zone: europe-west1-b
machineType: e2-small
networkInterfaces:
- network: ${gilbNetwork.id}
subnetwork: ${gilbSubnet.id}
bootDisk:
initializeParams:
image: debian-cloud/debian-10
Private Service Connect Google Apis
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const network = new gcp.compute.Network("network", {
project: "my-project-name",
name: "my-network",
autoCreateSubnetworks: false,
});
const vpcSubnetwork = new gcp.compute.Subnetwork("vpc_subnetwork", {
project: network.project,
name: "my-subnetwork",
ipCidrRange: "10.2.0.0/16",
region: "us-central1",
network: network.id,
privateIpGoogleAccess: true,
});
const _default = new gcp.compute.GlobalAddress("default", {
project: network.project,
name: "global-psconnect-ip",
addressType: "INTERNAL",
purpose: "PRIVATE_SERVICE_CONNECT",
network: network.id,
address: "100.100.100.106",
});
const defaultGlobalForwardingRule = new gcp.compute.GlobalForwardingRule("default", {
project: network.project,
name: "globalrule",
target: "all-apis",
network: network.id,
ipAddress: _default.id,
loadBalancingScheme: "",
serviceDirectoryRegistrations: {
namespace: "sd-namespace",
serviceDirectoryRegion: "europe-west3",
},
});
import pulumi
import pulumi_gcp as gcp
network = gcp.compute.Network("network",
project="my-project-name",
name="my-network",
auto_create_subnetworks=False)
vpc_subnetwork = gcp.compute.Subnetwork("vpc_subnetwork",
project=network.project,
name="my-subnetwork",
ip_cidr_range="10.2.0.0/16",
region="us-central1",
network=network.id,
private_ip_google_access=True)
default = gcp.compute.GlobalAddress("default",
project=network.project,
name="global-psconnect-ip",
address_type="INTERNAL",
purpose="PRIVATE_SERVICE_CONNECT",
network=network.id,
address="100.100.100.106")
default_global_forwarding_rule = gcp.compute.GlobalForwardingRule("default",
project=network.project,
name="globalrule",
target="all-apis",
network=network.id,
ip_address=default.id,
load_balancing_scheme="",
service_directory_registrations=gcp.compute.GlobalForwardingRuleServiceDirectoryRegistrationsArgs(
namespace="sd-namespace",
service_directory_region="europe-west3",
))
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
network, err := compute.NewNetwork(ctx, "network", &compute.NetworkArgs{
Project: pulumi.String("my-project-name"),
Name: pulumi.String("my-network"),
AutoCreateSubnetworks: pulumi.Bool(false),
})
if err != nil {
return err
}
_, err = compute.NewSubnetwork(ctx, "vpc_subnetwork", &compute.SubnetworkArgs{
Project: network.Project,
Name: pulumi.String("my-subnetwork"),
IpCidrRange: pulumi.String("10.2.0.0/16"),
Region: pulumi.String("us-central1"),
Network: network.ID(),
PrivateIpGoogleAccess: pulumi.Bool(true),
})
if err != nil {
return err
}
_, err = compute.NewGlobalAddress(ctx, "default", &compute.GlobalAddressArgs{
Project: network.Project,
Name: pulumi.String("global-psconnect-ip"),
AddressType: pulumi.String("INTERNAL"),
Purpose: pulumi.String("PRIVATE_SERVICE_CONNECT"),
Network: network.ID(),
Address: pulumi.String("100.100.100.106"),
})
if err != nil {
return err
}
_, err = compute.NewGlobalForwardingRule(ctx, "default", &compute.GlobalForwardingRuleArgs{
Project: network.Project,
Name: pulumi.String("globalrule"),
Target: pulumi.String("all-apis"),
Network: network.ID(),
IpAddress: _default.ID(),
LoadBalancingScheme: pulumi.String(""),
ServiceDirectoryRegistrations: &compute.GlobalForwardingRuleServiceDirectoryRegistrationsArgs{
Namespace: pulumi.String("sd-namespace"),
ServiceDirectoryRegion: pulumi.String("europe-west3"),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var network = new Gcp.Compute.Network("network", new()
{
Project = "my-project-name",
Name = "my-network",
AutoCreateSubnetworks = false,
});
var vpcSubnetwork = new Gcp.Compute.Subnetwork("vpc_subnetwork", new()
{
Project = network.Project,
Name = "my-subnetwork",
IpCidrRange = "10.2.0.0/16",
Region = "us-central1",
Network = network.Id,
PrivateIpGoogleAccess = true,
});
var @default = new Gcp.Compute.GlobalAddress("default", new()
{
Project = network.Project,
Name = "global-psconnect-ip",
AddressType = "INTERNAL",
Purpose = "PRIVATE_SERVICE_CONNECT",
Network = network.Id,
Address = "100.100.100.106",
});
var defaultGlobalForwardingRule = new Gcp.Compute.GlobalForwardingRule("default", new()
{
Project = network.Project,
Name = "globalrule",
Target = "all-apis",
Network = network.Id,
IpAddress = @default.Id,
LoadBalancingScheme = "",
ServiceDirectoryRegistrations = new Gcp.Compute.Inputs.GlobalForwardingRuleServiceDirectoryRegistrationsArgs
{
Namespace = "sd-namespace",
ServiceDirectoryRegion = "europe-west3",
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.compute.Network;
import com.pulumi.gcp.compute.NetworkArgs;
import com.pulumi.gcp.compute.Subnetwork;
import com.pulumi.gcp.compute.SubnetworkArgs;
import com.pulumi.gcp.compute.GlobalAddress;
import com.pulumi.gcp.compute.GlobalAddressArgs;
import com.pulumi.gcp.compute.GlobalForwardingRule;
import com.pulumi.gcp.compute.GlobalForwardingRuleArgs;
import com.pulumi.gcp.compute.inputs.GlobalForwardingRuleServiceDirectoryRegistrationsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var network = new Network("network", NetworkArgs.builder()
.project("my-project-name")
.name("my-network")
.autoCreateSubnetworks(false)
.build());
var vpcSubnetwork = new Subnetwork("vpcSubnetwork", SubnetworkArgs.builder()
.project(network.project())
.name("my-subnetwork")
.ipCidrRange("10.2.0.0/16")
.region("us-central1")
.network(network.id())
.privateIpGoogleAccess(true)
.build());
var default_ = new GlobalAddress("default", GlobalAddressArgs.builder()
.project(network.project())
.name("global-psconnect-ip")
.addressType("INTERNAL")
.purpose("PRIVATE_SERVICE_CONNECT")
.network(network.id())
.address("100.100.100.106")
.build());
var defaultGlobalForwardingRule = new GlobalForwardingRule("defaultGlobalForwardingRule", GlobalForwardingRuleArgs.builder()
.project(network.project())
.name("globalrule")
.target("all-apis")
.network(network.id())
.ipAddress(default_.id())
.loadBalancingScheme("")
.serviceDirectoryRegistrations(GlobalForwardingRuleServiceDirectoryRegistrationsArgs.builder()
.namespace("sd-namespace")
.serviceDirectoryRegion("europe-west3")
.build())
.build());
}
}
resources:
network:
type: gcp:compute:Network
properties:
project: my-project-name
name: my-network
autoCreateSubnetworks: false
vpcSubnetwork:
type: gcp:compute:Subnetwork
name: vpc_subnetwork
properties:
project: ${network.project}
name: my-subnetwork
ipCidrRange: 10.2.0.0/16
region: us-central1
network: ${network.id}
privateIpGoogleAccess: true
default:
type: gcp:compute:GlobalAddress
properties:
project: ${network.project}
name: global-psconnect-ip
addressType: INTERNAL
purpose: PRIVATE_SERVICE_CONNECT
network: ${network.id}
address: 100.100.100.106
defaultGlobalForwardingRule:
type: gcp:compute:GlobalForwardingRule
name: default
properties:
project: ${network.project}
name: globalrule
target: all-apis
network: ${network.id}
ipAddress: ${default.id}
loadBalancingScheme:
serviceDirectoryRegistrations:
namespace: sd-namespace
serviceDirectoryRegion: europe-west3
Private Service Connect Google Apis No Automate Dns
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const network = new gcp.compute.Network("network", {
project: "my-project-name",
name: "my-network",
autoCreateSubnetworks: false,
});
const vpcSubnetwork = new gcp.compute.Subnetwork("vpc_subnetwork", {
project: network.project,
name: "my-subnetwork",
ipCidrRange: "10.2.0.0/16",
region: "us-central1",
network: network.id,
privateIpGoogleAccess: true,
});
const _default = new gcp.compute.GlobalAddress("default", {
project: network.project,
name: "global-psconnect-ip",
addressType: "INTERNAL",
purpose: "PRIVATE_SERVICE_CONNECT",
network: network.id,
address: "100.100.100.106",
});
const defaultGlobalForwardingRule = new gcp.compute.GlobalForwardingRule("default", {
project: network.project,
name: "globalrule",
target: "all-apis",
network: network.id,
ipAddress: _default.id,
loadBalancingScheme: "",
noAutomateDnsZone: false,
});
import pulumi
import pulumi_gcp as gcp
network = gcp.compute.Network("network",
project="my-project-name",
name="my-network",
auto_create_subnetworks=False)
vpc_subnetwork = gcp.compute.Subnetwork("vpc_subnetwork",
project=network.project,
name="my-subnetwork",
ip_cidr_range="10.2.0.0/16",
region="us-central1",
network=network.id,
private_ip_google_access=True)
default = gcp.compute.GlobalAddress("default",
project=network.project,
name="global-psconnect-ip",
address_type="INTERNAL",
purpose="PRIVATE_SERVICE_CONNECT",
network=network.id,
address="100.100.100.106")
default_global_forwarding_rule = gcp.compute.GlobalForwardingRule("default",
project=network.project,
name="globalrule",
target="all-apis",
network=network.id,
ip_address=default.id,
load_balancing_scheme="",
no_automate_dns_zone=False)
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
network, err := compute.NewNetwork(ctx, "network", &compute.NetworkArgs{
Project: pulumi.String("my-project-name"),
Name: pulumi.String("my-network"),
AutoCreateSubnetworks: pulumi.Bool(false),
})
if err != nil {
return err
}
_, err = compute.NewSubnetwork(ctx, "vpc_subnetwork", &compute.SubnetworkArgs{
Project: network.Project,
Name: pulumi.String("my-subnetwork"),
IpCidrRange: pulumi.String("10.2.0.0/16"),
Region: pulumi.String("us-central1"),
Network: network.ID(),
PrivateIpGoogleAccess: pulumi.Bool(true),
})
if err != nil {
return err
}
_, err = compute.NewGlobalAddress(ctx, "default", &compute.GlobalAddressArgs{
Project: network.Project,
Name: pulumi.String("global-psconnect-ip"),
AddressType: pulumi.String("INTERNAL"),
Purpose: pulumi.String("PRIVATE_SERVICE_CONNECT"),
Network: network.ID(),
Address: pulumi.String("100.100.100.106"),
})
if err != nil {
return err
}
_, err = compute.NewGlobalForwardingRule(ctx, "default", &compute.GlobalForwardingRuleArgs{
Project: network.Project,
Name: pulumi.String("globalrule"),
Target: pulumi.String("all-apis"),
Network: network.ID(),
IpAddress: _default.ID(),
LoadBalancingScheme: pulumi.String(""),
NoAutomateDnsZone: pulumi.Bool(false),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var network = new Gcp.Compute.Network("network", new()
{
Project = "my-project-name",
Name = "my-network",
AutoCreateSubnetworks = false,
});
var vpcSubnetwork = new Gcp.Compute.Subnetwork("vpc_subnetwork", new()
{
Project = network.Project,
Name = "my-subnetwork",
IpCidrRange = "10.2.0.0/16",
Region = "us-central1",
Network = network.Id,
PrivateIpGoogleAccess = true,
});
var @default = new Gcp.Compute.GlobalAddress("default", new()
{
Project = network.Project,
Name = "global-psconnect-ip",
AddressType = "INTERNAL",
Purpose = "PRIVATE_SERVICE_CONNECT",
Network = network.Id,
Address = "100.100.100.106",
});
var defaultGlobalForwardingRule = new Gcp.Compute.GlobalForwardingRule("default", new()
{
Project = network.Project,
Name = "globalrule",
Target = "all-apis",
Network = network.Id,
IpAddress = @default.Id,
LoadBalancingScheme = "",
NoAutomateDnsZone = false,
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.compute.Network;
import com.pulumi.gcp.compute.NetworkArgs;
import com.pulumi.gcp.compute.Subnetwork;
import com.pulumi.gcp.compute.SubnetworkArgs;
import com.pulumi.gcp.compute.GlobalAddress;
import com.pulumi.gcp.compute.GlobalAddressArgs;
import com.pulumi.gcp.compute.GlobalForwardingRule;
import com.pulumi.gcp.compute.GlobalForwardingRuleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var network = new Network("network", NetworkArgs.builder()
.project("my-project-name")
.name("my-network")
.autoCreateSubnetworks(false)
.build());
var vpcSubnetwork = new Subnetwork("vpcSubnetwork", SubnetworkArgs.builder()
.project(network.project())
.name("my-subnetwork")
.ipCidrRange("10.2.0.0/16")
.region("us-central1")
.network(network.id())
.privateIpGoogleAccess(true)
.build());
var default_ = new GlobalAddress("default", GlobalAddressArgs.builder()
.project(network.project())
.name("global-psconnect-ip")
.addressType("INTERNAL")
.purpose("PRIVATE_SERVICE_CONNECT")
.network(network.id())
.address("100.100.100.106")
.build());
var defaultGlobalForwardingRule = new GlobalForwardingRule("defaultGlobalForwardingRule", GlobalForwardingRuleArgs.builder()
.project(network.project())
.name("globalrule")
.target("all-apis")
.network(network.id())
.ipAddress(default_.id())
.loadBalancingScheme("")
.noAutomateDnsZone(false)
.build());
}
}
resources:
network:
type: gcp:compute:Network
properties:
project: my-project-name
name: my-network
autoCreateSubnetworks: false
vpcSubnetwork:
type: gcp:compute:Subnetwork
name: vpc_subnetwork
properties:
project: ${network.project}
name: my-subnetwork
ipCidrRange: 10.2.0.0/16
region: us-central1
network: ${network.id}
privateIpGoogleAccess: true
default:
type: gcp:compute:GlobalAddress
properties:
project: ${network.project}
name: global-psconnect-ip
addressType: INTERNAL
purpose: PRIVATE_SERVICE_CONNECT
network: ${network.id}
address: 100.100.100.106
defaultGlobalForwardingRule:
type: gcp:compute:GlobalForwardingRule
name: default
properties:
project: ${network.project}
name: globalrule
target: all-apis
network: ${network.id}
ipAddress: ${default.id}
loadBalancingScheme:
noAutomateDnsZone: false
Create GlobalForwardingRule Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new GlobalForwardingRule(name: string, args: GlobalForwardingRuleArgs, opts?: CustomResourceOptions);
@overload
def GlobalForwardingRule(resource_name: str,
args: GlobalForwardingRuleArgs,
opts: Optional[ResourceOptions] = None)
@overload
def GlobalForwardingRule(resource_name: str,
opts: Optional[ResourceOptions] = None,
target: Optional[str] = None,
name: Optional[str] = None,
metadata_filters: Optional[Sequence[GlobalForwardingRuleMetadataFilterArgs]] = None,
ip_protocol: Optional[str] = None,
ip_version: Optional[str] = None,
network: Optional[str] = None,
load_balancing_scheme: Optional[str] = None,
ip_address: Optional[str] = None,
allow_psc_global_access: Optional[bool] = None,
labels: Optional[Mapping[str, str]] = None,
no_automate_dns_zone: Optional[bool] = None,
port_range: Optional[str] = None,
project: Optional[str] = None,
service_directory_registrations: Optional[GlobalForwardingRuleServiceDirectoryRegistrationsArgs] = None,
source_ip_ranges: Optional[Sequence[str]] = None,
subnetwork: Optional[str] = None,
description: Optional[str] = None)
func NewGlobalForwardingRule(ctx *Context, name string, args GlobalForwardingRuleArgs, opts ...ResourceOption) (*GlobalForwardingRule, error)
public GlobalForwardingRule(string name, GlobalForwardingRuleArgs args, CustomResourceOptions? opts = null)
public GlobalForwardingRule(String name, GlobalForwardingRuleArgs args)
public GlobalForwardingRule(String name, GlobalForwardingRuleArgs args, CustomResourceOptions options)
type: gcp:compute:GlobalForwardingRule
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args GlobalForwardingRuleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args GlobalForwardingRuleArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args GlobalForwardingRuleArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args GlobalForwardingRuleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args GlobalForwardingRuleArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Example
The following reference example uses placeholder values for all input properties.
var globalForwardingRuleResource = new Gcp.Compute.GlobalForwardingRule("globalForwardingRuleResource", new()
{
Target = "string",
Name = "string",
MetadataFilters = new[]
{
new Gcp.Compute.Inputs.GlobalForwardingRuleMetadataFilterArgs
{
FilterLabels = new[]
{
new Gcp.Compute.Inputs.GlobalForwardingRuleMetadataFilterFilterLabelArgs
{
Name = "string",
Value = "string",
},
},
FilterMatchCriteria = "string",
},
},
IpProtocol = "string",
IpVersion = "string",
Network = "string",
LoadBalancingScheme = "string",
IpAddress = "string",
AllowPscGlobalAccess = false,
Labels =
{
{ "string", "string" },
},
NoAutomateDnsZone = false,
PortRange = "string",
Project = "string",
ServiceDirectoryRegistrations = new Gcp.Compute.Inputs.GlobalForwardingRuleServiceDirectoryRegistrationsArgs
{
Namespace = "string",
ServiceDirectoryRegion = "string",
},
SourceIpRanges = new[]
{
"string",
},
Subnetwork = "string",
Description = "string",
});
example, err := compute.NewGlobalForwardingRule(ctx, "globalForwardingRuleResource", &compute.GlobalForwardingRuleArgs{
Target: pulumi.String("string"),
Name: pulumi.String("string"),
MetadataFilters: compute.GlobalForwardingRuleMetadataFilterArray{
&compute.GlobalForwardingRuleMetadataFilterArgs{
FilterLabels: compute.GlobalForwardingRuleMetadataFilterFilterLabelArray{
&compute.GlobalForwardingRuleMetadataFilterFilterLabelArgs{
Name: pulumi.String("string"),
Value: pulumi.String("string"),
},
},
FilterMatchCriteria: pulumi.String("string"),
},
},
IpProtocol: pulumi.String("string"),
IpVersion: pulumi.String("string"),
Network: pulumi.String("string"),
LoadBalancingScheme: pulumi.String("string"),
IpAddress: pulumi.String("string"),
AllowPscGlobalAccess: pulumi.Bool(false),
Labels: pulumi.StringMap{
"string": pulumi.String("string"),
},
NoAutomateDnsZone: pulumi.Bool(false),
PortRange: pulumi.String("string"),
Project: pulumi.String("string"),
ServiceDirectoryRegistrations: &compute.GlobalForwardingRuleServiceDirectoryRegistrationsArgs{
Namespace: pulumi.String("string"),
ServiceDirectoryRegion: pulumi.String("string"),
},
SourceIpRanges: pulumi.StringArray{
pulumi.String("string"),
},
Subnetwork: pulumi.String("string"),
Description: pulumi.String("string"),
})
var globalForwardingRuleResource = new GlobalForwardingRule("globalForwardingRuleResource", GlobalForwardingRuleArgs.builder()
.target("string")
.name("string")
.metadataFilters(GlobalForwardingRuleMetadataFilterArgs.builder()
.filterLabels(GlobalForwardingRuleMetadataFilterFilterLabelArgs.builder()
.name("string")
.value("string")
.build())
.filterMatchCriteria("string")
.build())
.ipProtocol("string")
.ipVersion("string")
.network("string")
.loadBalancingScheme("string")
.ipAddress("string")
.allowPscGlobalAccess(false)
.labels(Map.of("string", "string"))
.noAutomateDnsZone(false)
.portRange("string")
.project("string")
.serviceDirectoryRegistrations(GlobalForwardingRuleServiceDirectoryRegistrationsArgs.builder()
.namespace("string")
.serviceDirectoryRegion("string")
.build())
.sourceIpRanges("string")
.subnetwork("string")
.description("string")
.build());
global_forwarding_rule_resource = gcp.compute.GlobalForwardingRule("globalForwardingRuleResource",
target="string",
name="string",
metadata_filters=[gcp.compute.GlobalForwardingRuleMetadataFilterArgs(
filter_labels=[gcp.compute.GlobalForwardingRuleMetadataFilterFilterLabelArgs(
name="string",
value="string",
)],
filter_match_criteria="string",
)],
ip_protocol="string",
ip_version="string",
network="string",
load_balancing_scheme="string",
ip_address="string",
allow_psc_global_access=False,
labels={
"string": "string",
},
no_automate_dns_zone=False,
port_range="string",
project="string",
service_directory_registrations=gcp.compute.GlobalForwardingRuleServiceDirectoryRegistrationsArgs(
namespace="string",
service_directory_region="string",
),
source_ip_ranges=["string"],
subnetwork="string",
description="string")
const globalForwardingRuleResource = new gcp.compute.GlobalForwardingRule("globalForwardingRuleResource", {
target: "string",
name: "string",
metadataFilters: [{
filterLabels: [{
name: "string",
value: "string",
}],
filterMatchCriteria: "string",
}],
ipProtocol: "string",
ipVersion: "string",
network: "string",
loadBalancingScheme: "string",
ipAddress: "string",
allowPscGlobalAccess: false,
labels: {
string: "string",
},
noAutomateDnsZone: false,
portRange: "string",
project: "string",
serviceDirectoryRegistrations: {
namespace: "string",
serviceDirectoryRegion: "string",
},
sourceIpRanges: ["string"],
subnetwork: "string",
description: "string",
});
type: gcp:compute:GlobalForwardingRule
properties:
allowPscGlobalAccess: false
description: string
ipAddress: string
ipProtocol: string
ipVersion: string
labels:
string: string
loadBalancingScheme: string
metadataFilters:
- filterLabels:
- name: string
value: string
filterMatchCriteria: string
name: string
network: string
noAutomateDnsZone: false
portRange: string
project: string
serviceDirectoryRegistrations:
namespace: string
serviceDirectoryRegion: string
sourceIpRanges:
- string
subnetwork: string
target: string
GlobalForwardingRule Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The GlobalForwardingRule resource accepts the following input properties:
- Target string
The URL of the target resource to receive the matched traffic. For regional forwarding rules, this target must be in the same region as the forwarding rule. For global forwarding rules, this target must be a global load balancing resource. The forwarded traffic must be of a type appropriate to the target object.
- For load balancers, see the "Target" column in Port specifications.
- For Private Service Connect forwarding rules that forward traffic to Google APIs, provide the name of a supported Google API bundle:
vpc-sc
- APIs that support VPC Service Controls.all-apis
- All supported Google APIs.
For Private Service Connect forwarding rules that forward traffic to managed services, the target must be a service attachment.
- Allow
Psc boolGlobal Access - This is used in PSC consumer ForwardingRule to control whether the PSC endpoint can be accessed from another region.
- Description string
- An optional description of this resource. Provide this property when you create the resource.
- Ip
Address string IP address for which this forwarding rule accepts traffic. When a client sends traffic to this IP address, the forwarding rule directs the traffic to the referenced
target
. While creating a forwarding rule, specifying anIPAddress
is required under the following circumstances:- When the
target
is set totargetGrpcProxy
andvalidateForProxyless
is set totrue
, theIPAddress
should be set to0.0.0.0
. - When the
target
is a Private Service Connect Google APIs bundle, you must specify anIPAddress
.
Otherwise, you can optionally specify an IP address that references an existing static (reserved) IP address resource. When omitted, Google Cloud assigns an ephemeral IP address. Use one of the following formats to specify an IP address while creating a forwarding rule:
- IP address number, as in
100.1.2.3
- IPv6 address range, as in
2600:1234::/96
- Full resource URL, as in
https://www.googleapis.com/compute/v1/projects/project_id/regions/region/addresses/address-name
- Partial URL or by name, as in:
projects/project_id/regions/region/addresses/address-name
regions/region/addresses/address-name
global/addresses/address-name
address-name
The forwarding rule's
target
, and in most cases, also theloadBalancingScheme
, determine the type of IP address that you can use. For detailed information, see IP address specifications. When reading anIPAddress
, the API always returns the IP address number.- When the
- Ip
Protocol string - The IP protocol to which this rule applies.
For protocol forwarding, valid
options are
TCP
,UDP
,ESP
,AH
,SCTP
,ICMP
andL3_DEFAULT
. The valid IP protocols are different for different load balancing products as described in Load balancing features. Possible values are:TCP
,UDP
,ESP
,AH
,SCTP
,ICMP
. - Ip
Version string - The IP Version that will be used by this global forwarding rule.
Possible values are:
IPV4
,IPV6
. - Labels Dictionary<string, string>
Labels to apply to this forwarding rule. A list of key->value pairs.
Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field
effective_labels
for all of the labels present on the resource.- Load
Balancing stringScheme - Specifies the forwarding rule type.
For more information about forwarding rules, refer to
Forwarding rule concepts.
Default value is
EXTERNAL
. Possible values are:EXTERNAL
,EXTERNAL_MANAGED
,INTERNAL_MANAGED
,INTERNAL_SELF_MANAGED
. - Metadata
Filters List<GlobalForwarding Rule Metadata Filter> - Opaque filter criteria used by Loadbalancer to restrict routing configuration to a limited set xDS compliant clients. In their xDS requests to Loadbalancer, xDS clients present node metadata. If a match takes place, the relevant routing configuration is made available to those proxies. For each metadataFilter in this list, if its filterMatchCriteria is set to MATCH_ANY, at least one of the filterLabels must match the corresponding label provided in the metadata. If its filterMatchCriteria is set to MATCH_ALL, then all of its filterLabels must match with corresponding labels in the provided metadata. metadataFilters specified here can be overridden by those specified in the UrlMap that this ForwardingRule references. metadataFilters only applies to Loadbalancers that have their loadBalancingScheme set to INTERNAL_SELF_MANAGED. Structure is documented below.
- Name string
- Name of the resource; provided by the client when the resource is created.
The name must be 1-63 characters long, and comply with
RFC1035.
Specifically, the name must be 1-63 characters long and match the regular
expression
a-z?
which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. For Private Service Connect forwarding rules that forward traffic to Google APIs, the forwarding rule name must be a 1-20 characters string with lowercase letters and numbers and must start with a letter. - Network string
- This field is not used for external load balancing. For Internal TCP/UDP Load Balancing, this field identifies the network that the load balanced IP should belong to for this Forwarding Rule. If the subnetwork is specified, the network of the subnetwork will be used. If neither subnetwork nor this field is specified, the default network will be used. For Private Service Connect forwarding rules that forward traffic to Google APIs, a network must be provided.
- No
Automate boolDns Zone - This is used in PSC consumer ForwardingRule to control whether it should try to auto-generate a DNS zone or not. Non-PSC forwarding rules do not use this field.
- Port
Range string - The
portRange
field has the following limitations:- It requires that the forwarding rule
IPProtocol
be TCP, UDP, or SCTP, and - It's applicable only to the following products: external passthrough Network Load Balancers, internal and external proxy Network Load Balancers, internal and external Application Load Balancers, external protocol forwarding, and Classic VPN.
- Some products have restrictions on what ports can be used. See
port specifications
for details.
For external forwarding rules, two or more forwarding rules cannot use the
same
[IPAddress, IPProtocol]
pair, and cannot have overlappingportRange
s. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same[IPAddress, IPProtocol]
pair, and cannot have overlappingportRange
s.
- It requires that the forwarding rule
- Project string
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- Service
Directory GlobalRegistrations Forwarding Rule Service Directory Registrations - Service Directory resources to register this forwarding rule with. Currently, only supports a single Service Directory resource. Structure is documented below.
- Source
Ip List<string>Ranges - If not empty, this Forwarding Rule will only forward the traffic when the source IP address matches one of the IP addresses or CIDR ranges set here. Note that a Forwarding Rule can only have up to 64 source IP ranges, and this field can only be used with a regional Forwarding Rule whose scheme is EXTERNAL. Each sourceIpRange entry should be either an IP address (for example, 1.2.3.4) or a CIDR range (for example, 1.2.3.0/24).
- Subnetwork string
- This field identifies the subnetwork that the load balanced IP should belong to for this Forwarding Rule, used in internal load balancing and network load balancing with IPv6. If the network specified is in auto subnet mode, this field is optional. However, a subnetwork must be specified if the network is in custom subnet mode or when creating external forwarding rule with IPv6.
- Target string
The URL of the target resource to receive the matched traffic. For regional forwarding rules, this target must be in the same region as the forwarding rule. For global forwarding rules, this target must be a global load balancing resource. The forwarded traffic must be of a type appropriate to the target object.
- For load balancers, see the "Target" column in Port specifications.
- For Private Service Connect forwarding rules that forward traffic to Google APIs, provide the name of a supported Google API bundle:
vpc-sc
- APIs that support VPC Service Controls.all-apis
- All supported Google APIs.
For Private Service Connect forwarding rules that forward traffic to managed services, the target must be a service attachment.
- Allow
Psc boolGlobal Access - This is used in PSC consumer ForwardingRule to control whether the PSC endpoint can be accessed from another region.
- Description string
- An optional description of this resource. Provide this property when you create the resource.
- Ip
Address string IP address for which this forwarding rule accepts traffic. When a client sends traffic to this IP address, the forwarding rule directs the traffic to the referenced
target
. While creating a forwarding rule, specifying anIPAddress
is required under the following circumstances:- When the
target
is set totargetGrpcProxy
andvalidateForProxyless
is set totrue
, theIPAddress
should be set to0.0.0.0
. - When the
target
is a Private Service Connect Google APIs bundle, you must specify anIPAddress
.
Otherwise, you can optionally specify an IP address that references an existing static (reserved) IP address resource. When omitted, Google Cloud assigns an ephemeral IP address. Use one of the following formats to specify an IP address while creating a forwarding rule:
- IP address number, as in
100.1.2.3
- IPv6 address range, as in
2600:1234::/96
- Full resource URL, as in
https://www.googleapis.com/compute/v1/projects/project_id/regions/region/addresses/address-name
- Partial URL or by name, as in:
projects/project_id/regions/region/addresses/address-name
regions/region/addresses/address-name
global/addresses/address-name
address-name
The forwarding rule's
target
, and in most cases, also theloadBalancingScheme
, determine the type of IP address that you can use. For detailed information, see IP address specifications. When reading anIPAddress
, the API always returns the IP address number.- When the
- Ip
Protocol string - The IP protocol to which this rule applies.
For protocol forwarding, valid
options are
TCP
,UDP
,ESP
,AH
,SCTP
,ICMP
andL3_DEFAULT
. The valid IP protocols are different for different load balancing products as described in Load balancing features. Possible values are:TCP
,UDP
,ESP
,AH
,SCTP
,ICMP
. - Ip
Version string - The IP Version that will be used by this global forwarding rule.
Possible values are:
IPV4
,IPV6
. - Labels map[string]string
Labels to apply to this forwarding rule. A list of key->value pairs.
Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field
effective_labels
for all of the labels present on the resource.- Load
Balancing stringScheme - Specifies the forwarding rule type.
For more information about forwarding rules, refer to
Forwarding rule concepts.
Default value is
EXTERNAL
. Possible values are:EXTERNAL
,EXTERNAL_MANAGED
,INTERNAL_MANAGED
,INTERNAL_SELF_MANAGED
. - Metadata
Filters []GlobalForwarding Rule Metadata Filter Args - Opaque filter criteria used by Loadbalancer to restrict routing configuration to a limited set xDS compliant clients. In their xDS requests to Loadbalancer, xDS clients present node metadata. If a match takes place, the relevant routing configuration is made available to those proxies. For each metadataFilter in this list, if its filterMatchCriteria is set to MATCH_ANY, at least one of the filterLabels must match the corresponding label provided in the metadata. If its filterMatchCriteria is set to MATCH_ALL, then all of its filterLabels must match with corresponding labels in the provided metadata. metadataFilters specified here can be overridden by those specified in the UrlMap that this ForwardingRule references. metadataFilters only applies to Loadbalancers that have their loadBalancingScheme set to INTERNAL_SELF_MANAGED. Structure is documented below.
- Name string
- Name of the resource; provided by the client when the resource is created.
The name must be 1-63 characters long, and comply with
RFC1035.
Specifically, the name must be 1-63 characters long and match the regular
expression
a-z?
which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. For Private Service Connect forwarding rules that forward traffic to Google APIs, the forwarding rule name must be a 1-20 characters string with lowercase letters and numbers and must start with a letter. - Network string
- This field is not used for external load balancing. For Internal TCP/UDP Load Balancing, this field identifies the network that the load balanced IP should belong to for this Forwarding Rule. If the subnetwork is specified, the network of the subnetwork will be used. If neither subnetwork nor this field is specified, the default network will be used. For Private Service Connect forwarding rules that forward traffic to Google APIs, a network must be provided.
- No
Automate boolDns Zone - This is used in PSC consumer ForwardingRule to control whether it should try to auto-generate a DNS zone or not. Non-PSC forwarding rules do not use this field.
- Port
Range string - The
portRange
field has the following limitations:- It requires that the forwarding rule
IPProtocol
be TCP, UDP, or SCTP, and - It's applicable only to the following products: external passthrough Network Load Balancers, internal and external proxy Network Load Balancers, internal and external Application Load Balancers, external protocol forwarding, and Classic VPN.
- Some products have restrictions on what ports can be used. See
port specifications
for details.
For external forwarding rules, two or more forwarding rules cannot use the
same
[IPAddress, IPProtocol]
pair, and cannot have overlappingportRange
s. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same[IPAddress, IPProtocol]
pair, and cannot have overlappingportRange
s.
- It requires that the forwarding rule
- Project string
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- Service
Directory GlobalRegistrations Forwarding Rule Service Directory Registrations Args - Service Directory resources to register this forwarding rule with. Currently, only supports a single Service Directory resource. Structure is documented below.
- Source
Ip []stringRanges - If not empty, this Forwarding Rule will only forward the traffic when the source IP address matches one of the IP addresses or CIDR ranges set here. Note that a Forwarding Rule can only have up to 64 source IP ranges, and this field can only be used with a regional Forwarding Rule whose scheme is EXTERNAL. Each sourceIpRange entry should be either an IP address (for example, 1.2.3.4) or a CIDR range (for example, 1.2.3.0/24).
- Subnetwork string
- This field identifies the subnetwork that the load balanced IP should belong to for this Forwarding Rule, used in internal load balancing and network load balancing with IPv6. If the network specified is in auto subnet mode, this field is optional. However, a subnetwork must be specified if the network is in custom subnet mode or when creating external forwarding rule with IPv6.
- target String
The URL of the target resource to receive the matched traffic. For regional forwarding rules, this target must be in the same region as the forwarding rule. For global forwarding rules, this target must be a global load balancing resource. The forwarded traffic must be of a type appropriate to the target object.
- For load balancers, see the "Target" column in Port specifications.
- For Private Service Connect forwarding rules that forward traffic to Google APIs, provide the name of a supported Google API bundle:
vpc-sc
- APIs that support VPC Service Controls.all-apis
- All supported Google APIs.
For Private Service Connect forwarding rules that forward traffic to managed services, the target must be a service attachment.
- allow
Psc BooleanGlobal Access - This is used in PSC consumer ForwardingRule to control whether the PSC endpoint can be accessed from another region.
- description String
- An optional description of this resource. Provide this property when you create the resource.
- ip
Address String IP address for which this forwarding rule accepts traffic. When a client sends traffic to this IP address, the forwarding rule directs the traffic to the referenced
target
. While creating a forwarding rule, specifying anIPAddress
is required under the following circumstances:- When the
target
is set totargetGrpcProxy
andvalidateForProxyless
is set totrue
, theIPAddress
should be set to0.0.0.0
. - When the
target
is a Private Service Connect Google APIs bundle, you must specify anIPAddress
.
Otherwise, you can optionally specify an IP address that references an existing static (reserved) IP address resource. When omitted, Google Cloud assigns an ephemeral IP address. Use one of the following formats to specify an IP address while creating a forwarding rule:
- IP address number, as in
100.1.2.3
- IPv6 address range, as in
2600:1234::/96
- Full resource URL, as in
https://www.googleapis.com/compute/v1/projects/project_id/regions/region/addresses/address-name
- Partial URL or by name, as in:
projects/project_id/regions/region/addresses/address-name
regions/region/addresses/address-name
global/addresses/address-name
address-name
The forwarding rule's
target
, and in most cases, also theloadBalancingScheme
, determine the type of IP address that you can use. For detailed information, see IP address specifications. When reading anIPAddress
, the API always returns the IP address number.- When the
- ip
Protocol String - The IP protocol to which this rule applies.
For protocol forwarding, valid
options are
TCP
,UDP
,ESP
,AH
,SCTP
,ICMP
andL3_DEFAULT
. The valid IP protocols are different for different load balancing products as described in Load balancing features. Possible values are:TCP
,UDP
,ESP
,AH
,SCTP
,ICMP
. - ip
Version String - The IP Version that will be used by this global forwarding rule.
Possible values are:
IPV4
,IPV6
. - labels Map<String,String>
Labels to apply to this forwarding rule. A list of key->value pairs.
Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field
effective_labels
for all of the labels present on the resource.- load
Balancing StringScheme - Specifies the forwarding rule type.
For more information about forwarding rules, refer to
Forwarding rule concepts.
Default value is
EXTERNAL
. Possible values are:EXTERNAL
,EXTERNAL_MANAGED
,INTERNAL_MANAGED
,INTERNAL_SELF_MANAGED
. - metadata
Filters List<GlobalForwarding Rule Metadata Filter> - Opaque filter criteria used by Loadbalancer to restrict routing configuration to a limited set xDS compliant clients. In their xDS requests to Loadbalancer, xDS clients present node metadata. If a match takes place, the relevant routing configuration is made available to those proxies. For each metadataFilter in this list, if its filterMatchCriteria is set to MATCH_ANY, at least one of the filterLabels must match the corresponding label provided in the metadata. If its filterMatchCriteria is set to MATCH_ALL, then all of its filterLabels must match with corresponding labels in the provided metadata. metadataFilters specified here can be overridden by those specified in the UrlMap that this ForwardingRule references. metadataFilters only applies to Loadbalancers that have their loadBalancingScheme set to INTERNAL_SELF_MANAGED. Structure is documented below.
- name String
- Name of the resource; provided by the client when the resource is created.
The name must be 1-63 characters long, and comply with
RFC1035.
Specifically, the name must be 1-63 characters long and match the regular
expression
a-z?
which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. For Private Service Connect forwarding rules that forward traffic to Google APIs, the forwarding rule name must be a 1-20 characters string with lowercase letters and numbers and must start with a letter. - network String
- This field is not used for external load balancing. For Internal TCP/UDP Load Balancing, this field identifies the network that the load balanced IP should belong to for this Forwarding Rule. If the subnetwork is specified, the network of the subnetwork will be used. If neither subnetwork nor this field is specified, the default network will be used. For Private Service Connect forwarding rules that forward traffic to Google APIs, a network must be provided.
- no
Automate BooleanDns Zone - This is used in PSC consumer ForwardingRule to control whether it should try to auto-generate a DNS zone or not. Non-PSC forwarding rules do not use this field.
- port
Range String - The
portRange
field has the following limitations:- It requires that the forwarding rule
IPProtocol
be TCP, UDP, or SCTP, and - It's applicable only to the following products: external passthrough Network Load Balancers, internal and external proxy Network Load Balancers, internal and external Application Load Balancers, external protocol forwarding, and Classic VPN.
- Some products have restrictions on what ports can be used. See
port specifications
for details.
For external forwarding rules, two or more forwarding rules cannot use the
same
[IPAddress, IPProtocol]
pair, and cannot have overlappingportRange
s. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same[IPAddress, IPProtocol]
pair, and cannot have overlappingportRange
s.
- It requires that the forwarding rule
- project String
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- service
Directory GlobalRegistrations Forwarding Rule Service Directory Registrations - Service Directory resources to register this forwarding rule with. Currently, only supports a single Service Directory resource. Structure is documented below.
- source
Ip List<String>Ranges - If not empty, this Forwarding Rule will only forward the traffic when the source IP address matches one of the IP addresses or CIDR ranges set here. Note that a Forwarding Rule can only have up to 64 source IP ranges, and this field can only be used with a regional Forwarding Rule whose scheme is EXTERNAL. Each sourceIpRange entry should be either an IP address (for example, 1.2.3.4) or a CIDR range (for example, 1.2.3.0/24).
- subnetwork String
- This field identifies the subnetwork that the load balanced IP should belong to for this Forwarding Rule, used in internal load balancing and network load balancing with IPv6. If the network specified is in auto subnet mode, this field is optional. However, a subnetwork must be specified if the network is in custom subnet mode or when creating external forwarding rule with IPv6.
- target string
The URL of the target resource to receive the matched traffic. For regional forwarding rules, this target must be in the same region as the forwarding rule. For global forwarding rules, this target must be a global load balancing resource. The forwarded traffic must be of a type appropriate to the target object.
- For load balancers, see the "Target" column in Port specifications.
- For Private Service Connect forwarding rules that forward traffic to Google APIs, provide the name of a supported Google API bundle:
vpc-sc
- APIs that support VPC Service Controls.all-apis
- All supported Google APIs.
For Private Service Connect forwarding rules that forward traffic to managed services, the target must be a service attachment.
- allow
Psc booleanGlobal Access - This is used in PSC consumer ForwardingRule to control whether the PSC endpoint can be accessed from another region.
- description string
- An optional description of this resource. Provide this property when you create the resource.
- ip
Address string IP address for which this forwarding rule accepts traffic. When a client sends traffic to this IP address, the forwarding rule directs the traffic to the referenced
target
. While creating a forwarding rule, specifying anIPAddress
is required under the following circumstances:- When the
target
is set totargetGrpcProxy
andvalidateForProxyless
is set totrue
, theIPAddress
should be set to0.0.0.0
. - When the
target
is a Private Service Connect Google APIs bundle, you must specify anIPAddress
.
Otherwise, you can optionally specify an IP address that references an existing static (reserved) IP address resource. When omitted, Google Cloud assigns an ephemeral IP address. Use one of the following formats to specify an IP address while creating a forwarding rule:
- IP address number, as in
100.1.2.3
- IPv6 address range, as in
2600:1234::/96
- Full resource URL, as in
https://www.googleapis.com/compute/v1/projects/project_id/regions/region/addresses/address-name
- Partial URL or by name, as in:
projects/project_id/regions/region/addresses/address-name
regions/region/addresses/address-name
global/addresses/address-name
address-name
The forwarding rule's
target
, and in most cases, also theloadBalancingScheme
, determine the type of IP address that you can use. For detailed information, see IP address specifications. When reading anIPAddress
, the API always returns the IP address number.- When the
- ip
Protocol string - The IP protocol to which this rule applies.
For protocol forwarding, valid
options are
TCP
,UDP
,ESP
,AH
,SCTP
,ICMP
andL3_DEFAULT
. The valid IP protocols are different for different load balancing products as described in Load balancing features. Possible values are:TCP
,UDP
,ESP
,AH
,SCTP
,ICMP
. - ip
Version string - The IP Version that will be used by this global forwarding rule.
Possible values are:
IPV4
,IPV6
. - labels {[key: string]: string}
Labels to apply to this forwarding rule. A list of key->value pairs.
Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field
effective_labels
for all of the labels present on the resource.- load
Balancing stringScheme - Specifies the forwarding rule type.
For more information about forwarding rules, refer to
Forwarding rule concepts.
Default value is
EXTERNAL
. Possible values are:EXTERNAL
,EXTERNAL_MANAGED
,INTERNAL_MANAGED
,INTERNAL_SELF_MANAGED
. - metadata
Filters GlobalForwarding Rule Metadata Filter[] - Opaque filter criteria used by Loadbalancer to restrict routing configuration to a limited set xDS compliant clients. In their xDS requests to Loadbalancer, xDS clients present node metadata. If a match takes place, the relevant routing configuration is made available to those proxies. For each metadataFilter in this list, if its filterMatchCriteria is set to MATCH_ANY, at least one of the filterLabels must match the corresponding label provided in the metadata. If its filterMatchCriteria is set to MATCH_ALL, then all of its filterLabels must match with corresponding labels in the provided metadata. metadataFilters specified here can be overridden by those specified in the UrlMap that this ForwardingRule references. metadataFilters only applies to Loadbalancers that have their loadBalancingScheme set to INTERNAL_SELF_MANAGED. Structure is documented below.
- name string
- Name of the resource; provided by the client when the resource is created.
The name must be 1-63 characters long, and comply with
RFC1035.
Specifically, the name must be 1-63 characters long and match the regular
expression
a-z?
which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. For Private Service Connect forwarding rules that forward traffic to Google APIs, the forwarding rule name must be a 1-20 characters string with lowercase letters and numbers and must start with a letter. - network string
- This field is not used for external load balancing. For Internal TCP/UDP Load Balancing, this field identifies the network that the load balanced IP should belong to for this Forwarding Rule. If the subnetwork is specified, the network of the subnetwork will be used. If neither subnetwork nor this field is specified, the default network will be used. For Private Service Connect forwarding rules that forward traffic to Google APIs, a network must be provided.
- no
Automate booleanDns Zone - This is used in PSC consumer ForwardingRule to control whether it should try to auto-generate a DNS zone or not. Non-PSC forwarding rules do not use this field.
- port
Range string - The
portRange
field has the following limitations:- It requires that the forwarding rule
IPProtocol
be TCP, UDP, or SCTP, and - It's applicable only to the following products: external passthrough Network Load Balancers, internal and external proxy Network Load Balancers, internal and external Application Load Balancers, external protocol forwarding, and Classic VPN.
- Some products have restrictions on what ports can be used. See
port specifications
for details.
For external forwarding rules, two or more forwarding rules cannot use the
same
[IPAddress, IPProtocol]
pair, and cannot have overlappingportRange
s. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same[IPAddress, IPProtocol]
pair, and cannot have overlappingportRange
s.
- It requires that the forwarding rule
- project string
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- service
Directory GlobalRegistrations Forwarding Rule Service Directory Registrations - Service Directory resources to register this forwarding rule with. Currently, only supports a single Service Directory resource. Structure is documented below.
- source
Ip string[]Ranges - If not empty, this Forwarding Rule will only forward the traffic when the source IP address matches one of the IP addresses or CIDR ranges set here. Note that a Forwarding Rule can only have up to 64 source IP ranges, and this field can only be used with a regional Forwarding Rule whose scheme is EXTERNAL. Each sourceIpRange entry should be either an IP address (for example, 1.2.3.4) or a CIDR range (for example, 1.2.3.0/24).
- subnetwork string
- This field identifies the subnetwork that the load balanced IP should belong to for this Forwarding Rule, used in internal load balancing and network load balancing with IPv6. If the network specified is in auto subnet mode, this field is optional. However, a subnetwork must be specified if the network is in custom subnet mode or when creating external forwarding rule with IPv6.
- target str
The URL of the target resource to receive the matched traffic. For regional forwarding rules, this target must be in the same region as the forwarding rule. For global forwarding rules, this target must be a global load balancing resource. The forwarded traffic must be of a type appropriate to the target object.
- For load balancers, see the "Target" column in Port specifications.
- For Private Service Connect forwarding rules that forward traffic to Google APIs, provide the name of a supported Google API bundle:
vpc-sc
- APIs that support VPC Service Controls.all-apis
- All supported Google APIs.
For Private Service Connect forwarding rules that forward traffic to managed services, the target must be a service attachment.
- allow_
psc_ boolglobal_ access - This is used in PSC consumer ForwardingRule to control whether the PSC endpoint can be accessed from another region.
- description str
- An optional description of this resource. Provide this property when you create the resource.
- ip_
address str IP address for which this forwarding rule accepts traffic. When a client sends traffic to this IP address, the forwarding rule directs the traffic to the referenced
target
. While creating a forwarding rule, specifying anIPAddress
is required under the following circumstances:- When the
target
is set totargetGrpcProxy
andvalidateForProxyless
is set totrue
, theIPAddress
should be set to0.0.0.0
. - When the
target
is a Private Service Connect Google APIs bundle, you must specify anIPAddress
.
Otherwise, you can optionally specify an IP address that references an existing static (reserved) IP address resource. When omitted, Google Cloud assigns an ephemeral IP address. Use one of the following formats to specify an IP address while creating a forwarding rule:
- IP address number, as in
100.1.2.3
- IPv6 address range, as in
2600:1234::/96
- Full resource URL, as in
https://www.googleapis.com/compute/v1/projects/project_id/regions/region/addresses/address-name
- Partial URL or by name, as in:
projects/project_id/regions/region/addresses/address-name
regions/region/addresses/address-name
global/addresses/address-name
address-name
The forwarding rule's
target
, and in most cases, also theloadBalancingScheme
, determine the type of IP address that you can use. For detailed information, see IP address specifications. When reading anIPAddress
, the API always returns the IP address number.- When the
- ip_
protocol str - The IP protocol to which this rule applies.
For protocol forwarding, valid
options are
TCP
,UDP
,ESP
,AH
,SCTP
,ICMP
andL3_DEFAULT
. The valid IP protocols are different for different load balancing products as described in Load balancing features. Possible values are:TCP
,UDP
,ESP
,AH
,SCTP
,ICMP
. - ip_
version str - The IP Version that will be used by this global forwarding rule.
Possible values are:
IPV4
,IPV6
. - labels Mapping[str, str]
Labels to apply to this forwarding rule. A list of key->value pairs.
Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field
effective_labels
for all of the labels present on the resource.- load_
balancing_ strscheme - Specifies the forwarding rule type.
For more information about forwarding rules, refer to
Forwarding rule concepts.
Default value is
EXTERNAL
. Possible values are:EXTERNAL
,EXTERNAL_MANAGED
,INTERNAL_MANAGED
,INTERNAL_SELF_MANAGED
. - metadata_
filters Sequence[GlobalForwarding Rule Metadata Filter Args] - Opaque filter criteria used by Loadbalancer to restrict routing configuration to a limited set xDS compliant clients. In their xDS requests to Loadbalancer, xDS clients present node metadata. If a match takes place, the relevant routing configuration is made available to those proxies. For each metadataFilter in this list, if its filterMatchCriteria is set to MATCH_ANY, at least one of the filterLabels must match the corresponding label provided in the metadata. If its filterMatchCriteria is set to MATCH_ALL, then all of its filterLabels must match with corresponding labels in the provided metadata. metadataFilters specified here can be overridden by those specified in the UrlMap that this ForwardingRule references. metadataFilters only applies to Loadbalancers that have their loadBalancingScheme set to INTERNAL_SELF_MANAGED. Structure is documented below.
- name str
- Name of the resource; provided by the client when the resource is created.
The name must be 1-63 characters long, and comply with
RFC1035.
Specifically, the name must be 1-63 characters long and match the regular
expression
a-z?
which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. For Private Service Connect forwarding rules that forward traffic to Google APIs, the forwarding rule name must be a 1-20 characters string with lowercase letters and numbers and must start with a letter. - network str
- This field is not used for external load balancing. For Internal TCP/UDP Load Balancing, this field identifies the network that the load balanced IP should belong to for this Forwarding Rule. If the subnetwork is specified, the network of the subnetwork will be used. If neither subnetwork nor this field is specified, the default network will be used. For Private Service Connect forwarding rules that forward traffic to Google APIs, a network must be provided.
- no_
automate_ booldns_ zone - This is used in PSC consumer ForwardingRule to control whether it should try to auto-generate a DNS zone or not. Non-PSC forwarding rules do not use this field.
- port_
range str - The
portRange
field has the following limitations:- It requires that the forwarding rule
IPProtocol
be TCP, UDP, or SCTP, and - It's applicable only to the following products: external passthrough Network Load Balancers, internal and external proxy Network Load Balancers, internal and external Application Load Balancers, external protocol forwarding, and Classic VPN.
- Some products have restrictions on what ports can be used. See
port specifications
for details.
For external forwarding rules, two or more forwarding rules cannot use the
same
[IPAddress, IPProtocol]
pair, and cannot have overlappingportRange
s. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same[IPAddress, IPProtocol]
pair, and cannot have overlappingportRange
s.
- It requires that the forwarding rule
- project str
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- service_
directory_ Globalregistrations Forwarding Rule Service Directory Registrations Args - Service Directory resources to register this forwarding rule with. Currently, only supports a single Service Directory resource. Structure is documented below.
- source_
ip_ Sequence[str]ranges - If not empty, this Forwarding Rule will only forward the traffic when the source IP address matches one of the IP addresses or CIDR ranges set here. Note that a Forwarding Rule can only have up to 64 source IP ranges, and this field can only be used with a regional Forwarding Rule whose scheme is EXTERNAL. Each sourceIpRange entry should be either an IP address (for example, 1.2.3.4) or a CIDR range (for example, 1.2.3.0/24).
- subnetwork str
- This field identifies the subnetwork that the load balanced IP should belong to for this Forwarding Rule, used in internal load balancing and network load balancing with IPv6. If the network specified is in auto subnet mode, this field is optional. However, a subnetwork must be specified if the network is in custom subnet mode or when creating external forwarding rule with IPv6.
- target String
The URL of the target resource to receive the matched traffic. For regional forwarding rules, this target must be in the same region as the forwarding rule. For global forwarding rules, this target must be a global load balancing resource. The forwarded traffic must be of a type appropriate to the target object.
- For load balancers, see the "Target" column in Port specifications.
- For Private Service Connect forwarding rules that forward traffic to Google APIs, provide the name of a supported Google API bundle:
vpc-sc
- APIs that support VPC Service Controls.all-apis
- All supported Google APIs.
For Private Service Connect forwarding rules that forward traffic to managed services, the target must be a service attachment.
- allow
Psc BooleanGlobal Access - This is used in PSC consumer ForwardingRule to control whether the PSC endpoint can be accessed from another region.
- description String
- An optional description of this resource. Provide this property when you create the resource.
- ip
Address String IP address for which this forwarding rule accepts traffic. When a client sends traffic to this IP address, the forwarding rule directs the traffic to the referenced
target
. While creating a forwarding rule, specifying anIPAddress
is required under the following circumstances:- When the
target
is set totargetGrpcProxy
andvalidateForProxyless
is set totrue
, theIPAddress
should be set to0.0.0.0
. - When the
target
is a Private Service Connect Google APIs bundle, you must specify anIPAddress
.
Otherwise, you can optionally specify an IP address that references an existing static (reserved) IP address resource. When omitted, Google Cloud assigns an ephemeral IP address. Use one of the following formats to specify an IP address while creating a forwarding rule:
- IP address number, as in
100.1.2.3
- IPv6 address range, as in
2600:1234::/96
- Full resource URL, as in
https://www.googleapis.com/compute/v1/projects/project_id/regions/region/addresses/address-name
- Partial URL or by name, as in:
projects/project_id/regions/region/addresses/address-name
regions/region/addresses/address-name
global/addresses/address-name
address-name
The forwarding rule's
target
, and in most cases, also theloadBalancingScheme
, determine the type of IP address that you can use. For detailed information, see IP address specifications. When reading anIPAddress
, the API always returns the IP address number.- When the
- ip
Protocol String - The IP protocol to which this rule applies.
For protocol forwarding, valid
options are
TCP
,UDP
,ESP
,AH
,SCTP
,ICMP
andL3_DEFAULT
. The valid IP protocols are different for different load balancing products as described in Load balancing features. Possible values are:TCP
,UDP
,ESP
,AH
,SCTP
,ICMP
. - ip
Version String - The IP Version that will be used by this global forwarding rule.
Possible values are:
IPV4
,IPV6
. - labels Map<String>
Labels to apply to this forwarding rule. A list of key->value pairs.
Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field
effective_labels
for all of the labels present on the resource.- load
Balancing StringScheme - Specifies the forwarding rule type.
For more information about forwarding rules, refer to
Forwarding rule concepts.
Default value is
EXTERNAL
. Possible values are:EXTERNAL
,EXTERNAL_MANAGED
,INTERNAL_MANAGED
,INTERNAL_SELF_MANAGED
. - metadata
Filters List<Property Map> - Opaque filter criteria used by Loadbalancer to restrict routing configuration to a limited set xDS compliant clients. In their xDS requests to Loadbalancer, xDS clients present node metadata. If a match takes place, the relevant routing configuration is made available to those proxies. For each metadataFilter in this list, if its filterMatchCriteria is set to MATCH_ANY, at least one of the filterLabels must match the corresponding label provided in the metadata. If its filterMatchCriteria is set to MATCH_ALL, then all of its filterLabels must match with corresponding labels in the provided metadata. metadataFilters specified here can be overridden by those specified in the UrlMap that this ForwardingRule references. metadataFilters only applies to Loadbalancers that have their loadBalancingScheme set to INTERNAL_SELF_MANAGED. Structure is documented below.
- name String
- Name of the resource; provided by the client when the resource is created.
The name must be 1-63 characters long, and comply with
RFC1035.
Specifically, the name must be 1-63 characters long and match the regular
expression
a-z?
which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. For Private Service Connect forwarding rules that forward traffic to Google APIs, the forwarding rule name must be a 1-20 characters string with lowercase letters and numbers and must start with a letter. - network String
- This field is not used for external load balancing. For Internal TCP/UDP Load Balancing, this field identifies the network that the load balanced IP should belong to for this Forwarding Rule. If the subnetwork is specified, the network of the subnetwork will be used. If neither subnetwork nor this field is specified, the default network will be used. For Private Service Connect forwarding rules that forward traffic to Google APIs, a network must be provided.
- no
Automate BooleanDns Zone - This is used in PSC consumer ForwardingRule to control whether it should try to auto-generate a DNS zone or not. Non-PSC forwarding rules do not use this field.
- port
Range String - The
portRange
field has the following limitations:- It requires that the forwarding rule
IPProtocol
be TCP, UDP, or SCTP, and - It's applicable only to the following products: external passthrough Network Load Balancers, internal and external proxy Network Load Balancers, internal and external Application Load Balancers, external protocol forwarding, and Classic VPN.
- Some products have restrictions on what ports can be used. See
port specifications
for details.
For external forwarding rules, two or more forwarding rules cannot use the
same
[IPAddress, IPProtocol]
pair, and cannot have overlappingportRange
s. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same[IPAddress, IPProtocol]
pair, and cannot have overlappingportRange
s.
- It requires that the forwarding rule
- project String
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- service
Directory Property MapRegistrations - Service Directory resources to register this forwarding rule with. Currently, only supports a single Service Directory resource. Structure is documented below.
- source
Ip List<String>Ranges - If not empty, this Forwarding Rule will only forward the traffic when the source IP address matches one of the IP addresses or CIDR ranges set here. Note that a Forwarding Rule can only have up to 64 source IP ranges, and this field can only be used with a regional Forwarding Rule whose scheme is EXTERNAL. Each sourceIpRange entry should be either an IP address (for example, 1.2.3.4) or a CIDR range (for example, 1.2.3.0/24).
- subnetwork String
- This field identifies the subnetwork that the load balanced IP should belong to for this Forwarding Rule, used in internal load balancing and network load balancing with IPv6. If the network specified is in auto subnet mode, this field is optional. However, a subnetwork must be specified if the network is in custom subnet mode or when creating external forwarding rule with IPv6.
Outputs
All input properties are implicitly available as output properties. Additionally, the GlobalForwardingRule resource produces the following output properties:
- Base
Forwarding stringRule - [Output Only] The URL for the corresponding base Forwarding Rule. By base Forwarding Rule, we mean the Forwarding Rule that has the same IP address, protocol, and port settings with the current Forwarding Rule, but without sourceIPRanges specified. Always empty if the current Forwarding Rule does not have sourceIPRanges specified.
- Effective
Labels Dictionary<string, string> - All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
- Id string
- The provider-assigned unique ID for this managed resource.
- Label
Fingerprint string - The fingerprint used for optimistic locking of this resource. Used internally during updates.
- Psc
Connection stringId - The PSC connection id of the PSC Forwarding Rule.
- Psc
Connection stringStatus - The PSC connection status of the PSC Forwarding Rule. Possible values:
STATUS_UNSPECIFIED
,PENDING
,ACCEPTED
,REJECTED
,CLOSED
- Pulumi
Labels Dictionary<string, string> - The combination of labels configured directly on the resource and default labels configured on the provider.
- Self
Link string - The URI of the created resource.
- Base
Forwarding stringRule - [Output Only] The URL for the corresponding base Forwarding Rule. By base Forwarding Rule, we mean the Forwarding Rule that has the same IP address, protocol, and port settings with the current Forwarding Rule, but without sourceIPRanges specified. Always empty if the current Forwarding Rule does not have sourceIPRanges specified.
- Effective
Labels map[string]string - All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
- Id string
- The provider-assigned unique ID for this managed resource.
- Label
Fingerprint string - The fingerprint used for optimistic locking of this resource. Used internally during updates.
- Psc
Connection stringId - The PSC connection id of the PSC Forwarding Rule.
- Psc
Connection stringStatus - The PSC connection status of the PSC Forwarding Rule. Possible values:
STATUS_UNSPECIFIED
,PENDING
,ACCEPTED
,REJECTED
,CLOSED
- Pulumi
Labels map[string]string - The combination of labels configured directly on the resource and default labels configured on the provider.
- Self
Link string - The URI of the created resource.
- base
Forwarding StringRule - [Output Only] The URL for the corresponding base Forwarding Rule. By base Forwarding Rule, we mean the Forwarding Rule that has the same IP address, protocol, and port settings with the current Forwarding Rule, but without sourceIPRanges specified. Always empty if the current Forwarding Rule does not have sourceIPRanges specified.
- effective
Labels Map<String,String> - All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
- id String
- The provider-assigned unique ID for this managed resource.
- label
Fingerprint String - The fingerprint used for optimistic locking of this resource. Used internally during updates.
- psc
Connection StringId - The PSC connection id of the PSC Forwarding Rule.
- psc
Connection StringStatus - The PSC connection status of the PSC Forwarding Rule. Possible values:
STATUS_UNSPECIFIED
,PENDING
,ACCEPTED
,REJECTED
,CLOSED
- pulumi
Labels Map<String,String> - The combination of labels configured directly on the resource and default labels configured on the provider.
- self
Link String - The URI of the created resource.
- base
Forwarding stringRule - [Output Only] The URL for the corresponding base Forwarding Rule. By base Forwarding Rule, we mean the Forwarding Rule that has the same IP address, protocol, and port settings with the current Forwarding Rule, but without sourceIPRanges specified. Always empty if the current Forwarding Rule does not have sourceIPRanges specified.
- effective
Labels {[key: string]: string} - All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
- id string
- The provider-assigned unique ID for this managed resource.
- label
Fingerprint string - The fingerprint used for optimistic locking of this resource. Used internally during updates.
- psc
Connection stringId - The PSC connection id of the PSC Forwarding Rule.
- psc
Connection stringStatus - The PSC connection status of the PSC Forwarding Rule. Possible values:
STATUS_UNSPECIFIED
,PENDING
,ACCEPTED
,REJECTED
,CLOSED
- pulumi
Labels {[key: string]: string} - The combination of labels configured directly on the resource and default labels configured on the provider.
- self
Link string - The URI of the created resource.
- base_
forwarding_ strrule - [Output Only] The URL for the corresponding base Forwarding Rule. By base Forwarding Rule, we mean the Forwarding Rule that has the same IP address, protocol, and port settings with the current Forwarding Rule, but without sourceIPRanges specified. Always empty if the current Forwarding Rule does not have sourceIPRanges specified.
- effective_
labels Mapping[str, str] - All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
- id str
- The provider-assigned unique ID for this managed resource.
- label_
fingerprint str - The fingerprint used for optimistic locking of this resource. Used internally during updates.
- psc_
connection_ strid - The PSC connection id of the PSC Forwarding Rule.
- psc_
connection_ strstatus - The PSC connection status of the PSC Forwarding Rule. Possible values:
STATUS_UNSPECIFIED
,PENDING
,ACCEPTED
,REJECTED
,CLOSED
- pulumi_
labels Mapping[str, str] - The combination of labels configured directly on the resource and default labels configured on the provider.
- self_
link str - The URI of the created resource.
- base
Forwarding StringRule - [Output Only] The URL for the corresponding base Forwarding Rule. By base Forwarding Rule, we mean the Forwarding Rule that has the same IP address, protocol, and port settings with the current Forwarding Rule, but without sourceIPRanges specified. Always empty if the current Forwarding Rule does not have sourceIPRanges specified.
- effective
Labels Map<String> - All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
- id String
- The provider-assigned unique ID for this managed resource.
- label
Fingerprint String - The fingerprint used for optimistic locking of this resource. Used internally during updates.
- psc
Connection StringId - The PSC connection id of the PSC Forwarding Rule.
- psc
Connection StringStatus - The PSC connection status of the PSC Forwarding Rule. Possible values:
STATUS_UNSPECIFIED
,PENDING
,ACCEPTED
,REJECTED
,CLOSED
- pulumi
Labels Map<String> - The combination of labels configured directly on the resource and default labels configured on the provider.
- self
Link String - The URI of the created resource.
Look up Existing GlobalForwardingRule Resource
Get an existing GlobalForwardingRule resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: GlobalForwardingRuleState, opts?: CustomResourceOptions): GlobalForwardingRule
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
allow_psc_global_access: Optional[bool] = None,
base_forwarding_rule: Optional[str] = None,
description: Optional[str] = None,
effective_labels: Optional[Mapping[str, str]] = None,
ip_address: Optional[str] = None,
ip_protocol: Optional[str] = None,
ip_version: Optional[str] = None,
label_fingerprint: Optional[str] = None,
labels: Optional[Mapping[str, str]] = None,
load_balancing_scheme: Optional[str] = None,
metadata_filters: Optional[Sequence[GlobalForwardingRuleMetadataFilterArgs]] = None,
name: Optional[str] = None,
network: Optional[str] = None,
no_automate_dns_zone: Optional[bool] = None,
port_range: Optional[str] = None,
project: Optional[str] = None,
psc_connection_id: Optional[str] = None,
psc_connection_status: Optional[str] = None,
pulumi_labels: Optional[Mapping[str, str]] = None,
self_link: Optional[str] = None,
service_directory_registrations: Optional[GlobalForwardingRuleServiceDirectoryRegistrationsArgs] = None,
source_ip_ranges: Optional[Sequence[str]] = None,
subnetwork: Optional[str] = None,
target: Optional[str] = None) -> GlobalForwardingRule
func GetGlobalForwardingRule(ctx *Context, name string, id IDInput, state *GlobalForwardingRuleState, opts ...ResourceOption) (*GlobalForwardingRule, error)
public static GlobalForwardingRule Get(string name, Input<string> id, GlobalForwardingRuleState? state, CustomResourceOptions? opts = null)
public static GlobalForwardingRule get(String name, Output<String> id, GlobalForwardingRuleState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Allow
Psc boolGlobal Access - This is used in PSC consumer ForwardingRule to control whether the PSC endpoint can be accessed from another region.
- Base
Forwarding stringRule - [Output Only] The URL for the corresponding base Forwarding Rule. By base Forwarding Rule, we mean the Forwarding Rule that has the same IP address, protocol, and port settings with the current Forwarding Rule, but without sourceIPRanges specified. Always empty if the current Forwarding Rule does not have sourceIPRanges specified.
- Description string
- An optional description of this resource. Provide this property when you create the resource.
- Effective
Labels Dictionary<string, string> - All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
- Ip
Address string IP address for which this forwarding rule accepts traffic. When a client sends traffic to this IP address, the forwarding rule directs the traffic to the referenced
target
. While creating a forwarding rule, specifying anIPAddress
is required under the following circumstances:- When the
target
is set totargetGrpcProxy
andvalidateForProxyless
is set totrue
, theIPAddress
should be set to0.0.0.0
. - When the
target
is a Private Service Connect Google APIs bundle, you must specify anIPAddress
.
Otherwise, you can optionally specify an IP address that references an existing static (reserved) IP address resource. When omitted, Google Cloud assigns an ephemeral IP address. Use one of the following formats to specify an IP address while creating a forwarding rule:
- IP address number, as in
100.1.2.3
- IPv6 address range, as in
2600:1234::/96
- Full resource URL, as in
https://www.googleapis.com/compute/v1/projects/project_id/regions/region/addresses/address-name
- Partial URL or by name, as in:
projects/project_id/regions/region/addresses/address-name
regions/region/addresses/address-name
global/addresses/address-name
address-name
The forwarding rule's
target
, and in most cases, also theloadBalancingScheme
, determine the type of IP address that you can use. For detailed information, see IP address specifications. When reading anIPAddress
, the API always returns the IP address number.- When the
- Ip
Protocol string - The IP protocol to which this rule applies.
For protocol forwarding, valid
options are
TCP
,UDP
,ESP
,AH
,SCTP
,ICMP
andL3_DEFAULT
. The valid IP protocols are different for different load balancing products as described in Load balancing features. Possible values are:TCP
,UDP
,ESP
,AH
,SCTP
,ICMP
. - Ip
Version string - The IP Version that will be used by this global forwarding rule.
Possible values are:
IPV4
,IPV6
. - Label
Fingerprint string - The fingerprint used for optimistic locking of this resource. Used internally during updates.
- Labels Dictionary<string, string>
Labels to apply to this forwarding rule. A list of key->value pairs.
Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field
effective_labels
for all of the labels present on the resource.- Load
Balancing stringScheme - Specifies the forwarding rule type.
For more information about forwarding rules, refer to
Forwarding rule concepts.
Default value is
EXTERNAL
. Possible values are:EXTERNAL
,EXTERNAL_MANAGED
,INTERNAL_MANAGED
,INTERNAL_SELF_MANAGED
. - Metadata
Filters List<GlobalForwarding Rule Metadata Filter> - Opaque filter criteria used by Loadbalancer to restrict routing configuration to a limited set xDS compliant clients. In their xDS requests to Loadbalancer, xDS clients present node metadata. If a match takes place, the relevant routing configuration is made available to those proxies. For each metadataFilter in this list, if its filterMatchCriteria is set to MATCH_ANY, at least one of the filterLabels must match the corresponding label provided in the metadata. If its filterMatchCriteria is set to MATCH_ALL, then all of its filterLabels must match with corresponding labels in the provided metadata. metadataFilters specified here can be overridden by those specified in the UrlMap that this ForwardingRule references. metadataFilters only applies to Loadbalancers that have their loadBalancingScheme set to INTERNAL_SELF_MANAGED. Structure is documented below.
- Name string
- Name of the resource; provided by the client when the resource is created.
The name must be 1-63 characters long, and comply with
RFC1035.
Specifically, the name must be 1-63 characters long and match the regular
expression
a-z?
which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. For Private Service Connect forwarding rules that forward traffic to Google APIs, the forwarding rule name must be a 1-20 characters string with lowercase letters and numbers and must start with a letter. - Network string
- This field is not used for external load balancing. For Internal TCP/UDP Load Balancing, this field identifies the network that the load balanced IP should belong to for this Forwarding Rule. If the subnetwork is specified, the network of the subnetwork will be used. If neither subnetwork nor this field is specified, the default network will be used. For Private Service Connect forwarding rules that forward traffic to Google APIs, a network must be provided.
- No
Automate boolDns Zone - This is used in PSC consumer ForwardingRule to control whether it should try to auto-generate a DNS zone or not. Non-PSC forwarding rules do not use this field.
- Port
Range string - The
portRange
field has the following limitations:- It requires that the forwarding rule
IPProtocol
be TCP, UDP, or SCTP, and - It's applicable only to the following products: external passthrough Network Load Balancers, internal and external proxy Network Load Balancers, internal and external Application Load Balancers, external protocol forwarding, and Classic VPN.
- Some products have restrictions on what ports can be used. See
port specifications
for details.
For external forwarding rules, two or more forwarding rules cannot use the
same
[IPAddress, IPProtocol]
pair, and cannot have overlappingportRange
s. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same[IPAddress, IPProtocol]
pair, and cannot have overlappingportRange
s.
- It requires that the forwarding rule
- Project string
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- Psc
Connection stringId - The PSC connection id of the PSC Forwarding Rule.
- Psc
Connection stringStatus - The PSC connection status of the PSC Forwarding Rule. Possible values:
STATUS_UNSPECIFIED
,PENDING
,ACCEPTED
,REJECTED
,CLOSED
- Pulumi
Labels Dictionary<string, string> - The combination of labels configured directly on the resource and default labels configured on the provider.
- Self
Link string - The URI of the created resource.
- Service
Directory GlobalRegistrations Forwarding Rule Service Directory Registrations - Service Directory resources to register this forwarding rule with. Currently, only supports a single Service Directory resource. Structure is documented below.
- Source
Ip List<string>Ranges - If not empty, this Forwarding Rule will only forward the traffic when the source IP address matches one of the IP addresses or CIDR ranges set here. Note that a Forwarding Rule can only have up to 64 source IP ranges, and this field can only be used with a regional Forwarding Rule whose scheme is EXTERNAL. Each sourceIpRange entry should be either an IP address (for example, 1.2.3.4) or a CIDR range (for example, 1.2.3.0/24).
- Subnetwork string
- This field identifies the subnetwork that the load balanced IP should belong to for this Forwarding Rule, used in internal load balancing and network load balancing with IPv6. If the network specified is in auto subnet mode, this field is optional. However, a subnetwork must be specified if the network is in custom subnet mode or when creating external forwarding rule with IPv6.
- Target string
The URL of the target resource to receive the matched traffic. For regional forwarding rules, this target must be in the same region as the forwarding rule. For global forwarding rules, this target must be a global load balancing resource. The forwarded traffic must be of a type appropriate to the target object.
- For load balancers, see the "Target" column in Port specifications.
- For Private Service Connect forwarding rules that forward traffic to Google APIs, provide the name of a supported Google API bundle:
vpc-sc
- APIs that support VPC Service Controls.all-apis
- All supported Google APIs.
For Private Service Connect forwarding rules that forward traffic to managed services, the target must be a service attachment.
- Allow
Psc boolGlobal Access - This is used in PSC consumer ForwardingRule to control whether the PSC endpoint can be accessed from another region.
- Base
Forwarding stringRule - [Output Only] The URL for the corresponding base Forwarding Rule. By base Forwarding Rule, we mean the Forwarding Rule that has the same IP address, protocol, and port settings with the current Forwarding Rule, but without sourceIPRanges specified. Always empty if the current Forwarding Rule does not have sourceIPRanges specified.
- Description string
- An optional description of this resource. Provide this property when you create the resource.
- Effective
Labels map[string]string - All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
- Ip
Address string IP address for which this forwarding rule accepts traffic. When a client sends traffic to this IP address, the forwarding rule directs the traffic to the referenced
target
. While creating a forwarding rule, specifying anIPAddress
is required under the following circumstances:- When the
target
is set totargetGrpcProxy
andvalidateForProxyless
is set totrue
, theIPAddress
should be set to0.0.0.0
. - When the
target
is a Private Service Connect Google APIs bundle, you must specify anIPAddress
.
Otherwise, you can optionally specify an IP address that references an existing static (reserved) IP address resource. When omitted, Google Cloud assigns an ephemeral IP address. Use one of the following formats to specify an IP address while creating a forwarding rule:
- IP address number, as in
100.1.2.3
- IPv6 address range, as in
2600:1234::/96
- Full resource URL, as in
https://www.googleapis.com/compute/v1/projects/project_id/regions/region/addresses/address-name
- Partial URL or by name, as in:
projects/project_id/regions/region/addresses/address-name
regions/region/addresses/address-name
global/addresses/address-name
address-name
The forwarding rule's
target
, and in most cases, also theloadBalancingScheme
, determine the type of IP address that you can use. For detailed information, see IP address specifications. When reading anIPAddress
, the API always returns the IP address number.- When the
- Ip
Protocol string - The IP protocol to which this rule applies.
For protocol forwarding, valid
options are
TCP
,UDP
,ESP
,AH
,SCTP
,ICMP
andL3_DEFAULT
. The valid IP protocols are different for different load balancing products as described in Load balancing features. Possible values are:TCP
,UDP
,ESP
,AH
,SCTP
,ICMP
. - Ip
Version string - The IP Version that will be used by this global forwarding rule.
Possible values are:
IPV4
,IPV6
. - Label
Fingerprint string - The fingerprint used for optimistic locking of this resource. Used internally during updates.
- Labels map[string]string
Labels to apply to this forwarding rule. A list of key->value pairs.
Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field
effective_labels
for all of the labels present on the resource.- Load
Balancing stringScheme - Specifies the forwarding rule type.
For more information about forwarding rules, refer to
Forwarding rule concepts.
Default value is
EXTERNAL
. Possible values are:EXTERNAL
,EXTERNAL_MANAGED
,INTERNAL_MANAGED
,INTERNAL_SELF_MANAGED
. - Metadata
Filters []GlobalForwarding Rule Metadata Filter Args - Opaque filter criteria used by Loadbalancer to restrict routing configuration to a limited set xDS compliant clients. In their xDS requests to Loadbalancer, xDS clients present node metadata. If a match takes place, the relevant routing configuration is made available to those proxies. For each metadataFilter in this list, if its filterMatchCriteria is set to MATCH_ANY, at least one of the filterLabels must match the corresponding label provided in the metadata. If its filterMatchCriteria is set to MATCH_ALL, then all of its filterLabels must match with corresponding labels in the provided metadata. metadataFilters specified here can be overridden by those specified in the UrlMap that this ForwardingRule references. metadataFilters only applies to Loadbalancers that have their loadBalancingScheme set to INTERNAL_SELF_MANAGED. Structure is documented below.
- Name string
- Name of the resource; provided by the client when the resource is created.
The name must be 1-63 characters long, and comply with
RFC1035.
Specifically, the name must be 1-63 characters long and match the regular
expression
a-z?
which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. For Private Service Connect forwarding rules that forward traffic to Google APIs, the forwarding rule name must be a 1-20 characters string with lowercase letters and numbers and must start with a letter. - Network string
- This field is not used for external load balancing. For Internal TCP/UDP Load Balancing, this field identifies the network that the load balanced IP should belong to for this Forwarding Rule. If the subnetwork is specified, the network of the subnetwork will be used. If neither subnetwork nor this field is specified, the default network will be used. For Private Service Connect forwarding rules that forward traffic to Google APIs, a network must be provided.
- No
Automate boolDns Zone - This is used in PSC consumer ForwardingRule to control whether it should try to auto-generate a DNS zone or not. Non-PSC forwarding rules do not use this field.
- Port
Range string - The
portRange
field has the following limitations:- It requires that the forwarding rule
IPProtocol
be TCP, UDP, or SCTP, and - It's applicable only to the following products: external passthrough Network Load Balancers, internal and external proxy Network Load Balancers, internal and external Application Load Balancers, external protocol forwarding, and Classic VPN.
- Some products have restrictions on what ports can be used. See
port specifications
for details.
For external forwarding rules, two or more forwarding rules cannot use the
same
[IPAddress, IPProtocol]
pair, and cannot have overlappingportRange
s. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same[IPAddress, IPProtocol]
pair, and cannot have overlappingportRange
s.
- It requires that the forwarding rule
- Project string
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- Psc
Connection stringId - The PSC connection id of the PSC Forwarding Rule.
- Psc
Connection stringStatus - The PSC connection status of the PSC Forwarding Rule. Possible values:
STATUS_UNSPECIFIED
,PENDING
,ACCEPTED
,REJECTED
,CLOSED
- Pulumi
Labels map[string]string - The combination of labels configured directly on the resource and default labels configured on the provider.
- Self
Link string - The URI of the created resource.
- Service
Directory GlobalRegistrations Forwarding Rule Service Directory Registrations Args - Service Directory resources to register this forwarding rule with. Currently, only supports a single Service Directory resource. Structure is documented below.
- Source
Ip []stringRanges - If not empty, this Forwarding Rule will only forward the traffic when the source IP address matches one of the IP addresses or CIDR ranges set here. Note that a Forwarding Rule can only have up to 64 source IP ranges, and this field can only be used with a regional Forwarding Rule whose scheme is EXTERNAL. Each sourceIpRange entry should be either an IP address (for example, 1.2.3.4) or a CIDR range (for example, 1.2.3.0/24).
- Subnetwork string
- This field identifies the subnetwork that the load balanced IP should belong to for this Forwarding Rule, used in internal load balancing and network load balancing with IPv6. If the network specified is in auto subnet mode, this field is optional. However, a subnetwork must be specified if the network is in custom subnet mode or when creating external forwarding rule with IPv6.
- Target string
The URL of the target resource to receive the matched traffic. For regional forwarding rules, this target must be in the same region as the forwarding rule. For global forwarding rules, this target must be a global load balancing resource. The forwarded traffic must be of a type appropriate to the target object.
- For load balancers, see the "Target" column in Port specifications.
- For Private Service Connect forwarding rules that forward traffic to Google APIs, provide the name of a supported Google API bundle:
vpc-sc
- APIs that support VPC Service Controls.all-apis
- All supported Google APIs.
For Private Service Connect forwarding rules that forward traffic to managed services, the target must be a service attachment.
- allow
Psc BooleanGlobal Access - This is used in PSC consumer ForwardingRule to control whether the PSC endpoint can be accessed from another region.
- base
Forwarding StringRule - [Output Only] The URL for the corresponding base Forwarding Rule. By base Forwarding Rule, we mean the Forwarding Rule that has the same IP address, protocol, and port settings with the current Forwarding Rule, but without sourceIPRanges specified. Always empty if the current Forwarding Rule does not have sourceIPRanges specified.
- description String
- An optional description of this resource. Provide this property when you create the resource.
- effective
Labels Map<String,String> - All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
- ip
Address String IP address for which this forwarding rule accepts traffic. When a client sends traffic to this IP address, the forwarding rule directs the traffic to the referenced
target
. While creating a forwarding rule, specifying anIPAddress
is required under the following circumstances:- When the
target
is set totargetGrpcProxy
andvalidateForProxyless
is set totrue
, theIPAddress
should be set to0.0.0.0
. - When the
target
is a Private Service Connect Google APIs bundle, you must specify anIPAddress
.
Otherwise, you can optionally specify an IP address that references an existing static (reserved) IP address resource. When omitted, Google Cloud assigns an ephemeral IP address. Use one of the following formats to specify an IP address while creating a forwarding rule:
- IP address number, as in
100.1.2.3
- IPv6 address range, as in
2600:1234::/96
- Full resource URL, as in
https://www.googleapis.com/compute/v1/projects/project_id/regions/region/addresses/address-name
- Partial URL or by name, as in:
projects/project_id/regions/region/addresses/address-name
regions/region/addresses/address-name
global/addresses/address-name
address-name
The forwarding rule's
target
, and in most cases, also theloadBalancingScheme
, determine the type of IP address that you can use. For detailed information, see IP address specifications. When reading anIPAddress
, the API always returns the IP address number.- When the
- ip
Protocol String - The IP protocol to which this rule applies.
For protocol forwarding, valid
options are
TCP
,UDP
,ESP
,AH
,SCTP
,ICMP
andL3_DEFAULT
. The valid IP protocols are different for different load balancing products as described in Load balancing features. Possible values are:TCP
,UDP
,ESP
,AH
,SCTP
,ICMP
. - ip
Version String - The IP Version that will be used by this global forwarding rule.
Possible values are:
IPV4
,IPV6
. - label
Fingerprint String - The fingerprint used for optimistic locking of this resource. Used internally during updates.
- labels Map<String,String>
Labels to apply to this forwarding rule. A list of key->value pairs.
Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field
effective_labels
for all of the labels present on the resource.- load
Balancing StringScheme - Specifies the forwarding rule type.
For more information about forwarding rules, refer to
Forwarding rule concepts.
Default value is
EXTERNAL
. Possible values are:EXTERNAL
,EXTERNAL_MANAGED
,INTERNAL_MANAGED
,INTERNAL_SELF_MANAGED
. - metadata
Filters List<GlobalForwarding Rule Metadata Filter> - Opaque filter criteria used by Loadbalancer to restrict routing configuration to a limited set xDS compliant clients. In their xDS requests to Loadbalancer, xDS clients present node metadata. If a match takes place, the relevant routing configuration is made available to those proxies. For each metadataFilter in this list, if its filterMatchCriteria is set to MATCH_ANY, at least one of the filterLabels must match the corresponding label provided in the metadata. If its filterMatchCriteria is set to MATCH_ALL, then all of its filterLabels must match with corresponding labels in the provided metadata. metadataFilters specified here can be overridden by those specified in the UrlMap that this ForwardingRule references. metadataFilters only applies to Loadbalancers that have their loadBalancingScheme set to INTERNAL_SELF_MANAGED. Structure is documented below.
- name String
- Name of the resource; provided by the client when the resource is created.
The name must be 1-63 characters long, and comply with
RFC1035.
Specifically, the name must be 1-63 characters long and match the regular
expression
a-z?
which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. For Private Service Connect forwarding rules that forward traffic to Google APIs, the forwarding rule name must be a 1-20 characters string with lowercase letters and numbers and must start with a letter. - network String
- This field is not used for external load balancing. For Internal TCP/UDP Load Balancing, this field identifies the network that the load balanced IP should belong to for this Forwarding Rule. If the subnetwork is specified, the network of the subnetwork will be used. If neither subnetwork nor this field is specified, the default network will be used. For Private Service Connect forwarding rules that forward traffic to Google APIs, a network must be provided.
- no
Automate BooleanDns Zone - This is used in PSC consumer ForwardingRule to control whether it should try to auto-generate a DNS zone or not. Non-PSC forwarding rules do not use this field.
- port
Range String - The
portRange
field has the following limitations:- It requires that the forwarding rule
IPProtocol
be TCP, UDP, or SCTP, and - It's applicable only to the following products: external passthrough Network Load Balancers, internal and external proxy Network Load Balancers, internal and external Application Load Balancers, external protocol forwarding, and Classic VPN.
- Some products have restrictions on what ports can be used. See
port specifications
for details.
For external forwarding rules, two or more forwarding rules cannot use the
same
[IPAddress, IPProtocol]
pair, and cannot have overlappingportRange
s. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same[IPAddress, IPProtocol]
pair, and cannot have overlappingportRange
s.
- It requires that the forwarding rule
- project String
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- psc
Connection StringId - The PSC connection id of the PSC Forwarding Rule.
- psc
Connection StringStatus - The PSC connection status of the PSC Forwarding Rule. Possible values:
STATUS_UNSPECIFIED
,PENDING
,ACCEPTED
,REJECTED
,CLOSED
- pulumi
Labels Map<String,String> - The combination of labels configured directly on the resource and default labels configured on the provider.
- self
Link String - The URI of the created resource.
- service
Directory GlobalRegistrations Forwarding Rule Service Directory Registrations - Service Directory resources to register this forwarding rule with. Currently, only supports a single Service Directory resource. Structure is documented below.
- source
Ip List<String>Ranges - If not empty, this Forwarding Rule will only forward the traffic when the source IP address matches one of the IP addresses or CIDR ranges set here. Note that a Forwarding Rule can only have up to 64 source IP ranges, and this field can only be used with a regional Forwarding Rule whose scheme is EXTERNAL. Each sourceIpRange entry should be either an IP address (for example, 1.2.3.4) or a CIDR range (for example, 1.2.3.0/24).
- subnetwork String
- This field identifies the subnetwork that the load balanced IP should belong to for this Forwarding Rule, used in internal load balancing and network load balancing with IPv6. If the network specified is in auto subnet mode, this field is optional. However, a subnetwork must be specified if the network is in custom subnet mode or when creating external forwarding rule with IPv6.
- target String
The URL of the target resource to receive the matched traffic. For regional forwarding rules, this target must be in the same region as the forwarding rule. For global forwarding rules, this target must be a global load balancing resource. The forwarded traffic must be of a type appropriate to the target object.
- For load balancers, see the "Target" column in Port specifications.
- For Private Service Connect forwarding rules that forward traffic to Google APIs, provide the name of a supported Google API bundle:
vpc-sc
- APIs that support VPC Service Controls.all-apis
- All supported Google APIs.
For Private Service Connect forwarding rules that forward traffic to managed services, the target must be a service attachment.
- allow
Psc booleanGlobal Access - This is used in PSC consumer ForwardingRule to control whether the PSC endpoint can be accessed from another region.
- base
Forwarding stringRule - [Output Only] The URL for the corresponding base Forwarding Rule. By base Forwarding Rule, we mean the Forwarding Rule that has the same IP address, protocol, and port settings with the current Forwarding Rule, but without sourceIPRanges specified. Always empty if the current Forwarding Rule does not have sourceIPRanges specified.
- description string
- An optional description of this resource. Provide this property when you create the resource.
- effective
Labels {[key: string]: string} - All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
- ip
Address string IP address for which this forwarding rule accepts traffic. When a client sends traffic to this IP address, the forwarding rule directs the traffic to the referenced
target
. While creating a forwarding rule, specifying anIPAddress
is required under the following circumstances:- When the
target
is set totargetGrpcProxy
andvalidateForProxyless
is set totrue
, theIPAddress
should be set to0.0.0.0
. - When the
target
is a Private Service Connect Google APIs bundle, you must specify anIPAddress
.
Otherwise, you can optionally specify an IP address that references an existing static (reserved) IP address resource. When omitted, Google Cloud assigns an ephemeral IP address. Use one of the following formats to specify an IP address while creating a forwarding rule:
- IP address number, as in
100.1.2.3
- IPv6 address range, as in
2600:1234::/96
- Full resource URL, as in
https://www.googleapis.com/compute/v1/projects/project_id/regions/region/addresses/address-name
- Partial URL or by name, as in:
projects/project_id/regions/region/addresses/address-name
regions/region/addresses/address-name
global/addresses/address-name
address-name
The forwarding rule's
target
, and in most cases, also theloadBalancingScheme
, determine the type of IP address that you can use. For detailed information, see IP address specifications. When reading anIPAddress
, the API always returns the IP address number.- When the
- ip
Protocol string - The IP protocol to which this rule applies.
For protocol forwarding, valid
options are
TCP
,UDP
,ESP
,AH
,SCTP
,ICMP
andL3_DEFAULT
. The valid IP protocols are different for different load balancing products as described in Load balancing features. Possible values are:TCP
,UDP
,ESP
,AH
,SCTP
,ICMP
. - ip
Version string - The IP Version that will be used by this global forwarding rule.
Possible values are:
IPV4
,IPV6
. - label
Fingerprint string - The fingerprint used for optimistic locking of this resource. Used internally during updates.
- labels {[key: string]: string}
Labels to apply to this forwarding rule. A list of key->value pairs.
Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field
effective_labels
for all of the labels present on the resource.- load
Balancing stringScheme - Specifies the forwarding rule type.
For more information about forwarding rules, refer to
Forwarding rule concepts.
Default value is
EXTERNAL
. Possible values are:EXTERNAL
,EXTERNAL_MANAGED
,INTERNAL_MANAGED
,INTERNAL_SELF_MANAGED
. - metadata
Filters GlobalForwarding Rule Metadata Filter[] - Opaque filter criteria used by Loadbalancer to restrict routing configuration to a limited set xDS compliant clients. In their xDS requests to Loadbalancer, xDS clients present node metadata. If a match takes place, the relevant routing configuration is made available to those proxies. For each metadataFilter in this list, if its filterMatchCriteria is set to MATCH_ANY, at least one of the filterLabels must match the corresponding label provided in the metadata. If its filterMatchCriteria is set to MATCH_ALL, then all of its filterLabels must match with corresponding labels in the provided metadata. metadataFilters specified here can be overridden by those specified in the UrlMap that this ForwardingRule references. metadataFilters only applies to Loadbalancers that have their loadBalancingScheme set to INTERNAL_SELF_MANAGED. Structure is documented below.
- name string
- Name of the resource; provided by the client when the resource is created.
The name must be 1-63 characters long, and comply with
RFC1035.
Specifically, the name must be 1-63 characters long and match the regular
expression
a-z?
which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. For Private Service Connect forwarding rules that forward traffic to Google APIs, the forwarding rule name must be a 1-20 characters string with lowercase letters and numbers and must start with a letter. - network string
- This field is not used for external load balancing. For Internal TCP/UDP Load Balancing, this field identifies the network that the load balanced IP should belong to for this Forwarding Rule. If the subnetwork is specified, the network of the subnetwork will be used. If neither subnetwork nor this field is specified, the default network will be used. For Private Service Connect forwarding rules that forward traffic to Google APIs, a network must be provided.
- no
Automate booleanDns Zone - This is used in PSC consumer ForwardingRule to control whether it should try to auto-generate a DNS zone or not. Non-PSC forwarding rules do not use this field.
- port
Range string - The
portRange
field has the following limitations:- It requires that the forwarding rule
IPProtocol
be TCP, UDP, or SCTP, and - It's applicable only to the following products: external passthrough Network Load Balancers, internal and external proxy Network Load Balancers, internal and external Application Load Balancers, external protocol forwarding, and Classic VPN.
- Some products have restrictions on what ports can be used. See
port specifications
for details.
For external forwarding rules, two or more forwarding rules cannot use the
same
[IPAddress, IPProtocol]
pair, and cannot have overlappingportRange
s. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same[IPAddress, IPProtocol]
pair, and cannot have overlappingportRange
s.
- It requires that the forwarding rule
- project string
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- psc
Connection stringId - The PSC connection id of the PSC Forwarding Rule.
- psc
Connection stringStatus - The PSC connection status of the PSC Forwarding Rule. Possible values:
STATUS_UNSPECIFIED
,PENDING
,ACCEPTED
,REJECTED
,CLOSED
- pulumi
Labels {[key: string]: string} - The combination of labels configured directly on the resource and default labels configured on the provider.
- self
Link string - The URI of the created resource.
- service
Directory GlobalRegistrations Forwarding Rule Service Directory Registrations - Service Directory resources to register this forwarding rule with. Currently, only supports a single Service Directory resource. Structure is documented below.
- source
Ip string[]Ranges - If not empty, this Forwarding Rule will only forward the traffic when the source IP address matches one of the IP addresses or CIDR ranges set here. Note that a Forwarding Rule can only have up to 64 source IP ranges, and this field can only be used with a regional Forwarding Rule whose scheme is EXTERNAL. Each sourceIpRange entry should be either an IP address (for example, 1.2.3.4) or a CIDR range (for example, 1.2.3.0/24).
- subnetwork string
- This field identifies the subnetwork that the load balanced IP should belong to for this Forwarding Rule, used in internal load balancing and network load balancing with IPv6. If the network specified is in auto subnet mode, this field is optional. However, a subnetwork must be specified if the network is in custom subnet mode or when creating external forwarding rule with IPv6.
- target string
The URL of the target resource to receive the matched traffic. For regional forwarding rules, this target must be in the same region as the forwarding rule. For global forwarding rules, this target must be a global load balancing resource. The forwarded traffic must be of a type appropriate to the target object.
- For load balancers, see the "Target" column in Port specifications.
- For Private Service Connect forwarding rules that forward traffic to Google APIs, provide the name of a supported Google API bundle:
vpc-sc
- APIs that support VPC Service Controls.all-apis
- All supported Google APIs.
For Private Service Connect forwarding rules that forward traffic to managed services, the target must be a service attachment.
- allow_
psc_ boolglobal_ access - This is used in PSC consumer ForwardingRule to control whether the PSC endpoint can be accessed from another region.
- base_
forwarding_ strrule - [Output Only] The URL for the corresponding base Forwarding Rule. By base Forwarding Rule, we mean the Forwarding Rule that has the same IP address, protocol, and port settings with the current Forwarding Rule, but without sourceIPRanges specified. Always empty if the current Forwarding Rule does not have sourceIPRanges specified.
- description str
- An optional description of this resource. Provide this property when you create the resource.
- effective_
labels Mapping[str, str] - All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
- ip_
address str IP address for which this forwarding rule accepts traffic. When a client sends traffic to this IP address, the forwarding rule directs the traffic to the referenced
target
. While creating a forwarding rule, specifying anIPAddress
is required under the following circumstances:- When the
target
is set totargetGrpcProxy
andvalidateForProxyless
is set totrue
, theIPAddress
should be set to0.0.0.0
. - When the
target
is a Private Service Connect Google APIs bundle, you must specify anIPAddress
.
Otherwise, you can optionally specify an IP address that references an existing static (reserved) IP address resource. When omitted, Google Cloud assigns an ephemeral IP address. Use one of the following formats to specify an IP address while creating a forwarding rule:
- IP address number, as in
100.1.2.3
- IPv6 address range, as in
2600:1234::/96
- Full resource URL, as in
https://www.googleapis.com/compute/v1/projects/project_id/regions/region/addresses/address-name
- Partial URL or by name, as in:
projects/project_id/regions/region/addresses/address-name
regions/region/addresses/address-name
global/addresses/address-name
address-name
The forwarding rule's
target
, and in most cases, also theloadBalancingScheme
, determine the type of IP address that you can use. For detailed information, see IP address specifications. When reading anIPAddress
, the API always returns the IP address number.- When the
- ip_
protocol str - The IP protocol to which this rule applies.
For protocol forwarding, valid
options are
TCP
,UDP
,ESP
,AH
,SCTP
,ICMP
andL3_DEFAULT
. The valid IP protocols are different for different load balancing products as described in Load balancing features. Possible values are:TCP
,UDP
,ESP
,AH
,SCTP
,ICMP
. - ip_
version str - The IP Version that will be used by this global forwarding rule.
Possible values are:
IPV4
,IPV6
. - label_
fingerprint str - The fingerprint used for optimistic locking of this resource. Used internally during updates.
- labels Mapping[str, str]
Labels to apply to this forwarding rule. A list of key->value pairs.
Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field
effective_labels
for all of the labels present on the resource.- load_
balancing_ strscheme - Specifies the forwarding rule type.
For more information about forwarding rules, refer to
Forwarding rule concepts.
Default value is
EXTERNAL
. Possible values are:EXTERNAL
,EXTERNAL_MANAGED
,INTERNAL_MANAGED
,INTERNAL_SELF_MANAGED
. - metadata_
filters Sequence[GlobalForwarding Rule Metadata Filter Args] - Opaque filter criteria used by Loadbalancer to restrict routing configuration to a limited set xDS compliant clients. In their xDS requests to Loadbalancer, xDS clients present node metadata. If a match takes place, the relevant routing configuration is made available to those proxies. For each metadataFilter in this list, if its filterMatchCriteria is set to MATCH_ANY, at least one of the filterLabels must match the corresponding label provided in the metadata. If its filterMatchCriteria is set to MATCH_ALL, then all of its filterLabels must match with corresponding labels in the provided metadata. metadataFilters specified here can be overridden by those specified in the UrlMap that this ForwardingRule references. metadataFilters only applies to Loadbalancers that have their loadBalancingScheme set to INTERNAL_SELF_MANAGED. Structure is documented below.
- name str
- Name of the resource; provided by the client when the resource is created.
The name must be 1-63 characters long, and comply with
RFC1035.
Specifically, the name must be 1-63 characters long and match the regular
expression
a-z?
which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. For Private Service Connect forwarding rules that forward traffic to Google APIs, the forwarding rule name must be a 1-20 characters string with lowercase letters and numbers and must start with a letter. - network str
- This field is not used for external load balancing. For Internal TCP/UDP Load Balancing, this field identifies the network that the load balanced IP should belong to for this Forwarding Rule. If the subnetwork is specified, the network of the subnetwork will be used. If neither subnetwork nor this field is specified, the default network will be used. For Private Service Connect forwarding rules that forward traffic to Google APIs, a network must be provided.
- no_
automate_ booldns_ zone - This is used in PSC consumer ForwardingRule to control whether it should try to auto-generate a DNS zone or not. Non-PSC forwarding rules do not use this field.
- port_
range str - The
portRange
field has the following limitations:- It requires that the forwarding rule
IPProtocol
be TCP, UDP, or SCTP, and - It's applicable only to the following products: external passthrough Network Load Balancers, internal and external proxy Network Load Balancers, internal and external Application Load Balancers, external protocol forwarding, and Classic VPN.
- Some products have restrictions on what ports can be used. See
port specifications
for details.
For external forwarding rules, two or more forwarding rules cannot use the
same
[IPAddress, IPProtocol]
pair, and cannot have overlappingportRange
s. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same[IPAddress, IPProtocol]
pair, and cannot have overlappingportRange
s.
- It requires that the forwarding rule
- project str
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- psc_
connection_ strid - The PSC connection id of the PSC Forwarding Rule.
- psc_
connection_ strstatus - The PSC connection status of the PSC Forwarding Rule. Possible values:
STATUS_UNSPECIFIED
,PENDING
,ACCEPTED
,REJECTED
,CLOSED
- pulumi_
labels Mapping[str, str] - The combination of labels configured directly on the resource and default labels configured on the provider.
- self_
link str - The URI of the created resource.
- service_
directory_ Globalregistrations Forwarding Rule Service Directory Registrations Args - Service Directory resources to register this forwarding rule with. Currently, only supports a single Service Directory resource. Structure is documented below.
- source_
ip_ Sequence[str]ranges - If not empty, this Forwarding Rule will only forward the traffic when the source IP address matches one of the IP addresses or CIDR ranges set here. Note that a Forwarding Rule can only have up to 64 source IP ranges, and this field can only be used with a regional Forwarding Rule whose scheme is EXTERNAL. Each sourceIpRange entry should be either an IP address (for example, 1.2.3.4) or a CIDR range (for example, 1.2.3.0/24).
- subnetwork str
- This field identifies the subnetwork that the load balanced IP should belong to for this Forwarding Rule, used in internal load balancing and network load balancing with IPv6. If the network specified is in auto subnet mode, this field is optional. However, a subnetwork must be specified if the network is in custom subnet mode or when creating external forwarding rule with IPv6.
- target str
The URL of the target resource to receive the matched traffic. For regional forwarding rules, this target must be in the same region as the forwarding rule. For global forwarding rules, this target must be a global load balancing resource. The forwarded traffic must be of a type appropriate to the target object.
- For load balancers, see the "Target" column in Port specifications.
- For Private Service Connect forwarding rules that forward traffic to Google APIs, provide the name of a supported Google API bundle:
vpc-sc
- APIs that support VPC Service Controls.all-apis
- All supported Google APIs.
For Private Service Connect forwarding rules that forward traffic to managed services, the target must be a service attachment.
- allow
Psc BooleanGlobal Access - This is used in PSC consumer ForwardingRule to control whether the PSC endpoint can be accessed from another region.
- base
Forwarding StringRule - [Output Only] The URL for the corresponding base Forwarding Rule. By base Forwarding Rule, we mean the Forwarding Rule that has the same IP address, protocol, and port settings with the current Forwarding Rule, but without sourceIPRanges specified. Always empty if the current Forwarding Rule does not have sourceIPRanges specified.
- description String
- An optional description of this resource. Provide this property when you create the resource.
- effective
Labels Map<String> - All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
- ip
Address String IP address for which this forwarding rule accepts traffic. When a client sends traffic to this IP address, the forwarding rule directs the traffic to the referenced
target
. While creating a forwarding rule, specifying anIPAddress
is required under the following circumstances:- When the
target
is set totargetGrpcProxy
andvalidateForProxyless
is set totrue
, theIPAddress
should be set to0.0.0.0
. - When the
target
is a Private Service Connect Google APIs bundle, you must specify anIPAddress
.
Otherwise, you can optionally specify an IP address that references an existing static (reserved) IP address resource. When omitted, Google Cloud assigns an ephemeral IP address. Use one of the following formats to specify an IP address while creating a forwarding rule:
- IP address number, as in
100.1.2.3
- IPv6 address range, as in
2600:1234::/96
- Full resource URL, as in
https://www.googleapis.com/compute/v1/projects/project_id/regions/region/addresses/address-name
- Partial URL or by name, as in:
projects/project_id/regions/region/addresses/address-name
regions/region/addresses/address-name
global/addresses/address-name
address-name
The forwarding rule's
target
, and in most cases, also theloadBalancingScheme
, determine the type of IP address that you can use. For detailed information, see IP address specifications. When reading anIPAddress
, the API always returns the IP address number.- When the
- ip
Protocol String - The IP protocol to which this rule applies.
For protocol forwarding, valid
options are
TCP
,UDP
,ESP
,AH
,SCTP
,ICMP
andL3_DEFAULT
. The valid IP protocols are different for different load balancing products as described in Load balancing features. Possible values are:TCP
,UDP
,ESP
,AH
,SCTP
,ICMP
. - ip
Version String - The IP Version that will be used by this global forwarding rule.
Possible values are:
IPV4
,IPV6
. - label
Fingerprint String - The fingerprint used for optimistic locking of this resource. Used internally during updates.
- labels Map<String>
Labels to apply to this forwarding rule. A list of key->value pairs.
Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field
effective_labels
for all of the labels present on the resource.- load
Balancing StringScheme - Specifies the forwarding rule type.
For more information about forwarding rules, refer to
Forwarding rule concepts.
Default value is
EXTERNAL
. Possible values are:EXTERNAL
,EXTERNAL_MANAGED
,INTERNAL_MANAGED
,INTERNAL_SELF_MANAGED
. - metadata
Filters List<Property Map> - Opaque filter criteria used by Loadbalancer to restrict routing configuration to a limited set xDS compliant clients. In their xDS requests to Loadbalancer, xDS clients present node metadata. If a match takes place, the relevant routing configuration is made available to those proxies. For each metadataFilter in this list, if its filterMatchCriteria is set to MATCH_ANY, at least one of the filterLabels must match the corresponding label provided in the metadata. If its filterMatchCriteria is set to MATCH_ALL, then all of its filterLabels must match with corresponding labels in the provided metadata. metadataFilters specified here can be overridden by those specified in the UrlMap that this ForwardingRule references. metadataFilters only applies to Loadbalancers that have their loadBalancingScheme set to INTERNAL_SELF_MANAGED. Structure is documented below.
- name String
- Name of the resource; provided by the client when the resource is created.
The name must be 1-63 characters long, and comply with
RFC1035.
Specifically, the name must be 1-63 characters long and match the regular
expression
a-z?
which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. For Private Service Connect forwarding rules that forward traffic to Google APIs, the forwarding rule name must be a 1-20 characters string with lowercase letters and numbers and must start with a letter. - network String
- This field is not used for external load balancing. For Internal TCP/UDP Load Balancing, this field identifies the network that the load balanced IP should belong to for this Forwarding Rule. If the subnetwork is specified, the network of the subnetwork will be used. If neither subnetwork nor this field is specified, the default network will be used. For Private Service Connect forwarding rules that forward traffic to Google APIs, a network must be provided.
- no
Automate BooleanDns Zone - This is used in PSC consumer ForwardingRule to control whether it should try to auto-generate a DNS zone or not. Non-PSC forwarding rules do not use this field.
- port
Range String - The
portRange
field has the following limitations:- It requires that the forwarding rule
IPProtocol
be TCP, UDP, or SCTP, and - It's applicable only to the following products: external passthrough Network Load Balancers, internal and external proxy Network Load Balancers, internal and external Application Load Balancers, external protocol forwarding, and Classic VPN.
- Some products have restrictions on what ports can be used. See
port specifications
for details.
For external forwarding rules, two or more forwarding rules cannot use the
same
[IPAddress, IPProtocol]
pair, and cannot have overlappingportRange
s. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same[IPAddress, IPProtocol]
pair, and cannot have overlappingportRange
s.
- It requires that the forwarding rule
- project String
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- psc
Connection StringId - The PSC connection id of the PSC Forwarding Rule.
- psc
Connection StringStatus - The PSC connection status of the PSC Forwarding Rule. Possible values:
STATUS_UNSPECIFIED
,PENDING
,ACCEPTED
,REJECTED
,CLOSED
- pulumi
Labels Map<String> - The combination of labels configured directly on the resource and default labels configured on the provider.
- self
Link String - The URI of the created resource.
- service
Directory Property MapRegistrations - Service Directory resources to register this forwarding rule with. Currently, only supports a single Service Directory resource. Structure is documented below.
- source
Ip List<String>Ranges - If not empty, this Forwarding Rule will only forward the traffic when the source IP address matches one of the IP addresses or CIDR ranges set here. Note that a Forwarding Rule can only have up to 64 source IP ranges, and this field can only be used with a regional Forwarding Rule whose scheme is EXTERNAL. Each sourceIpRange entry should be either an IP address (for example, 1.2.3.4) or a CIDR range (for example, 1.2.3.0/24).
- subnetwork String
- This field identifies the subnetwork that the load balanced IP should belong to for this Forwarding Rule, used in internal load balancing and network load balancing with IPv6. If the network specified is in auto subnet mode, this field is optional. However, a subnetwork must be specified if the network is in custom subnet mode or when creating external forwarding rule with IPv6.
- target String
The URL of the target resource to receive the matched traffic. For regional forwarding rules, this target must be in the same region as the forwarding rule. For global forwarding rules, this target must be a global load balancing resource. The forwarded traffic must be of a type appropriate to the target object.
- For load balancers, see the "Target" column in Port specifications.
- For Private Service Connect forwarding rules that forward traffic to Google APIs, provide the name of a supported Google API bundle:
vpc-sc
- APIs that support VPC Service Controls.all-apis
- All supported Google APIs.
For Private Service Connect forwarding rules that forward traffic to managed services, the target must be a service attachment.
Supporting Types
GlobalForwardingRuleMetadataFilter, GlobalForwardingRuleMetadataFilterArgs
- Filter
Labels List<GlobalForwarding Rule Metadata Filter Filter Label> - The list of label value pairs that must match labels in the provided metadata based on filterMatchCriteria This list must not be empty and can have at the most 64 entries. Structure is documented below.
- Filter
Match stringCriteria - Specifies how individual filterLabel matches within the list of
filterLabels contribute towards the overall metadataFilter match.
MATCH_ANY - At least one of the filterLabels must have a matching
label in the provided metadata.
MATCH_ALL - All filterLabels must have matching labels in the
provided metadata.
Possible values are:
MATCH_ANY
,MATCH_ALL
.
- Filter
Labels []GlobalForwarding Rule Metadata Filter Filter Label - The list of label value pairs that must match labels in the provided metadata based on filterMatchCriteria This list must not be empty and can have at the most 64 entries. Structure is documented below.
- Filter
Match stringCriteria - Specifies how individual filterLabel matches within the list of
filterLabels contribute towards the overall metadataFilter match.
MATCH_ANY - At least one of the filterLabels must have a matching
label in the provided metadata.
MATCH_ALL - All filterLabels must have matching labels in the
provided metadata.
Possible values are:
MATCH_ANY
,MATCH_ALL
.
- filter
Labels List<GlobalForwarding Rule Metadata Filter Filter Label> - The list of label value pairs that must match labels in the provided metadata based on filterMatchCriteria This list must not be empty and can have at the most 64 entries. Structure is documented below.
- filter
Match StringCriteria - Specifies how individual filterLabel matches within the list of
filterLabels contribute towards the overall metadataFilter match.
MATCH_ANY - At least one of the filterLabels must have a matching
label in the provided metadata.
MATCH_ALL - All filterLabels must have matching labels in the
provided metadata.
Possible values are:
MATCH_ANY
,MATCH_ALL
.
- filter
Labels GlobalForwarding Rule Metadata Filter Filter Label[] - The list of label value pairs that must match labels in the provided metadata based on filterMatchCriteria This list must not be empty and can have at the most 64 entries. Structure is documented below.
- filter
Match stringCriteria - Specifies how individual filterLabel matches within the list of
filterLabels contribute towards the overall metadataFilter match.
MATCH_ANY - At least one of the filterLabels must have a matching
label in the provided metadata.
MATCH_ALL - All filterLabels must have matching labels in the
provided metadata.
Possible values are:
MATCH_ANY
,MATCH_ALL
.
- filter_
labels Sequence[GlobalForwarding Rule Metadata Filter Filter Label] - The list of label value pairs that must match labels in the provided metadata based on filterMatchCriteria This list must not be empty and can have at the most 64 entries. Structure is documented below.
- filter_
match_ strcriteria - Specifies how individual filterLabel matches within the list of
filterLabels contribute towards the overall metadataFilter match.
MATCH_ANY - At least one of the filterLabels must have a matching
label in the provided metadata.
MATCH_ALL - All filterLabels must have matching labels in the
provided metadata.
Possible values are:
MATCH_ANY
,MATCH_ALL
.
- filter
Labels List<Property Map> - The list of label value pairs that must match labels in the provided metadata based on filterMatchCriteria This list must not be empty and can have at the most 64 entries. Structure is documented below.
- filter
Match StringCriteria - Specifies how individual filterLabel matches within the list of
filterLabels contribute towards the overall metadataFilter match.
MATCH_ANY - At least one of the filterLabels must have a matching
label in the provided metadata.
MATCH_ALL - All filterLabels must have matching labels in the
provided metadata.
Possible values are:
MATCH_ANY
,MATCH_ALL
.
GlobalForwardingRuleMetadataFilterFilterLabel, GlobalForwardingRuleMetadataFilterFilterLabelArgs
GlobalForwardingRuleServiceDirectoryRegistrations, GlobalForwardingRuleServiceDirectoryRegistrationsArgs
- Namespace string
- Service Directory namespace to register the forwarding rule under.
- Service
Directory stringRegion - [Optional] Service Directory region to register this global forwarding rule under. Default to "us-central1". Only used for PSC for Google APIs. All PSC for Google APIs Forwarding Rules on the same network should use the same Service Directory region.
- Namespace string
- Service Directory namespace to register the forwarding rule under.
- Service
Directory stringRegion - [Optional] Service Directory region to register this global forwarding rule under. Default to "us-central1". Only used for PSC for Google APIs. All PSC for Google APIs Forwarding Rules on the same network should use the same Service Directory region.
- namespace String
- Service Directory namespace to register the forwarding rule under.
- service
Directory StringRegion - [Optional] Service Directory region to register this global forwarding rule under. Default to "us-central1". Only used for PSC for Google APIs. All PSC for Google APIs Forwarding Rules on the same network should use the same Service Directory region.
- namespace string
- Service Directory namespace to register the forwarding rule under.
- service
Directory stringRegion - [Optional] Service Directory region to register this global forwarding rule under. Default to "us-central1". Only used for PSC for Google APIs. All PSC for Google APIs Forwarding Rules on the same network should use the same Service Directory region.
- namespace str
- Service Directory namespace to register the forwarding rule under.
- service_
directory_ strregion - [Optional] Service Directory region to register this global forwarding rule under. Default to "us-central1". Only used for PSC for Google APIs. All PSC for Google APIs Forwarding Rules on the same network should use the same Service Directory region.
- namespace String
- Service Directory namespace to register the forwarding rule under.
- service
Directory StringRegion - [Optional] Service Directory region to register this global forwarding rule under. Default to "us-central1". Only used for PSC for Google APIs. All PSC for Google APIs Forwarding Rules on the same network should use the same Service Directory region.
Import
GlobalForwardingRule can be imported using any of these accepted formats:
projects/{{project}}/global/forwardingRules/{{name}}
{{project}}/{{name}}
{{name}}
When using the pulumi import
command, GlobalForwardingRule can be imported using one of the formats above. For example:
$ pulumi import gcp:compute/globalForwardingRule:GlobalForwardingRule default projects/{{project}}/global/forwardingRules/{{name}}
$ pulumi import gcp:compute/globalForwardingRule:GlobalForwardingRule default {{project}}/{{name}}
$ pulumi import gcp:compute/globalForwardingRule:GlobalForwardingRule default {{name}}
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Google Cloud (GCP) Classic pulumi/pulumi-gcp
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
google-beta
Terraform Provider.