Google Cloud v9.3.0 published on Tuesday, Oct 7, 2025 by Pulumi
gcp.compute.BackendService
A Backend Service defines a group of virtual machines that will serve traffic for load balancing. This resource is a global backend service, appropriate for external load balancing or self-managed internal load balancing. For managed internal load balancing, use a regional backend service instead.
Currently self-managed internal load balancing is only available in beta.
Note: Recreating a
gcp.compute.BackendServicethat references other dependent resources likegcp.compute.URLMapwill give aresourceInUseByAnotherResourceerror, when modifying the number of other dependent resources. Uselifecycle.create_before_destroyon the dependent resources to avoid this type of error as shown in the Dynamic Backends example.
To get more information about BackendService, see:
- API documentation
- How-to Guides
Warning: All arguments including the following potentially sensitive values will be stored in the raw state as plain text:
iap.oauth2_client_secret,iap.oauth2_client_secret_sha256,security_settings.aws_v4_authentication.access_key.
Example Usage
Backend Service Basic
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const defaultHttpHealthCheck = new gcp.compute.HttpHealthCheck("default", {
name: "health-check",
requestPath: "/",
checkIntervalSec: 1,
timeoutSec: 1,
});
const _default = new gcp.compute.BackendService("default", {
name: "backend-service",
healthChecks: defaultHttpHealthCheck.id,
});
import pulumi
import pulumi_gcp as gcp
default_http_health_check = gcp.compute.HttpHealthCheck("default",
name="health-check",
request_path="/",
check_interval_sec=1,
timeout_sec=1)
default = gcp.compute.BackendService("default",
name="backend-service",
health_checks=default_http_health_check.id)
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/compute"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
defaultHttpHealthCheck, err := compute.NewHttpHealthCheck(ctx, "default", &compute.HttpHealthCheckArgs{
Name: pulumi.String("health-check"),
RequestPath: pulumi.String("/"),
CheckIntervalSec: pulumi.Int(1),
TimeoutSec: pulumi.Int(1),
})
if err != nil {
return err
}
_, err = compute.NewBackendService(ctx, "default", &compute.BackendServiceArgs{
Name: pulumi.String("backend-service"),
HealthChecks: defaultHttpHealthCheck.ID(),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var defaultHttpHealthCheck = new Gcp.Compute.HttpHealthCheck("default", new()
{
Name = "health-check",
RequestPath = "/",
CheckIntervalSec = 1,
TimeoutSec = 1,
});
var @default = new Gcp.Compute.BackendService("default", new()
{
Name = "backend-service",
HealthChecks = defaultHttpHealthCheck.Id,
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.compute.HttpHealthCheck;
import com.pulumi.gcp.compute.HttpHealthCheckArgs;
import com.pulumi.gcp.compute.BackendService;
import com.pulumi.gcp.compute.BackendServiceArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var defaultHttpHealthCheck = new HttpHealthCheck("defaultHttpHealthCheck", HttpHealthCheckArgs.builder()
.name("health-check")
.requestPath("/")
.checkIntervalSec(1)
.timeoutSec(1)
.build());
var default_ = new BackendService("default", BackendServiceArgs.builder()
.name("backend-service")
.healthChecks(defaultHttpHealthCheck.id())
.build());
}
}
resources:
default:
type: gcp:compute:BackendService
properties:
name: backend-service
healthChecks: ${defaultHttpHealthCheck.id}
defaultHttpHealthCheck:
type: gcp:compute:HttpHealthCheck
name: default
properties:
name: health-check
requestPath: /
checkIntervalSec: 1
timeoutSec: 1
Backend Service External Iap
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const _default = new gcp.compute.BackendService("default", {
name: "tf-test-backend-service-external",
protocol: "HTTP",
loadBalancingScheme: "EXTERNAL",
iap: {
enabled: true,
oauth2ClientId: "abc",
oauth2ClientSecret: "xyz",
},
});
import pulumi
import pulumi_gcp as gcp
default = gcp.compute.BackendService("default",
name="tf-test-backend-service-external",
protocol="HTTP",
load_balancing_scheme="EXTERNAL",
iap={
"enabled": True,
"oauth2_client_id": "abc",
"oauth2_client_secret": "xyz",
})
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/compute"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := compute.NewBackendService(ctx, "default", &compute.BackendServiceArgs{
Name: pulumi.String("tf-test-backend-service-external"),
Protocol: pulumi.String("HTTP"),
LoadBalancingScheme: pulumi.String("EXTERNAL"),
Iap: &compute.BackendServiceIapArgs{
Enabled: pulumi.Bool(true),
Oauth2ClientId: pulumi.String("abc"),
Oauth2ClientSecret: pulumi.String("xyz"),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var @default = new Gcp.Compute.BackendService("default", new()
{
Name = "tf-test-backend-service-external",
Protocol = "HTTP",
LoadBalancingScheme = "EXTERNAL",
Iap = new Gcp.Compute.Inputs.BackendServiceIapArgs
{
Enabled = true,
Oauth2ClientId = "abc",
Oauth2ClientSecret = "xyz",
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.compute.BackendService;
import com.pulumi.gcp.compute.BackendServiceArgs;
import com.pulumi.gcp.compute.inputs.BackendServiceIapArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var default_ = new BackendService("default", BackendServiceArgs.builder()
.name("tf-test-backend-service-external")
.protocol("HTTP")
.loadBalancingScheme("EXTERNAL")
.iap(BackendServiceIapArgs.builder()
.enabled(true)
.oauth2ClientId("abc")
.oauth2ClientSecret("xyz")
.build())
.build());
}
}
resources:
default:
type: gcp:compute:BackendService
properties:
name: tf-test-backend-service-external
protocol: HTTP
loadBalancingScheme: EXTERNAL
iap:
enabled: true
oauth2ClientId: abc
oauth2ClientSecret: xyz
Backend Service Cache Simple
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const defaultHttpHealthCheck = new gcp.compute.HttpHealthCheck("default", {
name: "health-check",
requestPath: "/",
checkIntervalSec: 1,
timeoutSec: 1,
});
const _default = new gcp.compute.BackendService("default", {
name: "backend-service",
healthChecks: defaultHttpHealthCheck.id,
enableCdn: true,
cdnPolicy: {
signedUrlCacheMaxAgeSec: 7200,
},
});
import pulumi
import pulumi_gcp as gcp
default_http_health_check = gcp.compute.HttpHealthCheck("default",
name="health-check",
request_path="/",
check_interval_sec=1,
timeout_sec=1)
default = gcp.compute.BackendService("default",
name="backend-service",
health_checks=default_http_health_check.id,
enable_cdn=True,
cdn_policy={
"signed_url_cache_max_age_sec": 7200,
})
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/compute"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
defaultHttpHealthCheck, err := compute.NewHttpHealthCheck(ctx, "default", &compute.HttpHealthCheckArgs{
Name: pulumi.String("health-check"),
RequestPath: pulumi.String("/"),
CheckIntervalSec: pulumi.Int(1),
TimeoutSec: pulumi.Int(1),
})
if err != nil {
return err
}
_, err = compute.NewBackendService(ctx, "default", &compute.BackendServiceArgs{
Name: pulumi.String("backend-service"),
HealthChecks: defaultHttpHealthCheck.ID(),
EnableCdn: pulumi.Bool(true),
CdnPolicy: &compute.BackendServiceCdnPolicyArgs{
SignedUrlCacheMaxAgeSec: pulumi.Int(7200),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var defaultHttpHealthCheck = new Gcp.Compute.HttpHealthCheck("default", new()
{
Name = "health-check",
RequestPath = "/",
CheckIntervalSec = 1,
TimeoutSec = 1,
});
var @default = new Gcp.Compute.BackendService("default", new()
{
Name = "backend-service",
HealthChecks = defaultHttpHealthCheck.Id,
EnableCdn = true,
CdnPolicy = new Gcp.Compute.Inputs.BackendServiceCdnPolicyArgs
{
SignedUrlCacheMaxAgeSec = 7200,
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.compute.HttpHealthCheck;
import com.pulumi.gcp.compute.HttpHealthCheckArgs;
import com.pulumi.gcp.compute.BackendService;
import com.pulumi.gcp.compute.BackendServiceArgs;
import com.pulumi.gcp.compute.inputs.BackendServiceCdnPolicyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var defaultHttpHealthCheck = new HttpHealthCheck("defaultHttpHealthCheck", HttpHealthCheckArgs.builder()
.name("health-check")
.requestPath("/")
.checkIntervalSec(1)
.timeoutSec(1)
.build());
var default_ = new BackendService("default", BackendServiceArgs.builder()
.name("backend-service")
.healthChecks(defaultHttpHealthCheck.id())
.enableCdn(true)
.cdnPolicy(BackendServiceCdnPolicyArgs.builder()
.signedUrlCacheMaxAgeSec(7200)
.build())
.build());
}
}
resources:
default:
type: gcp:compute:BackendService
properties:
name: backend-service
healthChecks: ${defaultHttpHealthCheck.id}
enableCdn: true
cdnPolicy:
signedUrlCacheMaxAgeSec: 7200
defaultHttpHealthCheck:
type: gcp:compute:HttpHealthCheck
name: default
properties:
name: health-check
requestPath: /
checkIntervalSec: 1
timeoutSec: 1
Backend Service Cache Include Http Headers
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const _default = new gcp.compute.BackendService("default", {
name: "backend-service",
enableCdn: true,
cdnPolicy: {
cacheMode: "USE_ORIGIN_HEADERS",
cacheKeyPolicy: {
includeHost: true,
includeProtocol: true,
includeQueryString: true,
includeHttpHeaders: ["X-My-Header-Field"],
},
},
});
import pulumi
import pulumi_gcp as gcp
default = gcp.compute.BackendService("default",
name="backend-service",
enable_cdn=True,
cdn_policy={
"cache_mode": "USE_ORIGIN_HEADERS",
"cache_key_policy": {
"include_host": True,
"include_protocol": True,
"include_query_string": True,
"include_http_headers": ["X-My-Header-Field"],
},
})
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/compute"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := compute.NewBackendService(ctx, "default", &compute.BackendServiceArgs{
Name: pulumi.String("backend-service"),
EnableCdn: pulumi.Bool(true),
CdnPolicy: &compute.BackendServiceCdnPolicyArgs{
CacheMode: pulumi.String("USE_ORIGIN_HEADERS"),
CacheKeyPolicy: &compute.BackendServiceCdnPolicyCacheKeyPolicyArgs{
IncludeHost: pulumi.Bool(true),
IncludeProtocol: pulumi.Bool(true),
IncludeQueryString: pulumi.Bool(true),
IncludeHttpHeaders: pulumi.StringArray{
pulumi.String("X-My-Header-Field"),
},
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var @default = new Gcp.Compute.BackendService("default", new()
{
Name = "backend-service",
EnableCdn = true,
CdnPolicy = new Gcp.Compute.Inputs.BackendServiceCdnPolicyArgs
{
CacheMode = "USE_ORIGIN_HEADERS",
CacheKeyPolicy = new Gcp.Compute.Inputs.BackendServiceCdnPolicyCacheKeyPolicyArgs
{
IncludeHost = true,
IncludeProtocol = true,
IncludeQueryString = true,
IncludeHttpHeaders = new[]
{
"X-My-Header-Field",
},
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.compute.BackendService;
import com.pulumi.gcp.compute.BackendServiceArgs;
import com.pulumi.gcp.compute.inputs.BackendServiceCdnPolicyArgs;
import com.pulumi.gcp.compute.inputs.BackendServiceCdnPolicyCacheKeyPolicyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var default_ = new BackendService("default", BackendServiceArgs.builder()
.name("backend-service")
.enableCdn(true)
.cdnPolicy(BackendServiceCdnPolicyArgs.builder()
.cacheMode("USE_ORIGIN_HEADERS")
.cacheKeyPolicy(BackendServiceCdnPolicyCacheKeyPolicyArgs.builder()
.includeHost(true)
.includeProtocol(true)
.includeQueryString(true)
.includeHttpHeaders("X-My-Header-Field")
.build())
.build())
.build());
}
}
resources:
default:
type: gcp:compute:BackendService
properties:
name: backend-service
enableCdn: true
cdnPolicy:
cacheMode: USE_ORIGIN_HEADERS
cacheKeyPolicy:
includeHost: true
includeProtocol: true
includeQueryString: true
includeHttpHeaders:
- X-My-Header-Field
Backend Service Cache Include Named Cookies
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const _default = new gcp.compute.BackendService("default", {
name: "backend-service",
enableCdn: true,
cdnPolicy: {
cacheMode: "CACHE_ALL_STATIC",
defaultTtl: 3600,
clientTtl: 7200,
maxTtl: 10800,
cacheKeyPolicy: {
includeHost: true,
includeProtocol: true,
includeQueryString: true,
includeNamedCookies: [
"__next_preview_data",
"__prerender_bypass",
],
},
},
});
import pulumi
import pulumi_gcp as gcp
default = gcp.compute.BackendService("default",
name="backend-service",
enable_cdn=True,
cdn_policy={
"cache_mode": "CACHE_ALL_STATIC",
"default_ttl": 3600,
"client_ttl": 7200,
"max_ttl": 10800,
"cache_key_policy": {
"include_host": True,
"include_protocol": True,
"include_query_string": True,
"include_named_cookies": [
"__next_preview_data",
"__prerender_bypass",
],
},
})
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/compute"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := compute.NewBackendService(ctx, "default", &compute.BackendServiceArgs{
Name: pulumi.String("backend-service"),
EnableCdn: pulumi.Bool(true),
CdnPolicy: &compute.BackendServiceCdnPolicyArgs{
CacheMode: pulumi.String("CACHE_ALL_STATIC"),
DefaultTtl: pulumi.Int(3600),
ClientTtl: pulumi.Int(7200),
MaxTtl: pulumi.Int(10800),
CacheKeyPolicy: &compute.BackendServiceCdnPolicyCacheKeyPolicyArgs{
IncludeHost: pulumi.Bool(true),
IncludeProtocol: pulumi.Bool(true),
IncludeQueryString: pulumi.Bool(true),
IncludeNamedCookies: pulumi.StringArray{
pulumi.String("__next_preview_data"),
pulumi.String("__prerender_bypass"),
},
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var @default = new Gcp.Compute.BackendService("default", new()
{
Name = "backend-service",
EnableCdn = true,
CdnPolicy = new Gcp.Compute.Inputs.BackendServiceCdnPolicyArgs
{
CacheMode = "CACHE_ALL_STATIC",
DefaultTtl = 3600,
ClientTtl = 7200,
MaxTtl = 10800,
CacheKeyPolicy = new Gcp.Compute.Inputs.BackendServiceCdnPolicyCacheKeyPolicyArgs
{
IncludeHost = true,
IncludeProtocol = true,
IncludeQueryString = true,
IncludeNamedCookies = new[]
{
"__next_preview_data",
"__prerender_bypass",
},
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.compute.BackendService;
import com.pulumi.gcp.compute.BackendServiceArgs;
import com.pulumi.gcp.compute.inputs.BackendServiceCdnPolicyArgs;
import com.pulumi.gcp.compute.inputs.BackendServiceCdnPolicyCacheKeyPolicyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var default_ = new BackendService("default", BackendServiceArgs.builder()
.name("backend-service")
.enableCdn(true)
.cdnPolicy(BackendServiceCdnPolicyArgs.builder()
.cacheMode("CACHE_ALL_STATIC")
.defaultTtl(3600)
.clientTtl(7200)
.maxTtl(10800)
.cacheKeyPolicy(BackendServiceCdnPolicyCacheKeyPolicyArgs.builder()
.includeHost(true)
.includeProtocol(true)
.includeQueryString(true)
.includeNamedCookies(
"__next_preview_data",
"__prerender_bypass")
.build())
.build())
.build());
}
}
resources:
default:
type: gcp:compute:BackendService
properties:
name: backend-service
enableCdn: true
cdnPolicy:
cacheMode: CACHE_ALL_STATIC
defaultTtl: 3600
clientTtl: 7200
maxTtl: 10800
cacheKeyPolicy:
includeHost: true
includeProtocol: true
includeQueryString: true
includeNamedCookies:
- __next_preview_data
- __prerender_bypass
Backend Service Cache
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const defaultHttpHealthCheck = new gcp.compute.HttpHealthCheck("default", {
name: "health-check",
requestPath: "/",
checkIntervalSec: 1,
timeoutSec: 1,
});
const _default = new gcp.compute.BackendService("default", {
name: "backend-service",
healthChecks: defaultHttpHealthCheck.id,
enableCdn: true,
cdnPolicy: {
cacheMode: "CACHE_ALL_STATIC",
defaultTtl: 3600,
clientTtl: 7200,
maxTtl: 10800,
negativeCaching: true,
signedUrlCacheMaxAgeSec: 7200,
},
});
import pulumi
import pulumi_gcp as gcp
default_http_health_check = gcp.compute.HttpHealthCheck("default",
name="health-check",
request_path="/",
check_interval_sec=1,
timeout_sec=1)
default = gcp.compute.BackendService("default",
name="backend-service",
health_checks=default_http_health_check.id,
enable_cdn=True,
cdn_policy={
"cache_mode": "CACHE_ALL_STATIC",
"default_ttl": 3600,
"client_ttl": 7200,
"max_ttl": 10800,
"negative_caching": True,
"signed_url_cache_max_age_sec": 7200,
})
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/compute"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
defaultHttpHealthCheck, err := compute.NewHttpHealthCheck(ctx, "default", &compute.HttpHealthCheckArgs{
Name: pulumi.String("health-check"),
RequestPath: pulumi.String("/"),
CheckIntervalSec: pulumi.Int(1),
TimeoutSec: pulumi.Int(1),
})
if err != nil {
return err
}
_, err = compute.NewBackendService(ctx, "default", &compute.BackendServiceArgs{
Name: pulumi.String("backend-service"),
HealthChecks: defaultHttpHealthCheck.ID(),
EnableCdn: pulumi.Bool(true),
CdnPolicy: &compute.BackendServiceCdnPolicyArgs{
CacheMode: pulumi.String("CACHE_ALL_STATIC"),
DefaultTtl: pulumi.Int(3600),
ClientTtl: pulumi.Int(7200),
MaxTtl: pulumi.Int(10800),
NegativeCaching: pulumi.Bool(true),
SignedUrlCacheMaxAgeSec: pulumi.Int(7200),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var defaultHttpHealthCheck = new Gcp.Compute.HttpHealthCheck("default", new()
{
Name = "health-check",
RequestPath = "/",
CheckIntervalSec = 1,
TimeoutSec = 1,
});
var @default = new Gcp.Compute.BackendService("default", new()
{
Name = "backend-service",
HealthChecks = defaultHttpHealthCheck.Id,
EnableCdn = true,
CdnPolicy = new Gcp.Compute.Inputs.BackendServiceCdnPolicyArgs
{
CacheMode = "CACHE_ALL_STATIC",
DefaultTtl = 3600,
ClientTtl = 7200,
MaxTtl = 10800,
NegativeCaching = true,
SignedUrlCacheMaxAgeSec = 7200,
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.compute.HttpHealthCheck;
import com.pulumi.gcp.compute.HttpHealthCheckArgs;
import com.pulumi.gcp.compute.BackendService;
import com.pulumi.gcp.compute.BackendServiceArgs;
import com.pulumi.gcp.compute.inputs.BackendServiceCdnPolicyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var defaultHttpHealthCheck = new HttpHealthCheck("defaultHttpHealthCheck", HttpHealthCheckArgs.builder()
.name("health-check")
.requestPath("/")
.checkIntervalSec(1)
.timeoutSec(1)
.build());
var default_ = new BackendService("default", BackendServiceArgs.builder()
.name("backend-service")
.healthChecks(defaultHttpHealthCheck.id())
.enableCdn(true)
.cdnPolicy(BackendServiceCdnPolicyArgs.builder()
.cacheMode("CACHE_ALL_STATIC")
.defaultTtl(3600)
.clientTtl(7200)
.maxTtl(10800)
.negativeCaching(true)
.signedUrlCacheMaxAgeSec(7200)
.build())
.build());
}
}
resources:
default:
type: gcp:compute:BackendService
properties:
name: backend-service
healthChecks: ${defaultHttpHealthCheck.id}
enableCdn: true
cdnPolicy:
cacheMode: CACHE_ALL_STATIC
defaultTtl: 3600
clientTtl: 7200
maxTtl: 10800
negativeCaching: true
signedUrlCacheMaxAgeSec: 7200
defaultHttpHealthCheck:
type: gcp:compute:HttpHealthCheck
name: default
properties:
name: health-check
requestPath: /
checkIntervalSec: 1
timeoutSec: 1
Backend Service Cache Bypass Cache On Request Headers
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const defaultHttpHealthCheck = new gcp.compute.HttpHealthCheck("default", {
name: "health-check",
requestPath: "/",
checkIntervalSec: 1,
timeoutSec: 1,
});
const _default = new gcp.compute.BackendService("default", {
name: "backend-service",
healthChecks: defaultHttpHealthCheck.id,
enableCdn: true,
cdnPolicy: {
cacheMode: "CACHE_ALL_STATIC",
defaultTtl: 3600,
clientTtl: 7200,
maxTtl: 10800,
negativeCaching: true,
signedUrlCacheMaxAgeSec: 7200,
bypassCacheOnRequestHeaders: [
{
headerName: "Authorization",
},
{
headerName: "Proxy-Authorization",
},
],
},
});
import pulumi
import pulumi_gcp as gcp
default_http_health_check = gcp.compute.HttpHealthCheck("default",
name="health-check",
request_path="/",
check_interval_sec=1,
timeout_sec=1)
default = gcp.compute.BackendService("default",
name="backend-service",
health_checks=default_http_health_check.id,
enable_cdn=True,
cdn_policy={
"cache_mode": "CACHE_ALL_STATIC",
"default_ttl": 3600,
"client_ttl": 7200,
"max_ttl": 10800,
"negative_caching": True,
"signed_url_cache_max_age_sec": 7200,
"bypass_cache_on_request_headers": [
{
"header_name": "Authorization",
},
{
"header_name": "Proxy-Authorization",
},
],
})
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/compute"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
defaultHttpHealthCheck, err := compute.NewHttpHealthCheck(ctx, "default", &compute.HttpHealthCheckArgs{
Name: pulumi.String("health-check"),
RequestPath: pulumi.String("/"),
CheckIntervalSec: pulumi.Int(1),
TimeoutSec: pulumi.Int(1),
})
if err != nil {
return err
}
_, err = compute.NewBackendService(ctx, "default", &compute.BackendServiceArgs{
Name: pulumi.String("backend-service"),
HealthChecks: defaultHttpHealthCheck.ID(),
EnableCdn: pulumi.Bool(true),
CdnPolicy: &compute.BackendServiceCdnPolicyArgs{
CacheMode: pulumi.String("CACHE_ALL_STATIC"),
DefaultTtl: pulumi.Int(3600),
ClientTtl: pulumi.Int(7200),
MaxTtl: pulumi.Int(10800),
NegativeCaching: pulumi.Bool(true),
SignedUrlCacheMaxAgeSec: pulumi.Int(7200),
BypassCacheOnRequestHeaders: compute.BackendServiceCdnPolicyBypassCacheOnRequestHeaderArray{
&compute.BackendServiceCdnPolicyBypassCacheOnRequestHeaderArgs{
HeaderName: pulumi.String("Authorization"),
},
&compute.BackendServiceCdnPolicyBypassCacheOnRequestHeaderArgs{
HeaderName: pulumi.String("Proxy-Authorization"),
},
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var defaultHttpHealthCheck = new Gcp.Compute.HttpHealthCheck("default", new()
{
Name = "health-check",
RequestPath = "/",
CheckIntervalSec = 1,
TimeoutSec = 1,
});
var @default = new Gcp.Compute.BackendService("default", new()
{
Name = "backend-service",
HealthChecks = defaultHttpHealthCheck.Id,
EnableCdn = true,
CdnPolicy = new Gcp.Compute.Inputs.BackendServiceCdnPolicyArgs
{
CacheMode = "CACHE_ALL_STATIC",
DefaultTtl = 3600,
ClientTtl = 7200,
MaxTtl = 10800,
NegativeCaching = true,
SignedUrlCacheMaxAgeSec = 7200,
BypassCacheOnRequestHeaders = new[]
{
new Gcp.Compute.Inputs.BackendServiceCdnPolicyBypassCacheOnRequestHeaderArgs
{
HeaderName = "Authorization",
},
new Gcp.Compute.Inputs.BackendServiceCdnPolicyBypassCacheOnRequestHeaderArgs
{
HeaderName = "Proxy-Authorization",
},
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.compute.HttpHealthCheck;
import com.pulumi.gcp.compute.HttpHealthCheckArgs;
import com.pulumi.gcp.compute.BackendService;
import com.pulumi.gcp.compute.BackendServiceArgs;
import com.pulumi.gcp.compute.inputs.BackendServiceCdnPolicyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var defaultHttpHealthCheck = new HttpHealthCheck("defaultHttpHealthCheck", HttpHealthCheckArgs.builder()
.name("health-check")
.requestPath("/")
.checkIntervalSec(1)
.timeoutSec(1)
.build());
var default_ = new BackendService("default", BackendServiceArgs.builder()
.name("backend-service")
.healthChecks(defaultHttpHealthCheck.id())
.enableCdn(true)
.cdnPolicy(BackendServiceCdnPolicyArgs.builder()
.cacheMode("CACHE_ALL_STATIC")
.defaultTtl(3600)
.clientTtl(7200)
.maxTtl(10800)
.negativeCaching(true)
.signedUrlCacheMaxAgeSec(7200)
.bypassCacheOnRequestHeaders(
BackendServiceCdnPolicyBypassCacheOnRequestHeaderArgs.builder()
.headerName("Authorization")
.build(),
BackendServiceCdnPolicyBypassCacheOnRequestHeaderArgs.builder()
.headerName("Proxy-Authorization")
.build())
.build())
.build());
}
}
resources:
default:
type: gcp:compute:BackendService
properties:
name: backend-service
healthChecks: ${defaultHttpHealthCheck.id}
enableCdn: true
cdnPolicy:
cacheMode: CACHE_ALL_STATIC
defaultTtl: 3600
clientTtl: 7200
maxTtl: 10800
negativeCaching: true
signedUrlCacheMaxAgeSec: 7200
bypassCacheOnRequestHeaders:
- headerName: Authorization
- headerName: Proxy-Authorization
defaultHttpHealthCheck:
type: gcp:compute:HttpHealthCheck
name: default
properties:
name: health-check
requestPath: /
checkIntervalSec: 1
timeoutSec: 1
Backend Service Traffic Director Round Robin
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const healthCheck = new gcp.compute.HealthCheck("health_check", {
name: "health-check",
httpHealthCheck: {
port: 80,
},
});
const _default = new gcp.compute.BackendService("default", {
name: "backend-service",
healthChecks: healthCheck.id,
loadBalancingScheme: "INTERNAL_SELF_MANAGED",
localityLbPolicy: "ROUND_ROBIN",
});
import pulumi
import pulumi_gcp as gcp
health_check = gcp.compute.HealthCheck("health_check",
name="health-check",
http_health_check={
"port": 80,
})
default = gcp.compute.BackendService("default",
name="backend-service",
health_checks=health_check.id,
load_balancing_scheme="INTERNAL_SELF_MANAGED",
locality_lb_policy="ROUND_ROBIN")
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/compute"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
healthCheck, err := compute.NewHealthCheck(ctx, "health_check", &compute.HealthCheckArgs{
Name: pulumi.String("health-check"),
HttpHealthCheck: &compute.HealthCheckHttpHealthCheckArgs{
Port: pulumi.Int(80),
},
})
if err != nil {
return err
}
_, err = compute.NewBackendService(ctx, "default", &compute.BackendServiceArgs{
Name: pulumi.String("backend-service"),
HealthChecks: healthCheck.ID(),
LoadBalancingScheme: pulumi.String("INTERNAL_SELF_MANAGED"),
LocalityLbPolicy: pulumi.String("ROUND_ROBIN"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var healthCheck = new Gcp.Compute.HealthCheck("health_check", new()
{
Name = "health-check",
HttpHealthCheck = new Gcp.Compute.Inputs.HealthCheckHttpHealthCheckArgs
{
Port = 80,
},
});
var @default = new Gcp.Compute.BackendService("default", new()
{
Name = "backend-service",
HealthChecks = healthCheck.Id,
LoadBalancingScheme = "INTERNAL_SELF_MANAGED",
LocalityLbPolicy = "ROUND_ROBIN",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.compute.HealthCheck;
import com.pulumi.gcp.compute.HealthCheckArgs;
import com.pulumi.gcp.compute.inputs.HealthCheckHttpHealthCheckArgs;
import com.pulumi.gcp.compute.BackendService;
import com.pulumi.gcp.compute.BackendServiceArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var healthCheck = new HealthCheck("healthCheck", HealthCheckArgs.builder()
.name("health-check")
.httpHealthCheck(HealthCheckHttpHealthCheckArgs.builder()
.port(80)
.build())
.build());
var default_ = new BackendService("default", BackendServiceArgs.builder()
.name("backend-service")
.healthChecks(healthCheck.id())
.loadBalancingScheme("INTERNAL_SELF_MANAGED")
.localityLbPolicy("ROUND_ROBIN")
.build());
}
}
resources:
default:
type: gcp:compute:BackendService
properties:
name: backend-service
healthChecks: ${healthCheck.id}
loadBalancingScheme: INTERNAL_SELF_MANAGED
localityLbPolicy: ROUND_ROBIN
healthCheck:
type: gcp:compute:HealthCheck
name: health_check
properties:
name: health-check
httpHealthCheck:
port: 80
Backend Service Traffic Director Ring Hash
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const healthCheck = new gcp.compute.HealthCheck("health_check", {
name: "health-check",
httpHealthCheck: {
port: 80,
},
});
const _default = new gcp.compute.BackendService("default", {
name: "backend-service",
healthChecks: healthCheck.id,
loadBalancingScheme: "INTERNAL_SELF_MANAGED",
localityLbPolicy: "RING_HASH",
sessionAffinity: "HTTP_COOKIE",
circuitBreakers: {
maxConnections: 10,
},
consistentHash: {
httpCookie: {
ttl: {
seconds: 11,
nanos: 1111,
},
name: "mycookie",
},
},
outlierDetection: {
consecutiveErrors: 2,
consecutiveGatewayFailure: 5,
enforcingConsecutiveErrors: 100,
enforcingConsecutiveGatewayFailure: 0,
enforcingSuccessRate: 100,
maxEjectionPercent: 10,
successRateMinimumHosts: 5,
successRateRequestVolume: 100,
successRateStdevFactor: 1900,
},
});
import pulumi
import pulumi_gcp as gcp
health_check = gcp.compute.HealthCheck("health_check",
name="health-check",
http_health_check={
"port": 80,
})
default = gcp.compute.BackendService("default",
name="backend-service",
health_checks=health_check.id,
load_balancing_scheme="INTERNAL_SELF_MANAGED",
locality_lb_policy="RING_HASH",
session_affinity="HTTP_COOKIE",
circuit_breakers={
"max_connections": 10,
},
consistent_hash={
"http_cookie": {
"ttl": {
"seconds": 11,
"nanos": 1111,
},
"name": "mycookie",
},
},
outlier_detection={
"consecutive_errors": 2,
"consecutive_gateway_failure": 5,
"enforcing_consecutive_errors": 100,
"enforcing_consecutive_gateway_failure": 0,
"enforcing_success_rate": 100,
"max_ejection_percent": 10,
"success_rate_minimum_hosts": 5,
"success_rate_request_volume": 100,
"success_rate_stdev_factor": 1900,
})
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/compute"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
healthCheck, err := compute.NewHealthCheck(ctx, "health_check", &compute.HealthCheckArgs{
Name: pulumi.String("health-check"),
HttpHealthCheck: &compute.HealthCheckHttpHealthCheckArgs{
Port: pulumi.Int(80),
},
})
if err != nil {
return err
}
_, err = compute.NewBackendService(ctx, "default", &compute.BackendServiceArgs{
Name: pulumi.String("backend-service"),
HealthChecks: healthCheck.ID(),
LoadBalancingScheme: pulumi.String("INTERNAL_SELF_MANAGED"),
LocalityLbPolicy: pulumi.String("RING_HASH"),
SessionAffinity: pulumi.String("HTTP_COOKIE"),
CircuitBreakers: &compute.BackendServiceCircuitBreakersArgs{
MaxConnections: pulumi.Int(10),
},
ConsistentHash: &compute.BackendServiceConsistentHashArgs{
HttpCookie: &compute.BackendServiceConsistentHashHttpCookieArgs{
Ttl: &compute.BackendServiceConsistentHashHttpCookieTtlArgs{
Seconds: pulumi.Int(11),
Nanos: pulumi.Int(1111),
},
Name: pulumi.String("mycookie"),
},
},
OutlierDetection: &compute.BackendServiceOutlierDetectionArgs{
ConsecutiveErrors: pulumi.Int(2),
ConsecutiveGatewayFailure: pulumi.Int(5),
EnforcingConsecutiveErrors: pulumi.Int(100),
EnforcingConsecutiveGatewayFailure: pulumi.Int(0),
EnforcingSuccessRate: pulumi.Int(100),
MaxEjectionPercent: pulumi.Int(10),
SuccessRateMinimumHosts: pulumi.Int(5),
SuccessRateRequestVolume: pulumi.Int(100),
SuccessRateStdevFactor: pulumi.Int(1900),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var healthCheck = new Gcp.Compute.HealthCheck("health_check", new()
{
Name = "health-check",
HttpHealthCheck = new Gcp.Compute.Inputs.HealthCheckHttpHealthCheckArgs
{
Port = 80,
},
});
var @default = new Gcp.Compute.BackendService("default", new()
{
Name = "backend-service",
HealthChecks = healthCheck.Id,
LoadBalancingScheme = "INTERNAL_SELF_MANAGED",
LocalityLbPolicy = "RING_HASH",
SessionAffinity = "HTTP_COOKIE",
CircuitBreakers = new Gcp.Compute.Inputs.BackendServiceCircuitBreakersArgs
{
MaxConnections = 10,
},
ConsistentHash = new Gcp.Compute.Inputs.BackendServiceConsistentHashArgs
{
HttpCookie = new Gcp.Compute.Inputs.BackendServiceConsistentHashHttpCookieArgs
{
Ttl = new Gcp.Compute.Inputs.BackendServiceConsistentHashHttpCookieTtlArgs
{
Seconds = 11,
Nanos = 1111,
},
Name = "mycookie",
},
},
OutlierDetection = new Gcp.Compute.Inputs.BackendServiceOutlierDetectionArgs
{
ConsecutiveErrors = 2,
ConsecutiveGatewayFailure = 5,
EnforcingConsecutiveErrors = 100,
EnforcingConsecutiveGatewayFailure = 0,
EnforcingSuccessRate = 100,
MaxEjectionPercent = 10,
SuccessRateMinimumHosts = 5,
SuccessRateRequestVolume = 100,
SuccessRateStdevFactor = 1900,
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.compute.HealthCheck;
import com.pulumi.gcp.compute.HealthCheckArgs;
import com.pulumi.gcp.compute.inputs.HealthCheckHttpHealthCheckArgs;
import com.pulumi.gcp.compute.BackendService;
import com.pulumi.gcp.compute.BackendServiceArgs;
import com.pulumi.gcp.compute.inputs.BackendServiceCircuitBreakersArgs;
import com.pulumi.gcp.compute.inputs.BackendServiceConsistentHashArgs;
import com.pulumi.gcp.compute.inputs.BackendServiceConsistentHashHttpCookieArgs;
import com.pulumi.gcp.compute.inputs.BackendServiceConsistentHashHttpCookieTtlArgs;
import com.pulumi.gcp.compute.inputs.BackendServiceOutlierDetectionArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var healthCheck = new HealthCheck("healthCheck", HealthCheckArgs.builder()
.name("health-check")
.httpHealthCheck(HealthCheckHttpHealthCheckArgs.builder()
.port(80)
.build())
.build());
var default_ = new BackendService("default", BackendServiceArgs.builder()
.name("backend-service")
.healthChecks(healthCheck.id())
.loadBalancingScheme("INTERNAL_SELF_MANAGED")
.localityLbPolicy("RING_HASH")
.sessionAffinity("HTTP_COOKIE")
.circuitBreakers(BackendServiceCircuitBreakersArgs.builder()
.maxConnections(10)
.build())
.consistentHash(BackendServiceConsistentHashArgs.builder()
.httpCookie(BackendServiceConsistentHashHttpCookieArgs.builder()
.ttl(BackendServiceConsistentHashHttpCookieTtlArgs.builder()
.seconds(11)
.nanos(1111)
.build())
.name("mycookie")
.build())
.build())
.outlierDetection(BackendServiceOutlierDetectionArgs.builder()
.consecutiveErrors(2)
.consecutiveGatewayFailure(5)
.enforcingConsecutiveErrors(100)
.enforcingConsecutiveGatewayFailure(0)
.enforcingSuccessRate(100)
.maxEjectionPercent(10)
.successRateMinimumHosts(5)
.successRateRequestVolume(100)
.successRateStdevFactor(1900)
.build())
.build());
}
}
resources:
default:
type: gcp:compute:BackendService
properties:
name: backend-service
healthChecks: ${healthCheck.id}
loadBalancingScheme: INTERNAL_SELF_MANAGED
localityLbPolicy: RING_HASH
sessionAffinity: HTTP_COOKIE
circuitBreakers:
maxConnections: 10
consistentHash:
httpCookie:
ttl:
seconds: 11
nanos: 1111
name: mycookie
outlierDetection:
consecutiveErrors: 2
consecutiveGatewayFailure: 5
enforcingConsecutiveErrors: 100
enforcingConsecutiveGatewayFailure: 0
enforcingSuccessRate: 100
maxEjectionPercent: 10
successRateMinimumHosts: 5
successRateRequestVolume: 100
successRateStdevFactor: 1900
healthCheck:
type: gcp:compute:HealthCheck
name: health_check
properties:
name: health-check
httpHealthCheck:
port: 80
Backend Service Stateful Session Affinity
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const healthCheck = new gcp.compute.HealthCheck("health_check", {
name: "health-check",
httpHealthCheck: {
port: 80,
},
});
const _default = new gcp.compute.BackendService("default", {
name: "backend-service",
healthChecks: healthCheck.id,
loadBalancingScheme: "EXTERNAL_MANAGED",
localityLbPolicy: "RING_HASH",
sessionAffinity: "STRONG_COOKIE_AFFINITY",
strongSessionAffinityCookie: {
ttl: {
seconds: 11,
nanos: 1111,
},
name: "mycookie",
},
});
import pulumi
import pulumi_gcp as gcp
health_check = gcp.compute.HealthCheck("health_check",
name="health-check",
http_health_check={
"port": 80,
})
default = gcp.compute.BackendService("default",
name="backend-service",
health_checks=health_check.id,
load_balancing_scheme="EXTERNAL_MANAGED",
locality_lb_policy="RING_HASH",
session_affinity="STRONG_COOKIE_AFFINITY",
strong_session_affinity_cookie={
"ttl": {
"seconds": 11,
"nanos": 1111,
},
"name": "mycookie",
})
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/compute"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
healthCheck, err := compute.NewHealthCheck(ctx, "health_check", &compute.HealthCheckArgs{
Name: pulumi.String("health-check"),
HttpHealthCheck: &compute.HealthCheckHttpHealthCheckArgs{
Port: pulumi.Int(80),
},
})
if err != nil {
return err
}
_, err = compute.NewBackendService(ctx, "default", &compute.BackendServiceArgs{
Name: pulumi.String("backend-service"),
HealthChecks: healthCheck.ID(),
LoadBalancingScheme: pulumi.String("EXTERNAL_MANAGED"),
LocalityLbPolicy: pulumi.String("RING_HASH"),
SessionAffinity: pulumi.String("STRONG_COOKIE_AFFINITY"),
StrongSessionAffinityCookie: &compute.BackendServiceStrongSessionAffinityCookieArgs{
Ttl: &compute.BackendServiceStrongSessionAffinityCookieTtlArgs{
Seconds: pulumi.Int(11),
Nanos: pulumi.Int(1111),
},
Name: pulumi.String("mycookie"),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var healthCheck = new Gcp.Compute.HealthCheck("health_check", new()
{
Name = "health-check",
HttpHealthCheck = new Gcp.Compute.Inputs.HealthCheckHttpHealthCheckArgs
{
Port = 80,
},
});
var @default = new Gcp.Compute.BackendService("default", new()
{
Name = "backend-service",
HealthChecks = healthCheck.Id,
LoadBalancingScheme = "EXTERNAL_MANAGED",
LocalityLbPolicy = "RING_HASH",
SessionAffinity = "STRONG_COOKIE_AFFINITY",
StrongSessionAffinityCookie = new Gcp.Compute.Inputs.BackendServiceStrongSessionAffinityCookieArgs
{
Ttl = new Gcp.Compute.Inputs.BackendServiceStrongSessionAffinityCookieTtlArgs
{
Seconds = 11,
Nanos = 1111,
},
Name = "mycookie",
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.compute.HealthCheck;
import com.pulumi.gcp.compute.HealthCheckArgs;
import com.pulumi.gcp.compute.inputs.HealthCheckHttpHealthCheckArgs;
import com.pulumi.gcp.compute.BackendService;
import com.pulumi.gcp.compute.BackendServiceArgs;
import com.pulumi.gcp.compute.inputs.BackendServiceStrongSessionAffinityCookieArgs;
import com.pulumi.gcp.compute.inputs.BackendServiceStrongSessionAffinityCookieTtlArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var healthCheck = new HealthCheck("healthCheck", HealthCheckArgs.builder()
.name("health-check")
.httpHealthCheck(HealthCheckHttpHealthCheckArgs.builder()
.port(80)
.build())
.build());
var default_ = new BackendService("default", BackendServiceArgs.builder()
.name("backend-service")
.healthChecks(healthCheck.id())
.loadBalancingScheme("EXTERNAL_MANAGED")
.localityLbPolicy("RING_HASH")
.sessionAffinity("STRONG_COOKIE_AFFINITY")
.strongSessionAffinityCookie(BackendServiceStrongSessionAffinityCookieArgs.builder()
.ttl(BackendServiceStrongSessionAffinityCookieTtlArgs.builder()
.seconds(11)
.nanos(1111)
.build())
.name("mycookie")
.build())
.build());
}
}
resources:
default:
type: gcp:compute:BackendService
properties:
name: backend-service
healthChecks: ${healthCheck.id}
loadBalancingScheme: EXTERNAL_MANAGED
localityLbPolicy: RING_HASH
sessionAffinity: STRONG_COOKIE_AFFINITY
strongSessionAffinityCookie:
ttl:
seconds: 11
nanos: 1111
name: mycookie
healthCheck:
type: gcp:compute:HealthCheck
name: health_check
properties:
name: health-check
httpHealthCheck:
port: 80
Backend Service Network Endpoint
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const externalProxy = new gcp.compute.GlobalNetworkEndpointGroup("external_proxy", {
name: "network-endpoint",
networkEndpointType: "INTERNET_FQDN_PORT",
defaultPort: 443,
});
const proxy = new gcp.compute.GlobalNetworkEndpoint("proxy", {
globalNetworkEndpointGroup: externalProxy.id,
fqdn: "test.example.com",
port: externalProxy.defaultPort,
});
const _default = new gcp.compute.BackendService("default", {
name: "backend-service",
enableCdn: true,
timeoutSec: 10,
connectionDrainingTimeoutSec: 10,
customRequestHeaders: [proxy.fqdn.apply(fqdn => `host: ${fqdn}`)],
customResponseHeaders: ["X-Cache-Hit: {cdn_cache_status}"],
backends: [{
group: externalProxy.id,
}],
});
import pulumi
import pulumi_gcp as gcp
external_proxy = gcp.compute.GlobalNetworkEndpointGroup("external_proxy",
name="network-endpoint",
network_endpoint_type="INTERNET_FQDN_PORT",
default_port=443)
proxy = gcp.compute.GlobalNetworkEndpoint("proxy",
global_network_endpoint_group=external_proxy.id,
fqdn="test.example.com",
port=external_proxy.default_port)
default = gcp.compute.BackendService("default",
name="backend-service",
enable_cdn=True,
timeout_sec=10,
connection_draining_timeout_sec=10,
custom_request_headers=[proxy.fqdn.apply(lambda fqdn: f"host: {fqdn}")],
custom_response_headers=["X-Cache-Hit: {cdn_cache_status}"],
backends=[{
"group": external_proxy.id,
}])
package main
import (
"fmt"
"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/compute"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
externalProxy, err := compute.NewGlobalNetworkEndpointGroup(ctx, "external_proxy", &compute.GlobalNetworkEndpointGroupArgs{
Name: pulumi.String("network-endpoint"),
NetworkEndpointType: pulumi.String("INTERNET_FQDN_PORT"),
DefaultPort: pulumi.Int(443),
})
if err != nil {
return err
}
proxy, err := compute.NewGlobalNetworkEndpoint(ctx, "proxy", &compute.GlobalNetworkEndpointArgs{
GlobalNetworkEndpointGroup: externalProxy.ID(),
Fqdn: pulumi.String("test.example.com"),
Port: externalProxy.DefaultPort,
})
if err != nil {
return err
}
_, err = compute.NewBackendService(ctx, "default", &compute.BackendServiceArgs{
Name: pulumi.String("backend-service"),
EnableCdn: pulumi.Bool(true),
TimeoutSec: pulumi.Int(10),
ConnectionDrainingTimeoutSec: pulumi.Int(10),
CustomRequestHeaders: pulumi.StringArray{
proxy.Fqdn.ApplyT(func(fqdn *string) (string, error) {
return fmt.Sprintf("host: %v", fqdn), nil
}).(pulumi.StringOutput),
},
CustomResponseHeaders: pulumi.StringArray{
pulumi.String("X-Cache-Hit: {cdn_cache_status}"),
},
Backends: compute.BackendServiceBackendArray{
&compute.BackendServiceBackendArgs{
Group: externalProxy.ID(),
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var externalProxy = new Gcp.Compute.GlobalNetworkEndpointGroup("external_proxy", new()
{
Name = "network-endpoint",
NetworkEndpointType = "INTERNET_FQDN_PORT",
DefaultPort = 443,
});
var proxy = new Gcp.Compute.GlobalNetworkEndpoint("proxy", new()
{
GlobalNetworkEndpointGroup = externalProxy.Id,
Fqdn = "test.example.com",
Port = externalProxy.DefaultPort,
});
var @default = new Gcp.Compute.BackendService("default", new()
{
Name = "backend-service",
EnableCdn = true,
TimeoutSec = 10,
ConnectionDrainingTimeoutSec = 10,
CustomRequestHeaders = new[]
{
proxy.Fqdn.Apply(fqdn => $"host: {fqdn}"),
},
CustomResponseHeaders = new[]
{
"X-Cache-Hit: {cdn_cache_status}",
},
Backends = new[]
{
new Gcp.Compute.Inputs.BackendServiceBackendArgs
{
Group = externalProxy.Id,
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.compute.GlobalNetworkEndpointGroup;
import com.pulumi.gcp.compute.GlobalNetworkEndpointGroupArgs;
import com.pulumi.gcp.compute.GlobalNetworkEndpoint;
import com.pulumi.gcp.compute.GlobalNetworkEndpointArgs;
import com.pulumi.gcp.compute.BackendService;
import com.pulumi.gcp.compute.BackendServiceArgs;
import com.pulumi.gcp.compute.inputs.BackendServiceBackendArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var externalProxy = new GlobalNetworkEndpointGroup("externalProxy", GlobalNetworkEndpointGroupArgs.builder()
.name("network-endpoint")
.networkEndpointType("INTERNET_FQDN_PORT")
.defaultPort(443)
.build());
var proxy = new GlobalNetworkEndpoint("proxy", GlobalNetworkEndpointArgs.builder()
.globalNetworkEndpointGroup(externalProxy.id())
.fqdn("test.example.com")
.port(externalProxy.defaultPort())
.build());
var default_ = new BackendService("default", BackendServiceArgs.builder()
.name("backend-service")
.enableCdn(true)
.timeoutSec(10)
.connectionDrainingTimeoutSec(10)
.customRequestHeaders(proxy.fqdn().applyValue(_fqdn -> String.format("host: %s", _fqdn)))
.customResponseHeaders("X-Cache-Hit: {cdn_cache_status}")
.backends(BackendServiceBackendArgs.builder()
.group(externalProxy.id())
.build())
.build());
}
}
resources:
externalProxy:
type: gcp:compute:GlobalNetworkEndpointGroup
name: external_proxy
properties:
name: network-endpoint
networkEndpointType: INTERNET_FQDN_PORT
defaultPort: '443'
proxy:
type: gcp:compute:GlobalNetworkEndpoint
properties:
globalNetworkEndpointGroup: ${externalProxy.id}
fqdn: test.example.com
port: ${externalProxy.defaultPort}
default:
type: gcp:compute:BackendService
properties:
name: backend-service
enableCdn: true
timeoutSec: 10
connectionDrainingTimeoutSec: 10
customRequestHeaders:
- 'host: ${proxy.fqdn}'
customResponseHeaders:
- 'X-Cache-Hit: {cdn_cache_status}'
backends:
- group: ${externalProxy.id}
Backend Service External Managed
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const defaultHealthCheck = new gcp.compute.HealthCheck("default", {
name: "health-check",
httpHealthCheck: {
port: 80,
},
});
const _default = new gcp.compute.BackendService("default", {
name: "backend-service",
healthChecks: defaultHealthCheck.id,
loadBalancingScheme: "EXTERNAL_MANAGED",
protocol: "H2C",
});
import pulumi
import pulumi_gcp as gcp
default_health_check = gcp.compute.HealthCheck("default",
name="health-check",
http_health_check={
"port": 80,
})
default = gcp.compute.BackendService("default",
name="backend-service",
health_checks=default_health_check.id,
load_balancing_scheme="EXTERNAL_MANAGED",
protocol="H2C")
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/compute"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
defaultHealthCheck, err := compute.NewHealthCheck(ctx, "default", &compute.HealthCheckArgs{
Name: pulumi.String("health-check"),
HttpHealthCheck: &compute.HealthCheckHttpHealthCheckArgs{
Port: pulumi.Int(80),
},
})
if err != nil {
return err
}
_, err = compute.NewBackendService(ctx, "default", &compute.BackendServiceArgs{
Name: pulumi.String("backend-service"),
HealthChecks: defaultHealthCheck.ID(),
LoadBalancingScheme: pulumi.String("EXTERNAL_MANAGED"),
Protocol: pulumi.String("H2C"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var defaultHealthCheck = new Gcp.Compute.HealthCheck("default", new()
{
Name = "health-check",
HttpHealthCheck = new Gcp.Compute.Inputs.HealthCheckHttpHealthCheckArgs
{
Port = 80,
},
});
var @default = new Gcp.Compute.BackendService("default", new()
{
Name = "backend-service",
HealthChecks = defaultHealthCheck.Id,
LoadBalancingScheme = "EXTERNAL_MANAGED",
Protocol = "H2C",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.compute.HealthCheck;
import com.pulumi.gcp.compute.HealthCheckArgs;
import com.pulumi.gcp.compute.inputs.HealthCheckHttpHealthCheckArgs;
import com.pulumi.gcp.compute.BackendService;
import com.pulumi.gcp.compute.BackendServiceArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var defaultHealthCheck = new HealthCheck("defaultHealthCheck", HealthCheckArgs.builder()
.name("health-check")
.httpHealthCheck(HealthCheckHttpHealthCheckArgs.builder()
.port(80)
.build())
.build());
var default_ = new BackendService("default", BackendServiceArgs.builder()
.name("backend-service")
.healthChecks(defaultHealthCheck.id())
.loadBalancingScheme("EXTERNAL_MANAGED")
.protocol("H2C")
.build());
}
}
resources:
default:
type: gcp:compute:BackendService
properties:
name: backend-service
healthChecks: ${defaultHealthCheck.id}
loadBalancingScheme: EXTERNAL_MANAGED
protocol: H2C
defaultHealthCheck:
type: gcp:compute:HealthCheck
name: default
properties:
name: health-check
httpHealthCheck:
port: 80
Backend Service Ip Address Selection Policy
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const _default = new gcp.compute.BackendService("default", {
name: "backend-service",
loadBalancingScheme: "EXTERNAL_MANAGED",
ipAddressSelectionPolicy: "IPV6_ONLY",
});
import pulumi
import pulumi_gcp as gcp
default = gcp.compute.BackendService("default",
name="backend-service",
load_balancing_scheme="EXTERNAL_MANAGED",
ip_address_selection_policy="IPV6_ONLY")
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/compute"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := compute.NewBackendService(ctx, "default", &compute.BackendServiceArgs{
Name: pulumi.String("backend-service"),
LoadBalancingScheme: pulumi.String("EXTERNAL_MANAGED"),
IpAddressSelectionPolicy: pulumi.String("IPV6_ONLY"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var @default = new Gcp.Compute.BackendService("default", new()
{
Name = "backend-service",
LoadBalancingScheme = "EXTERNAL_MANAGED",
IpAddressSelectionPolicy = "IPV6_ONLY",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.compute.BackendService;
import com.pulumi.gcp.compute.BackendServiceArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var default_ = new BackendService("default", BackendServiceArgs.builder()
.name("backend-service")
.loadBalancingScheme("EXTERNAL_MANAGED")
.ipAddressSelectionPolicy("IPV6_ONLY")
.build());
}
}
resources:
default:
type: gcp:compute:BackendService
properties:
name: backend-service
loadBalancingScheme: EXTERNAL_MANAGED
ipAddressSelectionPolicy: IPV6_ONLY
Backend Service Custom Metrics
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const _default = new gcp.compute.Network("default", {name: "network"});
// Zonal NEG with GCE_VM_IP_PORT
const defaultNetworkEndpointGroup = new gcp.compute.NetworkEndpointGroup("default", {
name: "network-endpoint",
network: _default.id,
defaultPort: 90,
zone: "us-central1-a",
networkEndpointType: "GCE_VM_IP_PORT",
});
const defaultHealthCheck = new gcp.compute.HealthCheck("default", {
name: "health-check",
timeoutSec: 1,
checkIntervalSec: 1,
tcpHealthCheck: {
port: 80,
},
});
const defaultBackendService = new gcp.compute.BackendService("default", {
name: "backend-service",
healthChecks: defaultHealthCheck.id,
loadBalancingScheme: "EXTERNAL_MANAGED",
localityLbPolicy: "WEIGHTED_ROUND_ROBIN",
customMetrics: [{
name: "orca.application_utilization",
dryRun: false,
}],
backends: [{
group: defaultNetworkEndpointGroup.id,
balancingMode: "CUSTOM_METRICS",
customMetrics: [
{
name: "orca.cpu_utilization",
maxUtilization: 0.9,
dryRun: true,
},
{
name: "orca.named_metrics.foo",
dryRun: false,
},
],
}],
logConfig: {
enable: true,
optionalMode: "CUSTOM",
optionalFields: [
"orca_load_report",
"tls.protocol",
],
},
});
import pulumi
import pulumi_gcp as gcp
default = gcp.compute.Network("default", name="network")
# Zonal NEG with GCE_VM_IP_PORT
default_network_endpoint_group = gcp.compute.NetworkEndpointGroup("default",
name="network-endpoint",
network=default.id,
default_port=90,
zone="us-central1-a",
network_endpoint_type="GCE_VM_IP_PORT")
default_health_check = gcp.compute.HealthCheck("default",
name="health-check",
timeout_sec=1,
check_interval_sec=1,
tcp_health_check={
"port": 80,
})
default_backend_service = gcp.compute.BackendService("default",
name="backend-service",
health_checks=default_health_check.id,
load_balancing_scheme="EXTERNAL_MANAGED",
locality_lb_policy="WEIGHTED_ROUND_ROBIN",
custom_metrics=[{
"name": "orca.application_utilization",
"dry_run": False,
}],
backends=[{
"group": default_network_endpoint_group.id,
"balancing_mode": "CUSTOM_METRICS",
"custom_metrics": [
{
"name": "orca.cpu_utilization",
"max_utilization": 0.9,
"dry_run": True,
},
{
"name": "orca.named_metrics.foo",
"dry_run": False,
},
],
}],
log_config={
"enable": True,
"optional_mode": "CUSTOM",
"optional_fields": [
"orca_load_report",
"tls.protocol",
],
})
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/compute"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_default, err := compute.NewNetwork(ctx, "default", &compute.NetworkArgs{
Name: pulumi.String("network"),
})
if err != nil {
return err
}
// Zonal NEG with GCE_VM_IP_PORT
defaultNetworkEndpointGroup, err := compute.NewNetworkEndpointGroup(ctx, "default", &compute.NetworkEndpointGroupArgs{
Name: pulumi.String("network-endpoint"),
Network: _default.ID(),
DefaultPort: pulumi.Int(90),
Zone: pulumi.String("us-central1-a"),
NetworkEndpointType: pulumi.String("GCE_VM_IP_PORT"),
})
if err != nil {
return err
}
defaultHealthCheck, err := compute.NewHealthCheck(ctx, "default", &compute.HealthCheckArgs{
Name: pulumi.String("health-check"),
TimeoutSec: pulumi.Int(1),
CheckIntervalSec: pulumi.Int(1),
TcpHealthCheck: &compute.HealthCheckTcpHealthCheckArgs{
Port: pulumi.Int(80),
},
})
if err != nil {
return err
}
_, err = compute.NewBackendService(ctx, "default", &compute.BackendServiceArgs{
Name: pulumi.String("backend-service"),
HealthChecks: defaultHealthCheck.ID(),
LoadBalancingScheme: pulumi.String("EXTERNAL_MANAGED"),
LocalityLbPolicy: pulumi.String("WEIGHTED_ROUND_ROBIN"),
CustomMetrics: compute.BackendServiceCustomMetricArray{
&compute.BackendServiceCustomMetricArgs{
Name: pulumi.String("orca.application_utilization"),
DryRun: pulumi.Bool(false),
},
},
Backends: compute.BackendServiceBackendArray{
&compute.BackendServiceBackendArgs{
Group: defaultNetworkEndpointGroup.ID(),
BalancingMode: pulumi.String("CUSTOM_METRICS"),
CustomMetrics: compute.BackendServiceBackendCustomMetricArray{
&compute.BackendServiceBackendCustomMetricArgs{
Name: pulumi.String("orca.cpu_utilization"),
MaxUtilization: pulumi.Float64(0.9),
DryRun: pulumi.Bool(true),
},
&compute.BackendServiceBackendCustomMetricArgs{
Name: pulumi.String("orca.named_metrics.foo"),
DryRun: pulumi.Bool(false),
},
},
},
},
LogConfig: &compute.BackendServiceLogConfigArgs{
Enable: pulumi.Bool(true),
OptionalMode: pulumi.String("CUSTOM"),
OptionalFields: pulumi.StringArray{
pulumi.String("orca_load_report"),
pulumi.String("tls.protocol"),
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var @default = new Gcp.Compute.Network("default", new()
{
Name = "network",
});
// Zonal NEG with GCE_VM_IP_PORT
var defaultNetworkEndpointGroup = new Gcp.Compute.NetworkEndpointGroup("default", new()
{
Name = "network-endpoint",
Network = @default.Id,
DefaultPort = 90,
Zone = "us-central1-a",
NetworkEndpointType = "GCE_VM_IP_PORT",
});
var defaultHealthCheck = new Gcp.Compute.HealthCheck("default", new()
{
Name = "health-check",
TimeoutSec = 1,
CheckIntervalSec = 1,
TcpHealthCheck = new Gcp.Compute.Inputs.HealthCheckTcpHealthCheckArgs
{
Port = 80,
},
});
var defaultBackendService = new Gcp.Compute.BackendService("default", new()
{
Name = "backend-service",
HealthChecks = defaultHealthCheck.Id,
LoadBalancingScheme = "EXTERNAL_MANAGED",
LocalityLbPolicy = "WEIGHTED_ROUND_ROBIN",
CustomMetrics = new[]
{
new Gcp.Compute.Inputs.BackendServiceCustomMetricArgs
{
Name = "orca.application_utilization",
DryRun = false,
},
},
Backends = new[]
{
new Gcp.Compute.Inputs.BackendServiceBackendArgs
{
Group = defaultNetworkEndpointGroup.Id,
BalancingMode = "CUSTOM_METRICS",
CustomMetrics = new[]
{
new Gcp.Compute.Inputs.BackendServiceBackendCustomMetricArgs
{
Name = "orca.cpu_utilization",
MaxUtilization = 0.9,
DryRun = true,
},
new Gcp.Compute.Inputs.BackendServiceBackendCustomMetricArgs
{
Name = "orca.named_metrics.foo",
DryRun = false,
},
},
},
},
LogConfig = new Gcp.Compute.Inputs.BackendServiceLogConfigArgs
{
Enable = true,
OptionalMode = "CUSTOM",
OptionalFields = new[]
{
"orca_load_report",
"tls.protocol",
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.compute.Network;
import com.pulumi.gcp.compute.NetworkArgs;
import com.pulumi.gcp.compute.NetworkEndpointGroup;
import com.pulumi.gcp.compute.NetworkEndpointGroupArgs;
import com.pulumi.gcp.compute.HealthCheck;
import com.pulumi.gcp.compute.HealthCheckArgs;
import com.pulumi.gcp.compute.inputs.HealthCheckTcpHealthCheckArgs;
import com.pulumi.gcp.compute.BackendService;
import com.pulumi.gcp.compute.BackendServiceArgs;
import com.pulumi.gcp.compute.inputs.BackendServiceCustomMetricArgs;
import com.pulumi.gcp.compute.inputs.BackendServiceBackendArgs;
import com.pulumi.gcp.compute.inputs.BackendServiceLogConfigArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var default_ = new Network("default", NetworkArgs.builder()
.name("network")
.build());
// Zonal NEG with GCE_VM_IP_PORT
var defaultNetworkEndpointGroup = new NetworkEndpointGroup("defaultNetworkEndpointGroup", NetworkEndpointGroupArgs.builder()
.name("network-endpoint")
.network(default_.id())
.defaultPort(90)
.zone("us-central1-a")
.networkEndpointType("GCE_VM_IP_PORT")
.build());
var defaultHealthCheck = new HealthCheck("defaultHealthCheck", HealthCheckArgs.builder()
.name("health-check")
.timeoutSec(1)
.checkIntervalSec(1)
.tcpHealthCheck(HealthCheckTcpHealthCheckArgs.builder()
.port(80)
.build())
.build());
var defaultBackendService = new BackendService("defaultBackendService", BackendServiceArgs.builder()
.name("backend-service")
.healthChecks(defaultHealthCheck.id())
.loadBalancingScheme("EXTERNAL_MANAGED")
.localityLbPolicy("WEIGHTED_ROUND_ROBIN")
.customMetrics(BackendServiceCustomMetricArgs.builder()
.name("orca.application_utilization")
.dryRun(false)
.build())
.backends(BackendServiceBackendArgs.builder()
.group(defaultNetworkEndpointGroup.id())
.balancingMode("CUSTOM_METRICS")
.customMetrics(
BackendServiceBackendCustomMetricArgs.builder()
.name("orca.cpu_utilization")
.maxUtilization(0.9)
.dryRun(true)
.build(),
BackendServiceBackendCustomMetricArgs.builder()
.name("orca.named_metrics.foo")
.dryRun(false)
.build())
.build())
.logConfig(BackendServiceLogConfigArgs.builder()
.enable(true)
.optionalMode("CUSTOM")
.optionalFields(
"orca_load_report",
"tls.protocol")
.build())
.build());
}
}
resources:
default:
type: gcp:compute:Network
properties:
name: network
# Zonal NEG with GCE_VM_IP_PORT
defaultNetworkEndpointGroup:
type: gcp:compute:NetworkEndpointGroup
name: default
properties:
name: network-endpoint
network: ${default.id}
defaultPort: '90'
zone: us-central1-a
networkEndpointType: GCE_VM_IP_PORT
defaultBackendService:
type: gcp:compute:BackendService
name: default
properties:
name: backend-service
healthChecks: ${defaultHealthCheck.id}
loadBalancingScheme: EXTERNAL_MANAGED
localityLbPolicy: WEIGHTED_ROUND_ROBIN
customMetrics:
- name: orca.application_utilization
dryRun: false
backends:
- group: ${defaultNetworkEndpointGroup.id}
balancingMode: CUSTOM_METRICS
customMetrics:
- name: orca.cpu_utilization
maxUtilization: 0.9
dryRun: true
- name: orca.named_metrics.foo
dryRun: false
logConfig:
enable: true
optionalMode: CUSTOM
optionalFields:
- orca_load_report
- tls.protocol
defaultHealthCheck:
type: gcp:compute:HealthCheck
name: default
properties:
name: health-check
timeoutSec: 1
checkIntervalSec: 1
tcpHealthCheck:
port: '80'
Backend Service Tls Settings
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const defaultHealthCheck = new gcp.compute.HealthCheck("default", {
name: "health-check",
httpHealthCheck: {
port: 80,
},
});
const defaultBackendAuthenticationConfig = new gcp.networksecurity.BackendAuthenticationConfig("default", {
name: "authentication",
wellKnownRoots: "PUBLIC_ROOTS",
});
const _default = new gcp.compute.BackendService("default", {
name: "backend-service",
healthChecks: defaultHealthCheck.id,
loadBalancingScheme: "EXTERNAL_MANAGED",
protocol: "HTTPS",
tlsSettings: {
sni: "example.com",
subjectAltNames: [
{
dnsName: "example.com",
},
{
uniformResourceIdentifier: "https://example.com",
},
],
authenticationConfig: pulumi.interpolate`//networksecurity.googleapis.com/${defaultBackendAuthenticationConfig.id}`,
},
});
import pulumi
import pulumi_gcp as gcp
default_health_check = gcp.compute.HealthCheck("default",
name="health-check",
http_health_check={
"port": 80,
})
default_backend_authentication_config = gcp.networksecurity.BackendAuthenticationConfig("default",
name="authentication",
well_known_roots="PUBLIC_ROOTS")
default = gcp.compute.BackendService("default",
name="backend-service",
health_checks=default_health_check.id,
load_balancing_scheme="EXTERNAL_MANAGED",
protocol="HTTPS",
tls_settings={
"sni": "example.com",
"subject_alt_names": [
{
"dns_name": "example.com",
},
{
"uniform_resource_identifier": "https://example.com",
},
],
"authentication_config": default_backend_authentication_config.id.apply(lambda id: f"//networksecurity.googleapis.com/{id}"),
})
package main
import (
"fmt"
"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/compute"
"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/networksecurity"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
defaultHealthCheck, err := compute.NewHealthCheck(ctx, "default", &compute.HealthCheckArgs{
Name: pulumi.String("health-check"),
HttpHealthCheck: &compute.HealthCheckHttpHealthCheckArgs{
Port: pulumi.Int(80),
},
})
if err != nil {
return err
}
defaultBackendAuthenticationConfig, err := networksecurity.NewBackendAuthenticationConfig(ctx, "default", &networksecurity.BackendAuthenticationConfigArgs{
Name: pulumi.String("authentication"),
WellKnownRoots: pulumi.String("PUBLIC_ROOTS"),
})
if err != nil {
return err
}
_, err = compute.NewBackendService(ctx, "default", &compute.BackendServiceArgs{
Name: pulumi.String("backend-service"),
HealthChecks: defaultHealthCheck.ID(),
LoadBalancingScheme: pulumi.String("EXTERNAL_MANAGED"),
Protocol: pulumi.String("HTTPS"),
TlsSettings: &compute.BackendServiceTlsSettingsArgs{
Sni: pulumi.String("example.com"),
SubjectAltNames: compute.BackendServiceTlsSettingsSubjectAltNameArray{
&compute.BackendServiceTlsSettingsSubjectAltNameArgs{
DnsName: pulumi.String("example.com"),
},
&compute.BackendServiceTlsSettingsSubjectAltNameArgs{
UniformResourceIdentifier: pulumi.String("https://example.com"),
},
},
AuthenticationConfig: defaultBackendAuthenticationConfig.ID().ApplyT(func(id string) (string, error) {
return fmt.Sprintf("//networksecurity.googleapis.com/%v", id), nil
}).(pulumi.StringOutput),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var defaultHealthCheck = new Gcp.Compute.HealthCheck("default", new()
{
Name = "health-check",
HttpHealthCheck = new Gcp.Compute.Inputs.HealthCheckHttpHealthCheckArgs
{
Port = 80,
},
});
var defaultBackendAuthenticationConfig = new Gcp.NetworkSecurity.BackendAuthenticationConfig("default", new()
{
Name = "authentication",
WellKnownRoots = "PUBLIC_ROOTS",
});
var @default = new Gcp.Compute.BackendService("default", new()
{
Name = "backend-service",
HealthChecks = defaultHealthCheck.Id,
LoadBalancingScheme = "EXTERNAL_MANAGED",
Protocol = "HTTPS",
TlsSettings = new Gcp.Compute.Inputs.BackendServiceTlsSettingsArgs
{
Sni = "example.com",
SubjectAltNames = new[]
{
new Gcp.Compute.Inputs.BackendServiceTlsSettingsSubjectAltNameArgs
{
DnsName = "example.com",
},
new Gcp.Compute.Inputs.BackendServiceTlsSettingsSubjectAltNameArgs
{
UniformResourceIdentifier = "https://example.com",
},
},
AuthenticationConfig = defaultBackendAuthenticationConfig.Id.Apply(id => $"//networksecurity.googleapis.com/{id}"),
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.compute.HealthCheck;
import com.pulumi.gcp.compute.HealthCheckArgs;
import com.pulumi.gcp.compute.inputs.HealthCheckHttpHealthCheckArgs;
import com.pulumi.gcp.networksecurity.BackendAuthenticationConfig;
import com.pulumi.gcp.networksecurity.BackendAuthenticationConfigArgs;
import com.pulumi.gcp.compute.BackendService;
import com.pulumi.gcp.compute.BackendServiceArgs;
import com.pulumi.gcp.compute.inputs.BackendServiceTlsSettingsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var defaultHealthCheck = new HealthCheck("defaultHealthCheck", HealthCheckArgs.builder()
.name("health-check")
.httpHealthCheck(HealthCheckHttpHealthCheckArgs.builder()
.port(80)
.build())
.build());
var defaultBackendAuthenticationConfig = new BackendAuthenticationConfig("defaultBackendAuthenticationConfig", BackendAuthenticationConfigArgs.builder()
.name("authentication")
.wellKnownRoots("PUBLIC_ROOTS")
.build());
var default_ = new BackendService("default", BackendServiceArgs.builder()
.name("backend-service")
.healthChecks(defaultHealthCheck.id())
.loadBalancingScheme("EXTERNAL_MANAGED")
.protocol("HTTPS")
.tlsSettings(BackendServiceTlsSettingsArgs.builder()
.sni("example.com")
.subjectAltNames(
BackendServiceTlsSettingsSubjectAltNameArgs.builder()
.dnsName("example.com")
.build(),
BackendServiceTlsSettingsSubjectAltNameArgs.builder()
.uniformResourceIdentifier("https://example.com")
.build())
.authenticationConfig(defaultBackendAuthenticationConfig.id().applyValue(_id -> String.format("//networksecurity.googleapis.com/%s", _id)))
.build())
.build());
}
}
resources:
default:
type: gcp:compute:BackendService
properties:
name: backend-service
healthChecks: ${defaultHealthCheck.id}
loadBalancingScheme: EXTERNAL_MANAGED
protocol: HTTPS
tlsSettings:
sni: example.com
subjectAltNames:
- dnsName: example.com
- uniformResourceIdentifier: https://example.com
authenticationConfig: //networksecurity.googleapis.com/${defaultBackendAuthenticationConfig.id}
defaultHealthCheck:
type: gcp:compute:HealthCheck
name: default
properties:
name: health-check
httpHealthCheck:
port: 80
defaultBackendAuthenticationConfig:
type: gcp:networksecurity:BackendAuthenticationConfig
name: default
properties:
name: authentication
wellKnownRoots: PUBLIC_ROOTS
Backend Service Dynamic Forwarding
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const _default = new gcp.compute.BackendService("default", {
name: "backend-service",
loadBalancingScheme: "INTERNAL_MANAGED",
dynamicForwarding: {
ipPortSelection: {
enabled: true,
},
},
});
import pulumi
import pulumi_gcp as gcp
default = gcp.compute.BackendService("default",
name="backend-service",
load_balancing_scheme="INTERNAL_MANAGED",
dynamic_forwarding={
"ip_port_selection": {
"enabled": True,
},
})
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/compute"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := compute.NewBackendService(ctx, "default", &compute.BackendServiceArgs{
Name: pulumi.String("backend-service"),
LoadBalancingScheme: pulumi.String("INTERNAL_MANAGED"),
DynamicForwarding: &compute.BackendServiceDynamicForwardingArgs{
IpPortSelection: &compute.BackendServiceDynamicForwardingIpPortSelectionArgs{
Enabled: pulumi.Bool(true),
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var @default = new Gcp.Compute.BackendService("default", new()
{
Name = "backend-service",
LoadBalancingScheme = "INTERNAL_MANAGED",
DynamicForwarding = new Gcp.Compute.Inputs.BackendServiceDynamicForwardingArgs
{
IpPortSelection = new Gcp.Compute.Inputs.BackendServiceDynamicForwardingIpPortSelectionArgs
{
Enabled = true,
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.compute.BackendService;
import com.pulumi.gcp.compute.BackendServiceArgs;
import com.pulumi.gcp.compute.inputs.BackendServiceDynamicForwardingArgs;
import com.pulumi.gcp.compute.inputs.BackendServiceDynamicForwardingIpPortSelectionArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var default_ = new BackendService("default", BackendServiceArgs.builder()
.name("backend-service")
.loadBalancingScheme("INTERNAL_MANAGED")
.dynamicForwarding(BackendServiceDynamicForwardingArgs.builder()
.ipPortSelection(BackendServiceDynamicForwardingIpPortSelectionArgs.builder()
.enabled(true)
.build())
.build())
.build());
}
}
resources:
default:
type: gcp:compute:BackendService
properties:
name: backend-service
loadBalancingScheme: INTERNAL_MANAGED
dynamicForwarding:
ipPortSelection:
enabled: true
Create BackendService Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new BackendService(name: string, args?: BackendServiceArgs, opts?: CustomResourceOptions);@overload
def BackendService(resource_name: str,
args: Optional[BackendServiceArgs] = None,
opts: Optional[ResourceOptions] = None)
@overload
def BackendService(resource_name: str,
opts: Optional[ResourceOptions] = None,
affinity_cookie_ttl_sec: Optional[int] = None,
backends: Optional[Sequence[BackendServiceBackendArgs]] = None,
cdn_policy: Optional[BackendServiceCdnPolicyArgs] = None,
circuit_breakers: Optional[BackendServiceCircuitBreakersArgs] = None,
compression_mode: Optional[str] = None,
connection_draining_timeout_sec: Optional[int] = None,
consistent_hash: Optional[BackendServiceConsistentHashArgs] = None,
custom_metrics: Optional[Sequence[BackendServiceCustomMetricArgs]] = None,
custom_request_headers: Optional[Sequence[str]] = None,
custom_response_headers: Optional[Sequence[str]] = None,
description: Optional[str] = None,
dynamic_forwarding: Optional[BackendServiceDynamicForwardingArgs] = None,
edge_security_policy: Optional[str] = None,
enable_cdn: Optional[bool] = None,
external_managed_migration_state: Optional[str] = None,
external_managed_migration_testing_percentage: Optional[float] = None,
health_checks: Optional[str] = None,
iap: Optional[BackendServiceIapArgs] = None,
ip_address_selection_policy: Optional[str] = None,
load_balancing_scheme: Optional[str] = None,
locality_lb_policies: Optional[Sequence[BackendServiceLocalityLbPolicyArgs]] = None,
locality_lb_policy: Optional[str] = None,
log_config: Optional[BackendServiceLogConfigArgs] = None,
max_stream_duration: Optional[BackendServiceMaxStreamDurationArgs] = None,
name: Optional[str] = None,
network_pass_through_lb_traffic_policy: Optional[BackendServiceNetworkPassThroughLbTrafficPolicyArgs] = None,
outlier_detection: Optional[BackendServiceOutlierDetectionArgs] = None,
params: Optional[BackendServiceParamsArgs] = None,
port_name: Optional[str] = None,
project: Optional[str] = None,
protocol: Optional[str] = None,
security_policy: Optional[str] = None,
security_settings: Optional[BackendServiceSecuritySettingsArgs] = None,
service_lb_policy: Optional[str] = None,
session_affinity: Optional[str] = None,
strong_session_affinity_cookie: Optional[BackendServiceStrongSessionAffinityCookieArgs] = None,
timeout_sec: Optional[int] = None,
tls_settings: Optional[BackendServiceTlsSettingsArgs] = None)func NewBackendService(ctx *Context, name string, args *BackendServiceArgs, opts ...ResourceOption) (*BackendService, error)public BackendService(string name, BackendServiceArgs? args = null, CustomResourceOptions? opts = null)
public BackendService(String name, BackendServiceArgs args)
public BackendService(String name, BackendServiceArgs args, CustomResourceOptions options)
type: gcp:compute:BackendService
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args BackendServiceArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args BackendServiceArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args BackendServiceArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args BackendServiceArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args BackendServiceArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var backendServiceResource = new Gcp.Compute.BackendService("backendServiceResource", new()
{
AffinityCookieTtlSec = 0,
Backends = new[]
{
new Gcp.Compute.Inputs.BackendServiceBackendArgs
{
Group = "string",
MaxConnectionsPerEndpoint = 0,
CustomMetrics = new[]
{
new Gcp.Compute.Inputs.BackendServiceBackendCustomMetricArgs
{
DryRun = false,
Name = "string",
MaxUtilization = 0,
},
},
Description = "string",
CapacityScaler = 0,
MaxConnections = 0,
BalancingMode = "string",
MaxConnectionsPerInstance = 0,
MaxRate = 0,
MaxRatePerEndpoint = 0,
MaxRatePerInstance = 0,
MaxUtilization = 0,
Preference = "string",
},
},
CdnPolicy = new Gcp.Compute.Inputs.BackendServiceCdnPolicyArgs
{
BypassCacheOnRequestHeaders = new[]
{
new Gcp.Compute.Inputs.BackendServiceCdnPolicyBypassCacheOnRequestHeaderArgs
{
HeaderName = "string",
},
},
CacheKeyPolicy = new Gcp.Compute.Inputs.BackendServiceCdnPolicyCacheKeyPolicyArgs
{
IncludeHost = false,
IncludeHttpHeaders = new[]
{
"string",
},
IncludeNamedCookies = new[]
{
"string",
},
IncludeProtocol = false,
IncludeQueryString = false,
QueryStringBlacklists = new[]
{
"string",
},
QueryStringWhitelists = new[]
{
"string",
},
},
CacheMode = "string",
ClientTtl = 0,
DefaultTtl = 0,
MaxTtl = 0,
NegativeCaching = false,
NegativeCachingPolicies = new[]
{
new Gcp.Compute.Inputs.BackendServiceCdnPolicyNegativeCachingPolicyArgs
{
Code = 0,
Ttl = 0,
},
},
RequestCoalescing = false,
ServeWhileStale = 0,
SignedUrlCacheMaxAgeSec = 0,
},
CircuitBreakers = new Gcp.Compute.Inputs.BackendServiceCircuitBreakersArgs
{
ConnectTimeout = new Gcp.Compute.Inputs.BackendServiceCircuitBreakersConnectTimeoutArgs
{
Seconds = 0,
Nanos = 0,
},
MaxConnections = 0,
MaxPendingRequests = 0,
MaxRequests = 0,
MaxRequestsPerConnection = 0,
MaxRetries = 0,
},
CompressionMode = "string",
ConnectionDrainingTimeoutSec = 0,
ConsistentHash = new Gcp.Compute.Inputs.BackendServiceConsistentHashArgs
{
HttpCookie = new Gcp.Compute.Inputs.BackendServiceConsistentHashHttpCookieArgs
{
Name = "string",
Path = "string",
Ttl = new Gcp.Compute.Inputs.BackendServiceConsistentHashHttpCookieTtlArgs
{
Seconds = 0,
Nanos = 0,
},
},
HttpHeaderName = "string",
MinimumRingSize = 0,
},
CustomMetrics = new[]
{
new Gcp.Compute.Inputs.BackendServiceCustomMetricArgs
{
DryRun = false,
Name = "string",
},
},
CustomRequestHeaders = new[]
{
"string",
},
CustomResponseHeaders = new[]
{
"string",
},
Description = "string",
DynamicForwarding = new Gcp.Compute.Inputs.BackendServiceDynamicForwardingArgs
{
IpPortSelection = new Gcp.Compute.Inputs.BackendServiceDynamicForwardingIpPortSelectionArgs
{
Enabled = false,
},
},
EdgeSecurityPolicy = "string",
EnableCdn = false,
ExternalManagedMigrationState = "string",
ExternalManagedMigrationTestingPercentage = 0,
HealthChecks = "string",
Iap = new Gcp.Compute.Inputs.BackendServiceIapArgs
{
Enabled = false,
Oauth2ClientId = "string",
Oauth2ClientSecret = "string",
Oauth2ClientSecretSha256 = "string",
},
IpAddressSelectionPolicy = "string",
LoadBalancingScheme = "string",
LocalityLbPolicies = new[]
{
new Gcp.Compute.Inputs.BackendServiceLocalityLbPolicyArgs
{
CustomPolicy = new Gcp.Compute.Inputs.BackendServiceLocalityLbPolicyCustomPolicyArgs
{
Name = "string",
Data = "string",
},
Policy = new Gcp.Compute.Inputs.BackendServiceLocalityLbPolicyPolicyArgs
{
Name = "string",
},
},
},
LocalityLbPolicy = "string",
LogConfig = new Gcp.Compute.Inputs.BackendServiceLogConfigArgs
{
Enable = false,
OptionalFields = new[]
{
"string",
},
OptionalMode = "string",
SampleRate = 0,
},
MaxStreamDuration = new Gcp.Compute.Inputs.BackendServiceMaxStreamDurationArgs
{
Seconds = "string",
Nanos = 0,
},
Name = "string",
NetworkPassThroughLbTrafficPolicy = new Gcp.Compute.Inputs.BackendServiceNetworkPassThroughLbTrafficPolicyArgs
{
ZonalAffinity = new Gcp.Compute.Inputs.BackendServiceNetworkPassThroughLbTrafficPolicyZonalAffinityArgs
{
Spillover = "string",
SpilloverRatio = 0,
},
},
OutlierDetection = new Gcp.Compute.Inputs.BackendServiceOutlierDetectionArgs
{
BaseEjectionTime = new Gcp.Compute.Inputs.BackendServiceOutlierDetectionBaseEjectionTimeArgs
{
Seconds = 0,
Nanos = 0,
},
ConsecutiveErrors = 0,
ConsecutiveGatewayFailure = 0,
EnforcingConsecutiveErrors = 0,
EnforcingConsecutiveGatewayFailure = 0,
EnforcingSuccessRate = 0,
Interval = new Gcp.Compute.Inputs.BackendServiceOutlierDetectionIntervalArgs
{
Seconds = 0,
Nanos = 0,
},
MaxEjectionPercent = 0,
SuccessRateMinimumHosts = 0,
SuccessRateRequestVolume = 0,
SuccessRateStdevFactor = 0,
},
Params = new Gcp.Compute.Inputs.BackendServiceParamsArgs
{
ResourceManagerTags =
{
{ "string", "string" },
},
},
PortName = "string",
Project = "string",
Protocol = "string",
SecurityPolicy = "string",
SecuritySettings = new Gcp.Compute.Inputs.BackendServiceSecuritySettingsArgs
{
AwsV4Authentication = new Gcp.Compute.Inputs.BackendServiceSecuritySettingsAwsV4AuthenticationArgs
{
AccessKey = "string",
AccessKeyId = "string",
AccessKeyVersion = "string",
OriginRegion = "string",
},
ClientTlsPolicy = "string",
SubjectAltNames = new[]
{
"string",
},
},
ServiceLbPolicy = "string",
SessionAffinity = "string",
StrongSessionAffinityCookie = new Gcp.Compute.Inputs.BackendServiceStrongSessionAffinityCookieArgs
{
Name = "string",
Path = "string",
Ttl = new Gcp.Compute.Inputs.BackendServiceStrongSessionAffinityCookieTtlArgs
{
Seconds = 0,
Nanos = 0,
},
},
TimeoutSec = 0,
TlsSettings = new Gcp.Compute.Inputs.BackendServiceTlsSettingsArgs
{
AuthenticationConfig = "string",
Sni = "string",
SubjectAltNames = new[]
{
new Gcp.Compute.Inputs.BackendServiceTlsSettingsSubjectAltNameArgs
{
DnsName = "string",
UniformResourceIdentifier = "string",
},
},
},
});
example, err := compute.NewBackendService(ctx, "backendServiceResource", &compute.BackendServiceArgs{
AffinityCookieTtlSec: pulumi.Int(0),
Backends: compute.BackendServiceBackendArray{
&compute.BackendServiceBackendArgs{
Group: pulumi.String("string"),
MaxConnectionsPerEndpoint: pulumi.Int(0),
CustomMetrics: compute.BackendServiceBackendCustomMetricArray{
&compute.BackendServiceBackendCustomMetricArgs{
DryRun: pulumi.Bool(false),
Name: pulumi.String("string"),
MaxUtilization: pulumi.Float64(0),
},
},
Description: pulumi.String("string"),
CapacityScaler: pulumi.Float64(0),
MaxConnections: pulumi.Int(0),
BalancingMode: pulumi.String("string"),
MaxConnectionsPerInstance: pulumi.Int(0),
MaxRate: pulumi.Int(0),
MaxRatePerEndpoint: pulumi.Float64(0),
MaxRatePerInstance: pulumi.Float64(0),
MaxUtilization: pulumi.Float64(0),
Preference: pulumi.String("string"),
},
},
CdnPolicy: &compute.BackendServiceCdnPolicyArgs{
BypassCacheOnRequestHeaders: compute.BackendServiceCdnPolicyBypassCacheOnRequestHeaderArray{
&compute.BackendServiceCdnPolicyBypassCacheOnRequestHeaderArgs{
HeaderName: pulumi.String("string"),
},
},
CacheKeyPolicy: &compute.BackendServiceCdnPolicyCacheKeyPolicyArgs{
IncludeHost: pulumi.Bool(false),
IncludeHttpHeaders: pulumi.StringArray{
pulumi.String("string"),
},
IncludeNamedCookies: pulumi.StringArray{
pulumi.String("string"),
},
IncludeProtocol: pulumi.Bool(false),
IncludeQueryString: pulumi.Bool(false),
QueryStringBlacklists: pulumi.StringArray{
pulumi.String("string"),
},
QueryStringWhitelists: pulumi.StringArray{
pulumi.String("string"),
},
},
CacheMode: pulumi.String("string"),
ClientTtl: pulumi.Int(0),
DefaultTtl: pulumi.Int(0),
MaxTtl: pulumi.Int(0),
NegativeCaching: pulumi.Bool(false),
NegativeCachingPolicies: compute.BackendServiceCdnPolicyNegativeCachingPolicyArray{
&compute.BackendServiceCdnPolicyNegativeCachingPolicyArgs{
Code: pulumi.Int(0),
Ttl: pulumi.Int(0),
},
},
RequestCoalescing: pulumi.Bool(false),
ServeWhileStale: pulumi.Int(0),
SignedUrlCacheMaxAgeSec: pulumi.Int(0),
},
CircuitBreakers: &compute.BackendServiceCircuitBreakersArgs{
ConnectTimeout: &compute.BackendServiceCircuitBreakersConnectTimeoutArgs{
Seconds: pulumi.Int(0),
Nanos: pulumi.Int(0),
},
MaxConnections: pulumi.Int(0),
MaxPendingRequests: pulumi.Int(0),
MaxRequests: pulumi.Int(0),
MaxRequestsPerConnection: pulumi.Int(0),
MaxRetries: pulumi.Int(0),
},
CompressionMode: pulumi.String("string"),
ConnectionDrainingTimeoutSec: pulumi.Int(0),
ConsistentHash: &compute.BackendServiceConsistentHashArgs{
HttpCookie: &compute.BackendServiceConsistentHashHttpCookieArgs{
Name: pulumi.String("string"),
Path: pulumi.String("string"),
Ttl: &compute.BackendServiceConsistentHashHttpCookieTtlArgs{
Seconds: pulumi.Int(0),
Nanos: pulumi.Int(0),
},
},
HttpHeaderName: pulumi.String("string"),
MinimumRingSize: pulumi.Int(0),
},
CustomMetrics: compute.BackendServiceCustomMetricArray{
&compute.BackendServiceCustomMetricArgs{
DryRun: pulumi.Bool(false),
Name: pulumi.String("string"),
},
},
CustomRequestHeaders: pulumi.StringArray{
pulumi.String("string"),
},
CustomResponseHeaders: pulumi.StringArray{
pulumi.String("string"),
},
Description: pulumi.String("string"),
DynamicForwarding: &compute.BackendServiceDynamicForwardingArgs{
IpPortSelection: &compute.BackendServiceDynamicForwardingIpPortSelectionArgs{
Enabled: pulumi.Bool(false),
},
},
EdgeSecurityPolicy: pulumi.String("string"),
EnableCdn: pulumi.Bool(false),
ExternalManagedMigrationState: pulumi.String("string"),
ExternalManagedMigrationTestingPercentage: pulumi.Float64(0),
HealthChecks: pulumi.String("string"),
Iap: &compute.BackendServiceIapArgs{
Enabled: pulumi.Bool(false),
Oauth2ClientId: pulumi.String("string"),
Oauth2ClientSecret: pulumi.String("string"),
Oauth2ClientSecretSha256: pulumi.String("string"),
},
IpAddressSelectionPolicy: pulumi.String("string"),
LoadBalancingScheme: pulumi.String("string"),
LocalityLbPolicies: compute.BackendServiceLocalityLbPolicyArray{
&compute.BackendServiceLocalityLbPolicyArgs{
CustomPolicy: &compute.BackendServiceLocalityLbPolicyCustomPolicyArgs{
Name: pulumi.String("string"),
Data: pulumi.String("string"),
},
Policy: &compute.BackendServiceLocalityLbPolicyPolicyArgs{
Name: pulumi.String("string"),
},
},
},
LocalityLbPolicy: pulumi.String("string"),
LogConfig: &compute.BackendServiceLogConfigArgs{
Enable: pulumi.Bool(false),
OptionalFields: pulumi.StringArray{
pulumi.String("string"),
},
OptionalMode: pulumi.String("string"),
SampleRate: pulumi.Float64(0),
},
MaxStreamDuration: &compute.BackendServiceMaxStreamDurationArgs{
Seconds: pulumi.String("string"),
Nanos: pulumi.Int(0),
},
Name: pulumi.String("string"),
NetworkPassThroughLbTrafficPolicy: &compute.BackendServiceNetworkPassThroughLbTrafficPolicyArgs{
ZonalAffinity: &compute.BackendServiceNetworkPassThroughLbTrafficPolicyZonalAffinityArgs{
Spillover: pulumi.String("string"),
SpilloverRatio: pulumi.Float64(0),
},
},
OutlierDetection: &compute.BackendServiceOutlierDetectionArgs{
BaseEjectionTime: &compute.BackendServiceOutlierDetectionBaseEjectionTimeArgs{
Seconds: pulumi.Int(0),
Nanos: pulumi.Int(0),
},
ConsecutiveErrors: pulumi.Int(0),
ConsecutiveGatewayFailure: pulumi.Int(0),
EnforcingConsecutiveErrors: pulumi.Int(0),
EnforcingConsecutiveGatewayFailure: pulumi.Int(0),
EnforcingSuccessRate: pulumi.Int(0),
Interval: &compute.BackendServiceOutlierDetectionIntervalArgs{
Seconds: pulumi.Int(0),
Nanos: pulumi.Int(0),
},
MaxEjectionPercent: pulumi.Int(0),
SuccessRateMinimumHosts: pulumi.Int(0),
SuccessRateRequestVolume: pulumi.Int(0),
SuccessRateStdevFactor: pulumi.Int(0),
},
Params: &compute.BackendServiceParamsArgs{
ResourceManagerTags: pulumi.StringMap{
"string": pulumi.String("string"),
},
},
PortName: pulumi.String("string"),
Project: pulumi.String("string"),
Protocol: pulumi.String("string"),
SecurityPolicy: pulumi.String("string"),
SecuritySettings: &compute.BackendServiceSecuritySettingsArgs{
AwsV4Authentication: &compute.BackendServiceSecuritySettingsAwsV4AuthenticationArgs{
AccessKey: pulumi.String("string"),
AccessKeyId: pulumi.String("string"),
AccessKeyVersion: pulumi.String("string"),
OriginRegion: pulumi.String("string"),
},
ClientTlsPolicy: pulumi.String("string"),
SubjectAltNames: pulumi.StringArray{
pulumi.String("string"),
},
},
ServiceLbPolicy: pulumi.String("string"),
SessionAffinity: pulumi.String("string"),
StrongSessionAffinityCookie: &compute.BackendServiceStrongSessionAffinityCookieArgs{
Name: pulumi.String("string"),
Path: pulumi.String("string"),
Ttl: &compute.BackendServiceStrongSessionAffinityCookieTtlArgs{
Seconds: pulumi.Int(0),
Nanos: pulumi.Int(0),
},
},
TimeoutSec: pulumi.Int(0),
TlsSettings: &compute.BackendServiceTlsSettingsArgs{
AuthenticationConfig: pulumi.String("string"),
Sni: pulumi.String("string"),
SubjectAltNames: compute.BackendServiceTlsSettingsSubjectAltNameArray{
&compute.BackendServiceTlsSettingsSubjectAltNameArgs{
DnsName: pulumi.String("string"),
UniformResourceIdentifier: pulumi.String("string"),
},
},
},
})
var backendServiceResource = new BackendService("backendServiceResource", BackendServiceArgs.builder()
.affinityCookieTtlSec(0)
.backends(BackendServiceBackendArgs.builder()
.group("string")
.maxConnectionsPerEndpoint(0)
.customMetrics(BackendServiceBackendCustomMetricArgs.builder()
.dryRun(false)
.name("string")
.maxUtilization(0.0)
.build())
.description("string")
.capacityScaler(0.0)
.maxConnections(0)
.balancingMode("string")
.maxConnectionsPerInstance(0)
.maxRate(0)
.maxRatePerEndpoint(0.0)
.maxRatePerInstance(0.0)
.maxUtilization(0.0)
.preference("string")
.build())
.cdnPolicy(BackendServiceCdnPolicyArgs.builder()
.bypassCacheOnRequestHeaders(BackendServiceCdnPolicyBypassCacheOnRequestHeaderArgs.builder()
.headerName("string")
.build())
.cacheKeyPolicy(BackendServiceCdnPolicyCacheKeyPolicyArgs.builder()
.includeHost(false)
.includeHttpHeaders("string")
.includeNamedCookies("string")
.includeProtocol(false)
.includeQueryString(false)
.queryStringBlacklists("string")
.queryStringWhitelists("string")
.build())
.cacheMode("string")
.clientTtl(0)
.defaultTtl(0)
.maxTtl(0)
.negativeCaching(false)
.negativeCachingPolicies(BackendServiceCdnPolicyNegativeCachingPolicyArgs.builder()
.code(0)
.ttl(0)
.build())
.requestCoalescing(false)
.serveWhileStale(0)
.signedUrlCacheMaxAgeSec(0)
.build())
.circuitBreakers(BackendServiceCircuitBreakersArgs.builder()
.connectTimeout(BackendServiceCircuitBreakersConnectTimeoutArgs.builder()
.seconds(0)
.nanos(0)
.build())
.maxConnections(0)
.maxPendingRequests(0)
.maxRequests(0)
.maxRequestsPerConnection(0)
.maxRetries(0)
.build())
.compressionMode("string")
.connectionDrainingTimeoutSec(0)
.consistentHash(BackendServiceConsistentHashArgs.builder()
.httpCookie(BackendServiceConsistentHashHttpCookieArgs.builder()
.name("string")
.path("string")
.ttl(BackendServiceConsistentHashHttpCookieTtlArgs.builder()
.seconds(0)
.nanos(0)
.build())
.build())
.httpHeaderName("string")
.minimumRingSize(0)
.build())
.customMetrics(BackendServiceCustomMetricArgs.builder()
.dryRun(false)
.name("string")
.build())
.customRequestHeaders("string")
.customResponseHeaders("string")
.description("string")
.dynamicForwarding(BackendServiceDynamicForwardingArgs.builder()
.ipPortSelection(BackendServiceDynamicForwardingIpPortSelectionArgs.builder()
.enabled(false)
.build())
.build())
.edgeSecurityPolicy("string")
.enableCdn(false)
.externalManagedMigrationState("string")
.externalManagedMigrationTestingPercentage(0.0)
.healthChecks("string")
.iap(BackendServiceIapArgs.builder()
.enabled(false)
.oauth2ClientId("string")
.oauth2ClientSecret("string")
.oauth2ClientSecretSha256("string")
.build())
.ipAddressSelectionPolicy("string")
.loadBalancingScheme("string")
.localityLbPolicies(BackendServiceLocalityLbPolicyArgs.builder()
.customPolicy(BackendServiceLocalityLbPolicyCustomPolicyArgs.builder()
.name("string")
.data("string")
.build())
.policy(BackendServiceLocalityLbPolicyPolicyArgs.builder()
.name("string")
.build())
.build())
.localityLbPolicy("string")
.logConfig(BackendServiceLogConfigArgs.builder()
.enable(false)
.optionalFields("string")
.optionalMode("string")
.sampleRate(0.0)
.build())
.maxStreamDuration(BackendServiceMaxStreamDurationArgs.builder()
.seconds("string")
.nanos(0)
.build())
.name("string")
.networkPassThroughLbTrafficPolicy(BackendServiceNetworkPassThroughLbTrafficPolicyArgs.builder()
.zonalAffinity(BackendServiceNetworkPassThroughLbTrafficPolicyZonalAffinityArgs.builder()
.spillover("string")
.spilloverRatio(0.0)
.build())
.build())
.outlierDetection(BackendServiceOutlierDetectionArgs.builder()
.baseEjectionTime(BackendServiceOutlierDetectionBaseEjectionTimeArgs.builder()
.seconds(0)
.nanos(0)
.build())
.consecutiveErrors(0)
.consecutiveGatewayFailure(0)
.enforcingConsecutiveErrors(0)
.enforcingConsecutiveGatewayFailure(0)
.enforcingSuccessRate(0)
.interval(BackendServiceOutlierDetectionIntervalArgs.builder()
.seconds(0)
.nanos(0)
.build())
.maxEjectionPercent(0)
.successRateMinimumHosts(0)
.successRateRequestVolume(0)
.successRateStdevFactor(0)
.build())
.params(BackendServiceParamsArgs.builder()
.resourceManagerTags(Map.of("string", "string"))
.build())
.portName("string")
.project("string")
.protocol("string")
.securityPolicy("string")
.securitySettings(BackendServiceSecuritySettingsArgs.builder()
.awsV4Authentication(BackendServiceSecuritySettingsAwsV4AuthenticationArgs.builder()
.accessKey("string")
.accessKeyId("string")
.accessKeyVersion("string")
.originRegion("string")
.build())
.clientTlsPolicy("string")
.subjectAltNames("string")
.build())
.serviceLbPolicy("string")
.sessionAffinity("string")
.strongSessionAffinityCookie(BackendServiceStrongSessionAffinityCookieArgs.builder()
.name("string")
.path("string")
.ttl(BackendServiceStrongSessionAffinityCookieTtlArgs.builder()
.seconds(0)
.nanos(0)
.build())
.build())
.timeoutSec(0)
.tlsSettings(BackendServiceTlsSettingsArgs.builder()
.authenticationConfig("string")
.sni("string")
.subjectAltNames(BackendServiceTlsSettingsSubjectAltNameArgs.builder()
.dnsName("string")
.uniformResourceIdentifier("string")
.build())
.build())
.build());
backend_service_resource = gcp.compute.BackendService("backendServiceResource",
affinity_cookie_ttl_sec=0,
backends=[{
"group": "string",
"max_connections_per_endpoint": 0,
"custom_metrics": [{
"dry_run": False,
"name": "string",
"max_utilization": 0,
}],
"description": "string",
"capacity_scaler": 0,
"max_connections": 0,
"balancing_mode": "string",
"max_connections_per_instance": 0,
"max_rate": 0,
"max_rate_per_endpoint": 0,
"max_rate_per_instance": 0,
"max_utilization": 0,
"preference": "string",
}],
cdn_policy={
"bypass_cache_on_request_headers": [{
"header_name": "string",
}],
"cache_key_policy": {
"include_host": False,
"include_http_headers": ["string"],
"include_named_cookies": ["string"],
"include_protocol": False,
"include_query_string": False,
"query_string_blacklists": ["string"],
"query_string_whitelists": ["string"],
},
"cache_mode": "string",
"client_ttl": 0,
"default_ttl": 0,
"max_ttl": 0,
"negative_caching": False,
"negative_caching_policies": [{
"code": 0,
"ttl": 0,
}],
"request_coalescing": False,
"serve_while_stale": 0,
"signed_url_cache_max_age_sec": 0,
},
circuit_breakers={
"connect_timeout": {
"seconds": 0,
"nanos": 0,
},
"max_connections": 0,
"max_pending_requests": 0,
"max_requests": 0,
"max_requests_per_connection": 0,
"max_retries": 0,
},
compression_mode="string",
connection_draining_timeout_sec=0,
consistent_hash={
"http_cookie": {
"name": "string",
"path": "string",
"ttl": {
"seconds": 0,
"nanos": 0,
},
},
"http_header_name": "string",
"minimum_ring_size": 0,
},
custom_metrics=[{
"dry_run": False,
"name": "string",
}],
custom_request_headers=["string"],
custom_response_headers=["string"],
description="string",
dynamic_forwarding={
"ip_port_selection": {
"enabled": False,
},
},
edge_security_policy="string",
enable_cdn=False,
external_managed_migration_state="string",
external_managed_migration_testing_percentage=0,
health_checks="string",
iap={
"enabled": False,
"oauth2_client_id": "string",
"oauth2_client_secret": "string",
"oauth2_client_secret_sha256": "string",
},
ip_address_selection_policy="string",
load_balancing_scheme="string",
locality_lb_policies=[{
"custom_policy": {
"name": "string",
"data": "string",
},
"policy": {
"name": "string",
},
}],
locality_lb_policy="string",
log_config={
"enable": False,
"optional_fields": ["string"],
"optional_mode": "string",
"sample_rate": 0,
},
max_stream_duration={
"seconds": "string",
"nanos": 0,
},
name="string",
network_pass_through_lb_traffic_policy={
"zonal_affinity": {
"spillover": "string",
"spillover_ratio": 0,
},
},
outlier_detection={
"base_ejection_time": {
"seconds": 0,
"nanos": 0,
},
"consecutive_errors": 0,
"consecutive_gateway_failure": 0,
"enforcing_consecutive_errors": 0,
"enforcing_consecutive_gateway_failure": 0,
"enforcing_success_rate": 0,
"interval": {
"seconds": 0,
"nanos": 0,
},
"max_ejection_percent": 0,
"success_rate_minimum_hosts": 0,
"success_rate_request_volume": 0,
"success_rate_stdev_factor": 0,
},
params={
"resource_manager_tags": {
"string": "string",
},
},
port_name="string",
project="string",
protocol="string",
security_policy="string",
security_settings={
"aws_v4_authentication": {
"access_key": "string",
"access_key_id": "string",
"access_key_version": "string",
"origin_region": "string",
},
"client_tls_policy": "string",
"subject_alt_names": ["string"],
},
service_lb_policy="string",
session_affinity="string",
strong_session_affinity_cookie={
"name": "string",
"path": "string",
"ttl": {
"seconds": 0,
"nanos": 0,
},
},
timeout_sec=0,
tls_settings={
"authentication_config": "string",
"sni": "string",
"subject_alt_names": [{
"dns_name": "string",
"uniform_resource_identifier": "string",
}],
})
const backendServiceResource = new gcp.compute.BackendService("backendServiceResource", {
affinityCookieTtlSec: 0,
backends: [{
group: "string",
maxConnectionsPerEndpoint: 0,
customMetrics: [{
dryRun: false,
name: "string",
maxUtilization: 0,
}],
description: "string",
capacityScaler: 0,
maxConnections: 0,
balancingMode: "string",
maxConnectionsPerInstance: 0,
maxRate: 0,
maxRatePerEndpoint: 0,
maxRatePerInstance: 0,
maxUtilization: 0,
preference: "string",
}],
cdnPolicy: {
bypassCacheOnRequestHeaders: [{
headerName: "string",
}],
cacheKeyPolicy: {
includeHost: false,
includeHttpHeaders: ["string"],
includeNamedCookies: ["string"],
includeProtocol: false,
includeQueryString: false,
queryStringBlacklists: ["string"],
queryStringWhitelists: ["string"],
},
cacheMode: "string",
clientTtl: 0,
defaultTtl: 0,
maxTtl: 0,
negativeCaching: false,
negativeCachingPolicies: [{
code: 0,
ttl: 0,
}],
requestCoalescing: false,
serveWhileStale: 0,
signedUrlCacheMaxAgeSec: 0,
},
circuitBreakers: {
connectTimeout: {
seconds: 0,
nanos: 0,
},
maxConnections: 0,
maxPendingRequests: 0,
maxRequests: 0,
maxRequestsPerConnection: 0,
maxRetries: 0,
},
compressionMode: "string",
connectionDrainingTimeoutSec: 0,
consistentHash: {
httpCookie: {
name: "string",
path: "string",
ttl: {
seconds: 0,
nanos: 0,
},
},
httpHeaderName: "string",
minimumRingSize: 0,
},
customMetrics: [{
dryRun: false,
name: "string",
}],
customRequestHeaders: ["string"],
customResponseHeaders: ["string"],
description: "string",
dynamicForwarding: {
ipPortSelection: {
enabled: false,
},
},
edgeSecurityPolicy: "string",
enableCdn: false,
externalManagedMigrationState: "string",
externalManagedMigrationTestingPercentage: 0,
healthChecks: "string",
iap: {
enabled: false,
oauth2ClientId: "string",
oauth2ClientSecret: "string",
oauth2ClientSecretSha256: "string",
},
ipAddressSelectionPolicy: "string",
loadBalancingScheme: "string",
localityLbPolicies: [{
customPolicy: {
name: "string",
data: "string",
},
policy: {
name: "string",
},
}],
localityLbPolicy: "string",
logConfig: {
enable: false,
optionalFields: ["string"],
optionalMode: "string",
sampleRate: 0,
},
maxStreamDuration: {
seconds: "string",
nanos: 0,
},
name: "string",
networkPassThroughLbTrafficPolicy: {
zonalAffinity: {
spillover: "string",
spilloverRatio: 0,
},
},
outlierDetection: {
baseEjectionTime: {
seconds: 0,
nanos: 0,
},
consecutiveErrors: 0,
consecutiveGatewayFailure: 0,
enforcingConsecutiveErrors: 0,
enforcingConsecutiveGatewayFailure: 0,
enforcingSuccessRate: 0,
interval: {
seconds: 0,
nanos: 0,
},
maxEjectionPercent: 0,
successRateMinimumHosts: 0,
successRateRequestVolume: 0,
successRateStdevFactor: 0,
},
params: {
resourceManagerTags: {
string: "string",
},
},
portName: "string",
project: "string",
protocol: "string",
securityPolicy: "string",
securitySettings: {
awsV4Authentication: {
accessKey: "string",
accessKeyId: "string",
accessKeyVersion: "string",
originRegion: "string",
},
clientTlsPolicy: "string",
subjectAltNames: ["string"],
},
serviceLbPolicy: "string",
sessionAffinity: "string",
strongSessionAffinityCookie: {
name: "string",
path: "string",
ttl: {
seconds: 0,
nanos: 0,
},
},
timeoutSec: 0,
tlsSettings: {
authenticationConfig: "string",
sni: "string",
subjectAltNames: [{
dnsName: "string",
uniformResourceIdentifier: "string",
}],
},
});
type: gcp:compute:BackendService
properties:
affinityCookieTtlSec: 0
backends:
- balancingMode: string
capacityScaler: 0
customMetrics:
- dryRun: false
maxUtilization: 0
name: string
description: string
group: string
maxConnections: 0
maxConnectionsPerEndpoint: 0
maxConnectionsPerInstance: 0
maxRate: 0
maxRatePerEndpoint: 0
maxRatePerInstance: 0
maxUtilization: 0
preference: string
cdnPolicy:
bypassCacheOnRequestHeaders:
- headerName: string
cacheKeyPolicy:
includeHost: false
includeHttpHeaders:
- string
includeNamedCookies:
- string
includeProtocol: false
includeQueryString: false
queryStringBlacklists:
- string
queryStringWhitelists:
- string
cacheMode: string
clientTtl: 0
defaultTtl: 0
maxTtl: 0
negativeCaching: false
negativeCachingPolicies:
- code: 0
ttl: 0
requestCoalescing: false
serveWhileStale: 0
signedUrlCacheMaxAgeSec: 0
circuitBreakers:
connectTimeout:
nanos: 0
seconds: 0
maxConnections: 0
maxPendingRequests: 0
maxRequests: 0
maxRequestsPerConnection: 0
maxRetries: 0
compressionMode: string
connectionDrainingTimeoutSec: 0
consistentHash:
httpCookie:
name: string
path: string
ttl:
nanos: 0
seconds: 0
httpHeaderName: string
minimumRingSize: 0
customMetrics:
- dryRun: false
name: string
customRequestHeaders:
- string
customResponseHeaders:
- string
description: string
dynamicForwarding:
ipPortSelection:
enabled: false
edgeSecurityPolicy: string
enableCdn: false
externalManagedMigrationState: string
externalManagedMigrationTestingPercentage: 0
healthChecks: string
iap:
enabled: false
oauth2ClientId: string
oauth2ClientSecret: string
oauth2ClientSecretSha256: string
ipAddressSelectionPolicy: string
loadBalancingScheme: string
localityLbPolicies:
- customPolicy:
data: string
name: string
policy:
name: string
localityLbPolicy: string
logConfig:
enable: false
optionalFields:
- string
optionalMode: string
sampleRate: 0
maxStreamDuration:
nanos: 0
seconds: string
name: string
networkPassThroughLbTrafficPolicy:
zonalAffinity:
spillover: string
spilloverRatio: 0
outlierDetection:
baseEjectionTime:
nanos: 0
seconds: 0
consecutiveErrors: 0
consecutiveGatewayFailure: 0
enforcingConsecutiveErrors: 0
enforcingConsecutiveGatewayFailure: 0
enforcingSuccessRate: 0
interval:
nanos: 0
seconds: 0
maxEjectionPercent: 0
successRateMinimumHosts: 0
successRateRequestVolume: 0
successRateStdevFactor: 0
params:
resourceManagerTags:
string: string
portName: string
project: string
protocol: string
securityPolicy: string
securitySettings:
awsV4Authentication:
accessKey: string
accessKeyId: string
accessKeyVersion: string
originRegion: string
clientTlsPolicy: string
subjectAltNames:
- string
serviceLbPolicy: string
sessionAffinity: string
strongSessionAffinityCookie:
name: string
path: string
ttl:
nanos: 0
seconds: 0
timeoutSec: 0
tlsSettings:
authenticationConfig: string
sni: string
subjectAltNames:
- dnsName: string
uniformResourceIdentifier: string
BackendService Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The BackendService resource accepts the following input properties:
- int
- Lifetime of cookies in seconds if session_affinity is GENERATED_COOKIE. If set to 0, the cookie is non-persistent and lasts only until the end of the browser session (or equivalent). The maximum allowed value for TTL is one day. When the load balancing scheme is INTERNAL, this field is not used.
- Backends
List<Backend
Service Backend> - The set of backends that serve this BackendService. Structure is documented below.
- Cdn
Policy BackendService Cdn Policy - Cloud CDN configuration for this BackendService. Structure is documented below.
- Circuit
Breakers BackendService Circuit Breakers - Settings controlling the volume of connections to a backend service. This field is applicable only when the load_balancing_scheme is set to INTERNAL_SELF_MANAGED. Structure is documented below.
- Compression
Mode string - Compress text responses using Brotli or gzip compression, based on the client's Accept-Encoding header.
Possible values are:
AUTOMATIC,DISABLED. - Connection
Draining intTimeout Sec - Time for which instance will be drained (not accept new connections, but still work to finish started).
- Consistent
Hash BackendService Consistent Hash - Consistent Hash-based load balancing can be used to provide soft session affinity based on HTTP headers, cookies or other properties. This load balancing policy is applicable only for HTTP connections. The affinity to a particular destination host will be lost when one or more hosts are added/removed from the destination service. This field specifies parameters that control consistent hashing. This field only applies if the load_balancing_scheme is set to INTERNAL_SELF_MANAGED. This field is only applicable when locality_lb_policy is set to MAGLEV or RING_HASH. Structure is documented below.
- Custom
Metrics List<BackendService Custom Metric> - List of custom metrics that are used for the WEIGHTED_ROUND_ROBIN locality_lb_policy. Structure is documented below.
- Custom
Request List<string>Headers - Headers that the HTTP/S load balancer should add to proxied requests.
- Custom
Response List<string>Headers - Headers that the HTTP/S load balancer should add to proxied responses.
- Description string
- An optional description of this resource.
- Dynamic
Forwarding BackendService Dynamic Forwarding - Dynamic forwarding configuration. This field is used to configure the backend service with dynamic forwarding feature which together with Service Extension allows customized and complex routing logic. Structure is documented below.
- Edge
Security stringPolicy - The resource URL for the edge security policy associated with this backend service.
- Enable
Cdn bool - If true, enable Cloud CDN for this BackendService.
- External
Managed stringMigration State - Specifies the canary migration state. Possible values are PREPARE, TEST_BY_PERCENTAGE, and
TEST_ALL_TRAFFIC.
To begin the migration from EXTERNAL to EXTERNAL_MANAGED, the state must be changed to
PREPARE. The state must be changed to TEST_ALL_TRAFFIC before the loadBalancingScheme can be
changed to EXTERNAL_MANAGED. Optionally, the TEST_BY_PERCENTAGE state can be used to migrate
traffic by percentage using externalManagedMigrationTestingPercentage.
Rolling back a migration requires the states to be set in reverse order. So changing the
scheme from EXTERNAL_MANAGED to EXTERNAL requires the state to be set to TEST_ALL_TRAFFIC at
the same time. Optionally, the TEST_BY_PERCENTAGE state can be used to migrate some traffic
back to EXTERNAL or PREPARE can be used to migrate all traffic back to EXTERNAL.
Possible values are:
PREPARE,TEST_BY_PERCENTAGE,TEST_ALL_TRAFFIC. - External
Managed doubleMigration Testing Percentage - Determines the fraction of requests that should be processed by the Global external Application Load Balancer. The value of this field must be in the range [0, 100]. Session affinity options will slightly affect this routing behavior, for more details, see: Session Affinity. This value can only be set if the loadBalancingScheme in the backend service is set to EXTERNAL (when using the Classic ALB) and the migration state is TEST_BY_PERCENTAGE.
- Health
Checks string - The set of URLs to the HttpHealthCheck or HttpsHealthCheck resource for health checking this BackendService. Currently at most one health check can be specified. A health check must be specified unless the backend service uses an internet or serverless NEG as a backend. For internal load balancing, a URL to a HealthCheck resource must be specified instead.
- Iap
Backend
Service Iap - Settings for enabling Cloud Identity Aware Proxy. If OAuth client is not set, the Google-managed OAuth client is used. Structure is documented below.
- Ip
Address stringSelection Policy - Specifies preference of traffic to the backend (from the proxy and from the client for proxyless gRPC).
Possible values are:
IPV4_ONLY,PREFER_IPV6,IPV6_ONLY. - Load
Balancing stringScheme - Indicates whether the backend service will be used with internal or
external load balancing. A backend service created for one type of
load balancing cannot be used with the other. For more information, refer to
Choosing a load balancer.
Default value is
EXTERNAL. Possible values are:EXTERNAL,INTERNAL_SELF_MANAGED,INTERNAL_MANAGED,EXTERNAL_MANAGED. - Locality
Lb List<BackendPolicies Service Locality Lb Policy> - A list of locality load balancing policies to be used in order of preference. Either the policy or the customPolicy field should be set. Overrides any value set in the localityLbPolicy field. localityLbPolicies is only supported when the BackendService is referenced by a URL Map that is referenced by a target gRPC proxy that has the validateForProxyless field set to true. Structure is documented below.
- Locality
Lb stringPolicy - The load balancing algorithm used within the scope of the locality.
The possible values are:
ROUND_ROBIN: This is a simple policy in which each healthy backend is selected in round robin order.LEAST_REQUEST: An O(1) algorithm which selects two random healthy hosts and picks the host which has fewer active requests.RING_HASH: The ring/modulo hash load balancer implements consistent hashing to backends. The algorithm has the property that the addition/removal of a host from a set of N hosts only affects 1/N of the requests.RANDOM: The load balancer selects a random healthy host.ORIGINAL_DESTINATION: Backend host is selected based on the client connection metadata, i.e., connections are opened to the same address as the destination address of the incoming connection before the connection was redirected to the load balancer.MAGLEV: used as a drop in replacement for the ring hash load balancer. Maglev is not as stable as ring hash but has faster table lookup build times and host selection times. For more information about Maglev, refer to https://ai.google/research/pubs/pub44824WEIGHTED_MAGLEV: Per-instance weighted Load Balancing via health check reported weights. Only applicable to loadBalancingScheme EXTERNAL. If set, the Backend Service must configure a non legacy HTTP-based Health Check, and health check replies are expected to contain non-standard HTTP response header field X-Load-Balancing-Endpoint-Weight to specify the per-instance weights. If set, Load Balancing is weight based on the per-instance weights reported in the last processed health check replies, as long as every instance either reported a valid weight or had UNAVAILABLE_WEIGHT. Otherwise, Load Balancing remains equal-weight.WEIGHTED_ROUND_ROBIN: Per-endpoint weighted round-robin Load Balancing using weights computed from Backend reported Custom Metrics. If set, the Backend Service responses are expected to contain non-standard HTTP response header field X-Endpoint-Load-Metrics. The reported metrics to use for computing the weights are specified via the backends[].customMetrics fields. locality_lb_policy is applicable to either:- A regional backend service with the service_protocol set to HTTP, HTTPS, HTTP2 or H2C, and loadBalancingScheme set to INTERNAL_MANAGED.
- A global backend service with the load_balancing_scheme set to INTERNAL_SELF_MANAGED.
- A regional backend service with loadBalancingScheme set to EXTERNAL (External Network
Load Balancing). Only MAGLEV and WEIGHTED_MAGLEV values are possible for External
Network Load Balancing. The default is MAGLEV.
If session_affinity is not NONE, and locality_lb_policy is not set to MAGLEV, WEIGHTED_MAGLEV,
or RING_HASH, session affinity settings will not take effect.
Only ROUND_ROBIN and RING_HASH are supported when the backend service is referenced
by a URL map that is bound to target gRPC proxy that has validate_for_proxyless
field set to true.
Possible values are:
ROUND_ROBIN,LEAST_REQUEST,RING_HASH,RANDOM,ORIGINAL_DESTINATION,MAGLEV,WEIGHTED_MAGLEV,WEIGHTED_ROUND_ROBIN.
- Log
Config BackendService Log Config - This field denotes the logging options for the load balancer traffic served by this backend service. If logging is enabled, logs will be exported to Stackdriver. Structure is documented below.
- Max
Stream BackendDuration Service Max Stream Duration - Specifies the default maximum duration (timeout) for streams to this service. Duration is computed from the beginning of the stream until the response has been completely processed, including all retries. A stream that does not complete in this duration is closed. If not specified, there will be no timeout limit, i.e. the maximum duration is infinite. This value can be overridden in the PathMatcher configuration of the UrlMap that references this backend service. This field is only allowed when the loadBalancingScheme of the backend service is INTERNAL_SELF_MANAGED. Structure is documented below.
- Name string
- Name of the resource. Provided by the client when the resource is
created. The name must be 1-63 characters long, and comply with
RFC1035. Specifically, the name must be 1-63 characters long and match
the regular expression
a-z?which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. - Network
Pass BackendThrough Lb Traffic Policy Service Network Pass Through Lb Traffic Policy - Configures traffic steering properties of internal passthrough Network Load Balancers. Structure is documented below.
- Outlier
Detection BackendService Outlier Detection - Settings controlling eviction of unhealthy hosts from the load balancing pool. Applicable backend service types can be a global backend service with the loadBalancingScheme set to INTERNAL_SELF_MANAGED or EXTERNAL_MANAGED. Structure is documented below.
- Params
Backend
Service Params - Additional params passed with the request, but not persisted as part of resource payload Structure is documented below.
- Port
Name string - Name of backend port. The same name should appear in the instance groups referenced by this service. Required when the load balancing scheme is EXTERNAL.
- Project string
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- Protocol string
- The protocol this BackendService uses to communicate with backends.
The default is HTTP. Possible values are HTTP, HTTPS, HTTP2, H2C, TCP, SSL, UDP
or GRPC. Refer to the documentation for the load balancers or for Traffic Director
for more information. Must be set to GRPC when the backend service is referenced
by a URL map that is bound to target gRPC proxy.
Possible values are:
HTTP,HTTPS,HTTP2,TCP,SSL,UDP,GRPC,UNSPECIFIED,H2C. - Security
Policy string - The security policy associated with this backend service.
- Security
Settings BackendService Security Settings - The security settings that apply to this backend service. This field is applicable to either a regional backend service with the service_protocol set to HTTP, HTTPS, HTTP2 or H2C, and load_balancing_scheme set to INTERNAL_MANAGED; or a global backend service with the load_balancing_scheme set to INTERNAL_SELF_MANAGED. Structure is documented below.
- Service
Lb stringPolicy - URL to networkservices.ServiceLbPolicy resource. Can only be set if load balancing scheme is EXTERNAL, EXTERNAL_MANAGED, INTERNAL_MANAGED or INTERNAL_SELF_MANAGED and the scope is global.
- Session
Affinity string - Type of session affinity to use. The default is NONE. Session affinity is
not applicable if the protocol is UDP.
Possible values are:
NONE,CLIENT_IP,CLIENT_IP_PORT_PROTO,CLIENT_IP_PROTO,GENERATED_COOKIE,HEADER_FIELD,HTTP_COOKIE,STRONG_COOKIE_AFFINITY. -
Backend
Service Strong Session Affinity Cookie - Describes the HTTP cookie used for stateful session affinity. This field is applicable and required if the sessionAffinity is set to STRONG_COOKIE_AFFINITY. Structure is documented below.
- Timeout
Sec int - The backend service timeout has a different meaning depending on the type of load balancer. For more information see, Backend service settings. The default is 30 seconds. The full range of timeout values allowed goes from 1 through 2,147,483,647 seconds.
- Tls
Settings BackendService Tls Settings - Configuration for Backend Authenticated TLS and mTLS. May only be specified when the backend protocol is SSL, HTTPS or HTTP2. Structure is documented below.
- int
- Lifetime of cookies in seconds if session_affinity is GENERATED_COOKIE. If set to 0, the cookie is non-persistent and lasts only until the end of the browser session (or equivalent). The maximum allowed value for TTL is one day. When the load balancing scheme is INTERNAL, this field is not used.
- Backends
[]Backend
Service Backend Args - The set of backends that serve this BackendService. Structure is documented below.
- Cdn
Policy BackendService Cdn Policy Args - Cloud CDN configuration for this BackendService. Structure is documented below.
- Circuit
Breakers BackendService Circuit Breakers Args - Settings controlling the volume of connections to a backend service. This field is applicable only when the load_balancing_scheme is set to INTERNAL_SELF_MANAGED. Structure is documented below.
- Compression
Mode string - Compress text responses using Brotli or gzip compression, based on the client's Accept-Encoding header.
Possible values are:
AUTOMATIC,DISABLED. - Connection
Draining intTimeout Sec - Time for which instance will be drained (not accept new connections, but still work to finish started).
- Consistent
Hash BackendService Consistent Hash Args - Consistent Hash-based load balancing can be used to provide soft session affinity based on HTTP headers, cookies or other properties. This load balancing policy is applicable only for HTTP connections. The affinity to a particular destination host will be lost when one or more hosts are added/removed from the destination service. This field specifies parameters that control consistent hashing. This field only applies if the load_balancing_scheme is set to INTERNAL_SELF_MANAGED. This field is only applicable when locality_lb_policy is set to MAGLEV or RING_HASH. Structure is documented below.
- Custom
Metrics []BackendService Custom Metric Args - List of custom metrics that are used for the WEIGHTED_ROUND_ROBIN locality_lb_policy. Structure is documented below.
- Custom
Request []stringHeaders - Headers that the HTTP/S load balancer should add to proxied requests.
- Custom
Response []stringHeaders - Headers that the HTTP/S load balancer should add to proxied responses.
- Description string
- An optional description of this resource.
- Dynamic
Forwarding BackendService Dynamic Forwarding Args - Dynamic forwarding configuration. This field is used to configure the backend service with dynamic forwarding feature which together with Service Extension allows customized and complex routing logic. Structure is documented below.
- Edge
Security stringPolicy - The resource URL for the edge security policy associated with this backend service.
- Enable
Cdn bool - If true, enable Cloud CDN for this BackendService.
- External
Managed stringMigration State - Specifies the canary migration state. Possible values are PREPARE, TEST_BY_PERCENTAGE, and
TEST_ALL_TRAFFIC.
To begin the migration from EXTERNAL to EXTERNAL_MANAGED, the state must be changed to
PREPARE. The state must be changed to TEST_ALL_TRAFFIC before the loadBalancingScheme can be
changed to EXTERNAL_MANAGED. Optionally, the TEST_BY_PERCENTAGE state can be used to migrate
traffic by percentage using externalManagedMigrationTestingPercentage.
Rolling back a migration requires the states to be set in reverse order. So changing the
scheme from EXTERNAL_MANAGED to EXTERNAL requires the state to be set to TEST_ALL_TRAFFIC at
the same time. Optionally, the TEST_BY_PERCENTAGE state can be used to migrate some traffic
back to EXTERNAL or PREPARE can be used to migrate all traffic back to EXTERNAL.
Possible values are:
PREPARE,TEST_BY_PERCENTAGE,TEST_ALL_TRAFFIC. - External
Managed float64Migration Testing Percentage - Determines the fraction of requests that should be processed by the Global external Application Load Balancer. The value of this field must be in the range [0, 100]. Session affinity options will slightly affect this routing behavior, for more details, see: Session Affinity. This value can only be set if the loadBalancingScheme in the backend service is set to EXTERNAL (when using the Classic ALB) and the migration state is TEST_BY_PERCENTAGE.
- Health
Checks string - The set of URLs to the HttpHealthCheck or HttpsHealthCheck resource for health checking this BackendService. Currently at most one health check can be specified. A health check must be specified unless the backend service uses an internet or serverless NEG as a backend. For internal load balancing, a URL to a HealthCheck resource must be specified instead.
- Iap
Backend
Service Iap Args - Settings for enabling Cloud Identity Aware Proxy. If OAuth client is not set, the Google-managed OAuth client is used. Structure is documented below.
- Ip
Address stringSelection Policy - Specifies preference of traffic to the backend (from the proxy and from the client for proxyless gRPC).
Possible values are:
IPV4_ONLY,PREFER_IPV6,IPV6_ONLY. - Load
Balancing stringScheme - Indicates whether the backend service will be used with internal or
external load balancing. A backend service created for one type of
load balancing cannot be used with the other. For more information, refer to
Choosing a load balancer.
Default value is
EXTERNAL. Possible values are:EXTERNAL,INTERNAL_SELF_MANAGED,INTERNAL_MANAGED,EXTERNAL_MANAGED. - Locality
Lb []BackendPolicies Service Locality Lb Policy Args - A list of locality load balancing policies to be used in order of preference. Either the policy or the customPolicy field should be set. Overrides any value set in the localityLbPolicy field. localityLbPolicies is only supported when the BackendService is referenced by a URL Map that is referenced by a target gRPC proxy that has the validateForProxyless field set to true. Structure is documented below.
- Locality
Lb stringPolicy - The load balancing algorithm used within the scope of the locality.
The possible values are:
ROUND_ROBIN: This is a simple policy in which each healthy backend is selected in round robin order.LEAST_REQUEST: An O(1) algorithm which selects two random healthy hosts and picks the host which has fewer active requests.RING_HASH: The ring/modulo hash load balancer implements consistent hashing to backends. The algorithm has the property that the addition/removal of a host from a set of N hosts only affects 1/N of the requests.RANDOM: The load balancer selects a random healthy host.ORIGINAL_DESTINATION: Backend host is selected based on the client connection metadata, i.e., connections are opened to the same address as the destination address of the incoming connection before the connection was redirected to the load balancer.MAGLEV: used as a drop in replacement for the ring hash load balancer. Maglev is not as stable as ring hash but has faster table lookup build times and host selection times. For more information about Maglev, refer to https://ai.google/research/pubs/pub44824WEIGHTED_MAGLEV: Per-instance weighted Load Balancing via health check reported weights. Only applicable to loadBalancingScheme EXTERNAL. If set, the Backend Service must configure a non legacy HTTP-based Health Check, and health check replies are expected to contain non-standard HTTP response header field X-Load-Balancing-Endpoint-Weight to specify the per-instance weights. If set, Load Balancing is weight based on the per-instance weights reported in the last processed health check replies, as long as every instance either reported a valid weight or had UNAVAILABLE_WEIGHT. Otherwise, Load Balancing remains equal-weight.WEIGHTED_ROUND_ROBIN: Per-endpoint weighted round-robin Load Balancing using weights computed from Backend reported Custom Metrics. If set, the Backend Service responses are expected to contain non-standard HTTP response header field X-Endpoint-Load-Metrics. The reported metrics to use for computing the weights are specified via the backends[].customMetrics fields. locality_lb_policy is applicable to either:- A regional backend service with the service_protocol set to HTTP, HTTPS, HTTP2 or H2C, and loadBalancingScheme set to INTERNAL_MANAGED.
- A global backend service with the load_balancing_scheme set to INTERNAL_SELF_MANAGED.
- A regional backend service with loadBalancingScheme set to EXTERNAL (External Network
Load Balancing). Only MAGLEV and WEIGHTED_MAGLEV values are possible for External
Network Load Balancing. The default is MAGLEV.
If session_affinity is not NONE, and locality_lb_policy is not set to MAGLEV, WEIGHTED_MAGLEV,
or RING_HASH, session affinity settings will not take effect.
Only ROUND_ROBIN and RING_HASH are supported when the backend service is referenced
by a URL map that is bound to target gRPC proxy that has validate_for_proxyless
field set to true.
Possible values are:
ROUND_ROBIN,LEAST_REQUEST,RING_HASH,RANDOM,ORIGINAL_DESTINATION,MAGLEV,WEIGHTED_MAGLEV,WEIGHTED_ROUND_ROBIN.
- Log
Config BackendService Log Config Args - This field denotes the logging options for the load balancer traffic served by this backend service. If logging is enabled, logs will be exported to Stackdriver. Structure is documented below.
- Max
Stream BackendDuration Service Max Stream Duration Args - Specifies the default maximum duration (timeout) for streams to this service. Duration is computed from the beginning of the stream until the response has been completely processed, including all retries. A stream that does not complete in this duration is closed. If not specified, there will be no timeout limit, i.e. the maximum duration is infinite. This value can be overridden in the PathMatcher configuration of the UrlMap that references this backend service. This field is only allowed when the loadBalancingScheme of the backend service is INTERNAL_SELF_MANAGED. Structure is documented below.
- Name string
- Name of the resource. Provided by the client when the resource is
created. The name must be 1-63 characters long, and comply with
RFC1035. Specifically, the name must be 1-63 characters long and match
the regular expression
a-z?which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. - Network
Pass BackendThrough Lb Traffic Policy Service Network Pass Through Lb Traffic Policy Args - Configures traffic steering properties of internal passthrough Network Load Balancers. Structure is documented below.
- Outlier
Detection BackendService Outlier Detection Args - Settings controlling eviction of unhealthy hosts from the load balancing pool. Applicable backend service types can be a global backend service with the loadBalancingScheme set to INTERNAL_SELF_MANAGED or EXTERNAL_MANAGED. Structure is documented below.
- Params
Backend
Service Params Args - Additional params passed with the request, but not persisted as part of resource payload Structure is documented below.
- Port
Name string - Name of backend port. The same name should appear in the instance groups referenced by this service. Required when the load balancing scheme is EXTERNAL.
- Project string
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- Protocol string
- The protocol this BackendService uses to communicate with backends.
The default is HTTP. Possible values are HTTP, HTTPS, HTTP2, H2C, TCP, SSL, UDP
or GRPC. Refer to the documentation for the load balancers or for Traffic Director
for more information. Must be set to GRPC when the backend service is referenced
by a URL map that is bound to target gRPC proxy.
Possible values are:
HTTP,HTTPS,HTTP2,TCP,SSL,UDP,GRPC,UNSPECIFIED,H2C. - Security
Policy string - The security policy associated with this backend service.
- Security
Settings BackendService Security Settings Args - The security settings that apply to this backend service. This field is applicable to either a regional backend service with the service_protocol set to HTTP, HTTPS, HTTP2 or H2C, and load_balancing_scheme set to INTERNAL_MANAGED; or a global backend service with the load_balancing_scheme set to INTERNAL_SELF_MANAGED. Structure is documented below.
- Service
Lb stringPolicy - URL to networkservices.ServiceLbPolicy resource. Can only be set if load balancing scheme is EXTERNAL, EXTERNAL_MANAGED, INTERNAL_MANAGED or INTERNAL_SELF_MANAGED and the scope is global.
- Session
Affinity string - Type of session affinity to use. The default is NONE. Session affinity is
not applicable if the protocol is UDP.
Possible values are:
NONE,CLIENT_IP,CLIENT_IP_PORT_PROTO,CLIENT_IP_PROTO,GENERATED_COOKIE,HEADER_FIELD,HTTP_COOKIE,STRONG_COOKIE_AFFINITY. -
Backend
Service Strong Session Affinity Cookie Args - Describes the HTTP cookie used for stateful session affinity. This field is applicable and required if the sessionAffinity is set to STRONG_COOKIE_AFFINITY. Structure is documented below.
- Timeout
Sec int - The backend service timeout has a different meaning depending on the type of load balancer. For more information see, Backend service settings. The default is 30 seconds. The full range of timeout values allowed goes from 1 through 2,147,483,647 seconds.
- Tls
Settings BackendService Tls Settings Args - Configuration for Backend Authenticated TLS and mTLS. May only be specified when the backend protocol is SSL, HTTPS or HTTP2. Structure is documented below.
- Integer
- Lifetime of cookies in seconds if session_affinity is GENERATED_COOKIE. If set to 0, the cookie is non-persistent and lasts only until the end of the browser session (or equivalent). The maximum allowed value for TTL is one day. When the load balancing scheme is INTERNAL, this field is not used.
- backends
List<Backend
Service Backend> - The set of backends that serve this BackendService. Structure is documented below.
- cdn
Policy BackendService Cdn Policy - Cloud CDN configuration for this BackendService. Structure is documented below.
- circuit
Breakers BackendService Circuit Breakers - Settings controlling the volume of connections to a backend service. This field is applicable only when the load_balancing_scheme is set to INTERNAL_SELF_MANAGED. Structure is documented below.
- compression
Mode String - Compress text responses using Brotli or gzip compression, based on the client's Accept-Encoding header.
Possible values are:
AUTOMATIC,DISABLED. - connection
Draining IntegerTimeout Sec - Time for which instance will be drained (not accept new connections, but still work to finish started).
- consistent
Hash BackendService Consistent Hash - Consistent Hash-based load balancing can be used to provide soft session affinity based on HTTP headers, cookies or other properties. This load balancing policy is applicable only for HTTP connections. The affinity to a particular destination host will be lost when one or more hosts are added/removed from the destination service. This field specifies parameters that control consistent hashing. This field only applies if the load_balancing_scheme is set to INTERNAL_SELF_MANAGED. This field is only applicable when locality_lb_policy is set to MAGLEV or RING_HASH. Structure is documented below.
- custom
Metrics List<BackendService Custom Metric> - List of custom metrics that are used for the WEIGHTED_ROUND_ROBIN locality_lb_policy. Structure is documented below.
- custom
Request List<String>Headers - Headers that the HTTP/S load balancer should add to proxied requests.
- custom
Response List<String>Headers - Headers that the HTTP/S load balancer should add to proxied responses.
- description String
- An optional description of this resource.
- dynamic
Forwarding BackendService Dynamic Forwarding - Dynamic forwarding configuration. This field is used to configure the backend service with dynamic forwarding feature which together with Service Extension allows customized and complex routing logic. Structure is documented below.
- edge
Security StringPolicy - The resource URL for the edge security policy associated with this backend service.
- enable
Cdn Boolean - If true, enable Cloud CDN for this BackendService.
- external
Managed StringMigration State - Specifies the canary migration state. Possible values are PREPARE, TEST_BY_PERCENTAGE, and
TEST_ALL_TRAFFIC.
To begin the migration from EXTERNAL to EXTERNAL_MANAGED, the state must be changed to
PREPARE. The state must be changed to TEST_ALL_TRAFFIC before the loadBalancingScheme can be
changed to EXTERNAL_MANAGED. Optionally, the TEST_BY_PERCENTAGE state can be used to migrate
traffic by percentage using externalManagedMigrationTestingPercentage.
Rolling back a migration requires the states to be set in reverse order. So changing the
scheme from EXTERNAL_MANAGED to EXTERNAL requires the state to be set to TEST_ALL_TRAFFIC at
the same time. Optionally, the TEST_BY_PERCENTAGE state can be used to migrate some traffic
back to EXTERNAL or PREPARE can be used to migrate all traffic back to EXTERNAL.
Possible values are:
PREPARE,TEST_BY_PERCENTAGE,TEST_ALL_TRAFFIC. - external
Managed DoubleMigration Testing Percentage - Determines the fraction of requests that should be processed by the Global external Application Load Balancer. The value of this field must be in the range [0, 100]. Session affinity options will slightly affect this routing behavior, for more details, see: Session Affinity. This value can only be set if the loadBalancingScheme in the backend service is set to EXTERNAL (when using the Classic ALB) and the migration state is TEST_BY_PERCENTAGE.
- health
Checks String - The set of URLs to the HttpHealthCheck or HttpsHealthCheck resource for health checking this BackendService. Currently at most one health check can be specified. A health check must be specified unless the backend service uses an internet or serverless NEG as a backend. For internal load balancing, a URL to a HealthCheck resource must be specified instead.
- iap
Backend
Service Iap - Settings for enabling Cloud Identity Aware Proxy. If OAuth client is not set, the Google-managed OAuth client is used. Structure is documented below.
- ip
Address StringSelection Policy - Specifies preference of traffic to the backend (from the proxy and from the client for proxyless gRPC).
Possible values are:
IPV4_ONLY,PREFER_IPV6,IPV6_ONLY. - load
Balancing StringScheme - Indicates whether the backend service will be used with internal or
external load balancing. A backend service created for one type of
load balancing cannot be used with the other. For more information, refer to
Choosing a load balancer.
Default value is
EXTERNAL. Possible values are:EXTERNAL,INTERNAL_SELF_MANAGED,INTERNAL_MANAGED,EXTERNAL_MANAGED. - locality
Lb List<BackendPolicies Service Locality Lb Policy> - A list of locality load balancing policies to be used in order of preference. Either the policy or the customPolicy field should be set. Overrides any value set in the localityLbPolicy field. localityLbPolicies is only supported when the BackendService is referenced by a URL Map that is referenced by a target gRPC proxy that has the validateForProxyless field set to true. Structure is documented below.
- locality
Lb StringPolicy - The load balancing algorithm used within the scope of the locality.
The possible values are:
ROUND_ROBIN: This is a simple policy in which each healthy backend is selected in round robin order.LEAST_REQUEST: An O(1) algorithm which selects two random healthy hosts and picks the host which has fewer active requests.RING_HASH: The ring/modulo hash load balancer implements consistent hashing to backends. The algorithm has the property that the addition/removal of a host from a set of N hosts only affects 1/N of the requests.RANDOM: The load balancer selects a random healthy host.ORIGINAL_DESTINATION: Backend host is selected based on the client connection metadata, i.e., connections are opened to the same address as the destination address of the incoming connection before the connection was redirected to the load balancer.MAGLEV: used as a drop in replacement for the ring hash load balancer. Maglev is not as stable as ring hash but has faster table lookup build times and host selection times. For more information about Maglev, refer to https://ai.google/research/pubs/pub44824WEIGHTED_MAGLEV: Per-instance weighted Load Balancing via health check reported weights. Only applicable to loadBalancingScheme EXTERNAL. If set, the Backend Service must configure a non legacy HTTP-based Health Check, and health check replies are expected to contain non-standard HTTP response header field X-Load-Balancing-Endpoint-Weight to specify the per-instance weights. If set, Load Balancing is weight based on the per-instance weights reported in the last processed health check replies, as long as every instance either reported a valid weight or had UNAVAILABLE_WEIGHT. Otherwise, Load Balancing remains equal-weight.WEIGHTED_ROUND_ROBIN: Per-endpoint weighted round-robin Load Balancing using weights computed from Backend reported Custom Metrics. If set, the Backend Service responses are expected to contain non-standard HTTP response header field X-Endpoint-Load-Metrics. The reported metrics to use for computing the weights are specified via the backends[].customMetrics fields. locality_lb_policy is applicable to either:- A regional backend service with the service_protocol set to HTTP, HTTPS, HTTP2 or H2C, and loadBalancingScheme set to INTERNAL_MANAGED.
- A global backend service with the load_balancing_scheme set to INTERNAL_SELF_MANAGED.
- A regional backend service with loadBalancingScheme set to EXTERNAL (External Network
Load Balancing). Only MAGLEV and WEIGHTED_MAGLEV values are possible for External
Network Load Balancing. The default is MAGLEV.
If session_affinity is not NONE, and locality_lb_policy is not set to MAGLEV, WEIGHTED_MAGLEV,
or RING_HASH, session affinity settings will not take effect.
Only ROUND_ROBIN and RING_HASH are supported when the backend service is referenced
by a URL map that is bound to target gRPC proxy that has validate_for_proxyless
field set to true.
Possible values are:
ROUND_ROBIN,LEAST_REQUEST,RING_HASH,RANDOM,ORIGINAL_DESTINATION,MAGLEV,WEIGHTED_MAGLEV,WEIGHTED_ROUND_ROBIN.
- log
Config BackendService Log Config - This field denotes the logging options for the load balancer traffic served by this backend service. If logging is enabled, logs will be exported to Stackdriver. Structure is documented below.
- max
Stream BackendDuration Service Max Stream Duration - Specifies the default maximum duration (timeout) for streams to this service. Duration is computed from the beginning of the stream until the response has been completely processed, including all retries. A stream that does not complete in this duration is closed. If not specified, there will be no timeout limit, i.e. the maximum duration is infinite. This value can be overridden in the PathMatcher configuration of the UrlMap that references this backend service. This field is only allowed when the loadBalancingScheme of the backend service is INTERNAL_SELF_MANAGED. Structure is documented below.
- name String
- Name of the resource. Provided by the client when the resource is
created. The name must be 1-63 characters long, and comply with
RFC1035. Specifically, the name must be 1-63 characters long and match
the regular expression
a-z?which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. - network
Pass BackendThrough Lb Traffic Policy Service Network Pass Through Lb Traffic Policy - Configures traffic steering properties of internal passthrough Network Load Balancers. Structure is documented below.
- outlier
Detection BackendService Outlier Detection - Settings controlling eviction of unhealthy hosts from the load balancing pool. Applicable backend service types can be a global backend service with the loadBalancingScheme set to INTERNAL_SELF_MANAGED or EXTERNAL_MANAGED. Structure is documented below.
- params
Backend
Service Params - Additional params passed with the request, but not persisted as part of resource payload Structure is documented below.
- port
Name String - Name of backend port. The same name should appear in the instance groups referenced by this service. Required when the load balancing scheme is EXTERNAL.
- project String
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- protocol String
- The protocol this BackendService uses to communicate with backends.
The default is HTTP. Possible values are HTTP, HTTPS, HTTP2, H2C, TCP, SSL, UDP
or GRPC. Refer to the documentation for the load balancers or for Traffic Director
for more information. Must be set to GRPC when the backend service is referenced
by a URL map that is bound to target gRPC proxy.
Possible values are:
HTTP,HTTPS,HTTP2,TCP,SSL,UDP,GRPC,UNSPECIFIED,H2C. - security
Policy String - The security policy associated with this backend service.
- security
Settings BackendService Security Settings - The security settings that apply to this backend service. This field is applicable to either a regional backend service with the service_protocol set to HTTP, HTTPS, HTTP2 or H2C, and load_balancing_scheme set to INTERNAL_MANAGED; or a global backend service with the load_balancing_scheme set to INTERNAL_SELF_MANAGED. Structure is documented below.
- service
Lb StringPolicy - URL to networkservices.ServiceLbPolicy resource. Can only be set if load balancing scheme is EXTERNAL, EXTERNAL_MANAGED, INTERNAL_MANAGED or INTERNAL_SELF_MANAGED and the scope is global.
- session
Affinity String - Type of session affinity to use. The default is NONE. Session affinity is
not applicable if the protocol is UDP.
Possible values are:
NONE,CLIENT_IP,CLIENT_IP_PORT_PROTO,CLIENT_IP_PROTO,GENERATED_COOKIE,HEADER_FIELD,HTTP_COOKIE,STRONG_COOKIE_AFFINITY. -
Backend
Service Strong Session Affinity Cookie - Describes the HTTP cookie used for stateful session affinity. This field is applicable and required if the sessionAffinity is set to STRONG_COOKIE_AFFINITY. Structure is documented below.
- timeout
Sec Integer - The backend service timeout has a different meaning depending on the type of load balancer. For more information see, Backend service settings. The default is 30 seconds. The full range of timeout values allowed goes from 1 through 2,147,483,647 seconds.
- tls
Settings BackendService Tls Settings - Configuration for Backend Authenticated TLS and mTLS. May only be specified when the backend protocol is SSL, HTTPS or HTTP2. Structure is documented below.
- number
- Lifetime of cookies in seconds if session_affinity is GENERATED_COOKIE. If set to 0, the cookie is non-persistent and lasts only until the end of the browser session (or equivalent). The maximum allowed value for TTL is one day. When the load balancing scheme is INTERNAL, this field is not used.
- backends
Backend
Service Backend[] - The set of backends that serve this BackendService. Structure is documented below.
- cdn
Policy BackendService Cdn Policy - Cloud CDN configuration for this BackendService. Structure is documented below.
- circuit
Breakers BackendService Circuit Breakers - Settings controlling the volume of connections to a backend service. This field is applicable only when the load_balancing_scheme is set to INTERNAL_SELF_MANAGED. Structure is documented below.
- compression
Mode string - Compress text responses using Brotli or gzip compression, based on the client's Accept-Encoding header.
Possible values are:
AUTOMATIC,DISABLED. - connection
Draining numberTimeout Sec - Time for which instance will be drained (not accept new connections, but still work to finish started).
- consistent
Hash BackendService Consistent Hash - Consistent Hash-based load balancing can be used to provide soft session affinity based on HTTP headers, cookies or other properties. This load balancing policy is applicable only for HTTP connections. The affinity to a particular destination host will be lost when one or more hosts are added/removed from the destination service. This field specifies parameters that control consistent hashing. This field only applies if the load_balancing_scheme is set to INTERNAL_SELF_MANAGED. This field is only applicable when locality_lb_policy is set to MAGLEV or RING_HASH. Structure is documented below.
- custom
Metrics BackendService Custom Metric[] - List of custom metrics that are used for the WEIGHTED_ROUND_ROBIN locality_lb_policy. Structure is documented below.
- custom
Request string[]Headers - Headers that the HTTP/S load balancer should add to proxied requests.
- custom
Response string[]Headers - Headers that the HTTP/S load balancer should add to proxied responses.
- description string
- An optional description of this resource.
- dynamic
Forwarding BackendService Dynamic Forwarding - Dynamic forwarding configuration. This field is used to configure the backend service with dynamic forwarding feature which together with Service Extension allows customized and complex routing logic. Structure is documented below.
- edge
Security stringPolicy - The resource URL for the edge security policy associated with this backend service.
- enable
Cdn boolean - If true, enable Cloud CDN for this BackendService.
- external
Managed stringMigration State - Specifies the canary migration state. Possible values are PREPARE, TEST_BY_PERCENTAGE, and
TEST_ALL_TRAFFIC.
To begin the migration from EXTERNAL to EXTERNAL_MANAGED, the state must be changed to
PREPARE. The state must be changed to TEST_ALL_TRAFFIC before the loadBalancingScheme can be
changed to EXTERNAL_MANAGED. Optionally, the TEST_BY_PERCENTAGE state can be used to migrate
traffic by percentage using externalManagedMigrationTestingPercentage.
Rolling back a migration requires the states to be set in reverse order. So changing the
scheme from EXTERNAL_MANAGED to EXTERNAL requires the state to be set to TEST_ALL_TRAFFIC at
the same time. Optionally, the TEST_BY_PERCENTAGE state can be used to migrate some traffic
back to EXTERNAL or PREPARE can be used to migrate all traffic back to EXTERNAL.
Possible values are:
PREPARE,TEST_BY_PERCENTAGE,TEST_ALL_TRAFFIC. - external
Managed numberMigration Testing Percentage - Determines the fraction of requests that should be processed by the Global external Application Load Balancer. The value of this field must be in the range [0, 100]. Session affinity options will slightly affect this routing behavior, for more details, see: Session Affinity. This value can only be set if the loadBalancingScheme in the backend service is set to EXTERNAL (when using the Classic ALB) and the migration state is TEST_BY_PERCENTAGE.
- health
Checks string - The set of URLs to the HttpHealthCheck or HttpsHealthCheck resource for health checking this BackendService. Currently at most one health check can be specified. A health check must be specified unless the backend service uses an internet or serverless NEG as a backend. For internal load balancing, a URL to a HealthCheck resource must be specified instead.
- iap
Backend
Service Iap - Settings for enabling Cloud Identity Aware Proxy. If OAuth client is not set, the Google-managed OAuth client is used. Structure is documented below.
- ip
Address stringSelection Policy - Specifies preference of traffic to the backend (from the proxy and from the client for proxyless gRPC).
Possible values are:
IPV4_ONLY,PREFER_IPV6,IPV6_ONLY. - load
Balancing stringScheme - Indicates whether the backend service will be used with internal or
external load balancing. A backend service created for one type of
load balancing cannot be used with the other. For more information, refer to
Choosing a load balancer.
Default value is
EXTERNAL. Possible values are:EXTERNAL,INTERNAL_SELF_MANAGED,INTERNAL_MANAGED,EXTERNAL_MANAGED. - locality
Lb BackendPolicies Service Locality Lb Policy[] - A list of locality load balancing policies to be used in order of preference. Either the policy or the customPolicy field should be set. Overrides any value set in the localityLbPolicy field. localityLbPolicies is only supported when the BackendService is referenced by a URL Map that is referenced by a target gRPC proxy that has the validateForProxyless field set to true. Structure is documented below.
- locality
Lb stringPolicy - The load balancing algorithm used within the scope of the locality.
The possible values are:
ROUND_ROBIN: This is a simple policy in which each healthy backend is selected in round robin order.LEAST_REQUEST: An O(1) algorithm which selects two random healthy hosts and picks the host which has fewer active requests.RING_HASH: The ring/modulo hash load balancer implements consistent hashing to backends. The algorithm has the property that the addition/removal of a host from a set of N hosts only affects 1/N of the requests.RANDOM: The load balancer selects a random healthy host.ORIGINAL_DESTINATION: Backend host is selected based on the client connection metadata, i.e., connections are opened to the same address as the destination address of the incoming connection before the connection was redirected to the load balancer.MAGLEV: used as a drop in replacement for the ring hash load balancer. Maglev is not as stable as ring hash but has faster table lookup build times and host selection times. For more information about Maglev, refer to https://ai.google/research/pubs/pub44824WEIGHTED_MAGLEV: Per-instance weighted Load Balancing via health check reported weights. Only applicable to loadBalancingScheme EXTERNAL. If set, the Backend Service must configure a non legacy HTTP-based Health Check, and health check replies are expected to contain non-standard HTTP response header field X-Load-Balancing-Endpoint-Weight to specify the per-instance weights. If set, Load Balancing is weight based on the per-instance weights reported in the last processed health check replies, as long as every instance either reported a valid weight or had UNAVAILABLE_WEIGHT. Otherwise, Load Balancing remains equal-weight.WEIGHTED_ROUND_ROBIN: Per-endpoint weighted round-robin Load Balancing using weights computed from Backend reported Custom Metrics. If set, the Backend Service responses are expected to contain non-standard HTTP response header field X-Endpoint-Load-Metrics. The reported metrics to use for computing the weights are specified via the backends[].customMetrics fields. locality_lb_policy is applicable to either:- A regional backend service with the service_protocol set to HTTP, HTTPS, HTTP2 or H2C, and loadBalancingScheme set to INTERNAL_MANAGED.
- A global backend service with the load_balancing_scheme set to INTERNAL_SELF_MANAGED.
- A regional backend service with loadBalancingScheme set to EXTERNAL (External Network
Load Balancing). Only MAGLEV and WEIGHTED_MAGLEV values are possible for External
Network Load Balancing. The default is MAGLEV.
If session_affinity is not NONE, and locality_lb_policy is not set to MAGLEV, WEIGHTED_MAGLEV,
or RING_HASH, session affinity settings will not take effect.
Only ROUND_ROBIN and RING_HASH are supported when the backend service is referenced
by a URL map that is bound to target gRPC proxy that has validate_for_proxyless
field set to true.
Possible values are:
ROUND_ROBIN,LEAST_REQUEST,RING_HASH,RANDOM,ORIGINAL_DESTINATION,MAGLEV,WEIGHTED_MAGLEV,WEIGHTED_ROUND_ROBIN.
- log
Config BackendService Log Config - This field denotes the logging options for the load balancer traffic served by this backend service. If logging is enabled, logs will be exported to Stackdriver. Structure is documented below.
- max
Stream BackendDuration Service Max Stream Duration - Specifies the default maximum duration (timeout) for streams to this service. Duration is computed from the beginning of the stream until the response has been completely processed, including all retries. A stream that does not complete in this duration is closed. If not specified, there will be no timeout limit, i.e. the maximum duration is infinite. This value can be overridden in the PathMatcher configuration of the UrlMap that references this backend service. This field is only allowed when the loadBalancingScheme of the backend service is INTERNAL_SELF_MANAGED. Structure is documented below.
- name string
- Name of the resource. Provided by the client when the resource is
created. The name must be 1-63 characters long, and comply with
RFC1035. Specifically, the name must be 1-63 characters long and match
the regular expression
a-z?which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. - network
Pass BackendThrough Lb Traffic Policy Service Network Pass Through Lb Traffic Policy - Configures traffic steering properties of internal passthrough Network Load Balancers. Structure is documented below.
- outlier
Detection BackendService Outlier Detection - Settings controlling eviction of unhealthy hosts from the load balancing pool. Applicable backend service types can be a global backend service with the loadBalancingScheme set to INTERNAL_SELF_MANAGED or EXTERNAL_MANAGED. Structure is documented below.
- params
Backend
Service Params - Additional params passed with the request, but not persisted as part of resource payload Structure is documented below.
- port
Name string - Name of backend port. The same name should appear in the instance groups referenced by this service. Required when the load balancing scheme is EXTERNAL.
- project string
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- protocol string
- The protocol this BackendService uses to communicate with backends.
The default is HTTP. Possible values are HTTP, HTTPS, HTTP2, H2C, TCP, SSL, UDP
or GRPC. Refer to the documentation for the load balancers or for Traffic Director
for more information. Must be set to GRPC when the backend service is referenced
by a URL map that is bound to target gRPC proxy.
Possible values are:
HTTP,HTTPS,HTTP2,TCP,SSL,UDP,GRPC,UNSPECIFIED,H2C. - security
Policy string - The security policy associated with this backend service.
- security
Settings BackendService Security Settings - The security settings that apply to this backend service. This field is applicable to either a regional backend service with the service_protocol set to HTTP, HTTPS, HTTP2 or H2C, and load_balancing_scheme set to INTERNAL_MANAGED; or a global backend service with the load_balancing_scheme set to INTERNAL_SELF_MANAGED. Structure is documented below.
- service
Lb stringPolicy - URL to networkservices.ServiceLbPolicy resource. Can only be set if load balancing scheme is EXTERNAL, EXTERNAL_MANAGED, INTERNAL_MANAGED or INTERNAL_SELF_MANAGED and the scope is global.
- session
Affinity string - Type of session affinity to use. The default is NONE. Session affinity is
not applicable if the protocol is UDP.
Possible values are:
NONE,CLIENT_IP,CLIENT_IP_PORT_PROTO,CLIENT_IP_PROTO,GENERATED_COOKIE,HEADER_FIELD,HTTP_COOKIE,STRONG_COOKIE_AFFINITY. -
Backend
Service Strong Session Affinity Cookie - Describes the HTTP cookie used for stateful session affinity. This field is applicable and required if the sessionAffinity is set to STRONG_COOKIE_AFFINITY. Structure is documented below.
- timeout
Sec number - The backend service timeout has a different meaning depending on the type of load balancer. For more information see, Backend service settings. The default is 30 seconds. The full range of timeout values allowed goes from 1 through 2,147,483,647 seconds.
- tls
Settings BackendService Tls Settings - Configuration for Backend Authenticated TLS and mTLS. May only be specified when the backend protocol is SSL, HTTPS or HTTP2. Structure is documented below.
- int
- Lifetime of cookies in seconds if session_affinity is GENERATED_COOKIE. If set to 0, the cookie is non-persistent and lasts only until the end of the browser session (or equivalent). The maximum allowed value for TTL is one day. When the load balancing scheme is INTERNAL, this field is not used.
- backends
Sequence[Backend
Service Backend Args] - The set of backends that serve this BackendService. Structure is documented below.
- cdn_
policy BackendService Cdn Policy Args - Cloud CDN configuration for this BackendService. Structure is documented below.
- circuit_
breakers BackendService Circuit Breakers Args - Settings controlling the volume of connections to a backend service. This field is applicable only when the load_balancing_scheme is set to INTERNAL_SELF_MANAGED. Structure is documented below.
- compression_
mode str - Compress text responses using Brotli or gzip compression, based on the client's Accept-Encoding header.
Possible values are:
AUTOMATIC,DISABLED. - connection_
draining_ inttimeout_ sec - Time for which instance will be drained (not accept new connections, but still work to finish started).
- consistent_
hash BackendService Consistent Hash Args - Consistent Hash-based load balancing can be used to provide soft session affinity based on HTTP headers, cookies or other properties. This load balancing policy is applicable only for HTTP connections. The affinity to a particular destination host will be lost when one or more hosts are added/removed from the destination service. This field specifies parameters that control consistent hashing. This field only applies if the load_balancing_scheme is set to INTERNAL_SELF_MANAGED. This field is only applicable when locality_lb_policy is set to MAGLEV or RING_HASH. Structure is documented below.
- custom_
metrics Sequence[BackendService Custom Metric Args] - List of custom metrics that are used for the WEIGHTED_ROUND_ROBIN locality_lb_policy. Structure is documented below.
- custom_
request_ Sequence[str]headers - Headers that the HTTP/S load balancer should add to proxied requests.
- custom_
response_ Sequence[str]headers - Headers that the HTTP/S load balancer should add to proxied responses.
- description str
- An optional description of this resource.
- dynamic_
forwarding BackendService Dynamic Forwarding Args - Dynamic forwarding configuration. This field is used to configure the backend service with dynamic forwarding feature which together with Service Extension allows customized and complex routing logic. Structure is documented below.
- edge_
security_ strpolicy - The resource URL for the edge security policy associated with this backend service.
- enable_
cdn bool - If true, enable Cloud CDN for this BackendService.
- external_
managed_ strmigration_ state - Specifies the canary migration state. Possible values are PREPARE, TEST_BY_PERCENTAGE, and
TEST_ALL_TRAFFIC.
To begin the migration from EXTERNAL to EXTERNAL_MANAGED, the state must be changed to
PREPARE. The state must be changed to TEST_ALL_TRAFFIC before the loadBalancingScheme can be
changed to EXTERNAL_MANAGED. Optionally, the TEST_BY_PERCENTAGE state can be used to migrate
traffic by percentage using externalManagedMigrationTestingPercentage.
Rolling back a migration requires the states to be set in reverse order. So changing the
scheme from EXTERNAL_MANAGED to EXTERNAL requires the state to be set to TEST_ALL_TRAFFIC at
the same time. Optionally, the TEST_BY_PERCENTAGE state can be used to migrate some traffic
back to EXTERNAL or PREPARE can be used to migrate all traffic back to EXTERNAL.
Possible values are:
PREPARE,TEST_BY_PERCENTAGE,TEST_ALL_TRAFFIC. - external_
managed_ floatmigration_ testing_ percentage - Determines the fraction of requests that should be processed by the Global external Application Load Balancer. The value of this field must be in the range [0, 100]. Session affinity options will slightly affect this routing behavior, for more details, see: Session Affinity. This value can only be set if the loadBalancingScheme in the backend service is set to EXTERNAL (when using the Classic ALB) and the migration state is TEST_BY_PERCENTAGE.
- health_
checks str - The set of URLs to the HttpHealthCheck or HttpsHealthCheck resource for health checking this BackendService. Currently at most one health check can be specified. A health check must be specified unless the backend service uses an internet or serverless NEG as a backend. For internal load balancing, a URL to a HealthCheck resource must be specified instead.
- iap
Backend
Service Iap Args - Settings for enabling Cloud Identity Aware Proxy. If OAuth client is not set, the Google-managed OAuth client is used. Structure is documented below.
- ip_
address_ strselection_ policy - Specifies preference of traffic to the backend (from the proxy and from the client for proxyless gRPC).
Possible values are:
IPV4_ONLY,PREFER_IPV6,IPV6_ONLY. - load_
balancing_ strscheme - Indicates whether the backend service will be used with internal or
external load balancing. A backend service created for one type of
load balancing cannot be used with the other. For more information, refer to
Choosing a load balancer.
Default value is
EXTERNAL. Possible values are:EXTERNAL,INTERNAL_SELF_MANAGED,INTERNAL_MANAGED,EXTERNAL_MANAGED. - locality_
lb_ Sequence[Backendpolicies Service Locality Lb Policy Args] - A list of locality load balancing policies to be used in order of preference. Either the policy or the customPolicy field should be set. Overrides any value set in the localityLbPolicy field. localityLbPolicies is only supported when the BackendService is referenced by a URL Map that is referenced by a target gRPC proxy that has the validateForProxyless field set to true. Structure is documented below.
- locality_
lb_ strpolicy - The load balancing algorithm used within the scope of the locality.
The possible values are:
ROUND_ROBIN: This is a simple policy in which each healthy backend is selected in round robin order.LEAST_REQUEST: An O(1) algorithm which selects two random healthy hosts and picks the host which has fewer active requests.RING_HASH: The ring/modulo hash load balancer implements consistent hashing to backends. The algorithm has the property that the addition/removal of a host from a set of N hosts only affects 1/N of the requests.RANDOM: The load balancer selects a random healthy host.ORIGINAL_DESTINATION: Backend host is selected based on the client connection metadata, i.e., connections are opened to the same address as the destination address of the incoming connection before the connection was redirected to the load balancer.MAGLEV: used as a drop in replacement for the ring hash load balancer. Maglev is not as stable as ring hash but has faster table lookup build times and host selection times. For more information about Maglev, refer to https://ai.google/research/pubs/pub44824WEIGHTED_MAGLEV: Per-instance weighted Load Balancing via health check reported weights. Only applicable to loadBalancingScheme EXTERNAL. If set, the Backend Service must configure a non legacy HTTP-based Health Check, and health check replies are expected to contain non-standard HTTP response header field X-Load-Balancing-Endpoint-Weight to specify the per-instance weights. If set, Load Balancing is weight based on the per-instance weights reported in the last processed health check replies, as long as every instance either reported a valid weight or had UNAVAILABLE_WEIGHT. Otherwise, Load Balancing remains equal-weight.WEIGHTED_ROUND_ROBIN: Per-endpoint weighted round-robin Load Balancing using weights computed from Backend reported Custom Metrics. If set, the Backend Service responses are expected to contain non-standard HTTP response header field X-Endpoint-Load-Metrics. The reported metrics to use for computing the weights are specified via the backends[].customMetrics fields. locality_lb_policy is applicable to either:- A regional backend service with the service_protocol set to HTTP, HTTPS, HTTP2 or H2C, and loadBalancingScheme set to INTERNAL_MANAGED.
- A global backend service with the load_balancing_scheme set to INTERNAL_SELF_MANAGED.
- A regional backend service with loadBalancingScheme set to EXTERNAL (External Network
Load Balancing). Only MAGLEV and WEIGHTED_MAGLEV values are possible for External
Network Load Balancing. The default is MAGLEV.
If session_affinity is not NONE, and locality_lb_policy is not set to MAGLEV, WEIGHTED_MAGLEV,
or RING_HASH, session affinity settings will not take effect.
Only ROUND_ROBIN and RING_HASH are supported when the backend service is referenced
by a URL map that is bound to target gRPC proxy that has validate_for_proxyless
field set to true.
Possible values are:
ROUND_ROBIN,LEAST_REQUEST,RING_HASH,RANDOM,ORIGINAL_DESTINATION,MAGLEV,WEIGHTED_MAGLEV,WEIGHTED_ROUND_ROBIN.
- log_
config BackendService Log Config Args - This field denotes the logging options for the load balancer traffic served by this backend service. If logging is enabled, logs will be exported to Stackdriver. Structure is documented below.
- max_
stream_ Backendduration Service Max Stream Duration Args - Specifies the default maximum duration (timeout) for streams to this service. Duration is computed from the beginning of the stream until the response has been completely processed, including all retries. A stream that does not complete in this duration is closed. If not specified, there will be no timeout limit, i.e. the maximum duration is infinite. This value can be overridden in the PathMatcher configuration of the UrlMap that references this backend service. This field is only allowed when the loadBalancingScheme of the backend service is INTERNAL_SELF_MANAGED. Structure is documented below.
- name str
- Name of the resource. Provided by the client when the resource is
created. The name must be 1-63 characters long, and comply with
RFC1035. Specifically, the name must be 1-63 characters long and match
the regular expression
a-z?which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. - network_
pass_ Backendthrough_ lb_ traffic_ policy Service Network Pass Through Lb Traffic Policy Args - Configures traffic steering properties of internal passthrough Network Load Balancers. Structure is documented below.
- outlier_
detection BackendService Outlier Detection Args - Settings controlling eviction of unhealthy hosts from the load balancing pool. Applicable backend service types can be a global backend service with the loadBalancingScheme set to INTERNAL_SELF_MANAGED or EXTERNAL_MANAGED. Structure is documented below.
- params
Backend
Service Params Args - Additional params passed with the request, but not persisted as part of resource payload Structure is documented below.
- port_
name str - Name of backend port. The same name should appear in the instance groups referenced by this service. Required when the load balancing scheme is EXTERNAL.
- project str
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- protocol str
- The protocol this BackendService uses to communicate with backends.
The default is HTTP. Possible values are HTTP, HTTPS, HTTP2, H2C, TCP, SSL, UDP
or GRPC. Refer to the documentation for the load balancers or for Traffic Director
for more information. Must be set to GRPC when the backend service is referenced
by a URL map that is bound to target gRPC proxy.
Possible values are:
HTTP,HTTPS,HTTP2,TCP,SSL,UDP,GRPC,UNSPECIFIED,H2C. - security_
policy str - The security policy associated with this backend service.
- security_
settings BackendService Security Settings Args - The security settings that apply to this backend service. This field is applicable to either a regional backend service with the service_protocol set to HTTP, HTTPS, HTTP2 or H2C, and load_balancing_scheme set to INTERNAL_MANAGED; or a global backend service with the load_balancing_scheme set to INTERNAL_SELF_MANAGED. Structure is documented below.
- service_
lb_ strpolicy - URL to networkservices.ServiceLbPolicy resource. Can only be set if load balancing scheme is EXTERNAL, EXTERNAL_MANAGED, INTERNAL_MANAGED or INTERNAL_SELF_MANAGED and the scope is global.
- session_
affinity str - Type of session affinity to use. The default is NONE. Session affinity is
not applicable if the protocol is UDP.
Possible values are:
NONE,CLIENT_IP,CLIENT_IP_PORT_PROTO,CLIENT_IP_PROTO,GENERATED_COOKIE,HEADER_FIELD,HTTP_COOKIE,STRONG_COOKIE_AFFINITY. -
Backend
Service Strong Session Affinity Cookie Args - Describes the HTTP cookie used for stateful session affinity. This field is applicable and required if the sessionAffinity is set to STRONG_COOKIE_AFFINITY. Structure is documented below.
- timeout_
sec int - The backend service timeout has a different meaning depending on the type of load balancer. For more information see, Backend service settings. The default is 30 seconds. The full range of timeout values allowed goes from 1 through 2,147,483,647 seconds.
- tls_
settings BackendService Tls Settings Args - Configuration for Backend Authenticated TLS and mTLS. May only be specified when the backend protocol is SSL, HTTPS or HTTP2. Structure is documented below.
- Number
- Lifetime of cookies in seconds if session_affinity is GENERATED_COOKIE. If set to 0, the cookie is non-persistent and lasts only until the end of the browser session (or equivalent). The maximum allowed value for TTL is one day. When the load balancing scheme is INTERNAL, this field is not used.
- backends List<Property Map>
- The set of backends that serve this BackendService. Structure is documented below.
- cdn
Policy Property Map - Cloud CDN configuration for this BackendService. Structure is documented below.
- circuit
Breakers Property Map - Settings controlling the volume of connections to a backend service. This field is applicable only when the load_balancing_scheme is set to INTERNAL_SELF_MANAGED. Structure is documented below.
- compression
Mode String - Compress text responses using Brotli or gzip compression, based on the client's Accept-Encoding header.
Possible values are:
AUTOMATIC,DISABLED. - connection
Draining NumberTimeout Sec - Time for which instance will be drained (not accept new connections, but still work to finish started).
- consistent
Hash Property Map - Consistent Hash-based load balancing can be used to provide soft session affinity based on HTTP headers, cookies or other properties. This load balancing policy is applicable only for HTTP connections. The affinity to a particular destination host will be lost when one or more hosts are added/removed from the destination service. This field specifies parameters that control consistent hashing. This field only applies if the load_balancing_scheme is set to INTERNAL_SELF_MANAGED. This field is only applicable when locality_lb_policy is set to MAGLEV or RING_HASH. Structure is documented below.
- custom
Metrics List<Property Map> - List of custom metrics that are used for the WEIGHTED_ROUND_ROBIN locality_lb_policy. Structure is documented below.
- custom
Request List<String>Headers - Headers that the HTTP/S load balancer should add to proxied requests.
- custom
Response List<String>Headers - Headers that the HTTP/S load balancer should add to proxied responses.
- description String
- An optional description of this resource.
- dynamic
Forwarding Property Map - Dynamic forwarding configuration. This field is used to configure the backend service with dynamic forwarding feature which together with Service Extension allows customized and complex routing logic. Structure is documented below.
- edge
Security StringPolicy - The resource URL for the edge security policy associated with this backend service.
- enable
Cdn Boolean - If true, enable Cloud CDN for this BackendService.
- external
Managed StringMigration State - Specifies the canary migration state. Possible values are PREPARE, TEST_BY_PERCENTAGE, and
TEST_ALL_TRAFFIC.
To begin the migration from EXTERNAL to EXTERNAL_MANAGED, the state must be changed to
PREPARE. The state must be changed to TEST_ALL_TRAFFIC before the loadBalancingScheme can be
changed to EXTERNAL_MANAGED. Optionally, the TEST_BY_PERCENTAGE state can be used to migrate
traffic by percentage using externalManagedMigrationTestingPercentage.
Rolling back a migration requires the states to be set in reverse order. So changing the
scheme from EXTERNAL_MANAGED to EXTERNAL requires the state to be set to TEST_ALL_TRAFFIC at
the same time. Optionally, the TEST_BY_PERCENTAGE state can be used to migrate some traffic
back to EXTERNAL or PREPARE can be used to migrate all traffic back to EXTERNAL.
Possible values are:
PREPARE,TEST_BY_PERCENTAGE,TEST_ALL_TRAFFIC. - external
Managed NumberMigration Testing Percentage - Determines the fraction of requests that should be processed by the Global external Application Load Balancer. The value of this field must be in the range [0, 100]. Session affinity options will slightly affect this routing behavior, for more details, see: Session Affinity. This value can only be set if the loadBalancingScheme in the backend service is set to EXTERNAL (when using the Classic ALB) and the migration state is TEST_BY_PERCENTAGE.
- health
Checks String - The set of URLs to the HttpHealthCheck or HttpsHealthCheck resource for health checking this BackendService. Currently at most one health check can be specified. A health check must be specified unless the backend service uses an internet or serverless NEG as a backend. For internal load balancing, a URL to a HealthCheck resource must be specified instead.
- iap Property Map
- Settings for enabling Cloud Identity Aware Proxy. If OAuth client is not set, the Google-managed OAuth client is used. Structure is documented below.
- ip
Address StringSelection Policy - Specifies preference of traffic to the backend (from the proxy and from the client for proxyless gRPC).
Possible values are:
IPV4_ONLY,PREFER_IPV6,IPV6_ONLY. - load
Balancing StringScheme - Indicates whether the backend service will be used with internal or
external load balancing. A backend service created for one type of
load balancing cannot be used with the other. For more information, refer to
Choosing a load balancer.
Default value is
EXTERNAL. Possible values are:EXTERNAL,INTERNAL_SELF_MANAGED,INTERNAL_MANAGED,EXTERNAL_MANAGED. - locality
Lb List<Property Map>Policies - A list of locality load balancing policies to be used in order of preference. Either the policy or the customPolicy field should be set. Overrides any value set in the localityLbPolicy field. localityLbPolicies is only supported when the BackendService is referenced by a URL Map that is referenced by a target gRPC proxy that has the validateForProxyless field set to true. Structure is documented below.
- locality
Lb StringPolicy - The load balancing algorithm used within the scope of the locality.
The possible values are:
ROUND_ROBIN: This is a simple policy in which each healthy backend is selected in round robin order.LEAST_REQUEST: An O(1) algorithm which selects two random healthy hosts and picks the host which has fewer active requests.RING_HASH: The ring/modulo hash load balancer implements consistent hashing to backends. The algorithm has the property that the addition/removal of a host from a set of N hosts only affects 1/N of the requests.RANDOM: The load balancer selects a random healthy host.ORIGINAL_DESTINATION: Backend host is selected based on the client connection metadata, i.e., connections are opened to the same address as the destination address of the incoming connection before the connection was redirected to the load balancer.MAGLEV: used as a drop in replacement for the ring hash load balancer. Maglev is not as stable as ring hash but has faster table lookup build times and host selection times. For more information about Maglev, refer to https://ai.google/research/pubs/pub44824WEIGHTED_MAGLEV: Per-instance weighted Load Balancing via health check reported weights. Only applicable to loadBalancingScheme EXTERNAL. If set, the Backend Service must configure a non legacy HTTP-based Health Check, and health check replies are expected to contain non-standard HTTP response header field X-Load-Balancing-Endpoint-Weight to specify the per-instance weights. If set, Load Balancing is weight based on the per-instance weights reported in the last processed health check replies, as long as every instance either reported a valid weight or had UNAVAILABLE_WEIGHT. Otherwise, Load Balancing remains equal-weight.WEIGHTED_ROUND_ROBIN: Per-endpoint weighted round-robin Load Balancing using weights computed from Backend reported Custom Metrics. If set, the Backend Service responses are expected to contain non-standard HTTP response header field X-Endpoint-Load-Metrics. The reported metrics to use for computing the weights are specified via the backends[].customMetrics fields. locality_lb_policy is applicable to either:- A regional backend service with the service_protocol set to HTTP, HTTPS, HTTP2 or H2C, and loadBalancingScheme set to INTERNAL_MANAGED.
- A global backend service with the load_balancing_scheme set to INTERNAL_SELF_MANAGED.
- A regional backend service with loadBalancingScheme set to EXTERNAL (External Network
Load Balancing). Only MAGLEV and WEIGHTED_MAGLEV values are possible for External
Network Load Balancing. The default is MAGLEV.
If session_affinity is not NONE, and locality_lb_policy is not set to MAGLEV, WEIGHTED_MAGLEV,
or RING_HASH, session affinity settings will not take effect.
Only ROUND_ROBIN and RING_HASH are supported when the backend service is referenced
by a URL map that is bound to target gRPC proxy that has validate_for_proxyless
field set to true.
Possible values are:
ROUND_ROBIN,LEAST_REQUEST,RING_HASH,RANDOM,ORIGINAL_DESTINATION,MAGLEV,WEIGHTED_MAGLEV,WEIGHTED_ROUND_ROBIN.
- log
Config Property Map - This field denotes the logging options for the load balancer traffic served by this backend service. If logging is enabled, logs will be exported to Stackdriver. Structure is documented below.
- max
Stream Property MapDuration - Specifies the default maximum duration (timeout) for streams to this service. Duration is computed from the beginning of the stream until the response has been completely processed, including all retries. A stream that does not complete in this duration is closed. If not specified, there will be no timeout limit, i.e. the maximum duration is infinite. This value can be overridden in the PathMatcher configuration of the UrlMap that references this backend service. This field is only allowed when the loadBalancingScheme of the backend service is INTERNAL_SELF_MANAGED. Structure is documented below.
- name String
- Name of the resource. Provided by the client when the resource is
created. The name must be 1-63 characters long, and comply with
RFC1035. Specifically, the name must be 1-63 characters long and match
the regular expression
a-z?which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. - network
Pass Property MapThrough Lb Traffic Policy - Configures traffic steering properties of internal passthrough Network Load Balancers. Structure is documented below.
- outlier
Detection Property Map - Settings controlling eviction of unhealthy hosts from the load balancing pool. Applicable backend service types can be a global backend service with the loadBalancingScheme set to INTERNAL_SELF_MANAGED or EXTERNAL_MANAGED. Structure is documented below.
- params Property Map
- Additional params passed with the request, but not persisted as part of resource payload Structure is documented below.
- port
Name String - Name of backend port. The same name should appear in the instance groups referenced by this service. Required when the load balancing scheme is EXTERNAL.
- project String
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- protocol String
- The protocol this BackendService uses to communicate with backends.
The default is HTTP. Possible values are HTTP, HTTPS, HTTP2, H2C, TCP, SSL, UDP
or GRPC. Refer to the documentation for the load balancers or for Traffic Director
for more information. Must be set to GRPC when the backend service is referenced
by a URL map that is bound to target gRPC proxy.
Possible values are:
HTTP,HTTPS,HTTP2,TCP,SSL,UDP,GRPC,UNSPECIFIED,H2C. - security
Policy String - The security policy associated with this backend service.
- security
Settings Property Map - The security settings that apply to this backend service. This field is applicable to either a regional backend service with the service_protocol set to HTTP, HTTPS, HTTP2 or H2C, and load_balancing_scheme set to INTERNAL_MANAGED; or a global backend service with the load_balancing_scheme set to INTERNAL_SELF_MANAGED. Structure is documented below.
- service
Lb StringPolicy - URL to networkservices.ServiceLbPolicy resource. Can only be set if load balancing scheme is EXTERNAL, EXTERNAL_MANAGED, INTERNAL_MANAGED or INTERNAL_SELF_MANAGED and the scope is global.
- session
Affinity String - Type of session affinity to use. The default is NONE. Session affinity is
not applicable if the protocol is UDP.
Possible values are:
NONE,CLIENT_IP,CLIENT_IP_PORT_PROTO,CLIENT_IP_PROTO,GENERATED_COOKIE,HEADER_FIELD,HTTP_COOKIE,STRONG_COOKIE_AFFINITY. - Property Map
- Describes the HTTP cookie used for stateful session affinity. This field is applicable and required if the sessionAffinity is set to STRONG_COOKIE_AFFINITY. Structure is documented below.
- timeout
Sec Number - The backend service timeout has a different meaning depending on the type of load balancer. For more information see, Backend service settings. The default is 30 seconds. The full range of timeout values allowed goes from 1 through 2,147,483,647 seconds.
- tls
Settings Property Map - Configuration for Backend Authenticated TLS and mTLS. May only be specified when the backend protocol is SSL, HTTPS or HTTP2. Structure is documented below.
Outputs
All input properties are implicitly available as output properties. Additionally, the BackendService resource produces the following output properties:
- Creation
Timestamp string - Creation timestamp in RFC3339 text format.
- Fingerprint string
- Fingerprint of this resource. A hash of the contents stored in this object. This field is used in optimistic locking.
- Generated
Id int - The unique identifier for the resource. This identifier is defined by the server.
- Id string
- The provider-assigned unique ID for this managed resource.
- Self
Link string - The URI of the created resource.
- Creation
Timestamp string - Creation timestamp in RFC3339 text format.
- Fingerprint string
- Fingerprint of this resource. A hash of the contents stored in this object. This field is used in optimistic locking.
- Generated
Id int - The unique identifier for the resource. This identifier is defined by the server.
- Id string
- The provider-assigned unique ID for this managed resource.
- Self
Link string - The URI of the created resource.
- creation
Timestamp String - Creation timestamp in RFC3339 text format.
- fingerprint String
- Fingerprint of this resource. A hash of the contents stored in this object. This field is used in optimistic locking.
- generated
Id Integer - The unique identifier for the resource. This identifier is defined by the server.
- id String
- The provider-assigned unique ID for this managed resource.
- self
Link String - The URI of the created resource.
- creation
Timestamp string - Creation timestamp in RFC3339 text format.
- fingerprint string
- Fingerprint of this resource. A hash of the contents stored in this object. This field is used in optimistic locking.
- generated
Id number - The unique identifier for the resource. This identifier is defined by the server.
- id string
- The provider-assigned unique ID for this managed resource.
- self
Link string - The URI of the created resource.
- creation_
timestamp str - Creation timestamp in RFC3339 text format.
- fingerprint str
- Fingerprint of this resource. A hash of the contents stored in this object. This field is used in optimistic locking.
- generated_
id int - The unique identifier for the resource. This identifier is defined by the server.
- id str
- The provider-assigned unique ID for this managed resource.
- self_
link str - The URI of the created resource.
- creation
Timestamp String - Creation timestamp in RFC3339 text format.
- fingerprint String
- Fingerprint of this resource. A hash of the contents stored in this object. This field is used in optimistic locking.
- generated
Id Number - The unique identifier for the resource. This identifier is defined by the server.
- id String
- The provider-assigned unique ID for this managed resource.
- self
Link String - The URI of the created resource.
Look up Existing BackendService Resource
Get an existing BackendService resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: BackendServiceState, opts?: CustomResourceOptions): BackendService@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
affinity_cookie_ttl_sec: Optional[int] = None,
backends: Optional[Sequence[BackendServiceBackendArgs]] = None,
cdn_policy: Optional[BackendServiceCdnPolicyArgs] = None,
circuit_breakers: Optional[BackendServiceCircuitBreakersArgs] = None,
compression_mode: Optional[str] = None,
connection_draining_timeout_sec: Optional[int] = None,
consistent_hash: Optional[BackendServiceConsistentHashArgs] = None,
creation_timestamp: Optional[str] = None,
custom_metrics: Optional[Sequence[BackendServiceCustomMetricArgs]] = None,
custom_request_headers: Optional[Sequence[str]] = None,
custom_response_headers: Optional[Sequence[str]] = None,
description: Optional[str] = None,
dynamic_forwarding: Optional[BackendServiceDynamicForwardingArgs] = None,
edge_security_policy: Optional[str] = None,
enable_cdn: Optional[bool] = None,
external_managed_migration_state: Optional[str] = None,
external_managed_migration_testing_percentage: Optional[float] = None,
fingerprint: Optional[str] = None,
generated_id: Optional[int] = None,
health_checks: Optional[str] = None,
iap: Optional[BackendServiceIapArgs] = None,
ip_address_selection_policy: Optional[str] = None,
load_balancing_scheme: Optional[str] = None,
locality_lb_policies: Optional[Sequence[BackendServiceLocalityLbPolicyArgs]] = None,
locality_lb_policy: Optional[str] = None,
log_config: Optional[BackendServiceLogConfigArgs] = None,
max_stream_duration: Optional[BackendServiceMaxStreamDurationArgs] = None,
name: Optional[str] = None,
network_pass_through_lb_traffic_policy: Optional[BackendServiceNetworkPassThroughLbTrafficPolicyArgs] = None,
outlier_detection: Optional[BackendServiceOutlierDetectionArgs] = None,
params: Optional[BackendServiceParamsArgs] = None,
port_name: Optional[str] = None,
project: Optional[str] = None,
protocol: Optional[str] = None,
security_policy: Optional[str] = None,
security_settings: Optional[BackendServiceSecuritySettingsArgs] = None,
self_link: Optional[str] = None,
service_lb_policy: Optional[str] = None,
session_affinity: Optional[str] = None,
strong_session_affinity_cookie: Optional[BackendServiceStrongSessionAffinityCookieArgs] = None,
timeout_sec: Optional[int] = None,
tls_settings: Optional[BackendServiceTlsSettingsArgs] = None) -> BackendServicefunc GetBackendService(ctx *Context, name string, id IDInput, state *BackendServiceState, opts ...ResourceOption) (*BackendService, error)public static BackendService Get(string name, Input<string> id, BackendServiceState? state, CustomResourceOptions? opts = null)public static BackendService get(String name, Output<String> id, BackendServiceState state, CustomResourceOptions options)resources: _: type: gcp:compute:BackendService get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- int
- Lifetime of cookies in seconds if session_affinity is GENERATED_COOKIE. If set to 0, the cookie is non-persistent and lasts only until the end of the browser session (or equivalent). The maximum allowed value for TTL is one day. When the load balancing scheme is INTERNAL, this field is not used.
- Backends
List<Backend
Service Backend> - The set of backends that serve this BackendService. Structure is documented below.
- Cdn
Policy BackendService Cdn Policy - Cloud CDN configuration for this BackendService. Structure is documented below.
- Circuit
Breakers BackendService Circuit Breakers - Settings controlling the volume of connections to a backend service. This field is applicable only when the load_balancing_scheme is set to INTERNAL_SELF_MANAGED. Structure is documented below.
- Compression
Mode string - Compress text responses using Brotli or gzip compression, based on the client's Accept-Encoding header.
Possible values are:
AUTOMATIC,DISABLED. - Connection
Draining intTimeout Sec - Time for which instance will be drained (not accept new connections, but still work to finish started).
- Consistent
Hash BackendService Consistent Hash - Consistent Hash-based load balancing can be used to provide soft session affinity based on HTTP headers, cookies or other properties. This load balancing policy is applicable only for HTTP connections. The affinity to a particular destination host will be lost when one or more hosts are added/removed from the destination service. This field specifies parameters that control consistent hashing. This field only applies if the load_balancing_scheme is set to INTERNAL_SELF_MANAGED. This field is only applicable when locality_lb_policy is set to MAGLEV or RING_HASH. Structure is documented below.
- Creation
Timestamp string - Creation timestamp in RFC3339 text format.
- Custom
Metrics List<BackendService Custom Metric> - List of custom metrics that are used for the WEIGHTED_ROUND_ROBIN locality_lb_policy. Structure is documented below.
- Custom
Request List<string>Headers - Headers that the HTTP/S load balancer should add to proxied requests.
- Custom
Response List<string>Headers - Headers that the HTTP/S load balancer should add to proxied responses.
- Description string
- An optional description of this resource.
- Dynamic
Forwarding BackendService Dynamic Forwarding - Dynamic forwarding configuration. This field is used to configure the backend service with dynamic forwarding feature which together with Service Extension allows customized and complex routing logic. Structure is documented below.
- Edge
Security stringPolicy - The resource URL for the edge security policy associated with this backend service.
- Enable
Cdn bool - If true, enable Cloud CDN for this BackendService.
- External
Managed stringMigration State - Specifies the canary migration state. Possible values are PREPARE, TEST_BY_PERCENTAGE, and
TEST_ALL_TRAFFIC.
To begin the migration from EXTERNAL to EXTERNAL_MANAGED, the state must be changed to
PREPARE. The state must be changed to TEST_ALL_TRAFFIC before the loadBalancingScheme can be
changed to EXTERNAL_MANAGED. Optionally, the TEST_BY_PERCENTAGE state can be used to migrate
traffic by percentage using externalManagedMigrationTestingPercentage.
Rolling back a migration requires the states to be set in reverse order. So changing the
scheme from EXTERNAL_MANAGED to EXTERNAL requires the state to be set to TEST_ALL_TRAFFIC at
the same time. Optionally, the TEST_BY_PERCENTAGE state can be used to migrate some traffic
back to EXTERNAL or PREPARE can be used to migrate all traffic back to EXTERNAL.
Possible values are:
PREPARE,TEST_BY_PERCENTAGE,TEST_ALL_TRAFFIC. - External
Managed doubleMigration Testing Percentage - Determines the fraction of requests that should be processed by the Global external Application Load Balancer. The value of this field must be in the range [0, 100]. Session affinity options will slightly affect this routing behavior, for more details, see: Session Affinity. This value can only be set if the loadBalancingScheme in the backend service is set to EXTERNAL (when using the Classic ALB) and the migration state is TEST_BY_PERCENTAGE.
- Fingerprint string
- Fingerprint of this resource. A hash of the contents stored in this object. This field is used in optimistic locking.
- Generated
Id int - The unique identifier for the resource. This identifier is defined by the server.
- Health
Checks string - The set of URLs to the HttpHealthCheck or HttpsHealthCheck resource for health checking this BackendService. Currently at most one health check can be specified. A health check must be specified unless the backend service uses an internet or serverless NEG as a backend. For internal load balancing, a URL to a HealthCheck resource must be specified instead.
- Iap
Backend
Service Iap - Settings for enabling Cloud Identity Aware Proxy. If OAuth client is not set, the Google-managed OAuth client is used. Structure is documented below.
- Ip
Address stringSelection Policy - Specifies preference of traffic to the backend (from the proxy and from the client for proxyless gRPC).
Possible values are:
IPV4_ONLY,PREFER_IPV6,IPV6_ONLY. - Load
Balancing stringScheme - Indicates whether the backend service will be used with internal or
external load balancing. A backend service created for one type of
load balancing cannot be used with the other. For more information, refer to
Choosing a load balancer.
Default value is
EXTERNAL. Possible values are:EXTERNAL,INTERNAL_SELF_MANAGED,INTERNAL_MANAGED,EXTERNAL_MANAGED. - Locality
Lb List<BackendPolicies Service Locality Lb Policy> - A list of locality load balancing policies to be used in order of preference. Either the policy or the customPolicy field should be set. Overrides any value set in the localityLbPolicy field. localityLbPolicies is only supported when the BackendService is referenced by a URL Map that is referenced by a target gRPC proxy that has the validateForProxyless field set to true. Structure is documented below.
- Locality
Lb stringPolicy - The load balancing algorithm used within the scope of the locality.
The possible values are:
ROUND_ROBIN: This is a simple policy in which each healthy backend is selected in round robin order.LEAST_REQUEST: An O(1) algorithm which selects two random healthy hosts and picks the host which has fewer active requests.RING_HASH: The ring/modulo hash load balancer implements consistent hashing to backends. The algorithm has the property that the addition/removal of a host from a set of N hosts only affects 1/N of the requests.RANDOM: The load balancer selects a random healthy host.ORIGINAL_DESTINATION: Backend host is selected based on the client connection metadata, i.e., connections are opened to the same address as the destination address of the incoming connection before the connection was redirected to the load balancer.MAGLEV: used as a drop in replacement for the ring hash load balancer. Maglev is not as stable as ring hash but has faster table lookup build times and host selection times. For more information about Maglev, refer to https://ai.google/research/pubs/pub44824WEIGHTED_MAGLEV: Per-instance weighted Load Balancing via health check reported weights. Only applicable to loadBalancingScheme EXTERNAL. If set, the Backend Service must configure a non legacy HTTP-based Health Check, and health check replies are expected to contain non-standard HTTP response header field X-Load-Balancing-Endpoint-Weight to specify the per-instance weights. If set, Load Balancing is weight based on the per-instance weights reported in the last processed health check replies, as long as every instance either reported a valid weight or had UNAVAILABLE_WEIGHT. Otherwise, Load Balancing remains equal-weight.WEIGHTED_ROUND_ROBIN: Per-endpoint weighted round-robin Load Balancing using weights computed from Backend reported Custom Metrics. If set, the Backend Service responses are expected to contain non-standard HTTP response header field X-Endpoint-Load-Metrics. The reported metrics to use for computing the weights are specified via the backends[].customMetrics fields. locality_lb_policy is applicable to either:- A regional backend service with the service_protocol set to HTTP, HTTPS, HTTP2 or H2C, and loadBalancingScheme set to INTERNAL_MANAGED.
- A global backend service with the load_balancing_scheme set to INTERNAL_SELF_MANAGED.
- A regional backend service with loadBalancingScheme set to EXTERNAL (External Network
Load Balancing). Only MAGLEV and WEIGHTED_MAGLEV values are possible for External
Network Load Balancing. The default is MAGLEV.
If session_affinity is not NONE, and locality_lb_policy is not set to MAGLEV, WEIGHTED_MAGLEV,
or RING_HASH, session affinity settings will not take effect.
Only ROUND_ROBIN and RING_HASH are supported when the backend service is referenced
by a URL map that is bound to target gRPC proxy that has validate_for_proxyless
field set to true.
Possible values are:
ROUND_ROBIN,LEAST_REQUEST,RING_HASH,RANDOM,ORIGINAL_DESTINATION,MAGLEV,WEIGHTED_MAGLEV,WEIGHTED_ROUND_ROBIN.
- Log
Config BackendService Log Config - This field denotes the logging options for the load balancer traffic served by this backend service. If logging is enabled, logs will be exported to Stackdriver. Structure is documented below.
- Max
Stream BackendDuration Service Max Stream Duration - Specifies the default maximum duration (timeout) for streams to this service. Duration is computed from the beginning of the stream until the response has been completely processed, including all retries. A stream that does not complete in this duration is closed. If not specified, there will be no timeout limit, i.e. the maximum duration is infinite. This value can be overridden in the PathMatcher configuration of the UrlMap that references this backend service. This field is only allowed when the loadBalancingScheme of the backend service is INTERNAL_SELF_MANAGED. Structure is documented below.
- Name string
- Name of the resource. Provided by the client when the resource is
created. The name must be 1-63 characters long, and comply with
RFC1035. Specifically, the name must be 1-63 characters long and match
the regular expression
a-z?which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. - Network
Pass BackendThrough Lb Traffic Policy Service Network Pass Through Lb Traffic Policy - Configures traffic steering properties of internal passthrough Network Load Balancers. Structure is documented below.
- Outlier
Detection BackendService Outlier Detection - Settings controlling eviction of unhealthy hosts from the load balancing pool. Applicable backend service types can be a global backend service with the loadBalancingScheme set to INTERNAL_SELF_MANAGED or EXTERNAL_MANAGED. Structure is documented below.
- Params
Backend
Service Params - Additional params passed with the request, but not persisted as part of resource payload Structure is documented below.
- Port
Name string - Name of backend port. The same name should appear in the instance groups referenced by this service. Required when the load balancing scheme is EXTERNAL.
- Project string
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- Protocol string
- The protocol this BackendService uses to communicate with backends.
The default is HTTP. Possible values are HTTP, HTTPS, HTTP2, H2C, TCP, SSL, UDP
or GRPC. Refer to the documentation for the load balancers or for Traffic Director
for more information. Must be set to GRPC when the backend service is referenced
by a URL map that is bound to target gRPC proxy.
Possible values are:
HTTP,HTTPS,HTTP2,TCP,SSL,UDP,GRPC,UNSPECIFIED,H2C. - Security
Policy string - The security policy associated with this backend service.
- Security
Settings BackendService Security Settings - The security settings that apply to this backend service. This field is applicable to either a regional backend service with the service_protocol set to HTTP, HTTPS, HTTP2 or H2C, and load_balancing_scheme set to INTERNAL_MANAGED; or a global backend service with the load_balancing_scheme set to INTERNAL_SELF_MANAGED. Structure is documented below.
- Self
Link string - The URI of the created resource.
- Service
Lb stringPolicy - URL to networkservices.ServiceLbPolicy resource. Can only be set if load balancing scheme is EXTERNAL, EXTERNAL_MANAGED, INTERNAL_MANAGED or INTERNAL_SELF_MANAGED and the scope is global.
- Session
Affinity string - Type of session affinity to use. The default is NONE. Session affinity is
not applicable if the protocol is UDP.
Possible values are:
NONE,CLIENT_IP,CLIENT_IP_PORT_PROTO,CLIENT_IP_PROTO,GENERATED_COOKIE,HEADER_FIELD,HTTP_COOKIE,STRONG_COOKIE_AFFINITY. -
Backend
Service Strong Session Affinity Cookie - Describes the HTTP cookie used for stateful session affinity. This field is applicable and required if the sessionAffinity is set to STRONG_COOKIE_AFFINITY. Structure is documented below.
- Timeout
Sec int - The backend service timeout has a different meaning depending on the type of load balancer. For more information see, Backend service settings. The default is 30 seconds. The full range of timeout values allowed goes from 1 through 2,147,483,647 seconds.
- Tls
Settings BackendService Tls Settings - Configuration for Backend Authenticated TLS and mTLS. May only be specified when the backend protocol is SSL, HTTPS or HTTP2. Structure is documented below.
- int
- Lifetime of cookies in seconds if session_affinity is GENERATED_COOKIE. If set to 0, the cookie is non-persistent and lasts only until the end of the browser session (or equivalent). The maximum allowed value for TTL is one day. When the load balancing scheme is INTERNAL, this field is not used.
- Backends
[]Backend
Service Backend Args - The set of backends that serve this BackendService. Structure is documented below.
- Cdn
Policy BackendService Cdn Policy Args - Cloud CDN configuration for this BackendService. Structure is documented below.
- Circuit
Breakers BackendService Circuit Breakers Args - Settings controlling the volume of connections to a backend service. This field is applicable only when the load_balancing_scheme is set to INTERNAL_SELF_MANAGED. Structure is documented below.
- Compression
Mode string - Compress text responses using Brotli or gzip compression, based on the client's Accept-Encoding header.
Possible values are:
AUTOMATIC,DISABLED. - Connection
Draining intTimeout Sec - Time for which instance will be drained (not accept new connections, but still work to finish started).
- Consistent
Hash BackendService Consistent Hash Args - Consistent Hash-based load balancing can be used to provide soft session affinity based on HTTP headers, cookies or other properties. This load balancing policy is applicable only for HTTP connections. The affinity to a particular destination host will be lost when one or more hosts are added/removed from the destination service. This field specifies parameters that control consistent hashing. This field only applies if the load_balancing_scheme is set to INTERNAL_SELF_MANAGED. This field is only applicable when locality_lb_policy is set to MAGLEV or RING_HASH. Structure is documented below.
- Creation
Timestamp string - Creation timestamp in RFC3339 text format.
- Custom
Metrics []BackendService Custom Metric Args - List of custom metrics that are used for the WEIGHTED_ROUND_ROBIN locality_lb_policy. Structure is documented below.
- Custom
Request []stringHeaders - Headers that the HTTP/S load balancer should add to proxied requests.
- Custom
Response []stringHeaders - Headers that the HTTP/S load balancer should add to proxied responses.
- Description string
- An optional description of this resource.
- Dynamic
Forwarding BackendService Dynamic Forwarding Args - Dynamic forwarding configuration. This field is used to configure the backend service with dynamic forwarding feature which together with Service Extension allows customized and complex routing logic. Structure is documented below.
- Edge
Security stringPolicy - The resource URL for the edge security policy associated with this backend service.
- Enable
Cdn bool - If true, enable Cloud CDN for this BackendService.
- External
Managed stringMigration State - Specifies the canary migration state. Possible values are PREPARE, TEST_BY_PERCENTAGE, and
TEST_ALL_TRAFFIC.
To begin the migration from EXTERNAL to EXTERNAL_MANAGED, the state must be changed to
PREPARE. The state must be changed to TEST_ALL_TRAFFIC before the loadBalancingScheme can be
changed to EXTERNAL_MANAGED. Optionally, the TEST_BY_PERCENTAGE state can be used to migrate
traffic by percentage using externalManagedMigrationTestingPercentage.
Rolling back a migration requires the states to be set in reverse order. So changing the
scheme from EXTERNAL_MANAGED to EXTERNAL requires the state to be set to TEST_ALL_TRAFFIC at
the same time. Optionally, the TEST_BY_PERCENTAGE state can be used to migrate some traffic
back to EXTERNAL or PREPARE can be used to migrate all traffic back to EXTERNAL.
Possible values are:
PREPARE,TEST_BY_PERCENTAGE,TEST_ALL_TRAFFIC. - External
Managed float64Migration Testing Percentage - Determines the fraction of requests that should be processed by the Global external Application Load Balancer. The value of this field must be in the range [0, 100]. Session affinity options will slightly affect this routing behavior, for more details, see: Session Affinity. This value can only be set if the loadBalancingScheme in the backend service is set to EXTERNAL (when using the Classic ALB) and the migration state is TEST_BY_PERCENTAGE.
- Fingerprint string
- Fingerprint of this resource. A hash of the contents stored in this object. This field is used in optimistic locking.
- Generated
Id int - The unique identifier for the resource. This identifier is defined by the server.
- Health
Checks string - The set of URLs to the HttpHealthCheck or HttpsHealthCheck resource for health checking this BackendService. Currently at most one health check can be specified. A health check must be specified unless the backend service uses an internet or serverless NEG as a backend. For internal load balancing, a URL to a HealthCheck resource must be specified instead.
- Iap
Backend
Service Iap Args - Settings for enabling Cloud Identity Aware Proxy. If OAuth client is not set, the Google-managed OAuth client is used. Structure is documented below.
- Ip
Address stringSelection Policy - Specifies preference of traffic to the backend (from the proxy and from the client for proxyless gRPC).
Possible values are:
IPV4_ONLY,PREFER_IPV6,IPV6_ONLY. - Load
Balancing stringScheme - Indicates whether the backend service will be used with internal or
external load balancing. A backend service created for one type of
load balancing cannot be used with the other. For more information, refer to
Choosing a load balancer.
Default value is
EXTERNAL. Possible values are:EXTERNAL,INTERNAL_SELF_MANAGED,INTERNAL_MANAGED,EXTERNAL_MANAGED. - Locality
Lb []BackendPolicies Service Locality Lb Policy Args - A list of locality load balancing policies to be used in order of preference. Either the policy or the customPolicy field should be set. Overrides any value set in the localityLbPolicy field. localityLbPolicies is only supported when the BackendService is referenced by a URL Map that is referenced by a target gRPC proxy that has the validateForProxyless field set to true. Structure is documented below.
- Locality
Lb stringPolicy - The load balancing algorithm used within the scope of the locality.
The possible values are:
ROUND_ROBIN: This is a simple policy in which each healthy backend is selected in round robin order.LEAST_REQUEST: An O(1) algorithm which selects two random healthy hosts and picks the host which has fewer active requests.RING_HASH: The ring/modulo hash load balancer implements consistent hashing to backends. The algorithm has the property that the addition/removal of a host from a set of N hosts only affects 1/N of the requests.RANDOM: The load balancer selects a random healthy host.ORIGINAL_DESTINATION: Backend host is selected based on the client connection metadata, i.e., connections are opened to the same address as the destination address of the incoming connection before the connection was redirected to the load balancer.MAGLEV: used as a drop in replacement for the ring hash load balancer. Maglev is not as stable as ring hash but has faster table lookup build times and host selection times. For more information about Maglev, refer to https://ai.google/research/pubs/pub44824WEIGHTED_MAGLEV: Per-instance weighted Load Balancing via health check reported weights. Only applicable to loadBalancingScheme EXTERNAL. If set, the Backend Service must configure a non legacy HTTP-based Health Check, and health check replies are expected to contain non-standard HTTP response header field X-Load-Balancing-Endpoint-Weight to specify the per-instance weights. If set, Load Balancing is weight based on the per-instance weights reported in the last processed health check replies, as long as every instance either reported a valid weight or had UNAVAILABLE_WEIGHT. Otherwise, Load Balancing remains equal-weight.WEIGHTED_ROUND_ROBIN: Per-endpoint weighted round-robin Load Balancing using weights computed from Backend reported Custom Metrics. If set, the Backend Service responses are expected to contain non-standard HTTP response header field X-Endpoint-Load-Metrics. The reported metrics to use for computing the weights are specified via the backends[].customMetrics fields. locality_lb_policy is applicable to either:- A regional backend service with the service_protocol set to HTTP, HTTPS, HTTP2 or H2C, and loadBalancingScheme set to INTERNAL_MANAGED.
- A global backend service with the load_balancing_scheme set to INTERNAL_SELF_MANAGED.
- A regional backend service with loadBalancingScheme set to EXTERNAL (External Network
Load Balancing). Only MAGLEV and WEIGHTED_MAGLEV values are possible for External
Network Load Balancing. The default is MAGLEV.
If session_affinity is not NONE, and locality_lb_policy is not set to MAGLEV, WEIGHTED_MAGLEV,
or RING_HASH, session affinity settings will not take effect.
Only ROUND_ROBIN and RING_HASH are supported when the backend service is referenced
by a URL map that is bound to target gRPC proxy that has validate_for_proxyless
field set to true.
Possible values are:
ROUND_ROBIN,LEAST_REQUEST,RING_HASH,RANDOM,ORIGINAL_DESTINATION,MAGLEV,WEIGHTED_MAGLEV,WEIGHTED_ROUND_ROBIN.
- Log
Config BackendService Log Config Args - This field denotes the logging options for the load balancer traffic served by this backend service. If logging is enabled, logs will be exported to Stackdriver. Structure is documented below.
- Max
Stream BackendDuration Service Max Stream Duration Args - Specifies the default maximum duration (timeout) for streams to this service. Duration is computed from the beginning of the stream until the response has been completely processed, including all retries. A stream that does not complete in this duration is closed. If not specified, there will be no timeout limit, i.e. the maximum duration is infinite. This value can be overridden in the PathMatcher configuration of the UrlMap that references this backend service. This field is only allowed when the loadBalancingScheme of the backend service is INTERNAL_SELF_MANAGED. Structure is documented below.
- Name string
- Name of the resource. Provided by the client when the resource is
created. The name must be 1-63 characters long, and comply with
RFC1035. Specifically, the name must be 1-63 characters long and match
the regular expression
a-z?which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. - Network
Pass BackendThrough Lb Traffic Policy Service Network Pass Through Lb Traffic Policy Args - Configures traffic steering properties of internal passthrough Network Load Balancers. Structure is documented below.
- Outlier
Detection BackendService Outlier Detection Args - Settings controlling eviction of unhealthy hosts from the load balancing pool. Applicable backend service types can be a global backend service with the loadBalancingScheme set to INTERNAL_SELF_MANAGED or EXTERNAL_MANAGED. Structure is documented below.
- Params
Backend
Service Params Args - Additional params passed with the request, but not persisted as part of resource payload Structure is documented below.
- Port
Name string - Name of backend port. The same name should appear in the instance groups referenced by this service. Required when the load balancing scheme is EXTERNAL.
- Project string
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- Protocol string
- The protocol this BackendService uses to communicate with backends.
The default is HTTP. Possible values are HTTP, HTTPS, HTTP2, H2C, TCP, SSL, UDP
or GRPC. Refer to the documentation for the load balancers or for Traffic Director
for more information. Must be set to GRPC when the backend service is referenced
by a URL map that is bound to target gRPC proxy.
Possible values are:
HTTP,HTTPS,HTTP2,TCP,SSL,UDP,GRPC,UNSPECIFIED,H2C. - Security
Policy string - The security policy associated with this backend service.
- Security
Settings BackendService Security Settings Args - The security settings that apply to this backend service. This field is applicable to either a regional backend service with the service_protocol set to HTTP, HTTPS, HTTP2 or H2C, and load_balancing_scheme set to INTERNAL_MANAGED; or a global backend service with the load_balancing_scheme set to INTERNAL_SELF_MANAGED. Structure is documented below.
- Self
Link string - The URI of the created resource.
- Service
Lb stringPolicy - URL to networkservices.ServiceLbPolicy resource. Can only be set if load balancing scheme is EXTERNAL, EXTERNAL_MANAGED, INTERNAL_MANAGED or INTERNAL_SELF_MANAGED and the scope is global.
- Session
Affinity string - Type of session affinity to use. The default is NONE. Session affinity is
not applicable if the protocol is UDP.
Possible values are:
NONE,CLIENT_IP,CLIENT_IP_PORT_PROTO,CLIENT_IP_PROTO,GENERATED_COOKIE,HEADER_FIELD,HTTP_COOKIE,STRONG_COOKIE_AFFINITY. -
Backend
Service Strong Session Affinity Cookie Args - Describes the HTTP cookie used for stateful session affinity. This field is applicable and required if the sessionAffinity is set to STRONG_COOKIE_AFFINITY. Structure is documented below.
- Timeout
Sec int - The backend service timeout has a different meaning depending on the type of load balancer. For more information see, Backend service settings. The default is 30 seconds. The full range of timeout values allowed goes from 1 through 2,147,483,647 seconds.
- Tls
Settings BackendService Tls Settings Args - Configuration for Backend Authenticated TLS and mTLS. May only be specified when the backend protocol is SSL, HTTPS or HTTP2. Structure is documented below.
- Integer
- Lifetime of cookies in seconds if session_affinity is GENERATED_COOKIE. If set to 0, the cookie is non-persistent and lasts only until the end of the browser session (or equivalent). The maximum allowed value for TTL is one day. When the load balancing scheme is INTERNAL, this field is not used.
- backends
List<Backend
Service Backend> - The set of backends that serve this BackendService. Structure is documented below.
- cdn
Policy BackendService Cdn Policy - Cloud CDN configuration for this BackendService. Structure is documented below.
- circuit
Breakers BackendService Circuit Breakers - Settings controlling the volume of connections to a backend service. This field is applicable only when the load_balancing_scheme is set to INTERNAL_SELF_MANAGED. Structure is documented below.
- compression
Mode String - Compress text responses using Brotli or gzip compression, based on the client's Accept-Encoding header.
Possible values are:
AUTOMATIC,DISABLED. - connection
Draining IntegerTimeout Sec - Time for which instance will be drained (not accept new connections, but still work to finish started).
- consistent
Hash BackendService Consistent Hash - Consistent Hash-based load balancing can be used to provide soft session affinity based on HTTP headers, cookies or other properties. This load balancing policy is applicable only for HTTP connections. The affinity to a particular destination host will be lost when one or more hosts are added/removed from the destination service. This field specifies parameters that control consistent hashing. This field only applies if the load_balancing_scheme is set to INTERNAL_SELF_MANAGED. This field is only applicable when locality_lb_policy is set to MAGLEV or RING_HASH. Structure is documented below.
- creation
Timestamp String - Creation timestamp in RFC3339 text format.
- custom
Metrics List<BackendService Custom Metric> - List of custom metrics that are used for the WEIGHTED_ROUND_ROBIN locality_lb_policy. Structure is documented below.
- custom
Request List<String>Headers - Headers that the HTTP/S load balancer should add to proxied requests.
- custom
Response List<String>Headers - Headers that the HTTP/S load balancer should add to proxied responses.
- description String
- An optional description of this resource.
- dynamic
Forwarding BackendService Dynamic Forwarding - Dynamic forwarding configuration. This field is used to configure the backend service with dynamic forwarding feature which together with Service Extension allows customized and complex routing logic. Structure is documented below.
- edge
Security StringPolicy - The resource URL for the edge security policy associated with this backend service.
- enable
Cdn Boolean - If true, enable Cloud CDN for this BackendService.
- external
Managed StringMigration State - Specifies the canary migration state. Possible values are PREPARE, TEST_BY_PERCENTAGE, and
TEST_ALL_TRAFFIC.
To begin the migration from EXTERNAL to EXTERNAL_MANAGED, the state must be changed to
PREPARE. The state must be changed to TEST_ALL_TRAFFIC before the loadBalancingScheme can be
changed to EXTERNAL_MANAGED. Optionally, the TEST_BY_PERCENTAGE state can be used to migrate
traffic by percentage using externalManagedMigrationTestingPercentage.
Rolling back a migration requires the states to be set in reverse order. So changing the
scheme from EXTERNAL_MANAGED to EXTERNAL requires the state to be set to TEST_ALL_TRAFFIC at
the same time. Optionally, the TEST_BY_PERCENTAGE state can be used to migrate some traffic
back to EXTERNAL or PREPARE can be used to migrate all traffic back to EXTERNAL.
Possible values are:
PREPARE,TEST_BY_PERCENTAGE,TEST_ALL_TRAFFIC. - external
Managed DoubleMigration Testing Percentage - Determines the fraction of requests that should be processed by the Global external Application Load Balancer. The value of this field must be in the range [0, 100]. Session affinity options will slightly affect this routing behavior, for more details, see: Session Affinity. This value can only be set if the loadBalancingScheme in the backend service is set to EXTERNAL (when using the Classic ALB) and the migration state is TEST_BY_PERCENTAGE.
- fingerprint String
- Fingerprint of this resource. A hash of the contents stored in this object. This field is used in optimistic locking.
- generated
Id Integer - The unique identifier for the resource. This identifier is defined by the server.
- health
Checks String - The set of URLs to the HttpHealthCheck or HttpsHealthCheck resource for health checking this BackendService. Currently at most one health check can be specified. A health check must be specified unless the backend service uses an internet or serverless NEG as a backend. For internal load balancing, a URL to a HealthCheck resource must be specified instead.
- iap
Backend
Service Iap - Settings for enabling Cloud Identity Aware Proxy. If OAuth client is not set, the Google-managed OAuth client is used. Structure is documented below.
- ip
Address StringSelection Policy - Specifies preference of traffic to the backend (from the proxy and from the client for proxyless gRPC).
Possible values are:
IPV4_ONLY,PREFER_IPV6,IPV6_ONLY. - load
Balancing StringScheme - Indicates whether the backend service will be used with internal or
external load balancing. A backend service created for one type of
load balancing cannot be used with the other. For more information, refer to
Choosing a load balancer.
Default value is
EXTERNAL. Possible values are:EXTERNAL,INTERNAL_SELF_MANAGED,INTERNAL_MANAGED,EXTERNAL_MANAGED. - locality
Lb List<BackendPolicies Service Locality Lb Policy> - A list of locality load balancing policies to be used in order of preference. Either the policy or the customPolicy field should be set. Overrides any value set in the localityLbPolicy field. localityLbPolicies is only supported when the BackendService is referenced by a URL Map that is referenced by a target gRPC proxy that has the validateForProxyless field set to true. Structure is documented below.
- locality
Lb StringPolicy - The load balancing algorithm used within the scope of the locality.
The possible values are:
ROUND_ROBIN: This is a simple policy in which each healthy backend is selected in round robin order.LEAST_REQUEST: An O(1) algorithm which selects two random healthy hosts and picks the host which has fewer active requests.RING_HASH: The ring/modulo hash load balancer implements consistent hashing to backends. The algorithm has the property that the addition/removal of a host from a set of N hosts only affects 1/N of the requests.RANDOM: The load balancer selects a random healthy host.ORIGINAL_DESTINATION: Backend host is selected based on the client connection metadata, i.e., connections are opened to the same address as the destination address of the incoming connection before the connection was redirected to the load balancer.MAGLEV: used as a drop in replacement for the ring hash load balancer. Maglev is not as stable as ring hash but has faster table lookup build times and host selection times. For more information about Maglev, refer to https://ai.google/research/pubs/pub44824WEIGHTED_MAGLEV: Per-instance weighted Load Balancing via health check reported weights. Only applicable to loadBalancingScheme EXTERNAL. If set, the Backend Service must configure a non legacy HTTP-based Health Check, and health check replies are expected to contain non-standard HTTP response header field X-Load-Balancing-Endpoint-Weight to specify the per-instance weights. If set, Load Balancing is weight based on the per-instance weights reported in the last processed health check replies, as long as every instance either reported a valid weight or had UNAVAILABLE_WEIGHT. Otherwise, Load Balancing remains equal-weight.WEIGHTED_ROUND_ROBIN: Per-endpoint weighted round-robin Load Balancing using weights computed from Backend reported Custom Metrics. If set, the Backend Service responses are expected to contain non-standard HTTP response header field X-Endpoint-Load-Metrics. The reported metrics to use for computing the weights are specified via the backends[].customMetrics fields. locality_lb_policy is applicable to either:- A regional backend service with the service_protocol set to HTTP, HTTPS, HTTP2 or H2C, and loadBalancingScheme set to INTERNAL_MANAGED.
- A global backend service with the load_balancing_scheme set to INTERNAL_SELF_MANAGED.
- A regional backend service with loadBalancingScheme set to EXTERNAL (External Network
Load Balancing). Only MAGLEV and WEIGHTED_MAGLEV values are possible for External
Network Load Balancing. The default is MAGLEV.
If session_affinity is not NONE, and locality_lb_policy is not set to MAGLEV, WEIGHTED_MAGLEV,
or RING_HASH, session affinity settings will not take effect.
Only ROUND_ROBIN and RING_HASH are supported when the backend service is referenced
by a URL map that is bound to target gRPC proxy that has validate_for_proxyless
field set to true.
Possible values are:
ROUND_ROBIN,LEAST_REQUEST,RING_HASH,RANDOM,ORIGINAL_DESTINATION,MAGLEV,WEIGHTED_MAGLEV,WEIGHTED_ROUND_ROBIN.
- log
Config BackendService Log Config - This field denotes the logging options for the load balancer traffic served by this backend service. If logging is enabled, logs will be exported to Stackdriver. Structure is documented below.
- max
Stream BackendDuration Service Max Stream Duration - Specifies the default maximum duration (timeout) for streams to this service. Duration is computed from the beginning of the stream until the response has been completely processed, including all retries. A stream that does not complete in this duration is closed. If not specified, there will be no timeout limit, i.e. the maximum duration is infinite. This value can be overridden in the PathMatcher configuration of the UrlMap that references this backend service. This field is only allowed when the loadBalancingScheme of the backend service is INTERNAL_SELF_MANAGED. Structure is documented below.
- name String
- Name of the resource. Provided by the client when the resource is
created. The name must be 1-63 characters long, and comply with
RFC1035. Specifically, the name must be 1-63 characters long and match
the regular expression
a-z?which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. - network
Pass BackendThrough Lb Traffic Policy Service Network Pass Through Lb Traffic Policy - Configures traffic steering properties of internal passthrough Network Load Balancers. Structure is documented below.
- outlier
Detection BackendService Outlier Detection - Settings controlling eviction of unhealthy hosts from the load balancing pool. Applicable backend service types can be a global backend service with the loadBalancingScheme set to INTERNAL_SELF_MANAGED or EXTERNAL_MANAGED. Structure is documented below.
- params
Backend
Service Params - Additional params passed with the request, but not persisted as part of resource payload Structure is documented below.
- port
Name String - Name of backend port. The same name should appear in the instance groups referenced by this service. Required when the load balancing scheme is EXTERNAL.
- project String
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- protocol String
- The protocol this BackendService uses to communicate with backends.
The default is HTTP. Possible values are HTTP, HTTPS, HTTP2, H2C, TCP, SSL, UDP
or GRPC. Refer to the documentation for the load balancers or for Traffic Director
for more information. Must be set to GRPC when the backend service is referenced
by a URL map that is bound to target gRPC proxy.
Possible values are:
HTTP,HTTPS,HTTP2,TCP,SSL,UDP,GRPC,UNSPECIFIED,H2C. - security
Policy String - The security policy associated with this backend service.
- security
Settings BackendService Security Settings - The security settings that apply to this backend service. This field is applicable to either a regional backend service with the service_protocol set to HTTP, HTTPS, HTTP2 or H2C, and load_balancing_scheme set to INTERNAL_MANAGED; or a global backend service with the load_balancing_scheme set to INTERNAL_SELF_MANAGED. Structure is documented below.
- self
Link String - The URI of the created resource.
- service
Lb StringPolicy - URL to networkservices.ServiceLbPolicy resource. Can only be set if load balancing scheme is EXTERNAL, EXTERNAL_MANAGED, INTERNAL_MANAGED or INTERNAL_SELF_MANAGED and the scope is global.
- session
Affinity String - Type of session affinity to use. The default is NONE. Session affinity is
not applicable if the protocol is UDP.
Possible values are:
NONE,CLIENT_IP,CLIENT_IP_PORT_PROTO,CLIENT_IP_PROTO,GENERATED_COOKIE,HEADER_FIELD,HTTP_COOKIE,STRONG_COOKIE_AFFINITY. -
Backend
Service Strong Session Affinity Cookie - Describes the HTTP cookie used for stateful session affinity. This field is applicable and required if the sessionAffinity is set to STRONG_COOKIE_AFFINITY. Structure is documented below.
- timeout
Sec Integer - The backend service timeout has a different meaning depending on the type of load balancer. For more information see, Backend service settings. The default is 30 seconds. The full range of timeout values allowed goes from 1 through 2,147,483,647 seconds.
- tls
Settings BackendService Tls Settings - Configuration for Backend Authenticated TLS and mTLS. May only be specified when the backend protocol is SSL, HTTPS or HTTP2. Structure is documented below.
- number
- Lifetime of cookies in seconds if session_affinity is GENERATED_COOKIE. If set to 0, the cookie is non-persistent and lasts only until the end of the browser session (or equivalent). The maximum allowed value for TTL is one day. When the load balancing scheme is INTERNAL, this field is not used.
- backends
Backend
Service Backend[] - The set of backends that serve this BackendService. Structure is documented below.
- cdn
Policy BackendService Cdn Policy - Cloud CDN configuration for this BackendService. Structure is documented below.
- circuit
Breakers BackendService Circuit Breakers - Settings controlling the volume of connections to a backend service. This field is applicable only when the load_balancing_scheme is set to INTERNAL_SELF_MANAGED. Structure is documented below.
- compression
Mode string - Compress text responses using Brotli or gzip compression, based on the client's Accept-Encoding header.
Possible values are:
AUTOMATIC,DISABLED. - connection
Draining numberTimeout Sec - Time for which instance will be drained (not accept new connections, but still work to finish started).
- consistent
Hash BackendService Consistent Hash - Consistent Hash-based load balancing can be used to provide soft session affinity based on HTTP headers, cookies or other properties. This load balancing policy is applicable only for HTTP connections. The affinity to a particular destination host will be lost when one or more hosts are added/removed from the destination service. This field specifies parameters that control consistent hashing. This field only applies if the load_balancing_scheme is set to INTERNAL_SELF_MANAGED. This field is only applicable when locality_lb_policy is set to MAGLEV or RING_HASH. Structure is documented below.
- creation
Timestamp string - Creation timestamp in RFC3339 text format.
- custom
Metrics BackendService Custom Metric[] - List of custom metrics that are used for the WEIGHTED_ROUND_ROBIN locality_lb_policy. Structure is documented below.
- custom
Request string[]Headers - Headers that the HTTP/S load balancer should add to proxied requests.
- custom
Response string[]Headers - Headers that the HTTP/S load balancer should add to proxied responses.
- description string
- An optional description of this resource.
- dynamic
Forwarding BackendService Dynamic Forwarding - Dynamic forwarding configuration. This field is used to configure the backend service with dynamic forwarding feature which together with Service Extension allows customized and complex routing logic. Structure is documented below.
- edge
Security stringPolicy - The resource URL for the edge security policy associated with this backend service.
- enable
Cdn boolean - If true, enable Cloud CDN for this BackendService.
- external
Managed stringMigration State - Specifies the canary migration state. Possible values are PREPARE, TEST_BY_PERCENTAGE, and
TEST_ALL_TRAFFIC.
To begin the migration from EXTERNAL to EXTERNAL_MANAGED, the state must be changed to
PREPARE. The state must be changed to TEST_ALL_TRAFFIC before the loadBalancingScheme can be
changed to EXTERNAL_MANAGED. Optionally, the TEST_BY_PERCENTAGE state can be used to migrate
traffic by percentage using externalManagedMigrationTestingPercentage.
Rolling back a migration requires the states to be set in reverse order. So changing the
scheme from EXTERNAL_MANAGED to EXTERNAL requires the state to be set to TEST_ALL_TRAFFIC at
the same time. Optionally, the TEST_BY_PERCENTAGE state can be used to migrate some traffic
back to EXTERNAL or PREPARE can be used to migrate all traffic back to EXTERNAL.
Possible values are:
PREPARE,TEST_BY_PERCENTAGE,TEST_ALL_TRAFFIC. - external
Managed numberMigration Testing Percentage - Determines the fraction of requests that should be processed by the Global external Application Load Balancer. The value of this field must be in the range [0, 100]. Session affinity options will slightly affect this routing behavior, for more details, see: Session Affinity. This value can only be set if the loadBalancingScheme in the backend service is set to EXTERNAL (when using the Classic ALB) and the migration state is TEST_BY_PERCENTAGE.
- fingerprint string
- Fingerprint of this resource. A hash of the contents stored in this object. This field is used in optimistic locking.
- generated
Id number - The unique identifier for the resource. This identifier is defined by the server.
- health
Checks string - The set of URLs to the HttpHealthCheck or HttpsHealthCheck resource for health checking this BackendService. Currently at most one health check can be specified. A health check must be specified unless the backend service uses an internet or serverless NEG as a backend. For internal load balancing, a URL to a HealthCheck resource must be specified instead.
- iap
Backend
Service Iap - Settings for enabling Cloud Identity Aware Proxy. If OAuth client is not set, the Google-managed OAuth client is used. Structure is documented below.
- ip
Address stringSelection Policy - Specifies preference of traffic to the backend (from the proxy and from the client for proxyless gRPC).
Possible values are:
IPV4_ONLY,PREFER_IPV6,IPV6_ONLY. - load
Balancing stringScheme - Indicates whether the backend service will be used with internal or
external load balancing. A backend service created for one type of
load balancing cannot be used with the other. For more information, refer to
Choosing a load balancer.
Default value is
EXTERNAL. Possible values are:EXTERNAL,INTERNAL_SELF_MANAGED,INTERNAL_MANAGED,EXTERNAL_MANAGED. - locality
Lb BackendPolicies Service Locality Lb Policy[] - A list of locality load balancing policies to be used in order of preference. Either the policy or the customPolicy field should be set. Overrides any value set in the localityLbPolicy field. localityLbPolicies is only supported when the BackendService is referenced by a URL Map that is referenced by a target gRPC proxy that has the validateForProxyless field set to true. Structure is documented below.
- locality
Lb stringPolicy - The load balancing algorithm used within the scope of the locality.
The possible values are:
ROUND_ROBIN: This is a simple policy in which each healthy backend is selected in round robin order.LEAST_REQUEST: An O(1) algorithm which selects two random healthy hosts and picks the host which has fewer active requests.RING_HASH: The ring/modulo hash load balancer implements consistent hashing to backends. The algorithm has the property that the addition/removal of a host from a set of N hosts only affects 1/N of the requests.RANDOM: The load balancer selects a random healthy host.ORIGINAL_DESTINATION: Backend host is selected based on the client connection metadata, i.e., connections are opened to the same address as the destination address of the incoming connection before the connection was redirected to the load balancer.MAGLEV: used as a drop in replacement for the ring hash load balancer. Maglev is not as stable as ring hash but has faster table lookup build times and host selection times. For more information about Maglev, refer to https://ai.google/research/pubs/pub44824WEIGHTED_MAGLEV: Per-instance weighted Load Balancing via health check reported weights. Only applicable to loadBalancingScheme EXTERNAL. If set, the Backend Service must configure a non legacy HTTP-based Health Check, and health check replies are expected to contain non-standard HTTP response header field X-Load-Balancing-Endpoint-Weight to specify the per-instance weights. If set, Load Balancing is weight based on the per-instance weights reported in the last processed health check replies, as long as every instance either reported a valid weight or had UNAVAILABLE_WEIGHT. Otherwise, Load Balancing remains equal-weight.WEIGHTED_ROUND_ROBIN: Per-endpoint weighted round-robin Load Balancing using weights computed from Backend reported Custom Metrics. If set, the Backend Service responses are expected to contain non-standard HTTP response header field X-Endpoint-Load-Metrics. The reported metrics to use for computing the weights are specified via the backends[].customMetrics fields. locality_lb_policy is applicable to either:- A regional backend service with the service_protocol set to HTTP, HTTPS, HTTP2 or H2C, and loadBalancingScheme set to INTERNAL_MANAGED.
- A global backend service with the load_balancing_scheme set to INTERNAL_SELF_MANAGED.
- A regional backend service with loadBalancingScheme set to EXTERNAL (External Network
Load Balancing). Only MAGLEV and WEIGHTED_MAGLEV values are possible for External
Network Load Balancing. The default is MAGLEV.
If session_affinity is not NONE, and locality_lb_policy is not set to MAGLEV, WEIGHTED_MAGLEV,
or RING_HASH, session affinity settings will not take effect.
Only ROUND_ROBIN and RING_HASH are supported when the backend service is referenced
by a URL map that is bound to target gRPC proxy that has validate_for_proxyless
field set to true.
Possible values are:
ROUND_ROBIN,LEAST_REQUEST,RING_HASH,RANDOM,ORIGINAL_DESTINATION,MAGLEV,WEIGHTED_MAGLEV,WEIGHTED_ROUND_ROBIN.
- log
Config BackendService Log Config - This field denotes the logging options for the load balancer traffic served by this backend service. If logging is enabled, logs will be exported to Stackdriver. Structure is documented below.
- max
Stream BackendDuration Service Max Stream Duration - Specifies the default maximum duration (timeout) for streams to this service. Duration is computed from the beginning of the stream until the response has been completely processed, including all retries. A stream that does not complete in this duration is closed. If not specified, there will be no timeout limit, i.e. the maximum duration is infinite. This value can be overridden in the PathMatcher configuration of the UrlMap that references this backend service. This field is only allowed when the loadBalancingScheme of the backend service is INTERNAL_SELF_MANAGED. Structure is documented below.
- name string
- Name of the resource. Provided by the client when the resource is
created. The name must be 1-63 characters long, and comply with
RFC1035. Specifically, the name must be 1-63 characters long and match
the regular expression
a-z?which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. - network
Pass BackendThrough Lb Traffic Policy Service Network Pass Through Lb Traffic Policy - Configures traffic steering properties of internal passthrough Network Load Balancers. Structure is documented below.
- outlier
Detection BackendService Outlier Detection - Settings controlling eviction of unhealthy hosts from the load balancing pool. Applicable backend service types can be a global backend service with the loadBalancingScheme set to INTERNAL_SELF_MANAGED or EXTERNAL_MANAGED. Structure is documented below.
- params
Backend
Service Params - Additional params passed with the request, but not persisted as part of resource payload Structure is documented below.
- port
Name string - Name of backend port. The same name should appear in the instance groups referenced by this service. Required when the load balancing scheme is EXTERNAL.
- project string
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- protocol string
- The protocol this BackendService uses to communicate with backends.
The default is HTTP. Possible values are HTTP, HTTPS, HTTP2, H2C, TCP, SSL, UDP
or GRPC. Refer to the documentation for the load balancers or for Traffic Director
for more information. Must be set to GRPC when the backend service is referenced
by a URL map that is bound to target gRPC proxy.
Possible values are:
HTTP,HTTPS,HTTP2,TCP,SSL,UDP,GRPC,UNSPECIFIED,H2C. - security
Policy string - The security policy associated with this backend service.
- security
Settings BackendService Security Settings - The security settings that apply to this backend service. This field is applicable to either a regional backend service with the service_protocol set to HTTP, HTTPS, HTTP2 or H2C, and load_balancing_scheme set to INTERNAL_MANAGED; or a global backend service with the load_balancing_scheme set to INTERNAL_SELF_MANAGED. Structure is documented below.
- self
Link string - The URI of the created resource.
- service
Lb stringPolicy - URL to networkservices.ServiceLbPolicy resource. Can only be set if load balancing scheme is EXTERNAL, EXTERNAL_MANAGED, INTERNAL_MANAGED or INTERNAL_SELF_MANAGED and the scope is global.
- session
Affinity string - Type of session affinity to use. The default is NONE. Session affinity is
not applicable if the protocol is UDP.
Possible values are:
NONE,CLIENT_IP,CLIENT_IP_PORT_PROTO,CLIENT_IP_PROTO,GENERATED_COOKIE,HEADER_FIELD,HTTP_COOKIE,STRONG_COOKIE_AFFINITY. -
Backend
Service Strong Session Affinity Cookie - Describes the HTTP cookie used for stateful session affinity. This field is applicable and required if the sessionAffinity is set to STRONG_COOKIE_AFFINITY. Structure is documented below.
- timeout
Sec number - The backend service timeout has a different meaning depending on the type of load balancer. For more information see, Backend service settings. The default is 30 seconds. The full range of timeout values allowed goes from 1 through 2,147,483,647 seconds.
- tls
Settings BackendService Tls Settings - Configuration for Backend Authenticated TLS and mTLS. May only be specified when the backend protocol is SSL, HTTPS or HTTP2. Structure is documented below.
- int
- Lifetime of cookies in seconds if session_affinity is GENERATED_COOKIE. If set to 0, the cookie is non-persistent and lasts only until the end of the browser session (or equivalent). The maximum allowed value for TTL is one day. When the load balancing scheme is INTERNAL, this field is not used.
- backends
Sequence[Backend
Service Backend Args] - The set of backends that serve this BackendService. Structure is documented below.
- cdn_
policy BackendService Cdn Policy Args - Cloud CDN configuration for this BackendService. Structure is documented below.
- circuit_
breakers BackendService Circuit Breakers Args - Settings controlling the volume of connections to a backend service. This field is applicable only when the load_balancing_scheme is set to INTERNAL_SELF_MANAGED. Structure is documented below.
- compression_
mode str - Compress text responses using Brotli or gzip compression, based on the client's Accept-Encoding header.
Possible values are:
AUTOMATIC,DISABLED. - connection_
draining_ inttimeout_ sec - Time for which instance will be drained (not accept new connections, but still work to finish started).
- consistent_
hash BackendService Consistent Hash Args - Consistent Hash-based load balancing can be used to provide soft session affinity based on HTTP headers, cookies or other properties. This load balancing policy is applicable only for HTTP connections. The affinity to a particular destination host will be lost when one or more hosts are added/removed from the destination service. This field specifies parameters that control consistent hashing. This field only applies if the load_balancing_scheme is set to INTERNAL_SELF_MANAGED. This field is only applicable when locality_lb_policy is set to MAGLEV or RING_HASH. Structure is documented below.
- creation_
timestamp str - Creation timestamp in RFC3339 text format.
- custom_
metrics Sequence[BackendService Custom Metric Args] - List of custom metrics that are used for the WEIGHTED_ROUND_ROBIN locality_lb_policy. Structure is documented below.
- custom_
request_ Sequence[str]headers - Headers that the HTTP/S load balancer should add to proxied requests.
- custom_
response_ Sequence[str]headers - Headers that the HTTP/S load balancer should add to proxied responses.
- description str
- An optional description of this resource.
- dynamic_
forwarding BackendService Dynamic Forwarding Args - Dynamic forwarding configuration. This field is used to configure the backend service with dynamic forwarding feature which together with Service Extension allows customized and complex routing logic. Structure is documented below.
- edge_
security_ strpolicy - The resource URL for the edge security policy associated with this backend service.
- enable_
cdn bool - If true, enable Cloud CDN for this BackendService.
- external_
managed_ strmigration_ state - Specifies the canary migration state. Possible values are PREPARE, TEST_BY_PERCENTAGE, and
TEST_ALL_TRAFFIC.
To begin the migration from EXTERNAL to EXTERNAL_MANAGED, the state must be changed to
PREPARE. The state must be changed to TEST_ALL_TRAFFIC before the loadBalancingScheme can be
changed to EXTERNAL_MANAGED. Optionally, the TEST_BY_PERCENTAGE state can be used to migrate
traffic by percentage using externalManagedMigrationTestingPercentage.
Rolling back a migration requires the states to be set in reverse order. So changing the
scheme from EXTERNAL_MANAGED to EXTERNAL requires the state to be set to TEST_ALL_TRAFFIC at
the same time. Optionally, the TEST_BY_PERCENTAGE state can be used to migrate some traffic
back to EXTERNAL or PREPARE can be used to migrate all traffic back to EXTERNAL.
Possible values are:
PREPARE,TEST_BY_PERCENTAGE,TEST_ALL_TRAFFIC. - external_
managed_ floatmigration_ testing_ percentage - Determines the fraction of requests that should be processed by the Global external Application Load Balancer. The value of this field must be in the range [0, 100]. Session affinity options will slightly affect this routing behavior, for more details, see: Session Affinity. This value can only be set if the loadBalancingScheme in the backend service is set to EXTERNAL (when using the Classic ALB) and the migration state is TEST_BY_PERCENTAGE.
- fingerprint str
- Fingerprint of this resource. A hash of the contents stored in this object. This field is used in optimistic locking.
- generated_
id int - The unique identifier for the resource. This identifier is defined by the server.
- health_
checks str - The set of URLs to the HttpHealthCheck or HttpsHealthCheck resource for health checking this BackendService. Currently at most one health check can be specified. A health check must be specified unless the backend service uses an internet or serverless NEG as a backend. For internal load balancing, a URL to a HealthCheck resource must be specified instead.
- iap
Backend
Service Iap Args - Settings for enabling Cloud Identity Aware Proxy. If OAuth client is not set, the Google-managed OAuth client is used. Structure is documented below.
- ip_
address_ strselection_ policy - Specifies preference of traffic to the backend (from the proxy and from the client for proxyless gRPC).
Possible values are:
IPV4_ONLY,PREFER_IPV6,IPV6_ONLY. - load_
balancing_ strscheme - Indicates whether the backend service will be used with internal or
external load balancing. A backend service created for one type of
load balancing cannot be used with the other. For more information, refer to
Choosing a load balancer.
Default value is
EXTERNAL. Possible values are:EXTERNAL,INTERNAL_SELF_MANAGED,INTERNAL_MANAGED,EXTERNAL_MANAGED. - locality_
lb_ Sequence[Backendpolicies Service Locality Lb Policy Args] - A list of locality load balancing policies to be used in order of preference. Either the policy or the customPolicy field should be set. Overrides any value set in the localityLbPolicy field. localityLbPolicies is only supported when the BackendService is referenced by a URL Map that is referenced by a target gRPC proxy that has the validateForProxyless field set to true. Structure is documented below.
- locality_
lb_ strpolicy - The load balancing algorithm used within the scope of the locality.
The possible values are:
ROUND_ROBIN: This is a simple policy in which each healthy backend is selected in round robin order.LEAST_REQUEST: An O(1) algorithm which selects two random healthy hosts and picks the host which has fewer active requests.RING_HASH: The ring/modulo hash load balancer implements consistent hashing to backends. The algorithm has the property that the addition/removal of a host from a set of N hosts only affects 1/N of the requests.RANDOM: The load balancer selects a random healthy host.ORIGINAL_DESTINATION: Backend host is selected based on the client connection metadata, i.e., connections are opened to the same address as the destination address of the incoming connection before the connection was redirected to the load balancer.MAGLEV: used as a drop in replacement for the ring hash load balancer. Maglev is not as stable as ring hash but has faster table lookup build times and host selection times. For more information about Maglev, refer to https://ai.google/research/pubs/pub44824WEIGHTED_MAGLEV: Per-instance weighted Load Balancing via health check reported weights. Only applicable to loadBalancingScheme EXTERNAL. If set, the Backend Service must configure a non legacy HTTP-based Health Check, and health check replies are expected to contain non-standard HTTP response header field X-Load-Balancing-Endpoint-Weight to specify the per-instance weights. If set, Load Balancing is weight based on the per-instance weights reported in the last processed health check replies, as long as every instance either reported a valid weight or had UNAVAILABLE_WEIGHT. Otherwise, Load Balancing remains equal-weight.WEIGHTED_ROUND_ROBIN: Per-endpoint weighted round-robin Load Balancing using weights computed from Backend reported Custom Metrics. If set, the Backend Service responses are expected to contain non-standard HTTP response header field X-Endpoint-Load-Metrics. The reported metrics to use for computing the weights are specified via the backends[].customMetrics fields. locality_lb_policy is applicable to either:- A regional backend service with the service_protocol set to HTTP, HTTPS, HTTP2 or H2C, and loadBalancingScheme set to INTERNAL_MANAGED.
- A global backend service with the load_balancing_scheme set to INTERNAL_SELF_MANAGED.
- A regional backend service with loadBalancingScheme set to EXTERNAL (External Network
Load Balancing). Only MAGLEV and WEIGHTED_MAGLEV values are possible for External
Network Load Balancing. The default is MAGLEV.
If session_affinity is not NONE, and locality_lb_policy is not set to MAGLEV, WEIGHTED_MAGLEV,
or RING_HASH, session affinity settings will not take effect.
Only ROUND_ROBIN and RING_HASH are supported when the backend service is referenced
by a URL map that is bound to target gRPC proxy that has validate_for_proxyless
field set to true.
Possible values are:
ROUND_ROBIN,LEAST_REQUEST,RING_HASH,RANDOM,ORIGINAL_DESTINATION,MAGLEV,WEIGHTED_MAGLEV,WEIGHTED_ROUND_ROBIN.
- log_
config BackendService Log Config Args - This field denotes the logging options for the load balancer traffic served by this backend service. If logging is enabled, logs will be exported to Stackdriver. Structure is documented below.
- max_
stream_ Backendduration Service Max Stream Duration Args - Specifies the default maximum duration (timeout) for streams to this service. Duration is computed from the beginning of the stream until the response has been completely processed, including all retries. A stream that does not complete in this duration is closed. If not specified, there will be no timeout limit, i.e. the maximum duration is infinite. This value can be overridden in the PathMatcher configuration of the UrlMap that references this backend service. This field is only allowed when the loadBalancingScheme of the backend service is INTERNAL_SELF_MANAGED. Structure is documented below.
- name str
- Name of the resource. Provided by the client when the resource is
created. The name must be 1-63 characters long, and comply with
RFC1035. Specifically, the name must be 1-63 characters long and match
the regular expression
a-z?which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. - network_
pass_ Backendthrough_ lb_ traffic_ policy Service Network Pass Through Lb Traffic Policy Args - Configures traffic steering properties of internal passthrough Network Load Balancers. Structure is documented below.
- outlier_
detection BackendService Outlier Detection Args - Settings controlling eviction of unhealthy hosts from the load balancing pool. Applicable backend service types can be a global backend service with the loadBalancingScheme set to INTERNAL_SELF_MANAGED or EXTERNAL_MANAGED. Structure is documented below.
- params
Backend
Service Params Args - Additional params passed with the request, but not persisted as part of resource payload Structure is documented below.
- port_
name str - Name of backend port. The same name should appear in the instance groups referenced by this service. Required when the load balancing scheme is EXTERNAL.
- project str
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- protocol str
- The protocol this BackendService uses to communicate with backends.
The default is HTTP. Possible values are HTTP, HTTPS, HTTP2, H2C, TCP, SSL, UDP
or GRPC. Refer to the documentation for the load balancers or for Traffic Director
for more information. Must be set to GRPC when the backend service is referenced
by a URL map that is bound to target gRPC proxy.
Possible values are:
HTTP,HTTPS,HTTP2,TCP,SSL,UDP,GRPC,UNSPECIFIED,H2C. - security_
policy str - The security policy associated with this backend service.
- security_
settings BackendService Security Settings Args - The security settings that apply to this backend service. This field is applicable to either a regional backend service with the service_protocol set to HTTP, HTTPS, HTTP2 or H2C, and load_balancing_scheme set to INTERNAL_MANAGED; or a global backend service with the load_balancing_scheme set to INTERNAL_SELF_MANAGED. Structure is documented below.
- self_
link str - The URI of the created resource.
- service_
lb_ strpolicy - URL to networkservices.ServiceLbPolicy resource. Can only be set if load balancing scheme is EXTERNAL, EXTERNAL_MANAGED, INTERNAL_MANAGED or INTERNAL_SELF_MANAGED and the scope is global.
- session_
affinity str - Type of session affinity to use. The default is NONE. Session affinity is
not applicable if the protocol is UDP.
Possible values are:
NONE,CLIENT_IP,CLIENT_IP_PORT_PROTO,CLIENT_IP_PROTO,GENERATED_COOKIE,HEADER_FIELD,HTTP_COOKIE,STRONG_COOKIE_AFFINITY. -
Backend
Service Strong Session Affinity Cookie Args - Describes the HTTP cookie used for stateful session affinity. This field is applicable and required if the sessionAffinity is set to STRONG_COOKIE_AFFINITY. Structure is documented below.
- timeout_
sec int - The backend service timeout has a different meaning depending on the type of load balancer. For more information see, Backend service settings. The default is 30 seconds. The full range of timeout values allowed goes from 1 through 2,147,483,647 seconds.
- tls_
settings BackendService Tls Settings Args - Configuration for Backend Authenticated TLS and mTLS. May only be specified when the backend protocol is SSL, HTTPS or HTTP2. Structure is documented below.
- Number
- Lifetime of cookies in seconds if session_affinity is GENERATED_COOKIE. If set to 0, the cookie is non-persistent and lasts only until the end of the browser session (or equivalent). The maximum allowed value for TTL is one day. When the load balancing scheme is INTERNAL, this field is not used.
- backends List<Property Map>
- The set of backends that serve this BackendService. Structure is documented below.
- cdn
Policy Property Map - Cloud CDN configuration for this BackendService. Structure is documented below.
- circuit
Breakers Property Map - Settings controlling the volume of connections to a backend service. This field is applicable only when the load_balancing_scheme is set to INTERNAL_SELF_MANAGED. Structure is documented below.
- compression
Mode String - Compress text responses using Brotli or gzip compression, based on the client's Accept-Encoding header.
Possible values are:
AUTOMATIC,DISABLED. - connection
Draining NumberTimeout Sec - Time for which instance will be drained (not accept new connections, but still work to finish started).
- consistent
Hash Property Map - Consistent Hash-based load balancing can be used to provide soft session affinity based on HTTP headers, cookies or other properties. This load balancing policy is applicable only for HTTP connections. The affinity to a particular destination host will be lost when one or more hosts are added/removed from the destination service. This field specifies parameters that control consistent hashing. This field only applies if the load_balancing_scheme is set to INTERNAL_SELF_MANAGED. This field is only applicable when locality_lb_policy is set to MAGLEV or RING_HASH. Structure is documented below.
- creation
Timestamp String - Creation timestamp in RFC3339 text format.
- custom
Metrics List<Property Map> - List of custom metrics that are used for the WEIGHTED_ROUND_ROBIN locality_lb_policy. Structure is documented below.
- custom
Request List<String>Headers - Headers that the HTTP/S load balancer should add to proxied requests.
- custom
Response List<String>Headers - Headers that the HTTP/S load balancer should add to proxied responses.
- description String
- An optional description of this resource.
- dynamic
Forwarding Property Map - Dynamic forwarding configuration. This field is used to configure the backend service with dynamic forwarding feature which together with Service Extension allows customized and complex routing logic. Structure is documented below.
- edge
Security StringPolicy - The resource URL for the edge security policy associated with this backend service.
- enable
Cdn Boolean - If true, enable Cloud CDN for this BackendService.
- external
Managed StringMigration State - Specifies the canary migration state. Possible values are PREPARE, TEST_BY_PERCENTAGE, and
TEST_ALL_TRAFFIC.
To begin the migration from EXTERNAL to EXTERNAL_MANAGED, the state must be changed to
PREPARE. The state must be changed to TEST_ALL_TRAFFIC before the loadBalancingScheme can be
changed to EXTERNAL_MANAGED. Optionally, the TEST_BY_PERCENTAGE state can be used to migrate
traffic by percentage using externalManagedMigrationTestingPercentage.
Rolling back a migration requires the states to be set in reverse order. So changing the
scheme from EXTERNAL_MANAGED to EXTERNAL requires the state to be set to TEST_ALL_TRAFFIC at
the same time. Optionally, the TEST_BY_PERCENTAGE state can be used to migrate some traffic
back to EXTERNAL or PREPARE can be used to migrate all traffic back to EXTERNAL.
Possible values are:
PREPARE,TEST_BY_PERCENTAGE,TEST_ALL_TRAFFIC. - external
Managed NumberMigration Testing Percentage - Determines the fraction of requests that should be processed by the Global external Application Load Balancer. The value of this field must be in the range [0, 100]. Session affinity options will slightly affect this routing behavior, for more details, see: Session Affinity. This value can only be set if the loadBalancingScheme in the backend service is set to EXTERNAL (when using the Classic ALB) and the migration state is TEST_BY_PERCENTAGE.
- fingerprint String
- Fingerprint of this resource. A hash of the contents stored in this object. This field is used in optimistic locking.
- generated
Id Number - The unique identifier for the resource. This identifier is defined by the server.
- health
Checks String - The set of URLs to the HttpHealthCheck or HttpsHealthCheck resource for health checking this BackendService. Currently at most one health check can be specified. A health check must be specified unless the backend service uses an internet or serverless NEG as a backend. For internal load balancing, a URL to a HealthCheck resource must be specified instead.
- iap Property Map
- Settings for enabling Cloud Identity Aware Proxy. If OAuth client is not set, the Google-managed OAuth client is used. Structure is documented below.
- ip
Address StringSelection Policy - Specifies preference of traffic to the backend (from the proxy and from the client for proxyless gRPC).
Possible values are:
IPV4_ONLY,PREFER_IPV6,IPV6_ONLY. - load
Balancing StringScheme - Indicates whether the backend service will be used with internal or
external load balancing. A backend service created for one type of
load balancing cannot be used with the other. For more information, refer to
Choosing a load balancer.
Default value is
EXTERNAL. Possible values are:EXTERNAL,INTERNAL_SELF_MANAGED,INTERNAL_MANAGED,EXTERNAL_MANAGED. - locality
Lb List<Property Map>Policies - A list of locality load balancing policies to be used in order of preference. Either the policy or the customPolicy field should be set. Overrides any value set in the localityLbPolicy field. localityLbPolicies is only supported when the BackendService is referenced by a URL Map that is referenced by a target gRPC proxy that has the validateForProxyless field set to true. Structure is documented below.
- locality
Lb StringPolicy - The load balancing algorithm used within the scope of the locality.
The possible values are:
ROUND_ROBIN: This is a simple policy in which each healthy backend is selected in round robin order.LEAST_REQUEST: An O(1) algorithm which selects two random healthy hosts and picks the host which has fewer active requests.RING_HASH: The ring/modulo hash load balancer implements consistent hashing to backends. The algorithm has the property that the addition/removal of a host from a set of N hosts only affects 1/N of the requests.RANDOM: The load balancer selects a random healthy host.ORIGINAL_DESTINATION: Backend host is selected based on the client connection metadata, i.e., connections are opened to the same address as the destination address of the incoming connection before the connection was redirected to the load balancer.MAGLEV: used as a drop in replacement for the ring hash load balancer. Maglev is not as stable as ring hash but has faster table lookup build times and host selection times. For more information about Maglev, refer to https://ai.google/research/pubs/pub44824WEIGHTED_MAGLEV: Per-instance weighted Load Balancing via health check reported weights. Only applicable to loadBalancingScheme EXTERNAL. If set, the Backend Service must configure a non legacy HTTP-based Health Check, and health check replies are expected to contain non-standard HTTP response header field X-Load-Balancing-Endpoint-Weight to specify the per-instance weights. If set, Load Balancing is weight based on the per-instance weights reported in the last processed health check replies, as long as every instance either reported a valid weight or had UNAVAILABLE_WEIGHT. Otherwise, Load Balancing remains equal-weight.WEIGHTED_ROUND_ROBIN: Per-endpoint weighted round-robin Load Balancing using weights computed from Backend reported Custom Metrics. If set, the Backend Service responses are expected to contain non-standard HTTP response header field X-Endpoint-Load-Metrics. The reported metrics to use for computing the weights are specified via the backends[].customMetrics fields. locality_lb_policy is applicable to either:- A regional backend service with the service_protocol set to HTTP, HTTPS, HTTP2 or H2C, and loadBalancingScheme set to INTERNAL_MANAGED.
- A global backend service with the load_balancing_scheme set to INTERNAL_SELF_MANAGED.
- A regional backend service with loadBalancingScheme set to EXTERNAL (External Network
Load Balancing). Only MAGLEV and WEIGHTED_MAGLEV values are possible for External
Network Load Balancing. The default is MAGLEV.
If session_affinity is not NONE, and locality_lb_policy is not set to MAGLEV, WEIGHTED_MAGLEV,
or RING_HASH, session affinity settings will not take effect.
Only ROUND_ROBIN and RING_HASH are supported when the backend service is referenced
by a URL map that is bound to target gRPC proxy that has validate_for_proxyless
field set to true.
Possible values are:
ROUND_ROBIN,LEAST_REQUEST,RING_HASH,RANDOM,ORIGINAL_DESTINATION,MAGLEV,WEIGHTED_MAGLEV,WEIGHTED_ROUND_ROBIN.
- log
Config Property Map - This field denotes the logging options for the load balancer traffic served by this backend service. If logging is enabled, logs will be exported to Stackdriver. Structure is documented below.
- max
Stream Property MapDuration - Specifies the default maximum duration (timeout) for streams to this service. Duration is computed from the beginning of the stream until the response has been completely processed, including all retries. A stream that does not complete in this duration is closed. If not specified, there will be no timeout limit, i.e. the maximum duration is infinite. This value can be overridden in the PathMatcher configuration of the UrlMap that references this backend service. This field is only allowed when the loadBalancingScheme of the backend service is INTERNAL_SELF_MANAGED. Structure is documented below.
- name String
- Name of the resource. Provided by the client when the resource is
created. The name must be 1-63 characters long, and comply with
RFC1035. Specifically, the name must be 1-63 characters long and match
the regular expression
a-z?which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. - network
Pass Property MapThrough Lb Traffic Policy - Configures traffic steering properties of internal passthrough Network Load Balancers. Structure is documented below.
- outlier
Detection Property Map - Settings controlling eviction of unhealthy hosts from the load balancing pool. Applicable backend service types can be a global backend service with the loadBalancingScheme set to INTERNAL_SELF_MANAGED or EXTERNAL_MANAGED. Structure is documented below.
- params Property Map
- Additional params passed with the request, but not persisted as part of resource payload Structure is documented below.
- port
Name String - Name of backend port. The same name should appear in the instance groups referenced by this service. Required when the load balancing scheme is EXTERNAL.
- project String
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- protocol String
- The protocol this BackendService uses to communicate with backends.
The default is HTTP. Possible values are HTTP, HTTPS, HTTP2, H2C, TCP, SSL, UDP
or GRPC. Refer to the documentation for the load balancers or for Traffic Director
for more information. Must be set to GRPC when the backend service is referenced
by a URL map that is bound to target gRPC proxy.
Possible values are:
HTTP,HTTPS,HTTP2,TCP,SSL,UDP,GRPC,UNSPECIFIED,H2C. - security
Policy String - The security policy associated with this backend service.
- security
Settings Property Map - The security settings that apply to this backend service. This field is applicable to either a regional backend service with the service_protocol set to HTTP, HTTPS, HTTP2 or H2C, and load_balancing_scheme set to INTERNAL_MANAGED; or a global backend service with the load_balancing_scheme set to INTERNAL_SELF_MANAGED. Structure is documented below.
- self
Link String - The URI of the created resource.
- service
Lb StringPolicy - URL to networkservices.ServiceLbPolicy resource. Can only be set if load balancing scheme is EXTERNAL, EXTERNAL_MANAGED, INTERNAL_MANAGED or INTERNAL_SELF_MANAGED and the scope is global.
- session
Affinity String - Type of session affinity to use. The default is NONE. Session affinity is
not applicable if the protocol is UDP.
Possible values are:
NONE,CLIENT_IP,CLIENT_IP_PORT_PROTO,CLIENT_IP_PROTO,GENERATED_COOKIE,HEADER_FIELD,HTTP_COOKIE,STRONG_COOKIE_AFFINITY. - Property Map
- Describes the HTTP cookie used for stateful session affinity. This field is applicable and required if the sessionAffinity is set to STRONG_COOKIE_AFFINITY. Structure is documented below.
- timeout
Sec Number - The backend service timeout has a different meaning depending on the type of load balancer. For more information see, Backend service settings. The default is 30 seconds. The full range of timeout values allowed goes from 1 through 2,147,483,647 seconds.
- tls
Settings Property Map - Configuration for Backend Authenticated TLS and mTLS. May only be specified when the backend protocol is SSL, HTTPS or HTTP2. Structure is documented below.
Supporting Types
BackendServiceBackend, BackendServiceBackendArgs
- Group string
- The fully-qualified URL of an Instance Group or Network Endpoint Group resource. In case of instance group this defines the list of instances that serve traffic. Member virtual machine instances from each instance group must live in the same zone as the instance group itself. No two backends in a backend service are allowed to use same Instance Group resource. For Network Endpoint Groups this defines list of endpoints. All endpoints of Network Endpoint Group must be hosted on instances located in the same zone as the Network Endpoint Group. Backend services cannot mix Instance Group and Network Endpoint Group backends. Note that you must specify an Instance Group or Network Endpoint Group resource using the fully-qualified URL, rather than a partial URL.
- Balancing
Mode string - Specifies the balancing mode for this backend.
For global HTTP(S) or TCP/SSL load balancing, the default is
UTILIZATION. Valid values are UTILIZATION, RATE (for HTTP(S)),
CUSTOM_METRICS (for HTTP(s)) and CONNECTION (for TCP/SSL).
See the Backend Services Overview
for an explanation of load balancing modes.
Default value is
UTILIZATION. Possible values are:UTILIZATION,RATE,CONNECTION,CUSTOM_METRICS. - Capacity
Scaler double - A multiplier applied to the group's maximum servicing capacity (based on UTILIZATION, RATE or CONNECTION). Default value is 1, which means the group will serve up to 100% of its configured capacity (depending on balancingMode). A setting of 0 means the group is completely drained, offering 0% of its available Capacity. Valid range is [0.0,1.0].
- Custom
Metrics List<BackendService Backend Custom Metric> - The set of custom metrics that are used for CUSTOM_METRICS BalancingMode. Structure is documented below.
- Description string
- An optional description of this resource. Provide this property when you create the resource.
- Max
Connections int - The max number of simultaneous connections for the group. Can be used with either CONNECTION or UTILIZATION balancing modes. For CONNECTION mode, either maxConnections or one of maxConnectionsPerInstance or maxConnectionsPerEndpoint, as appropriate for group type, must be set.
- Max
Connections intPer Endpoint - The max number of simultaneous connections that a single backend network endpoint can handle. This is used to calculate the capacity of the group. Can be used in either CONNECTION or UTILIZATION balancing modes. For CONNECTION mode, either maxConnections or maxConnectionsPerEndpoint must be set.
- Max
Connections intPer Instance - The max number of simultaneous connections that a single backend instance can handle. This is used to calculate the capacity of the group. Can be used in either CONNECTION or UTILIZATION balancing modes. For CONNECTION mode, either maxConnections or maxConnectionsPerInstance must be set.
- Max
Rate int - The max requests per second (RPS) of the group. Can be used with either RATE or UTILIZATION balancing modes, but required if RATE mode. For RATE mode, either maxRate or one of maxRatePerInstance or maxRatePerEndpoint, as appropriate for group type, must be set.
- Max
Rate doublePer Endpoint - The max requests per second (RPS) that a single backend network endpoint can handle. This is used to calculate the capacity of the group. Can be used in either balancing mode. For RATE mode, either maxRate or maxRatePerEndpoint must be set.
- Max
Rate doublePer Instance - The max requests per second (RPS) that a single backend instance can handle. This is used to calculate the capacity of the group. Can be used in either balancing mode. For RATE mode, either maxRate or maxRatePerInstance must be set.
- Max
Utilization double - Used when balancingMode is UTILIZATION. This ratio defines the CPU utilization target for the group. Valid range is [0.0, 1.0].
- Preference string
- This field indicates whether this backend should be fully utilized before sending traffic to backends
with default preference. This field cannot be set when loadBalancingScheme is set to 'EXTERNAL'. The possible values are:
- PREFERRED: Backends with this preference level will be filled up to their capacity limits first, based on RTT.
- DEFAULT: If preferred backends don't have enough capacity, backends in this layer would be used and
traffic would be assigned based on the load balancing algorithm you use. This is the default
Possible values are:
PREFERRED,DEFAULT.
- Group string
- The fully-qualified URL of an Instance Group or Network Endpoint Group resource. In case of instance group this defines the list of instances that serve traffic. Member virtual machine instances from each instance group must live in the same zone as the instance group itself. No two backends in a backend service are allowed to use same Instance Group resource. For Network Endpoint Groups this defines list of endpoints. All endpoints of Network Endpoint Group must be hosted on instances located in the same zone as the Network Endpoint Group. Backend services cannot mix Instance Group and Network Endpoint Group backends. Note that you must specify an Instance Group or Network Endpoint Group resource using the fully-qualified URL, rather than a partial URL.
- Balancing
Mode string - Specifies the balancing mode for this backend.
For global HTTP(S) or TCP/SSL load balancing, the default is
UTILIZATION. Valid values are UTILIZATION, RATE (for HTTP(S)),
CUSTOM_METRICS (for HTTP(s)) and CONNECTION (for TCP/SSL).
See the Backend Services Overview
for an explanation of load balancing modes.
Default value is
UTILIZATION. Possible values are:UTILIZATION,RATE,CONNECTION,CUSTOM_METRICS. - Capacity
Scaler float64 - A multiplier applied to the group's maximum servicing capacity (based on UTILIZATION, RATE or CONNECTION). Default value is 1, which means the group will serve up to 100% of its configured capacity (depending on balancingMode). A setting of 0 means the group is completely drained, offering 0% of its available Capacity. Valid range is [0.0,1.0].
- Custom
Metrics []BackendService Backend Custom Metric - The set of custom metrics that are used for CUSTOM_METRICS BalancingMode. Structure is documented below.
- Description string
- An optional description of this resource. Provide this property when you create the resource.
- Max
Connections int - The max number of simultaneous connections for the group. Can be used with either CONNECTION or UTILIZATION balancing modes. For CONNECTION mode, either maxConnections or one of maxConnectionsPerInstance or maxConnectionsPerEndpoint, as appropriate for group type, must be set.
- Max
Connections intPer Endpoint - The max number of simultaneous connections that a single backend network endpoint can handle. This is used to calculate the capacity of the group. Can be used in either CONNECTION or UTILIZATION balancing modes. For CONNECTION mode, either maxConnections or maxConnectionsPerEndpoint must be set.
- Max
Connections intPer Instance - The max number of simultaneous connections that a single backend instance can handle. This is used to calculate the capacity of the group. Can be used in either CONNECTION or UTILIZATION balancing modes. For CONNECTION mode, either maxConnections or maxConnectionsPerInstance must be set.
- Max
Rate int - The max requests per second (RPS) of the group. Can be used with either RATE or UTILIZATION balancing modes, but required if RATE mode. For RATE mode, either maxRate or one of maxRatePerInstance or maxRatePerEndpoint, as appropriate for group type, must be set.
- Max
Rate float64Per Endpoint - The max requests per second (RPS) that a single backend network endpoint can handle. This is used to calculate the capacity of the group. Can be used in either balancing mode. For RATE mode, either maxRate or maxRatePerEndpoint must be set.
- Max
Rate float64Per Instance - The max requests per second (RPS) that a single backend instance can handle. This is used to calculate the capacity of the group. Can be used in either balancing mode. For RATE mode, either maxRate or maxRatePerInstance must be set.
- Max
Utilization float64 - Used when balancingMode is UTILIZATION. This ratio defines the CPU utilization target for the group. Valid range is [0.0, 1.0].
- Preference string
- This field indicates whether this backend should be fully utilized before sending traffic to backends
with default preference. This field cannot be set when loadBalancingScheme is set to 'EXTERNAL'. The possible values are:
- PREFERRED: Backends with this preference level will be filled up to their capacity limits first, based on RTT.
- DEFAULT: If preferred backends don't have enough capacity, backends in this layer would be used and
traffic would be assigned based on the load balancing algorithm you use. This is the default
Possible values are:
PREFERRED,DEFAULT.
- group String
- The fully-qualified URL of an Instance Group or Network Endpoint Group resource. In case of instance group this defines the list of instances that serve traffic. Member virtual machine instances from each instance group must live in the same zone as the instance group itself. No two backends in a backend service are allowed to use same Instance Group resource. For Network Endpoint Groups this defines list of endpoints. All endpoints of Network Endpoint Group must be hosted on instances located in the same zone as the Network Endpoint Group. Backend services cannot mix Instance Group and Network Endpoint Group backends. Note that you must specify an Instance Group or Network Endpoint Group resource using the fully-qualified URL, rather than a partial URL.
- balancing
Mode String - Specifies the balancing mode for this backend.
For global HTTP(S) or TCP/SSL load balancing, the default is
UTILIZATION. Valid values are UTILIZATION, RATE (for HTTP(S)),
CUSTOM_METRICS (for HTTP(s)) and CONNECTION (for TCP/SSL).
See the Backend Services Overview
for an explanation of load balancing modes.
Default value is
UTILIZATION. Possible values are:UTILIZATION,RATE,CONNECTION,CUSTOM_METRICS. - capacity
Scaler Double - A multiplier applied to the group's maximum servicing capacity (based on UTILIZATION, RATE or CONNECTION). Default value is 1, which means the group will serve up to 100% of its configured capacity (depending on balancingMode). A setting of 0 means the group is completely drained, offering 0% of its available Capacity. Valid range is [0.0,1.0].
- custom
Metrics List<BackendService Backend Custom Metric> - The set of custom metrics that are used for CUSTOM_METRICS BalancingMode. Structure is documented below.
- description String
- An optional description of this resource. Provide this property when you create the resource.
- max
Connections Integer - The max number of simultaneous connections for the group. Can be used with either CONNECTION or UTILIZATION balancing modes. For CONNECTION mode, either maxConnections or one of maxConnectionsPerInstance or maxConnectionsPerEndpoint, as appropriate for group type, must be set.
- max
Connections IntegerPer Endpoint - The max number of simultaneous connections that a single backend network endpoint can handle. This is used to calculate the capacity of the group. Can be used in either CONNECTION or UTILIZATION balancing modes. For CONNECTION mode, either maxConnections or maxConnectionsPerEndpoint must be set.
- max
Connections IntegerPer Instance - The max number of simultaneous connections that a single backend instance can handle. This is used to calculate the capacity of the group. Can be used in either CONNECTION or UTILIZATION balancing modes. For CONNECTION mode, either maxConnections or maxConnectionsPerInstance must be set.
- max
Rate Integer - The max requests per second (RPS) of the group. Can be used with either RATE or UTILIZATION balancing modes, but required if RATE mode. For RATE mode, either maxRate or one of maxRatePerInstance or maxRatePerEndpoint, as appropriate for group type, must be set.
- max
Rate DoublePer Endpoint - The max requests per second (RPS) that a single backend network endpoint can handle. This is used to calculate the capacity of the group. Can be used in either balancing mode. For RATE mode, either maxRate or maxRatePerEndpoint must be set.
- max
Rate DoublePer Instance - The max requests per second (RPS) that a single backend instance can handle. This is used to calculate the capacity of the group. Can be used in either balancing mode. For RATE mode, either maxRate or maxRatePerInstance must be set.
- max
Utilization Double - Used when balancingMode is UTILIZATION. This ratio defines the CPU utilization target for the group. Valid range is [0.0, 1.0].
- preference String
- This field indicates whether this backend should be fully utilized before sending traffic to backends
with default preference. This field cannot be set when loadBalancingScheme is set to 'EXTERNAL'. The possible values are:
- PREFERRED: Backends with this preference level will be filled up to their capacity limits first, based on RTT.
- DEFAULT: If preferred backends don't have enough capacity, backends in this layer would be used and
traffic would be assigned based on the load balancing algorithm you use. This is the default
Possible values are:
PREFERRED,DEFAULT.
- group string
- The fully-qualified URL of an Instance Group or Network Endpoint Group resource. In case of instance group this defines the list of instances that serve traffic. Member virtual machine instances from each instance group must live in the same zone as the instance group itself. No two backends in a backend service are allowed to use same Instance Group resource. For Network Endpoint Groups this defines list of endpoints. All endpoints of Network Endpoint Group must be hosted on instances located in the same zone as the Network Endpoint Group. Backend services cannot mix Instance Group and Network Endpoint Group backends. Note that you must specify an Instance Group or Network Endpoint Group resource using the fully-qualified URL, rather than a partial URL.
- balancing
Mode string - Specifies the balancing mode for this backend.
For global HTTP(S) or TCP/SSL load balancing, the default is
UTILIZATION. Valid values are UTILIZATION, RATE (for HTTP(S)),
CUSTOM_METRICS (for HTTP(s)) and CONNECTION (for TCP/SSL).
See the Backend Services Overview
for an explanation of load balancing modes.
Default value is
UTILIZATION. Possible values are:UTILIZATION,RATE,CONNECTION,CUSTOM_METRICS. - capacity
Scaler number - A multiplier applied to the group's maximum servicing capacity (based on UTILIZATION, RATE or CONNECTION). Default value is 1, which means the group will serve up to 100% of its configured capacity (depending on balancingMode). A setting of 0 means the group is completely drained, offering 0% of its available Capacity. Valid range is [0.0,1.0].
- custom
Metrics BackendService Backend Custom Metric[] - The set of custom metrics that are used for CUSTOM_METRICS BalancingMode. Structure is documented below.
- description string
- An optional description of this resource. Provide this property when you create the resource.
- max
Connections number - The max number of simultaneous connections for the group. Can be used with either CONNECTION or UTILIZATION balancing modes. For CONNECTION mode, either maxConnections or one of maxConnectionsPerInstance or maxConnectionsPerEndpoint, as appropriate for group type, must be set.
- max
Connections numberPer Endpoint - The max number of simultaneous connections that a single backend network endpoint can handle. This is used to calculate the capacity of the group. Can be used in either CONNECTION or UTILIZATION balancing modes. For CONNECTION mode, either maxConnections or maxConnectionsPerEndpoint must be set.
- max
Connections numberPer Instance - The max number of simultaneous connections that a single backend instance can handle. This is used to calculate the capacity of the group. Can be used in either CONNECTION or UTILIZATION balancing modes. For CONNECTION mode, either maxConnections or maxConnectionsPerInstance must be set.
- max
Rate number - The max requests per second (RPS) of the group. Can be used with either RATE or UTILIZATION balancing modes, but required if RATE mode. For RATE mode, either maxRate or one of maxRatePerInstance or maxRatePerEndpoint, as appropriate for group type, must be set.
- max
Rate numberPer Endpoint - The max requests per second (RPS) that a single backend network endpoint can handle. This is used to calculate the capacity of the group. Can be used in either balancing mode. For RATE mode, either maxRate or maxRatePerEndpoint must be set.
- max
Rate numberPer Instance - The max requests per second (RPS) that a single backend instance can handle. This is used to calculate the capacity of the group. Can be used in either balancing mode. For RATE mode, either maxRate or maxRatePerInstance must be set.
- max
Utilization number - Used when balancingMode is UTILIZATION. This ratio defines the CPU utilization target for the group. Valid range is [0.0, 1.0].
- preference string
- This field indicates whether this backend should be fully utilized before sending traffic to backends
with default preference. This field cannot be set when loadBalancingScheme is set to 'EXTERNAL'. The possible values are:
- PREFERRED: Backends with this preference level will be filled up to their capacity limits first, based on RTT.
- DEFAULT: If preferred backends don't have enough capacity, backends in this layer would be used and
traffic would be assigned based on the load balancing algorithm you use. This is the default
Possible values are:
PREFERRED,DEFAULT.
- group str
- The fully-qualified URL of an Instance Group or Network Endpoint Group resource. In case of instance group this defines the list of instances that serve traffic. Member virtual machine instances from each instance group must live in the same zone as the instance group itself. No two backends in a backend service are allowed to use same Instance Group resource. For Network Endpoint Groups this defines list of endpoints. All endpoints of Network Endpoint Group must be hosted on instances located in the same zone as the Network Endpoint Group. Backend services cannot mix Instance Group and Network Endpoint Group backends. Note that you must specify an Instance Group or Network Endpoint Group resource using the fully-qualified URL, rather than a partial URL.
- balancing_
mode str - Specifies the balancing mode for this backend.
For global HTTP(S) or TCP/SSL load balancing, the default is
UTILIZATION. Valid values are UTILIZATION, RATE (for HTTP(S)),
CUSTOM_METRICS (for HTTP(s)) and CONNECTION (for TCP/SSL).
See the Backend Services Overview
for an explanation of load balancing modes.
Default value is
UTILIZATION. Possible values are:UTILIZATION,RATE,CONNECTION,CUSTOM_METRICS. - capacity_
scaler float - A multiplier applied to the group's maximum servicing capacity (based on UTILIZATION, RATE or CONNECTION). Default value is 1, which means the group will serve up to 100% of its configured capacity (depending on balancingMode). A setting of 0 means the group is completely drained, offering 0% of its available Capacity. Valid range is [0.0,1.0].
- custom_
metrics Sequence[BackendService Backend Custom Metric] - The set of custom metrics that are used for CUSTOM_METRICS BalancingMode. Structure is documented below.
- description str
- An optional description of this resource. Provide this property when you create the resource.
- max_
connections int - The max number of simultaneous connections for the group. Can be used with either CONNECTION or UTILIZATION balancing modes. For CONNECTION mode, either maxConnections or one of maxConnectionsPerInstance or maxConnectionsPerEndpoint, as appropriate for group type, must be set.
- max_
connections_ intper_ endpoint - The max number of simultaneous connections that a single backend network endpoint can handle. This is used to calculate the capacity of the group. Can be used in either CONNECTION or UTILIZATION balancing modes. For CONNECTION mode, either maxConnections or maxConnectionsPerEndpoint must be set.
- max_
connections_ intper_ instance - The max number of simultaneous connections that a single backend instance can handle. This is used to calculate the capacity of the group. Can be used in either CONNECTION or UTILIZATION balancing modes. For CONNECTION mode, either maxConnections or maxConnectionsPerInstance must be set.
- max_
rate int - The max requests per second (RPS) of the group. Can be used with either RATE or UTILIZATION balancing modes, but required if RATE mode. For RATE mode, either maxRate or one of maxRatePerInstance or maxRatePerEndpoint, as appropriate for group type, must be set.
- max_
rate_ floatper_ endpoint - The max requests per second (RPS) that a single backend network endpoint can handle. This is used to calculate the capacity of the group. Can be used in either balancing mode. For RATE mode, either maxRate or maxRatePerEndpoint must be set.
- max_
rate_ floatper_ instance - The max requests per second (RPS) that a single backend instance can handle. This is used to calculate the capacity of the group. Can be used in either balancing mode. For RATE mode, either maxRate or maxRatePerInstance must be set.
- max_
utilization float - Used when balancingMode is UTILIZATION. This ratio defines the CPU utilization target for the group. Valid range is [0.0, 1.0].
- preference str
- This field indicates whether this backend should be fully utilized before sending traffic to backends
with default preference. This field cannot be set when loadBalancingScheme is set to 'EXTERNAL'. The possible values are:
- PREFERRED: Backends with this preference level will be filled up to their capacity limits first, based on RTT.
- DEFAULT: If preferred backends don't have enough capacity, backends in this layer would be used and
traffic would be assigned based on the load balancing algorithm you use. This is the default
Possible values are:
PREFERRED,DEFAULT.
- group String
- The fully-qualified URL of an Instance Group or Network Endpoint Group resource. In case of instance group this defines the list of instances that serve traffic. Member virtual machine instances from each instance group must live in the same zone as the instance group itself. No two backends in a backend service are allowed to use same Instance Group resource. For Network Endpoint Groups this defines list of endpoints. All endpoints of Network Endpoint Group must be hosted on instances located in the same zone as the Network Endpoint Group. Backend services cannot mix Instance Group and Network Endpoint Group backends. Note that you must specify an Instance Group or Network Endpoint Group resource using the fully-qualified URL, rather than a partial URL.
- balancing
Mode String - Specifies the balancing mode for this backend.
For global HTTP(S) or TCP/SSL load balancing, the default is
UTILIZATION. Valid values are UTILIZATION, RATE (for HTTP(S)),
CUSTOM_METRICS (for HTTP(s)) and CONNECTION (for TCP/SSL).
See the Backend Services Overview
for an explanation of load balancing modes.
Default value is
UTILIZATION. Possible values are:UTILIZATION,RATE,CONNECTION,CUSTOM_METRICS. - capacity
Scaler Number - A multiplier applied to the group's maximum servicing capacity (based on UTILIZATION, RATE or CONNECTION). Default value is 1, which means the group will serve up to 100% of its configured capacity (depending on balancingMode). A setting of 0 means the group is completely drained, offering 0% of its available Capacity. Valid range is [0.0,1.0].
- custom
Metrics List<Property Map> - The set of custom metrics that are used for CUSTOM_METRICS BalancingMode. Structure is documented below.
- description String
- An optional description of this resource. Provide this property when you create the resource.
- max
Connections Number - The max number of simultaneous connections for the group. Can be used with either CONNECTION or UTILIZATION balancing modes. For CONNECTION mode, either maxConnections or one of maxConnectionsPerInstance or maxConnectionsPerEndpoint, as appropriate for group type, must be set.
- max
Connections NumberPer Endpoint - The max number of simultaneous connections that a single backend network endpoint can handle. This is used to calculate the capacity of the group. Can be used in either CONNECTION or UTILIZATION balancing modes. For CONNECTION mode, either maxConnections or maxConnectionsPerEndpoint must be set.
- max
Connections NumberPer Instance - The max number of simultaneous connections that a single backend instance can handle. This is used to calculate the capacity of the group. Can be used in either CONNECTION or UTILIZATION balancing modes. For CONNECTION mode, either maxConnections or maxConnectionsPerInstance must be set.
- max
Rate Number - The max requests per second (RPS) of the group. Can be used with either RATE or UTILIZATION balancing modes, but required if RATE mode. For RATE mode, either maxRate or one of maxRatePerInstance or maxRatePerEndpoint, as appropriate for group type, must be set.
- max
Rate NumberPer Endpoint - The max requests per second (RPS) that a single backend network endpoint can handle. This is used to calculate the capacity of the group. Can be used in either balancing mode. For RATE mode, either maxRate or maxRatePerEndpoint must be set.
- max
Rate NumberPer Instance - The max requests per second (RPS) that a single backend instance can handle. This is used to calculate the capacity of the group. Can be used in either balancing mode. For RATE mode, either maxRate or maxRatePerInstance must be set.
- max
Utilization Number - Used when balancingMode is UTILIZATION. This ratio defines the CPU utilization target for the group. Valid range is [0.0, 1.0].
- preference String
- This field indicates whether this backend should be fully utilized before sending traffic to backends
with default preference. This field cannot be set when loadBalancingScheme is set to 'EXTERNAL'. The possible values are:
- PREFERRED: Backends with this preference level will be filled up to their capacity limits first, based on RTT.
- DEFAULT: If preferred backends don't have enough capacity, backends in this layer would be used and
traffic would be assigned based on the load balancing algorithm you use. This is the default
Possible values are:
PREFERRED,DEFAULT.
BackendServiceBackendCustomMetric, BackendServiceBackendCustomMetricArgs
- Dry
Run bool - If true, the metric data is not used for load balancing.
- Name string
- Name of a custom utilization signal. The name must be 1-64 characters long and match the regular expression a-z? which means the first character must be a lowercase letter, and all following characters must be a dash, period, underscore, lowercase letter, or digit, except the last character, which cannot be a dash, period, or underscore. For usage guidelines, see Custom Metrics balancing mode. This field can only be used for a global or regional backend service with the loadBalancingScheme set to EXTERNAL_MANAGED, INTERNAL_MANAGED INTERNAL_SELF_MANAGED.
- Max
Utilization double - Optional parameter to define a target utilization for the Custom Metrics balancing mode. The valid range is [0.0, 1.0].
- Dry
Run bool - If true, the metric data is not used for load balancing.
- Name string
- Name of a custom utilization signal. The name must be 1-64 characters long and match the regular expression a-z? which means the first character must be a lowercase letter, and all following characters must be a dash, period, underscore, lowercase letter, or digit, except the last character, which cannot be a dash, period, or underscore. For usage guidelines, see Custom Metrics balancing mode. This field can only be used for a global or regional backend service with the loadBalancingScheme set to EXTERNAL_MANAGED, INTERNAL_MANAGED INTERNAL_SELF_MANAGED.
- Max
Utilization float64 - Optional parameter to define a target utilization for the Custom Metrics balancing mode. The valid range is [0.0, 1.0].
- dry
Run Boolean - If true, the metric data is not used for load balancing.
- name String
- Name of a custom utilization signal. The name must be 1-64 characters long and match the regular expression a-z? which means the first character must be a lowercase letter, and all following characters must be a dash, period, underscore, lowercase letter, or digit, except the last character, which cannot be a dash, period, or underscore. For usage guidelines, see Custom Metrics balancing mode. This field can only be used for a global or regional backend service with the loadBalancingScheme set to EXTERNAL_MANAGED, INTERNAL_MANAGED INTERNAL_SELF_MANAGED.
- max
Utilization Double - Optional parameter to define a target utilization for the Custom Metrics balancing mode. The valid range is [0.0, 1.0].
- dry
Run boolean - If true, the metric data is not used for load balancing.
- name string
- Name of a custom utilization signal. The name must be 1-64 characters long and match the regular expression a-z? which means the first character must be a lowercase letter, and all following characters must be a dash, period, underscore, lowercase letter, or digit, except the last character, which cannot be a dash, period, or underscore. For usage guidelines, see Custom Metrics balancing mode. This field can only be used for a global or regional backend service with the loadBalancingScheme set to EXTERNAL_MANAGED, INTERNAL_MANAGED INTERNAL_SELF_MANAGED.
- max
Utilization number - Optional parameter to define a target utilization for the Custom Metrics balancing mode. The valid range is [0.0, 1.0].
- dry_
run bool - If true, the metric data is not used for load balancing.
- name str
- Name of a custom utilization signal. The name must be 1-64 characters long and match the regular expression a-z? which means the first character must be a lowercase letter, and all following characters must be a dash, period, underscore, lowercase letter, or digit, except the last character, which cannot be a dash, period, or underscore. For usage guidelines, see Custom Metrics balancing mode. This field can only be used for a global or regional backend service with the loadBalancingScheme set to EXTERNAL_MANAGED, INTERNAL_MANAGED INTERNAL_SELF_MANAGED.
- max_
utilization float - Optional parameter to define a target utilization for the Custom Metrics balancing mode. The valid range is [0.0, 1.0].
- dry
Run Boolean - If true, the metric data is not used for load balancing.
- name String
- Name of a custom utilization signal. The name must be 1-64 characters long and match the regular expression a-z? which means the first character must be a lowercase letter, and all following characters must be a dash, period, underscore, lowercase letter, or digit, except the last character, which cannot be a dash, period, or underscore. For usage guidelines, see Custom Metrics balancing mode. This field can only be used for a global or regional backend service with the loadBalancingScheme set to EXTERNAL_MANAGED, INTERNAL_MANAGED INTERNAL_SELF_MANAGED.
- max
Utilization Number - Optional parameter to define a target utilization for the Custom Metrics balancing mode. The valid range is [0.0, 1.0].
BackendServiceCdnPolicy, BackendServiceCdnPolicyArgs
- Bypass
Cache List<BackendOn Request Headers Service Cdn Policy Bypass Cache On Request Header> - Bypass the cache when the specified request headers are matched - e.g. Pragma or Authorization headers. Up to 5 headers can be specified. The cache is bypassed for all cdnPolicy.cacheMode settings. Structure is documented below.
- Cache
Key BackendPolicy Service Cdn Policy Cache Key Policy - The CacheKeyPolicy for this CdnPolicy. Structure is documented below.
- Cache
Mode string - Specifies the cache setting for all responses from this backend.
The possible values are: USE_ORIGIN_HEADERS, FORCE_CACHE_ALL and CACHE_ALL_STATIC
Possible values are:
USE_ORIGIN_HEADERS,FORCE_CACHE_ALL,CACHE_ALL_STATIC. - Client
Ttl int - Specifies the maximum allowed TTL for cached content served by this origin.
- Default
Ttl int - Specifies the default TTL for cached content served by this origin for responses that do not have an existing valid TTL (max-age or s-max-age).
- Max
Ttl int - Specifies the maximum allowed TTL for cached content served by this origin.
- Negative
Caching bool - Negative caching allows per-status code TTLs to be set, in order to apply fine-grained caching for common errors or redirects.
- Negative
Caching List<BackendPolicies Service Cdn Policy Negative Caching Policy> - Sets a cache TTL for the specified HTTP status code. negativeCaching must be enabled to configure negativeCachingPolicy. Omitting the policy and leaving negativeCaching enabled will use Cloud CDN's default cache TTLs. Structure is documented below.
- Request
Coalescing bool - If true then Cloud CDN will combine multiple concurrent cache fill requests into a small number of requests to the origin.
- Serve
While intStale - Serve existing content from the cache (if available) when revalidating content with the origin, or when an error is encountered when refreshing the cache.
- Signed
Url intCache Max Age Sec - Maximum number of seconds the response to a signed URL request will be considered fresh, defaults to 1hr (3600s). After this time period, the response will be revalidated before being served. When serving responses to signed URL requests, Cloud CDN will internally behave as though all responses from this backend had a "Cache-Control: public, max-age=[TTL]" header, regardless of any existing Cache-Control header. The actual headers served in responses will not be altered.
- Bypass
Cache []BackendOn Request Headers Service Cdn Policy Bypass Cache On Request Header - Bypass the cache when the specified request headers are matched - e.g. Pragma or Authorization headers. Up to 5 headers can be specified. The cache is bypassed for all cdnPolicy.cacheMode settings. Structure is documented below.
- Cache
Key BackendPolicy Service Cdn Policy Cache Key Policy - The CacheKeyPolicy for this CdnPolicy. Structure is documented below.
- Cache
Mode string - Specifies the cache setting for all responses from this backend.
The possible values are: USE_ORIGIN_HEADERS, FORCE_CACHE_ALL and CACHE_ALL_STATIC
Possible values are:
USE_ORIGIN_HEADERS,FORCE_CACHE_ALL,CACHE_ALL_STATIC. - Client
Ttl int - Specifies the maximum allowed TTL for cached content served by this origin.
- Default
Ttl int - Specifies the default TTL for cached content served by this origin for responses that do not have an existing valid TTL (max-age or s-max-age).
- Max
Ttl int - Specifies the maximum allowed TTL for cached content served by this origin.
- Negative
Caching bool - Negative caching allows per-status code TTLs to be set, in order to apply fine-grained caching for common errors or redirects.
- Negative
Caching []BackendPolicies Service Cdn Policy Negative Caching Policy - Sets a cache TTL for the specified HTTP status code. negativeCaching must be enabled to configure negativeCachingPolicy. Omitting the policy and leaving negativeCaching enabled will use Cloud CDN's default cache TTLs. Structure is documented below.
- Request
Coalescing bool - If true then Cloud CDN will combine multiple concurrent cache fill requests into a small number of requests to the origin.
- Serve
While intStale - Serve existing content from the cache (if available) when revalidating content with the origin, or when an error is encountered when refreshing the cache.
- Signed
Url intCache Max Age Sec - Maximum number of seconds the response to a signed URL request will be considered fresh, defaults to 1hr (3600s). After this time period, the response will be revalidated before being served. When serving responses to signed URL requests, Cloud CDN will internally behave as though all responses from this backend had a "Cache-Control: public, max-age=[TTL]" header, regardless of any existing Cache-Control header. The actual headers served in responses will not be altered.
- bypass
Cache List<BackendOn Request Headers Service Cdn Policy Bypass Cache On Request Header> - Bypass the cache when the specified request headers are matched - e.g. Pragma or Authorization headers. Up to 5 headers can be specified. The cache is bypassed for all cdnPolicy.cacheMode settings. Structure is documented below.
- cache
Key BackendPolicy Service Cdn Policy Cache Key Policy - The CacheKeyPolicy for this CdnPolicy. Structure is documented below.
- cache
Mode String - Specifies the cache setting for all responses from this backend.
The possible values are: USE_ORIGIN_HEADERS, FORCE_CACHE_ALL and CACHE_ALL_STATIC
Possible values are:
USE_ORIGIN_HEADERS,FORCE_CACHE_ALL,CACHE_ALL_STATIC. - client
Ttl Integer - Specifies the maximum allowed TTL for cached content served by this origin.
- default
Ttl Integer - Specifies the default TTL for cached content served by this origin for responses that do not have an existing valid TTL (max-age or s-max-age).
- max
Ttl Integer - Specifies the maximum allowed TTL for cached content served by this origin.
- negative
Caching Boolean - Negative caching allows per-status code TTLs to be set, in order to apply fine-grained caching for common errors or redirects.
- negative
Caching List<BackendPolicies Service Cdn Policy Negative Caching Policy> - Sets a cache TTL for the specified HTTP status code. negativeCaching must be enabled to configure negativeCachingPolicy. Omitting the policy and leaving negativeCaching enabled will use Cloud CDN's default cache TTLs. Structure is documented below.
- request
Coalescing Boolean - If true then Cloud CDN will combine multiple concurrent cache fill requests into a small number of requests to the origin.
- serve
While IntegerStale - Serve existing content from the cache (if available) when revalidating content with the origin, or when an error is encountered when refreshing the cache.
- signed
Url IntegerCache Max Age Sec - Maximum number of seconds the response to a signed URL request will be considered fresh, defaults to 1hr (3600s). After this time period, the response will be revalidated before being served. When serving responses to signed URL requests, Cloud CDN will internally behave as though all responses from this backend had a "Cache-Control: public, max-age=[TTL]" header, regardless of any existing Cache-Control header. The actual headers served in responses will not be altered.
- bypass
Cache BackendOn Request Headers Service Cdn Policy Bypass Cache On Request Header[] - Bypass the cache when the specified request headers are matched - e.g. Pragma or Authorization headers. Up to 5 headers can be specified. The cache is bypassed for all cdnPolicy.cacheMode settings. Structure is documented below.
- cache
Key BackendPolicy Service Cdn Policy Cache Key Policy - The CacheKeyPolicy for this CdnPolicy. Structure is documented below.
- cache
Mode string - Specifies the cache setting for all responses from this backend.
The possible values are: USE_ORIGIN_HEADERS, FORCE_CACHE_ALL and CACHE_ALL_STATIC
Possible values are:
USE_ORIGIN_HEADERS,FORCE_CACHE_ALL,CACHE_ALL_STATIC. - client
Ttl number - Specifies the maximum allowed TTL for cached content served by this origin.
- default
Ttl number - Specifies the default TTL for cached content served by this origin for responses that do not have an existing valid TTL (max-age or s-max-age).
- max
Ttl number - Specifies the maximum allowed TTL for cached content served by this origin.
- negative
Caching boolean - Negative caching allows per-status code TTLs to be set, in order to apply fine-grained caching for common errors or redirects.
- negative
Caching BackendPolicies Service Cdn Policy Negative Caching Policy[] - Sets a cache TTL for the specified HTTP status code. negativeCaching must be enabled to configure negativeCachingPolicy. Omitting the policy and leaving negativeCaching enabled will use Cloud CDN's default cache TTLs. Structure is documented below.
- request
Coalescing boolean - If true then Cloud CDN will combine multiple concurrent cache fill requests into a small number of requests to the origin.
- serve
While numberStale - Serve existing content from the cache (if available) when revalidating content with the origin, or when an error is encountered when refreshing the cache.
- signed
Url numberCache Max Age Sec - Maximum number of seconds the response to a signed URL request will be considered fresh, defaults to 1hr (3600s). After this time period, the response will be revalidated before being served. When serving responses to signed URL requests, Cloud CDN will internally behave as though all responses from this backend had a "Cache-Control: public, max-age=[TTL]" header, regardless of any existing Cache-Control header. The actual headers served in responses will not be altered.
- bypass_
cache_ Sequence[Backendon_ request_ headers Service Cdn Policy Bypass Cache On Request Header] - Bypass the cache when the specified request headers are matched - e.g. Pragma or Authorization headers. Up to 5 headers can be specified. The cache is bypassed for all cdnPolicy.cacheMode settings. Structure is documented below.
- cache_
key_ Backendpolicy Service Cdn Policy Cache Key Policy - The CacheKeyPolicy for this CdnPolicy. Structure is documented below.
- cache_
mode str - Specifies the cache setting for all responses from this backend.
The possible values are: USE_ORIGIN_HEADERS, FORCE_CACHE_ALL and CACHE_ALL_STATIC
Possible values are:
USE_ORIGIN_HEADERS,FORCE_CACHE_ALL,CACHE_ALL_STATIC. - client_
ttl int - Specifies the maximum allowed TTL for cached content served by this origin.
- default_
ttl int - Specifies the default TTL for cached content served by this origin for responses that do not have an existing valid TTL (max-age or s-max-age).
- max_
ttl int - Specifies the maximum allowed TTL for cached content served by this origin.
- negative_
caching bool - Negative caching allows per-status code TTLs to be set, in order to apply fine-grained caching for common errors or redirects.
- negative_
caching_ Sequence[Backendpolicies Service Cdn Policy Negative Caching Policy] - Sets a cache TTL for the specified HTTP status code. negativeCaching must be enabled to configure negativeCachingPolicy. Omitting the policy and leaving negativeCaching enabled will use Cloud CDN's default cache TTLs. Structure is documented below.
- request_
coalescing bool - If true then Cloud CDN will combine multiple concurrent cache fill requests into a small number of requests to the origin.
- serve_
while_ intstale - Serve existing content from the cache (if available) when revalidating content with the origin, or when an error is encountered when refreshing the cache.
- signed_
url_ intcache_ max_ age_ sec - Maximum number of seconds the response to a signed URL request will be considered fresh, defaults to 1hr (3600s). After this time period, the response will be revalidated before being served. When serving responses to signed URL requests, Cloud CDN will internally behave as though all responses from this backend had a "Cache-Control: public, max-age=[TTL]" header, regardless of any existing Cache-Control header. The actual headers served in responses will not be altered.
- bypass
Cache List<Property Map>On Request Headers - Bypass the cache when the specified request headers are matched - e.g. Pragma or Authorization headers. Up to 5 headers can be specified. The cache is bypassed for all cdnPolicy.cacheMode settings. Structure is documented below.
- cache
Key Property MapPolicy - The CacheKeyPolicy for this CdnPolicy. Structure is documented below.
- cache
Mode String - Specifies the cache setting for all responses from this backend.
The possible values are: USE_ORIGIN_HEADERS, FORCE_CACHE_ALL and CACHE_ALL_STATIC
Possible values are:
USE_ORIGIN_HEADERS,FORCE_CACHE_ALL,CACHE_ALL_STATIC. - client
Ttl Number - Specifies the maximum allowed TTL for cached content served by this origin.
- default
Ttl Number - Specifies the default TTL for cached content served by this origin for responses that do not have an existing valid TTL (max-age or s-max-age).
- max
Ttl Number - Specifies the maximum allowed TTL for cached content served by this origin.
- negative
Caching Boolean - Negative caching allows per-status code TTLs to be set, in order to apply fine-grained caching for common errors or redirects.
- negative
Caching List<Property Map>Policies - Sets a cache TTL for the specified HTTP status code. negativeCaching must be enabled to configure negativeCachingPolicy. Omitting the policy and leaving negativeCaching enabled will use Cloud CDN's default cache TTLs. Structure is documented below.
- request
Coalescing Boolean - If true then Cloud CDN will combine multiple concurrent cache fill requests into a small number of requests to the origin.
- serve
While NumberStale - Serve existing content from the cache (if available) when revalidating content with the origin, or when an error is encountered when refreshing the cache.
- signed
Url NumberCache Max Age Sec - Maximum number of seconds the response to a signed URL request will be considered fresh, defaults to 1hr (3600s). After this time period, the response will be revalidated before being served. When serving responses to signed URL requests, Cloud CDN will internally behave as though all responses from this backend had a "Cache-Control: public, max-age=[TTL]" header, regardless of any existing Cache-Control header. The actual headers served in responses will not be altered.
BackendServiceCdnPolicyBypassCacheOnRequestHeader, BackendServiceCdnPolicyBypassCacheOnRequestHeaderArgs
- Header
Name string - The header field name to match on when bypassing cache. Values are case-insensitive.
- Header
Name string - The header field name to match on when bypassing cache. Values are case-insensitive.
- header
Name String - The header field name to match on when bypassing cache. Values are case-insensitive.
- header
Name string - The header field name to match on when bypassing cache. Values are case-insensitive.
- header_
name str - The header field name to match on when bypassing cache. Values are case-insensitive.
- header
Name String - The header field name to match on when bypassing cache. Values are case-insensitive.
BackendServiceCdnPolicyCacheKeyPolicy, BackendServiceCdnPolicyCacheKeyPolicyArgs
- Include
Host bool - If true requests to different hosts will be cached separately.
- Include
Http List<string>Headers - Allows HTTP request headers (by name) to be used in the cache key.
- List<string>
- Names of cookies to include in cache keys.
- Include
Protocol bool - If true, http and https requests will be cached separately.
- Include
Query boolString - If true, include query string parameters in the cache key according to query_string_whitelist and query_string_blacklist. If neither is set, the entire query string will be included. If false, the query string will be excluded from the cache key entirely.
- Query
String List<string>Blacklists - Names of query string parameters to exclude in cache keys. All other parameters will be included. Either specify query_string_whitelist or query_string_blacklist, not both. '&' and '=' will be percent encoded and not treated as delimiters.
- Query
String List<string>Whitelists - Names of query string parameters to include in cache keys. All other parameters will be excluded. Either specify query_string_whitelist or query_string_blacklist, not both. '&' and '=' will be percent encoded and not treated as delimiters.
- Include
Host bool - If true requests to different hosts will be cached separately.
- Include
Http []stringHeaders - Allows HTTP request headers (by name) to be used in the cache key.
- []string
- Names of cookies to include in cache keys.
- Include
Protocol bool - If true, http and https requests will be cached separately.
- Include
Query boolString - If true, include query string parameters in the cache key according to query_string_whitelist and query_string_blacklist. If neither is set, the entire query string will be included. If false, the query string will be excluded from the cache key entirely.
- Query
String []stringBlacklists - Names of query string parameters to exclude in cache keys. All other parameters will be included. Either specify query_string_whitelist or query_string_blacklist, not both. '&' and '=' will be percent encoded and not treated as delimiters.
- Query
String []stringWhitelists - Names of query string parameters to include in cache keys. All other parameters will be excluded. Either specify query_string_whitelist or query_string_blacklist, not both. '&' and '=' will be percent encoded and not treated as delimiters.
- include
Host Boolean - If true requests to different hosts will be cached separately.
- include
Http List<String>Headers - Allows HTTP request headers (by name) to be used in the cache key.
- List<String>
- Names of cookies to include in cache keys.
- include
Protocol Boolean - If true, http and https requests will be cached separately.
- include
Query BooleanString - If true, include query string parameters in the cache key according to query_string_whitelist and query_string_blacklist. If neither is set, the entire query string will be included. If false, the query string will be excluded from the cache key entirely.
- query
String List<String>Blacklists - Names of query string parameters to exclude in cache keys. All other parameters will be included. Either specify query_string_whitelist or query_string_blacklist, not both. '&' and '=' will be percent encoded and not treated as delimiters.
- query
String List<String>Whitelists - Names of query string parameters to include in cache keys. All other parameters will be excluded. Either specify query_string_whitelist or query_string_blacklist, not both. '&' and '=' will be percent encoded and not treated as delimiters.
- include
Host boolean - If true requests to different hosts will be cached separately.
- include
Http string[]Headers - Allows HTTP request headers (by name) to be used in the cache key.
- string[]
- Names of cookies to include in cache keys.
- include
Protocol boolean - If true, http and https requests will be cached separately.
- include
Query booleanString - If true, include query string parameters in the cache key according to query_string_whitelist and query_string_blacklist. If neither is set, the entire query string will be included. If false, the query string will be excluded from the cache key entirely.
- query
String string[]Blacklists - Names of query string parameters to exclude in cache keys. All other parameters will be included. Either specify query_string_whitelist or query_string_blacklist, not both. '&' and '=' will be percent encoded and not treated as delimiters.
- query
String string[]Whitelists - Names of query string parameters to include in cache keys. All other parameters will be excluded. Either specify query_string_whitelist or query_string_blacklist, not both. '&' and '=' will be percent encoded and not treated as delimiters.
- include_
host bool - If true requests to different hosts will be cached separately.
- include_
http_ Sequence[str]headers - Allows HTTP request headers (by name) to be used in the cache key.
- Sequence[str]
- Names of cookies to include in cache keys.
- include_
protocol bool - If true, http and https requests will be cached separately.
- include_
query_ boolstring - If true, include query string parameters in the cache key according to query_string_whitelist and query_string_blacklist. If neither is set, the entire query string will be included. If false, the query string will be excluded from the cache key entirely.
- query_
string_ Sequence[str]blacklists - Names of query string parameters to exclude in cache keys. All other parameters will be included. Either specify query_string_whitelist or query_string_blacklist, not both. '&' and '=' will be percent encoded and not treated as delimiters.
- query_
string_ Sequence[str]whitelists - Names of query string parameters to include in cache keys. All other parameters will be excluded. Either specify query_string_whitelist or query_string_blacklist, not both. '&' and '=' will be percent encoded and not treated as delimiters.
- include
Host Boolean - If true requests to different hosts will be cached separately.
- include
Http List<String>Headers - Allows HTTP request headers (by name) to be used in the cache key.
- List<String>
- Names of cookies to include in cache keys.
- include
Protocol Boolean - If true, http and https requests will be cached separately.
- include
Query BooleanString - If true, include query string parameters in the cache key according to query_string_whitelist and query_string_blacklist. If neither is set, the entire query string will be included. If false, the query string will be excluded from the cache key entirely.
- query
String List<String>Blacklists - Names of query string parameters to exclude in cache keys. All other parameters will be included. Either specify query_string_whitelist or query_string_blacklist, not both. '&' and '=' will be percent encoded and not treated as delimiters.
- query
String List<String>Whitelists - Names of query string parameters to include in cache keys. All other parameters will be excluded. Either specify query_string_whitelist or query_string_blacklist, not both. '&' and '=' will be percent encoded and not treated as delimiters.
BackendServiceCdnPolicyNegativeCachingPolicy, BackendServiceCdnPolicyNegativeCachingPolicyArgs
- Code int
- The HTTP status code to define a TTL against. Only HTTP status codes 300, 301, 308, 404, 405, 410, 421, 451 and 501 can be specified as values, and you cannot specify a status code more than once.
- Ttl int
- The TTL (in seconds) for which to cache responses with the corresponding status code. The maximum allowed value is 1800s (30 minutes), noting that infrequently accessed objects may be evicted from the cache before the defined TTL.
- Code int
- The HTTP status code to define a TTL against. Only HTTP status codes 300, 301, 308, 404, 405, 410, 421, 451 and 501 can be specified as values, and you cannot specify a status code more than once.
- Ttl int
- The TTL (in seconds) for which to cache responses with the corresponding status code. The maximum allowed value is 1800s (30 minutes), noting that infrequently accessed objects may be evicted from the cache before the defined TTL.
- code Integer
- The HTTP status code to define a TTL against. Only HTTP status codes 300, 301, 308, 404, 405, 410, 421, 451 and 501 can be specified as values, and you cannot specify a status code more than once.
- ttl Integer
- The TTL (in seconds) for which to cache responses with the corresponding status code. The maximum allowed value is 1800s (30 minutes), noting that infrequently accessed objects may be evicted from the cache before the defined TTL.
- code number
- The HTTP status code to define a TTL against. Only HTTP status codes 300, 301, 308, 404, 405, 410, 421, 451 and 501 can be specified as values, and you cannot specify a status code more than once.
- ttl number
- The TTL (in seconds) for which to cache responses with the corresponding status code. The maximum allowed value is 1800s (30 minutes), noting that infrequently accessed objects may be evicted from the cache before the defined TTL.
- code int
- The HTTP status code to define a TTL against. Only HTTP status codes 300, 301, 308, 404, 405, 410, 421, 451 and 501 can be specified as values, and you cannot specify a status code more than once.
- ttl int
- The TTL (in seconds) for which to cache responses with the corresponding status code. The maximum allowed value is 1800s (30 minutes), noting that infrequently accessed objects may be evicted from the cache before the defined TTL.
- code Number
- The HTTP status code to define a TTL against. Only HTTP status codes 300, 301, 308, 404, 405, 410, 421, 451 and 501 can be specified as values, and you cannot specify a status code more than once.
- ttl Number
- The TTL (in seconds) for which to cache responses with the corresponding status code. The maximum allowed value is 1800s (30 minutes), noting that infrequently accessed objects may be evicted from the cache before the defined TTL.
BackendServiceCircuitBreakers, BackendServiceCircuitBreakersArgs
- Connect
Timeout BackendService Circuit Breakers Connect Timeout - The timeout for new network connections to hosts. Structure is documented below.
- Max
Connections int - The maximum number of connections to the backend cluster. Defaults to 1024.
- Max
Pending intRequests - The maximum number of pending requests to the backend cluster. Defaults to 1024.
- Max
Requests int - The maximum number of parallel requests to the backend cluster. Defaults to 1024.
- Max
Requests intPer Connection - Maximum requests for a single backend connection. This parameter is respected by both the HTTP/1.1 and HTTP/2 implementations. If not specified, there is no limit. Setting this parameter to 1 will effectively disable keep alive.
- Max
Retries int - The maximum number of parallel retries to the backend cluster. Defaults to 3.
- Connect
Timeout BackendService Circuit Breakers Connect Timeout - The timeout for new network connections to hosts. Structure is documented below.
- Max
Connections int - The maximum number of connections to the backend cluster. Defaults to 1024.
- Max
Pending intRequests - The maximum number of pending requests to the backend cluster. Defaults to 1024.
- Max
Requests int - The maximum number of parallel requests to the backend cluster. Defaults to 1024.
- Max
Requests intPer Connection - Maximum requests for a single backend connection. This parameter is respected by both the HTTP/1.1 and HTTP/2 implementations. If not specified, there is no limit. Setting this parameter to 1 will effectively disable keep alive.
- Max
Retries int - The maximum number of parallel retries to the backend cluster. Defaults to 3.
- connect
Timeout BackendService Circuit Breakers Connect Timeout - The timeout for new network connections to hosts. Structure is documented below.
- max
Connections Integer - The maximum number of connections to the backend cluster. Defaults to 1024.
- max
Pending IntegerRequests - The maximum number of pending requests to the backend cluster. Defaults to 1024.
- max
Requests Integer - The maximum number of parallel requests to the backend cluster. Defaults to 1024.
- max
Requests IntegerPer Connection - Maximum requests for a single backend connection. This parameter is respected by both the HTTP/1.1 and HTTP/2 implementations. If not specified, there is no limit. Setting this parameter to 1 will effectively disable keep alive.
- max
Retries Integer - The maximum number of parallel retries to the backend cluster. Defaults to 3.
- connect
Timeout BackendService Circuit Breakers Connect Timeout - The timeout for new network connections to hosts. Structure is documented below.
- max
Connections number - The maximum number of connections to the backend cluster. Defaults to 1024.
- max
Pending numberRequests - The maximum number of pending requests to the backend cluster. Defaults to 1024.
- max
Requests number - The maximum number of parallel requests to the backend cluster. Defaults to 1024.
- max
Requests numberPer Connection - Maximum requests for a single backend connection. This parameter is respected by both the HTTP/1.1 and HTTP/2 implementations. If not specified, there is no limit. Setting this parameter to 1 will effectively disable keep alive.
- max
Retries number - The maximum number of parallel retries to the backend cluster. Defaults to 3.
- connect_
timeout BackendService Circuit Breakers Connect Timeout - The timeout for new network connections to hosts. Structure is documented below.
- max_
connections int - The maximum number of connections to the backend cluster. Defaults to 1024.
- max_
pending_ intrequests - The maximum number of pending requests to the backend cluster. Defaults to 1024.
- max_
requests int - The maximum number of parallel requests to the backend cluster. Defaults to 1024.
- max_
requests_ intper_ connection - Maximum requests for a single backend connection. This parameter is respected by both the HTTP/1.1 and HTTP/2 implementations. If not specified, there is no limit. Setting this parameter to 1 will effectively disable keep alive.
- max_
retries int - The maximum number of parallel retries to the backend cluster. Defaults to 3.
- connect
Timeout Property Map - The timeout for new network connections to hosts. Structure is documented below.
- max
Connections Number - The maximum number of connections to the backend cluster. Defaults to 1024.
- max
Pending NumberRequests - The maximum number of pending requests to the backend cluster. Defaults to 1024.
- max
Requests Number - The maximum number of parallel requests to the backend cluster. Defaults to 1024.
- max
Requests NumberPer Connection - Maximum requests for a single backend connection. This parameter is respected by both the HTTP/1.1 and HTTP/2 implementations. If not specified, there is no limit. Setting this parameter to 1 will effectively disable keep alive.
- max
Retries Number - The maximum number of parallel retries to the backend cluster. Defaults to 3.
BackendServiceCircuitBreakersConnectTimeout, BackendServiceCircuitBreakersConnectTimeoutArgs
- Seconds int
- Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive.
- Nanos int
- Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive.
- Seconds int
- Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive.
- Nanos int
- Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive.
- seconds Integer
- Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive.
- nanos Integer
- Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive.
- seconds number
- Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive.
- nanos number
- Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive.
- seconds int
- Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive.
- nanos int
- Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive.
- seconds Number
- Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive.
- nanos Number
- Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive.
BackendServiceConsistentHash, BackendServiceConsistentHashArgs
-
Backend
Service Consistent Hash Http Cookie - Hash is based on HTTP Cookie. This field describes a HTTP cookie that will be used as the hash key for the consistent hash load balancer. If the cookie is not present, it will be generated. This field is applicable if the sessionAffinity is set to HTTP_COOKIE. Structure is documented below.
- Http
Header stringName - The hash based on the value of the specified header field. This field is applicable if the sessionAffinity is set to HEADER_FIELD.
- Minimum
Ring intSize - The minimum number of virtual nodes to use for the hash ring. Larger ring sizes result in more granular load distributions. If the number of hosts in the load balancing pool is larger than the ring size, each host will be assigned a single virtual node. Defaults to 1024.
-
Backend
Service Consistent Hash Http Cookie - Hash is based on HTTP Cookie. This field describes a HTTP cookie that will be used as the hash key for the consistent hash load balancer. If the cookie is not present, it will be generated. This field is applicable if the sessionAffinity is set to HTTP_COOKIE. Structure is documented below.
- Http
Header stringName - The hash based on the value of the specified header field. This field is applicable if the sessionAffinity is set to HEADER_FIELD.
- Minimum
Ring intSize - The minimum number of virtual nodes to use for the hash ring. Larger ring sizes result in more granular load distributions. If the number of hosts in the load balancing pool is larger than the ring size, each host will be assigned a single virtual node. Defaults to 1024.
-
Backend
Service Consistent Hash Http Cookie - Hash is based on HTTP Cookie. This field describes a HTTP cookie that will be used as the hash key for the consistent hash load balancer. If the cookie is not present, it will be generated. This field is applicable if the sessionAffinity is set to HTTP_COOKIE. Structure is documented below.
- http
Header StringName - The hash based on the value of the specified header field. This field is applicable if the sessionAffinity is set to HEADER_FIELD.
- minimum
Ring IntegerSize - The minimum number of virtual nodes to use for the hash ring. Larger ring sizes result in more granular load distributions. If the number of hosts in the load balancing pool is larger than the ring size, each host will be assigned a single virtual node. Defaults to 1024.
-
Backend
Service Consistent Hash Http Cookie - Hash is based on HTTP Cookie. This field describes a HTTP cookie that will be used as the hash key for the consistent hash load balancer. If the cookie is not present, it will be generated. This field is applicable if the sessionAffinity is set to HTTP_COOKIE. Structure is documented below.
- http
Header stringName - The hash based on the value of the specified header field. This field is applicable if the sessionAffinity is set to HEADER_FIELD.
- minimum
Ring numberSize - The minimum number of virtual nodes to use for the hash ring. Larger ring sizes result in more granular load distributions. If the number of hosts in the load balancing pool is larger than the ring size, each host will be assigned a single virtual node. Defaults to 1024.
-
Backend
Service Consistent Hash Http Cookie - Hash is based on HTTP Cookie. This field describes a HTTP cookie that will be used as the hash key for the consistent hash load balancer. If the cookie is not present, it will be generated. This field is applicable if the sessionAffinity is set to HTTP_COOKIE. Structure is documented below.
- http_
header_ strname - The hash based on the value of the specified header field. This field is applicable if the sessionAffinity is set to HEADER_FIELD.
- minimum_
ring_ intsize - The minimum number of virtual nodes to use for the hash ring. Larger ring sizes result in more granular load distributions. If the number of hosts in the load balancing pool is larger than the ring size, each host will be assigned a single virtual node. Defaults to 1024.
- Property Map
- Hash is based on HTTP Cookie. This field describes a HTTP cookie that will be used as the hash key for the consistent hash load balancer. If the cookie is not present, it will be generated. This field is applicable if the sessionAffinity is set to HTTP_COOKIE. Structure is documented below.
- http
Header StringName - The hash based on the value of the specified header field. This field is applicable if the sessionAffinity is set to HEADER_FIELD.
- minimum
Ring NumberSize - The minimum number of virtual nodes to use for the hash ring. Larger ring sizes result in more granular load distributions. If the number of hosts in the load balancing pool is larger than the ring size, each host will be assigned a single virtual node. Defaults to 1024.
BackendServiceConsistentHashHttpCookie, BackendServiceConsistentHashHttpCookieArgs
- Name string
- Name of the cookie.
- Path string
- Path to set for the cookie.
- Ttl
Backend
Service Consistent Hash Http Cookie Ttl - Lifetime of the cookie. Structure is documented below.
- Name string
- Name of the cookie.
- Path string
- Path to set for the cookie.
- Ttl
Backend
Service Consistent Hash Http Cookie Ttl - Lifetime of the cookie. Structure is documented below.
- name String
- Name of the cookie.
- path String
- Path to set for the cookie.
- ttl
Backend
Service Consistent Hash Http Cookie Ttl - Lifetime of the cookie. Structure is documented below.
- name string
- Name of the cookie.
- path string
- Path to set for the cookie.
- ttl
Backend
Service Consistent Hash Http Cookie Ttl - Lifetime of the cookie. Structure is documented below.
- name str
- Name of the cookie.
- path str
- Path to set for the cookie.
- ttl
Backend
Service Consistent Hash Http Cookie Ttl - Lifetime of the cookie. Structure is documented below.
- name String
- Name of the cookie.
- path String
- Path to set for the cookie.
- ttl Property Map
- Lifetime of the cookie. Structure is documented below.
BackendServiceConsistentHashHttpCookieTtl, BackendServiceConsistentHashHttpCookieTtlArgs
- Seconds int
- Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive.
- Nanos int
- Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive.
- Seconds int
- Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive.
- Nanos int
- Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive.
- seconds Integer
- Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive.
- nanos Integer
- Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive.
- seconds number
- Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive.
- nanos number
- Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive.
- seconds int
- Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive.
- nanos int
- Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive.
- seconds Number
- Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive.
- nanos Number
- Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive.
BackendServiceCustomMetric, BackendServiceCustomMetricArgs
- Dry
Run bool - If true, the metric data is not used for load balancing.
- Name string
- Name of a custom utilization signal. The name must be 1-64 characters long and match the regular expression a-z? which means the first character must be a lowercase letter, and all following characters must be a dash, period, underscore, lowercase letter, or digit, except the last character, which cannot be a dash, period, or underscore. For usage guidelines, see Custom Metrics balancing mode. This field can only be used for a global or regional backend service with the loadBalancingScheme set to EXTERNAL_MANAGED, INTERNAL_MANAGED INTERNAL_SELF_MANAGED.
- Dry
Run bool - If true, the metric data is not used for load balancing.
- Name string
- Name of a custom utilization signal. The name must be 1-64 characters long and match the regular expression a-z? which means the first character must be a lowercase letter, and all following characters must be a dash, period, underscore, lowercase letter, or digit, except the last character, which cannot be a dash, period, or underscore. For usage guidelines, see Custom Metrics balancing mode. This field can only be used for a global or regional backend service with the loadBalancingScheme set to EXTERNAL_MANAGED, INTERNAL_MANAGED INTERNAL_SELF_MANAGED.
- dry
Run Boolean - If true, the metric data is not used for load balancing.
- name String
- Name of a custom utilization signal. The name must be 1-64 characters long and match the regular expression a-z? which means the first character must be a lowercase letter, and all following characters must be a dash, period, underscore, lowercase letter, or digit, except the last character, which cannot be a dash, period, or underscore. For usage guidelines, see Custom Metrics balancing mode. This field can only be used for a global or regional backend service with the loadBalancingScheme set to EXTERNAL_MANAGED, INTERNAL_MANAGED INTERNAL_SELF_MANAGED.
- dry
Run boolean - If true, the metric data is not used for load balancing.
- name string
- Name of a custom utilization signal. The name must be 1-64 characters long and match the regular expression a-z? which means the first character must be a lowercase letter, and all following characters must be a dash, period, underscore, lowercase letter, or digit, except the last character, which cannot be a dash, period, or underscore. For usage guidelines, see Custom Metrics balancing mode. This field can only be used for a global or regional backend service with the loadBalancingScheme set to EXTERNAL_MANAGED, INTERNAL_MANAGED INTERNAL_SELF_MANAGED.
- dry_
run bool - If true, the metric data is not used for load balancing.
- name str
- Name of a custom utilization signal. The name must be 1-64 characters long and match the regular expression a-z? which means the first character must be a lowercase letter, and all following characters must be a dash, period, underscore, lowercase letter, or digit, except the last character, which cannot be a dash, period, or underscore. For usage guidelines, see Custom Metrics balancing mode. This field can only be used for a global or regional backend service with the loadBalancingScheme set to EXTERNAL_MANAGED, INTERNAL_MANAGED INTERNAL_SELF_MANAGED.
- dry
Run Boolean - If true, the metric data is not used for load balancing.
- name String
- Name of a custom utilization signal. The name must be 1-64 characters long and match the regular expression a-z? which means the first character must be a lowercase letter, and all following characters must be a dash, period, underscore, lowercase letter, or digit, except the last character, which cannot be a dash, period, or underscore. For usage guidelines, see Custom Metrics balancing mode. This field can only be used for a global or regional backend service with the loadBalancingScheme set to EXTERNAL_MANAGED, INTERNAL_MANAGED INTERNAL_SELF_MANAGED.
BackendServiceDynamicForwarding, BackendServiceDynamicForwardingArgs
- Ip
Port BackendSelection Service Dynamic Forwarding Ip Port Selection - IP:PORT based dynamic forwarding configuration. Structure is documented below.
- Ip
Port BackendSelection Service Dynamic Forwarding Ip Port Selection - IP:PORT based dynamic forwarding configuration. Structure is documented below.
- ip
Port BackendSelection Service Dynamic Forwarding Ip Port Selection - IP:PORT based dynamic forwarding configuration. Structure is documented below.
- ip
Port BackendSelection Service Dynamic Forwarding Ip Port Selection - IP:PORT based dynamic forwarding configuration. Structure is documented below.
- ip_
port_ Backendselection Service Dynamic Forwarding Ip Port Selection - IP:PORT based dynamic forwarding configuration. Structure is documented below.
- ip
Port Property MapSelection - IP:PORT based dynamic forwarding configuration. Structure is documented below.
BackendServiceDynamicForwardingIpPortSelection, BackendServiceDynamicForwardingIpPortSelectionArgs
- Enabled bool
- A boolean flag enabling IP:PORT based dynamic forwarding.
- Enabled bool
- A boolean flag enabling IP:PORT based dynamic forwarding.
- enabled Boolean
- A boolean flag enabling IP:PORT based dynamic forwarding.
- enabled boolean
- A boolean flag enabling IP:PORT based dynamic forwarding.
- enabled bool
- A boolean flag enabling IP:PORT based dynamic forwarding.
- enabled Boolean
- A boolean flag enabling IP:PORT based dynamic forwarding.
BackendServiceIap, BackendServiceIapArgs
- Enabled bool
- Whether the serving infrastructure will authenticate and authorize all incoming requests.
- Oauth2Client
Id string - OAuth2 Client ID for IAP
- Oauth2Client
Secret string - OAuth2 Client Secret for IAP Note: This property is sensitive and will not be displayed in the plan.
- Oauth2Client
Secret stringSha256 - (Output) OAuth2 Client Secret SHA-256 for IAP Note: This property is sensitive and will not be displayed in the plan.
- Enabled bool
- Whether the serving infrastructure will authenticate and authorize all incoming requests.
- Oauth2Client
Id string - OAuth2 Client ID for IAP
- Oauth2Client
Secret string - OAuth2 Client Secret for IAP Note: This property is sensitive and will not be displayed in the plan.
- Oauth2Client
Secret stringSha256 - (Output) OAuth2 Client Secret SHA-256 for IAP Note: This property is sensitive and will not be displayed in the plan.
- enabled Boolean
- Whether the serving infrastructure will authenticate and authorize all incoming requests.
- oauth2Client
Id String - OAuth2 Client ID for IAP
- oauth2Client
Secret String - OAuth2 Client Secret for IAP Note: This property is sensitive and will not be displayed in the plan.
- oauth2Client
Secret StringSha256 - (Output) OAuth2 Client Secret SHA-256 for IAP Note: This property is sensitive and will not be displayed in the plan.
- enabled boolean
- Whether the serving infrastructure will authenticate and authorize all incoming requests.
- oauth2Client
Id string - OAuth2 Client ID for IAP
- oauth2Client
Secret string - OAuth2 Client Secret for IAP Note: This property is sensitive and will not be displayed in the plan.
- oauth2Client
Secret stringSha256 - (Output) OAuth2 Client Secret SHA-256 for IAP Note: This property is sensitive and will not be displayed in the plan.
- enabled bool
- Whether the serving infrastructure will authenticate and authorize all incoming requests.
- oauth2_
client_ strid - OAuth2 Client ID for IAP
- oauth2_
client_ strsecret - OAuth2 Client Secret for IAP Note: This property is sensitive and will not be displayed in the plan.
- oauth2_
client_ strsecret_ sha256 - (Output) OAuth2 Client Secret SHA-256 for IAP Note: This property is sensitive and will not be displayed in the plan.
- enabled Boolean
- Whether the serving infrastructure will authenticate and authorize all incoming requests.
- oauth2Client
Id String - OAuth2 Client ID for IAP
- oauth2Client
Secret String - OAuth2 Client Secret for IAP Note: This property is sensitive and will not be displayed in the plan.
- oauth2Client
Secret StringSha256 - (Output) OAuth2 Client Secret SHA-256 for IAP Note: This property is sensitive and will not be displayed in the plan.
BackendServiceLocalityLbPolicy, BackendServiceLocalityLbPolicyArgs
- Custom
Policy BackendService Locality Lb Policy Custom Policy - The configuration for a custom policy implemented by the user and deployed with the client. Structure is documented below.
- Policy
Backend
Service Locality Lb Policy Policy - The configuration for a built-in load balancing policy. Structure is documented below.
- Custom
Policy BackendService Locality Lb Policy Custom Policy - The configuration for a custom policy implemented by the user and deployed with the client. Structure is documented below.
- Policy
Backend
Service Locality Lb Policy Policy - The configuration for a built-in load balancing policy. Structure is documented below.
- custom
Policy BackendService Locality Lb Policy Custom Policy - The configuration for a custom policy implemented by the user and deployed with the client. Structure is documented below.
- policy
Backend
Service Locality Lb Policy Policy - The configuration for a built-in load balancing policy. Structure is documented below.
- custom
Policy BackendService Locality Lb Policy Custom Policy - The configuration for a custom policy implemented by the user and deployed with the client. Structure is documented below.
- policy
Backend
Service Locality Lb Policy Policy - The configuration for a built-in load balancing policy. Structure is documented below.
- custom_
policy BackendService Locality Lb Policy Custom Policy - The configuration for a custom policy implemented by the user and deployed with the client. Structure is documented below.
- policy
Backend
Service Locality Lb Policy Policy - The configuration for a built-in load balancing policy. Structure is documented below.
- custom
Policy Property Map - The configuration for a custom policy implemented by the user and deployed with the client. Structure is documented below.
- policy Property Map
- The configuration for a built-in load balancing policy. Structure is documented below.
BackendServiceLocalityLbPolicyCustomPolicy, BackendServiceLocalityLbPolicyCustomPolicyArgs
- Name string
- Identifies the custom policy. The value should match the type the custom implementation is registered with on the gRPC clients. It should follow protocol buffer message naming conventions and include the full path (e.g. myorg.CustomLbPolicy). The maximum length is 256 characters. Note that specifying the same custom policy more than once for a backend is not a valid configuration and will be rejected.
- Data string
- An optional, arbitrary JSON object with configuration data, understood by a locally installed custom policy implementation.
- Name string
- Identifies the custom policy. The value should match the type the custom implementation is registered with on the gRPC clients. It should follow protocol buffer message naming conventions and include the full path (e.g. myorg.CustomLbPolicy). The maximum length is 256 characters. Note that specifying the same custom policy more than once for a backend is not a valid configuration and will be rejected.
- Data string
- An optional, arbitrary JSON object with configuration data, understood by a locally installed custom policy implementation.
- name String
- Identifies the custom policy. The value should match the type the custom implementation is registered with on the gRPC clients. It should follow protocol buffer message naming conventions and include the full path (e.g. myorg.CustomLbPolicy). The maximum length is 256 characters. Note that specifying the same custom policy more than once for a backend is not a valid configuration and will be rejected.
- data String
- An optional, arbitrary JSON object with configuration data, understood by a locally installed custom policy implementation.
- name string
- Identifies the custom policy. The value should match the type the custom implementation is registered with on the gRPC clients. It should follow protocol buffer message naming conventions and include the full path (e.g. myorg.CustomLbPolicy). The maximum length is 256 characters. Note that specifying the same custom policy more than once for a backend is not a valid configuration and will be rejected.
- data string
- An optional, arbitrary JSON object with configuration data, understood by a locally installed custom policy implementation.
- name str
- Identifies the custom policy. The value should match the type the custom implementation is registered with on the gRPC clients. It should follow protocol buffer message naming conventions and include the full path (e.g. myorg.CustomLbPolicy). The maximum length is 256 characters. Note that specifying the same custom policy more than once for a backend is not a valid configuration and will be rejected.
- data str
- An optional, arbitrary JSON object with configuration data, understood by a locally installed custom policy implementation.
- name String
- Identifies the custom policy. The value should match the type the custom implementation is registered with on the gRPC clients. It should follow protocol buffer message naming conventions and include the full path (e.g. myorg.CustomLbPolicy). The maximum length is 256 characters. Note that specifying the same custom policy more than once for a backend is not a valid configuration and will be rejected.
- data String
- An optional, arbitrary JSON object with configuration data, understood by a locally installed custom policy implementation.
BackendServiceLocalityLbPolicyPolicy, BackendServiceLocalityLbPolicyPolicyArgs
- Name string
- The name of a locality load balancer policy to be used. The value
should be one of the predefined ones as supported by localityLbPolicy,
although at the moment only ROUND_ROBIN is supported.
This field should only be populated when the customPolicy field is not
used.
Note that specifying the same policy more than once for a backend is
not a valid configuration and will be rejected.
The possible values are:
ROUND_ROBIN: This is a simple policy in which each healthy backend is selected in round robin order.LEAST_REQUEST: An O(1) algorithm which selects two random healthy hosts and picks the host which has fewer active requests.RING_HASH: The ring/modulo hash load balancer implements consistent hashing to backends. The algorithm has the property that the addition/removal of a host from a set of N hosts only affects 1/N of the requests.RANDOM: The load balancer selects a random healthy host.ORIGINAL_DESTINATION: Backend host is selected based on the client connection metadata, i.e., connections are opened to the same address as the destination address of the incoming connection before the connection was redirected to the load balancer.MAGLEV: used as a drop in replacement for the ring hash load balancer. Maglev is not as stable as ring hash but has faster table lookup build times and host selection times. For more information about Maglev, refer to https://ai.google/research/pubs/pub44824 Possible values are:ROUND_ROBIN,LEAST_REQUEST,RING_HASH,RANDOM,ORIGINAL_DESTINATION,MAGLEV.
- Name string
- The name of a locality load balancer policy to be used. The value
should be one of the predefined ones as supported by localityLbPolicy,
although at the moment only ROUND_ROBIN is supported.
This field should only be populated when the customPolicy field is not
used.
Note that specifying the same policy more than once for a backend is
not a valid configuration and will be rejected.
The possible values are:
ROUND_ROBIN: This is a simple policy in which each healthy backend is selected in round robin order.LEAST_REQUEST: An O(1) algorithm which selects two random healthy hosts and picks the host which has fewer active requests.RING_HASH: The ring/modulo hash load balancer implements consistent hashing to backends. The algorithm has the property that the addition/removal of a host from a set of N hosts only affects 1/N of the requests.RANDOM: The load balancer selects a random healthy host.ORIGINAL_DESTINATION: Backend host is selected based on the client connection metadata, i.e., connections are opened to the same address as the destination address of the incoming connection before the connection was redirected to the load balancer.MAGLEV: used as a drop in replacement for the ring hash load balancer. Maglev is not as stable as ring hash but has faster table lookup build times and host selection times. For more information about Maglev, refer to https://ai.google/research/pubs/pub44824 Possible values are:ROUND_ROBIN,LEAST_REQUEST,RING_HASH,RANDOM,ORIGINAL_DESTINATION,MAGLEV.
- name String
- The name of a locality load balancer policy to be used. The value
should be one of the predefined ones as supported by localityLbPolicy,
although at the moment only ROUND_ROBIN is supported.
This field should only be populated when the customPolicy field is not
used.
Note that specifying the same policy more than once for a backend is
not a valid configuration and will be rejected.
The possible values are:
ROUND_ROBIN: This is a simple policy in which each healthy backend is selected in round robin order.LEAST_REQUEST: An O(1) algorithm which selects two random healthy hosts and picks the host which has fewer active requests.RING_HASH: The ring/modulo hash load balancer implements consistent hashing to backends. The algorithm has the property that the addition/removal of a host from a set of N hosts only affects 1/N of the requests.RANDOM: The load balancer selects a random healthy host.ORIGINAL_DESTINATION: Backend host is selected based on the client connection metadata, i.e., connections are opened to the same address as the destination address of the incoming connection before the connection was redirected to the load balancer.MAGLEV: used as a drop in replacement for the ring hash load balancer. Maglev is not as stable as ring hash but has faster table lookup build times and host selection times. For more information about Maglev, refer to https://ai.google/research/pubs/pub44824 Possible values are:ROUND_ROBIN,LEAST_REQUEST,RING_HASH,RANDOM,ORIGINAL_DESTINATION,MAGLEV.
- name string
- The name of a locality load balancer policy to be used. The value
should be one of the predefined ones as supported by localityLbPolicy,
although at the moment only ROUND_ROBIN is supported.
This field should only be populated when the customPolicy field is not
used.
Note that specifying the same policy more than once for a backend is
not a valid configuration and will be rejected.
The possible values are:
ROUND_ROBIN: This is a simple policy in which each healthy backend is selected in round robin order.LEAST_REQUEST: An O(1) algorithm which selects two random healthy hosts and picks the host which has fewer active requests.RING_HASH: The ring/modulo hash load balancer implements consistent hashing to backends. The algorithm has the property that the addition/removal of a host from a set of N hosts only affects 1/N of the requests.RANDOM: The load balancer selects a random healthy host.ORIGINAL_DESTINATION: Backend host is selected based on the client connection metadata, i.e., connections are opened to the same address as the destination address of the incoming connection before the connection was redirected to the load balancer.MAGLEV: used as a drop in replacement for the ring hash load balancer. Maglev is not as stable as ring hash but has faster table lookup build times and host selection times. For more information about Maglev, refer to https://ai.google/research/pubs/pub44824 Possible values are:ROUND_ROBIN,LEAST_REQUEST,RING_HASH,RANDOM,ORIGINAL_DESTINATION,MAGLEV.
- name str
- The name of a locality load balancer policy to be used. The value
should be one of the predefined ones as supported by localityLbPolicy,
although at the moment only ROUND_ROBIN is supported.
This field should only be populated when the customPolicy field is not
used.
Note that specifying the same policy more than once for a backend is
not a valid configuration and will be rejected.
The possible values are:
ROUND_ROBIN: This is a simple policy in which each healthy backend is selected in round robin order.LEAST_REQUEST: An O(1) algorithm which selects two random healthy hosts and picks the host which has fewer active requests.RING_HASH: The ring/modulo hash load balancer implements consistent hashing to backends. The algorithm has the property that the addition/removal of a host from a set of N hosts only affects 1/N of the requests.RANDOM: The load balancer selects a random healthy host.ORIGINAL_DESTINATION: Backend host is selected based on the client connection metadata, i.e., connections are opened to the same address as the destination address of the incoming connection before the connection was redirected to the load balancer.MAGLEV: used as a drop in replacement for the ring hash load balancer. Maglev is not as stable as ring hash but has faster table lookup build times and host selection times. For more information about Maglev, refer to https://ai.google/research/pubs/pub44824 Possible values are:ROUND_ROBIN,LEAST_REQUEST,RING_HASH,RANDOM,ORIGINAL_DESTINATION,MAGLEV.
- name String
- The name of a locality load balancer policy to be used. The value
should be one of the predefined ones as supported by localityLbPolicy,
although at the moment only ROUND_ROBIN is supported.
This field should only be populated when the customPolicy field is not
used.
Note that specifying the same policy more than once for a backend is
not a valid configuration and will be rejected.
The possible values are:
ROUND_ROBIN: This is a simple policy in which each healthy backend is selected in round robin order.LEAST_REQUEST: An O(1) algorithm which selects two random healthy hosts and picks the host which has fewer active requests.RING_HASH: The ring/modulo hash load balancer implements consistent hashing to backends. The algorithm has the property that the addition/removal of a host from a set of N hosts only affects 1/N of the requests.RANDOM: The load balancer selects a random healthy host.ORIGINAL_DESTINATION: Backend host is selected based on the client connection metadata, i.e., connections are opened to the same address as the destination address of the incoming connection before the connection was redirected to the load balancer.MAGLEV: used as a drop in replacement for the ring hash load balancer. Maglev is not as stable as ring hash but has faster table lookup build times and host selection times. For more information about Maglev, refer to https://ai.google/research/pubs/pub44824 Possible values are:ROUND_ROBIN,LEAST_REQUEST,RING_HASH,RANDOM,ORIGINAL_DESTINATION,MAGLEV.
BackendServiceLogConfig, BackendServiceLogConfigArgs
- Enable bool
- Whether to enable logging for the load balancer traffic served by this backend service.
- Optional
Fields List<string> - This field can only be specified if logging is enabled for this backend service and "logConfig.optionalMode" was set to CUSTOM. Contains a list of optional fields you want to include in the logs. For example: serverInstance, serverGkeDetails.cluster, serverGkeDetails.pod.podNamespace For example: orca_load_report, tls.protocol
- Optional
Mode string - Specifies the optional logging mode for the load balancer traffic.
Supported values: INCLUDE_ALL_OPTIONAL, EXCLUDE_ALL_OPTIONAL, CUSTOM.
Possible values are:
INCLUDE_ALL_OPTIONAL,EXCLUDE_ALL_OPTIONAL,CUSTOM. - Sample
Rate double - This field can only be specified if logging is enabled for this backend service. The value of the field must be in [0, 1]. This configures the sampling rate of requests to the load balancer where 1.0 means all logged requests are reported and 0.0 means no logged requests are reported. The default value is 1.0.
- Enable bool
- Whether to enable logging for the load balancer traffic served by this backend service.
- Optional
Fields []string - This field can only be specified if logging is enabled for this backend service and "logConfig.optionalMode" was set to CUSTOM. Contains a list of optional fields you want to include in the logs. For example: serverInstance, serverGkeDetails.cluster, serverGkeDetails.pod.podNamespace For example: orca_load_report, tls.protocol
- Optional
Mode string - Specifies the optional logging mode for the load balancer traffic.
Supported values: INCLUDE_ALL_OPTIONAL, EXCLUDE_ALL_OPTIONAL, CUSTOM.
Possible values are:
INCLUDE_ALL_OPTIONAL,EXCLUDE_ALL_OPTIONAL,CUSTOM. - Sample
Rate float64 - This field can only be specified if logging is enabled for this backend service. The value of the field must be in [0, 1]. This configures the sampling rate of requests to the load balancer where 1.0 means all logged requests are reported and 0.0 means no logged requests are reported. The default value is 1.0.
- enable Boolean
- Whether to enable logging for the load balancer traffic served by this backend service.
- optional
Fields List<String> - This field can only be specified if logging is enabled for this backend service and "logConfig.optionalMode" was set to CUSTOM. Contains a list of optional fields you want to include in the logs. For example: serverInstance, serverGkeDetails.cluster, serverGkeDetails.pod.podNamespace For example: orca_load_report, tls.protocol
- optional
Mode String - Specifies the optional logging mode for the load balancer traffic.
Supported values: INCLUDE_ALL_OPTIONAL, EXCLUDE_ALL_OPTIONAL, CUSTOM.
Possible values are:
INCLUDE_ALL_OPTIONAL,EXCLUDE_ALL_OPTIONAL,CUSTOM. - sample
Rate Double - This field can only be specified if logging is enabled for this backend service. The value of the field must be in [0, 1]. This configures the sampling rate of requests to the load balancer where 1.0 means all logged requests are reported and 0.0 means no logged requests are reported. The default value is 1.0.
- enable boolean
- Whether to enable logging for the load balancer traffic served by this backend service.
- optional
Fields string[] - This field can only be specified if logging is enabled for this backend service and "logConfig.optionalMode" was set to CUSTOM. Contains a list of optional fields you want to include in the logs. For example: serverInstance, serverGkeDetails.cluster, serverGkeDetails.pod.podNamespace For example: orca_load_report, tls.protocol
- optional
Mode string - Specifies the optional logging mode for the load balancer traffic.
Supported values: INCLUDE_ALL_OPTIONAL, EXCLUDE_ALL_OPTIONAL, CUSTOM.
Possible values are:
INCLUDE_ALL_OPTIONAL,EXCLUDE_ALL_OPTIONAL,CUSTOM. - sample
Rate number - This field can only be specified if logging is enabled for this backend service. The value of the field must be in [0, 1]. This configures the sampling rate of requests to the load balancer where 1.0 means all logged requests are reported and 0.0 means no logged requests are reported. The default value is 1.0.
- enable bool
- Whether to enable logging for the load balancer traffic served by this backend service.
- optional_
fields Sequence[str] - This field can only be specified if logging is enabled for this backend service and "logConfig.optionalMode" was set to CUSTOM. Contains a list of optional fields you want to include in the logs. For example: serverInstance, serverGkeDetails.cluster, serverGkeDetails.pod.podNamespace For example: orca_load_report, tls.protocol
- optional_
mode str - Specifies the optional logging mode for the load balancer traffic.
Supported values: INCLUDE_ALL_OPTIONAL, EXCLUDE_ALL_OPTIONAL, CUSTOM.
Possible values are:
INCLUDE_ALL_OPTIONAL,EXCLUDE_ALL_OPTIONAL,CUSTOM. - sample_
rate float - This field can only be specified if logging is enabled for this backend service. The value of the field must be in [0, 1]. This configures the sampling rate of requests to the load balancer where 1.0 means all logged requests are reported and 0.0 means no logged requests are reported. The default value is 1.0.
- enable Boolean
- Whether to enable logging for the load balancer traffic served by this backend service.
- optional
Fields List<String> - This field can only be specified if logging is enabled for this backend service and "logConfig.optionalMode" was set to CUSTOM. Contains a list of optional fields you want to include in the logs. For example: serverInstance, serverGkeDetails.cluster, serverGkeDetails.pod.podNamespace For example: orca_load_report, tls.protocol
- optional
Mode String - Specifies the optional logging mode for the load balancer traffic.
Supported values: INCLUDE_ALL_OPTIONAL, EXCLUDE_ALL_OPTIONAL, CUSTOM.
Possible values are:
INCLUDE_ALL_OPTIONAL,EXCLUDE_ALL_OPTIONAL,CUSTOM. - sample
Rate Number - This field can only be specified if logging is enabled for this backend service. The value of the field must be in [0, 1]. This configures the sampling rate of requests to the load balancer where 1.0 means all logged requests are reported and 0.0 means no logged requests are reported. The default value is 1.0.
BackendServiceMaxStreamDuration, BackendServiceMaxStreamDurationArgs
- Seconds string
- Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. (int64 format)
- Nanos int
- Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive.
- Seconds string
- Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. (int64 format)
- Nanos int
- Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive.
- seconds String
- Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. (int64 format)
- nanos Integer
- Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive.
- seconds string
- Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. (int64 format)
- nanos number
- Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive.
- seconds str
- Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. (int64 format)
- nanos int
- Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive.
- seconds String
- Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. (int64 format)
- nanos Number
- Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive.
BackendServiceNetworkPassThroughLbTrafficPolicy, BackendServiceNetworkPassThroughLbTrafficPolicyArgs
- Zonal
Affinity BackendService Network Pass Through Lb Traffic Policy Zonal Affinity - When configured, new connections are load balanced across healthy backend endpoints in the local zone. Structure is documented below.
- Zonal
Affinity BackendService Network Pass Through Lb Traffic Policy Zonal Affinity - When configured, new connections are load balanced across healthy backend endpoints in the local zone. Structure is documented below.
- zonal
Affinity BackendService Network Pass Through Lb Traffic Policy Zonal Affinity - When configured, new connections are load balanced across healthy backend endpoints in the local zone. Structure is documented below.
- zonal
Affinity BackendService Network Pass Through Lb Traffic Policy Zonal Affinity - When configured, new connections are load balanced across healthy backend endpoints in the local zone. Structure is documented below.
- zonal_
affinity BackendService Network Pass Through Lb Traffic Policy Zonal Affinity - When configured, new connections are load balanced across healthy backend endpoints in the local zone. Structure is documented below.
- zonal
Affinity Property Map - When configured, new connections are load balanced across healthy backend endpoints in the local zone. Structure is documented below.
BackendServiceNetworkPassThroughLbTrafficPolicyZonalAffinity, BackendServiceNetworkPassThroughLbTrafficPolicyZonalAffinityArgs
- Spillover string
- This field indicates whether zonal affinity is enabled or not.
Default value is
ZONAL_AFFINITY_DISABLED. Possible values are:ZONAL_AFFINITY_DISABLED,ZONAL_AFFINITY_SPILL_CROSS_ZONE,ZONAL_AFFINITY_STAY_WITHIN_ZONE. - Spillover
Ratio double - The value of the field must be in [0, 1]. When the ratio of the count of healthy backend endpoints in a zone to the count of backend endpoints in that same zone is equal to or above this threshold, the load balancer distributes new connections to all healthy endpoints in the local zone only. When the ratio of the count of healthy backend endpoints in a zone to the count of backend endpoints in that same zone is below this threshold, the load balancer distributes all new connections to all healthy endpoints across all zones.
- Spillover string
- This field indicates whether zonal affinity is enabled or not.
Default value is
ZONAL_AFFINITY_DISABLED. Possible values are:ZONAL_AFFINITY_DISABLED,ZONAL_AFFINITY_SPILL_CROSS_ZONE,ZONAL_AFFINITY_STAY_WITHIN_ZONE. - Spillover
Ratio float64 - The value of the field must be in [0, 1]. When the ratio of the count of healthy backend endpoints in a zone to the count of backend endpoints in that same zone is equal to or above this threshold, the load balancer distributes new connections to all healthy endpoints in the local zone only. When the ratio of the count of healthy backend endpoints in a zone to the count of backend endpoints in that same zone is below this threshold, the load balancer distributes all new connections to all healthy endpoints across all zones.
- spillover String
- This field indicates whether zonal affinity is enabled or not.
Default value is
ZONAL_AFFINITY_DISABLED. Possible values are:ZONAL_AFFINITY_DISABLED,ZONAL_AFFINITY_SPILL_CROSS_ZONE,ZONAL_AFFINITY_STAY_WITHIN_ZONE. - spillover
Ratio Double - The value of the field must be in [0, 1]. When the ratio of the count of healthy backend endpoints in a zone to the count of backend endpoints in that same zone is equal to or above this threshold, the load balancer distributes new connections to all healthy endpoints in the local zone only. When the ratio of the count of healthy backend endpoints in a zone to the count of backend endpoints in that same zone is below this threshold, the load balancer distributes all new connections to all healthy endpoints across all zones.
- spillover string
- This field indicates whether zonal affinity is enabled or not.
Default value is
ZONAL_AFFINITY_DISABLED. Possible values are:ZONAL_AFFINITY_DISABLED,ZONAL_AFFINITY_SPILL_CROSS_ZONE,ZONAL_AFFINITY_STAY_WITHIN_ZONE. - spillover
Ratio number - The value of the field must be in [0, 1]. When the ratio of the count of healthy backend endpoints in a zone to the count of backend endpoints in that same zone is equal to or above this threshold, the load balancer distributes new connections to all healthy endpoints in the local zone only. When the ratio of the count of healthy backend endpoints in a zone to the count of backend endpoints in that same zone is below this threshold, the load balancer distributes all new connections to all healthy endpoints across all zones.
- spillover str
- This field indicates whether zonal affinity is enabled or not.
Default value is
ZONAL_AFFINITY_DISABLED. Possible values are:ZONAL_AFFINITY_DISABLED,ZONAL_AFFINITY_SPILL_CROSS_ZONE,ZONAL_AFFINITY_STAY_WITHIN_ZONE. - spillover_
ratio float - The value of the field must be in [0, 1]. When the ratio of the count of healthy backend endpoints in a zone to the count of backend endpoints in that same zone is equal to or above this threshold, the load balancer distributes new connections to all healthy endpoints in the local zone only. When the ratio of the count of healthy backend endpoints in a zone to the count of backend endpoints in that same zone is below this threshold, the load balancer distributes all new connections to all healthy endpoints across all zones.
- spillover String
- This field indicates whether zonal affinity is enabled or not.
Default value is
ZONAL_AFFINITY_DISABLED. Possible values are:ZONAL_AFFINITY_DISABLED,ZONAL_AFFINITY_SPILL_CROSS_ZONE,ZONAL_AFFINITY_STAY_WITHIN_ZONE. - spillover
Ratio Number - The value of the field must be in [0, 1]. When the ratio of the count of healthy backend endpoints in a zone to the count of backend endpoints in that same zone is equal to or above this threshold, the load balancer distributes new connections to all healthy endpoints in the local zone only. When the ratio of the count of healthy backend endpoints in a zone to the count of backend endpoints in that same zone is below this threshold, the load balancer distributes all new connections to all healthy endpoints across all zones.
BackendServiceOutlierDetection, BackendServiceOutlierDetectionArgs
- Base
Ejection BackendTime Service Outlier Detection Base Ejection Time - The base time that a host is ejected for. The real time is equal to the base time multiplied by the number of times the host has been ejected. Defaults to 30000ms or 30s. Structure is documented below.
- Consecutive
Errors int - Number of errors before a host is ejected from the connection pool. When the backend host is accessed over HTTP, a 5xx return code qualifies as an error. Defaults to 5.
- Consecutive
Gateway intFailure - The number of consecutive gateway failures (502, 503, 504 status or connection errors that are mapped to one of those status codes) before a consecutive gateway failure ejection occurs. Defaults to 5.
- Enforcing
Consecutive intErrors - The percentage chance that a host will be actually ejected when an outlier status is detected through consecutive 5xx. This setting can be used to disable ejection or to ramp it up slowly. Defaults to 100.
- Enforcing
Consecutive intGateway Failure - The percentage chance that a host will be actually ejected when an outlier status is detected through consecutive gateway failures. This setting can be used to disable ejection or to ramp it up slowly. Defaults to 0.
- Enforcing
Success intRate - The percentage chance that a host will be actually ejected when an outlier status is detected through success rate statistics. This setting can be used to disable ejection or to ramp it up slowly. Defaults to 100.
- Interval
Backend
Service Outlier Detection Interval - Time interval between ejection sweep analysis. This can result in both new ejections as well as hosts being returned to service. Defaults to 10 seconds. Structure is documented below.
- Max
Ejection intPercent - Maximum percentage of hosts in the load balancing pool for the backend service that can be ejected. Defaults to 10%.
- Success
Rate intMinimum Hosts - The number of hosts in a cluster that must have enough request volume to detect success rate outliers. If the number of hosts is less than this setting, outlier detection via success rate statistics is not performed for any host in the cluster. Defaults to 5.
- Success
Rate intRequest Volume - The minimum number of total requests that must be collected in one interval (as defined by the interval duration above) to include this host in success rate based outlier detection. If the volume is lower than this setting, outlier detection via success rate statistics is not performed for that host. Defaults to 100.
- Success
Rate intStdev Factor - This factor is used to determine the ejection threshold for success rate outlier ejection. The ejection threshold is the difference between the mean success rate, and the product of this factor and the standard deviation of the mean success rate: mean - (stdev * success_rate_stdev_factor). This factor is divided by a thousand to get a double. That is, if the desired factor is 1.9, the runtime value should be 1900. Defaults to 1900.
- Base
Ejection BackendTime Service Outlier Detection Base Ejection Time - The base time that a host is ejected for. The real time is equal to the base time multiplied by the number of times the host has been ejected. Defaults to 30000ms or 30s. Structure is documented below.
- Consecutive
Errors int - Number of errors before a host is ejected from the connection pool. When the backend host is accessed over HTTP, a 5xx return code qualifies as an error. Defaults to 5.
- Consecutive
Gateway intFailure - The number of consecutive gateway failures (502, 503, 504 status or connection errors that are mapped to one of those status codes) before a consecutive gateway failure ejection occurs. Defaults to 5.
- Enforcing
Consecutive intErrors - The percentage chance that a host will be actually ejected when an outlier status is detected through consecutive 5xx. This setting can be used to disable ejection or to ramp it up slowly. Defaults to 100.
- Enforcing
Consecutive intGateway Failure - The percentage chance that a host will be actually ejected when an outlier status is detected through consecutive gateway failures. This setting can be used to disable ejection or to ramp it up slowly. Defaults to 0.
- Enforcing
Success intRate - The percentage chance that a host will be actually ejected when an outlier status is detected through success rate statistics. This setting can be used to disable ejection or to ramp it up slowly. Defaults to 100.
- Interval
Backend
Service Outlier Detection Interval - Time interval between ejection sweep analysis. This can result in both new ejections as well as hosts being returned to service. Defaults to 10 seconds. Structure is documented below.
- Max
Ejection intPercent - Maximum percentage of hosts in the load balancing pool for the backend service that can be ejected. Defaults to 10%.
- Success
Rate intMinimum Hosts - The number of hosts in a cluster that must have enough request volume to detect success rate outliers. If the number of hosts is less than this setting, outlier detection via success rate statistics is not performed for any host in the cluster. Defaults to 5.
- Success
Rate intRequest Volume - The minimum number of total requests that must be collected in one interval (as defined by the interval duration above) to include this host in success rate based outlier detection. If the volume is lower than this setting, outlier detection via success rate statistics is not performed for that host. Defaults to 100.
- Success
Rate intStdev Factor - This factor is used to determine the ejection threshold for success rate outlier ejection. The ejection threshold is the difference between the mean success rate, and the product of this factor and the standard deviation of the mean success rate: mean - (stdev * success_rate_stdev_factor). This factor is divided by a thousand to get a double. That is, if the desired factor is 1.9, the runtime value should be 1900. Defaults to 1900.
- base
Ejection BackendTime Service Outlier Detection Base Ejection Time - The base time that a host is ejected for. The real time is equal to the base time multiplied by the number of times the host has been ejected. Defaults to 30000ms or 30s. Structure is documented below.
- consecutive
Errors Integer - Number of errors before a host is ejected from the connection pool. When the backend host is accessed over HTTP, a 5xx return code qualifies as an error. Defaults to 5.
- consecutive
Gateway IntegerFailure - The number of consecutive gateway failures (502, 503, 504 status or connection errors that are mapped to one of those status codes) before a consecutive gateway failure ejection occurs. Defaults to 5.
- enforcing
Consecutive IntegerErrors - The percentage chance that a host will be actually ejected when an outlier status is detected through consecutive 5xx. This setting can be used to disable ejection or to ramp it up slowly. Defaults to 100.
- enforcing
Consecutive IntegerGateway Failure - The percentage chance that a host will be actually ejected when an outlier status is detected through consecutive gateway failures. This setting can be used to disable ejection or to ramp it up slowly. Defaults to 0.
- enforcing
Success IntegerRate - The percentage chance that a host will be actually ejected when an outlier status is detected through success rate statistics. This setting can be used to disable ejection or to ramp it up slowly. Defaults to 100.
- interval
Backend
Service Outlier Detection Interval - Time interval between ejection sweep analysis. This can result in both new ejections as well as hosts being returned to service. Defaults to 10 seconds. Structure is documented below.
- max
Ejection IntegerPercent - Maximum percentage of hosts in the load balancing pool for the backend service that can be ejected. Defaults to 10%.
- success
Rate IntegerMinimum Hosts - The number of hosts in a cluster that must have enough request volume to detect success rate outliers. If the number of hosts is less than this setting, outlier detection via success rate statistics is not performed for any host in the cluster. Defaults to 5.
- success
Rate IntegerRequest Volume - The minimum number of total requests that must be collected in one interval (as defined by the interval duration above) to include this host in success rate based outlier detection. If the volume is lower than this setting, outlier detection via success rate statistics is not performed for that host. Defaults to 100.
- success
Rate IntegerStdev Factor - This factor is used to determine the ejection threshold for success rate outlier ejection. The ejection threshold is the difference between the mean success rate, and the product of this factor and the standard deviation of the mean success rate: mean - (stdev * success_rate_stdev_factor). This factor is divided by a thousand to get a double. That is, if the desired factor is 1.9, the runtime value should be 1900. Defaults to 1900.
- base
Ejection BackendTime Service Outlier Detection Base Ejection Time - The base time that a host is ejected for. The real time is equal to the base time multiplied by the number of times the host has been ejected. Defaults to 30000ms or 30s. Structure is documented below.
- consecutive
Errors number - Number of errors before a host is ejected from the connection pool. When the backend host is accessed over HTTP, a 5xx return code qualifies as an error. Defaults to 5.
- consecutive
Gateway numberFailure - The number of consecutive gateway failures (502, 503, 504 status or connection errors that are mapped to one of those status codes) before a consecutive gateway failure ejection occurs. Defaults to 5.
- enforcing
Consecutive numberErrors - The percentage chance that a host will be actually ejected when an outlier status is detected through consecutive 5xx. This setting can be used to disable ejection or to ramp it up slowly. Defaults to 100.
- enforcing
Consecutive numberGateway Failure - The percentage chance that a host will be actually ejected when an outlier status is detected through consecutive gateway failures. This setting can be used to disable ejection or to ramp it up slowly. Defaults to 0.
- enforcing
Success numberRate - The percentage chance that a host will be actually ejected when an outlier status is detected through success rate statistics. This setting can be used to disable ejection or to ramp it up slowly. Defaults to 100.
- interval
Backend
Service Outlier Detection Interval - Time interval between ejection sweep analysis. This can result in both new ejections as well as hosts being returned to service. Defaults to 10 seconds. Structure is documented below.
- max
Ejection numberPercent - Maximum percentage of hosts in the load balancing pool for the backend service that can be ejected. Defaults to 10%.
- success
Rate numberMinimum Hosts - The number of hosts in a cluster that must have enough request volume to detect success rate outliers. If the number of hosts is less than this setting, outlier detection via success rate statistics is not performed for any host in the cluster. Defaults to 5.
- success
Rate numberRequest Volume - The minimum number of total requests that must be collected in one interval (as defined by the interval duration above) to include this host in success rate based outlier detection. If the volume is lower than this setting, outlier detection via success rate statistics is not performed for that host. Defaults to 100.
- success
Rate numberStdev Factor - This factor is used to determine the ejection threshold for success rate outlier ejection. The ejection threshold is the difference between the mean success rate, and the product of this factor and the standard deviation of the mean success rate: mean - (stdev * success_rate_stdev_factor). This factor is divided by a thousand to get a double. That is, if the desired factor is 1.9, the runtime value should be 1900. Defaults to 1900.
- base_
ejection_ Backendtime Service Outlier Detection Base Ejection Time - The base time that a host is ejected for. The real time is equal to the base time multiplied by the number of times the host has been ejected. Defaults to 30000ms or 30s. Structure is documented below.
- consecutive_
errors int - Number of errors before a host is ejected from the connection pool. When the backend host is accessed over HTTP, a 5xx return code qualifies as an error. Defaults to 5.
- consecutive_
gateway_ intfailure - The number of consecutive gateway failures (502, 503, 504 status or connection errors that are mapped to one of those status codes) before a consecutive gateway failure ejection occurs. Defaults to 5.
- enforcing_
consecutive_ interrors - The percentage chance that a host will be actually ejected when an outlier status is detected through consecutive 5xx. This setting can be used to disable ejection or to ramp it up slowly. Defaults to 100.
- enforcing_
consecutive_ intgateway_ failure - The percentage chance that a host will be actually ejected when an outlier status is detected through consecutive gateway failures. This setting can be used to disable ejection or to ramp it up slowly. Defaults to 0.
- enforcing_
success_ intrate - The percentage chance that a host will be actually ejected when an outlier status is detected through success rate statistics. This setting can be used to disable ejection or to ramp it up slowly. Defaults to 100.
- interval
Backend
Service Outlier Detection Interval - Time interval between ejection sweep analysis. This can result in both new ejections as well as hosts being returned to service. Defaults to 10 seconds. Structure is documented below.
- max_
ejection_ intpercent - Maximum percentage of hosts in the load balancing pool for the backend service that can be ejected. Defaults to 10%.
- success_
rate_ intminimum_ hosts - The number of hosts in a cluster that must have enough request volume to detect success rate outliers. If the number of hosts is less than this setting, outlier detection via success rate statistics is not performed for any host in the cluster. Defaults to 5.
- success_
rate_ intrequest_ volume - The minimum number of total requests that must be collected in one interval (as defined by the interval duration above) to include this host in success rate based outlier detection. If the volume is lower than this setting, outlier detection via success rate statistics is not performed for that host. Defaults to 100.
- success_
rate_ intstdev_ factor - This factor is used to determine the ejection threshold for success rate outlier ejection. The ejection threshold is the difference between the mean success rate, and the product of this factor and the standard deviation of the mean success rate: mean - (stdev * success_rate_stdev_factor). This factor is divided by a thousand to get a double. That is, if the desired factor is 1.9, the runtime value should be 1900. Defaults to 1900.
- base
Ejection Property MapTime - The base time that a host is ejected for. The real time is equal to the base time multiplied by the number of times the host has been ejected. Defaults to 30000ms or 30s. Structure is documented below.
- consecutive
Errors Number - Number of errors before a host is ejected from the connection pool. When the backend host is accessed over HTTP, a 5xx return code qualifies as an error. Defaults to 5.
- consecutive
Gateway NumberFailure - The number of consecutive gateway failures (502, 503, 504 status or connection errors that are mapped to one of those status codes) before a consecutive gateway failure ejection occurs. Defaults to 5.
- enforcing
Consecutive NumberErrors - The percentage chance that a host will be actually ejected when an outlier status is detected through consecutive 5xx. This setting can be used to disable ejection or to ramp it up slowly. Defaults to 100.
- enforcing
Consecutive NumberGateway Failure - The percentage chance that a host will be actually ejected when an outlier status is detected through consecutive gateway failures. This setting can be used to disable ejection or to ramp it up slowly. Defaults to 0.
- enforcing
Success NumberRate - The percentage chance that a host will be actually ejected when an outlier status is detected through success rate statistics. This setting can be used to disable ejection or to ramp it up slowly. Defaults to 100.
- interval Property Map
- Time interval between ejection sweep analysis. This can result in both new ejections as well as hosts being returned to service. Defaults to 10 seconds. Structure is documented below.
- max
Ejection NumberPercent - Maximum percentage of hosts in the load balancing pool for the backend service that can be ejected. Defaults to 10%.
- success
Rate NumberMinimum Hosts - The number of hosts in a cluster that must have enough request volume to detect success rate outliers. If the number of hosts is less than this setting, outlier detection via success rate statistics is not performed for any host in the cluster. Defaults to 5.
- success
Rate NumberRequest Volume - The minimum number of total requests that must be collected in one interval (as defined by the interval duration above) to include this host in success rate based outlier detection. If the volume is lower than this setting, outlier detection via success rate statistics is not performed for that host. Defaults to 100.
- success
Rate NumberStdev Factor - This factor is used to determine the ejection threshold for success rate outlier ejection. The ejection threshold is the difference between the mean success rate, and the product of this factor and the standard deviation of the mean success rate: mean - (stdev * success_rate_stdev_factor). This factor is divided by a thousand to get a double. That is, if the desired factor is 1.9, the runtime value should be 1900. Defaults to 1900.
BackendServiceOutlierDetectionBaseEjectionTime, BackendServiceOutlierDetectionBaseEjectionTimeArgs
- Seconds int
- Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive.
- Nanos int
- Span of time that's a fraction of a second at nanosecond resolution. Durations
less than one second are represented with a 0
secondsfield and a positivenanosfield. Must be from 0 to 999,999,999 inclusive.
- Seconds int
- Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive.
- Nanos int
- Span of time that's a fraction of a second at nanosecond resolution. Durations
less than one second are represented with a 0
secondsfield and a positivenanosfield. Must be from 0 to 999,999,999 inclusive.
- seconds Integer
- Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive.
- nanos Integer
- Span of time that's a fraction of a second at nanosecond resolution. Durations
less than one second are represented with a 0
secondsfield and a positivenanosfield. Must be from 0 to 999,999,999 inclusive.
- seconds number
- Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive.
- nanos number
- Span of time that's a fraction of a second at nanosecond resolution. Durations
less than one second are represented with a 0
secondsfield and a positivenanosfield. Must be from 0 to 999,999,999 inclusive.
- seconds int
- Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive.
- nanos int
- Span of time that's a fraction of a second at nanosecond resolution. Durations
less than one second are represented with a 0
secondsfield and a positivenanosfield. Must be from 0 to 999,999,999 inclusive.
- seconds Number
- Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive.
- nanos Number
- Span of time that's a fraction of a second at nanosecond resolution. Durations
less than one second are represented with a 0
secondsfield and a positivenanosfield. Must be from 0 to 999,999,999 inclusive.
BackendServiceOutlierDetectionInterval, BackendServiceOutlierDetectionIntervalArgs
- Seconds int
- Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive.
- Nanos int
- Span of time that's a fraction of a second at nanosecond resolution. Durations
less than one second are represented with a 0
secondsfield and a positivenanosfield. Must be from 0 to 999,999,999 inclusive.
- Seconds int
- Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive.
- Nanos int
- Span of time that's a fraction of a second at nanosecond resolution. Durations
less than one second are represented with a 0
secondsfield and a positivenanosfield. Must be from 0 to 999,999,999 inclusive.
- seconds Integer
- Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive.
- nanos Integer
- Span of time that's a fraction of a second at nanosecond resolution. Durations
less than one second are represented with a 0
secondsfield and a positivenanosfield. Must be from 0 to 999,999,999 inclusive.
- seconds number
- Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive.
- nanos number
- Span of time that's a fraction of a second at nanosecond resolution. Durations
less than one second are represented with a 0
secondsfield and a positivenanosfield. Must be from 0 to 999,999,999 inclusive.
- seconds int
- Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive.
- nanos int
- Span of time that's a fraction of a second at nanosecond resolution. Durations
less than one second are represented with a 0
secondsfield and a positivenanosfield. Must be from 0 to 999,999,999 inclusive.
- seconds Number
- Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive.
- nanos Number
- Span of time that's a fraction of a second at nanosecond resolution. Durations
less than one second are represented with a 0
secondsfield and a positivenanosfield. Must be from 0 to 999,999,999 inclusive.
BackendServiceParams, BackendServiceParamsArgs
- Dictionary<string, string>
- Resource manager tags to be bound to the backend service. Tag keys and values have the same definition as resource manager tags. Keys must be in the format tagKeys/{tag_key_id}, and values are in the format tagValues/456.
- map[string]string
- Resource manager tags to be bound to the backend service. Tag keys and values have the same definition as resource manager tags. Keys must be in the format tagKeys/{tag_key_id}, and values are in the format tagValues/456.
- Map<String,String>
- Resource manager tags to be bound to the backend service. Tag keys and values have the same definition as resource manager tags. Keys must be in the format tagKeys/{tag_key_id}, and values are in the format tagValues/456.
- {[key: string]: string}
- Resource manager tags to be bound to the backend service. Tag keys and values have the same definition as resource manager tags. Keys must be in the format tagKeys/{tag_key_id}, and values are in the format tagValues/456.
- Mapping[str, str]
- Resource manager tags to be bound to the backend service. Tag keys and values have the same definition as resource manager tags. Keys must be in the format tagKeys/{tag_key_id}, and values are in the format tagValues/456.
- Map<String>
- Resource manager tags to be bound to the backend service. Tag keys and values have the same definition as resource manager tags. Keys must be in the format tagKeys/{tag_key_id}, and values are in the format tagValues/456.
BackendServiceSecuritySettings, BackendServiceSecuritySettingsArgs
- Aws
V4Authentication BackendService Security Settings Aws V4Authentication The configuration needed to generate a signature for access to private storage buckets that support AWS's Signature Version 4 for authentication. Allowed only for INTERNET_IP_PORT and INTERNET_FQDN_PORT NEG backends. Structure is documented below.
The
aws_v4_authenticationblock supports:- Client
Tls stringPolicy - ClientTlsPolicy is a resource that specifies how a client should authenticate connections to backends of a service. This resource itself does not affect configuration unless it is attached to a backend service resource.
- Subject
Alt List<string>Names - A list of alternate names to verify the subject identity in the certificate. If specified, the client will verify that the server certificate's subject alt name matches one of the specified values.
- Aws
V4Authentication BackendService Security Settings Aws V4Authentication The configuration needed to generate a signature for access to private storage buckets that support AWS's Signature Version 4 for authentication. Allowed only for INTERNET_IP_PORT and INTERNET_FQDN_PORT NEG backends. Structure is documented below.
The
aws_v4_authenticationblock supports:- Client
Tls stringPolicy - ClientTlsPolicy is a resource that specifies how a client should authenticate connections to backends of a service. This resource itself does not affect configuration unless it is attached to a backend service resource.
- Subject
Alt []stringNames - A list of alternate names to verify the subject identity in the certificate. If specified, the client will verify that the server certificate's subject alt name matches one of the specified values.
- aws
V4Authentication BackendService Security Settings Aws V4Authentication The configuration needed to generate a signature for access to private storage buckets that support AWS's Signature Version 4 for authentication. Allowed only for INTERNET_IP_PORT and INTERNET_FQDN_PORT NEG backends. Structure is documented below.
The
aws_v4_authenticationblock supports:- client
Tls StringPolicy - ClientTlsPolicy is a resource that specifies how a client should authenticate connections to backends of a service. This resource itself does not affect configuration unless it is attached to a backend service resource.
- subject
Alt List<String>Names - A list of alternate names to verify the subject identity in the certificate. If specified, the client will verify that the server certificate's subject alt name matches one of the specified values.
- aws
V4Authentication BackendService Security Settings Aws V4Authentication The configuration needed to generate a signature for access to private storage buckets that support AWS's Signature Version 4 for authentication. Allowed only for INTERNET_IP_PORT and INTERNET_FQDN_PORT NEG backends. Structure is documented below.
The
aws_v4_authenticationblock supports:- client
Tls stringPolicy - ClientTlsPolicy is a resource that specifies how a client should authenticate connections to backends of a service. This resource itself does not affect configuration unless it is attached to a backend service resource.
- subject
Alt string[]Names - A list of alternate names to verify the subject identity in the certificate. If specified, the client will verify that the server certificate's subject alt name matches one of the specified values.
- aws_
v4_ Backendauthentication Service Security Settings Aws V4Authentication The configuration needed to generate a signature for access to private storage buckets that support AWS's Signature Version 4 for authentication. Allowed only for INTERNET_IP_PORT and INTERNET_FQDN_PORT NEG backends. Structure is documented below.
The
aws_v4_authenticationblock supports:- client_
tls_ strpolicy - ClientTlsPolicy is a resource that specifies how a client should authenticate connections to backends of a service. This resource itself does not affect configuration unless it is attached to a backend service resource.
- subject_
alt_ Sequence[str]names - A list of alternate names to verify the subject identity in the certificate. If specified, the client will verify that the server certificate's subject alt name matches one of the specified values.
- aws
V4Authentication Property Map The configuration needed to generate a signature for access to private storage buckets that support AWS's Signature Version 4 for authentication. Allowed only for INTERNET_IP_PORT and INTERNET_FQDN_PORT NEG backends. Structure is documented below.
The
aws_v4_authenticationblock supports:- client
Tls StringPolicy - ClientTlsPolicy is a resource that specifies how a client should authenticate connections to backends of a service. This resource itself does not affect configuration unless it is attached to a backend service resource.
- subject
Alt List<String>Names - A list of alternate names to verify the subject identity in the certificate. If specified, the client will verify that the server certificate's subject alt name matches one of the specified values.
BackendServiceSecuritySettingsAwsV4Authentication, BackendServiceSecuritySettingsAwsV4AuthenticationArgs
- Access
Key string - The access key used for s3 bucket authentication. Required for updating or creating a backend that uses AWS v4 signature authentication, but will not be returned as part of the configuration when queried with a REST API GET request.
- Access
Key stringId - The identifier of an access key used for s3 bucket authentication.
- Access
Key stringVersion - The optional version identifier for the access key. You can use this to keep track of different iterations of your access key.
- Origin
Region string - The name of the cloud region of your origin. This is a free-form field with the name of the region your cloud uses to host your origin. For example, "us-east-1" for AWS or "us-ashburn-1" for OCI.
- Access
Key string - The access key used for s3 bucket authentication. Required for updating or creating a backend that uses AWS v4 signature authentication, but will not be returned as part of the configuration when queried with a REST API GET request.
- Access
Key stringId - The identifier of an access key used for s3 bucket authentication.
- Access
Key stringVersion - The optional version identifier for the access key. You can use this to keep track of different iterations of your access key.
- Origin
Region string - The name of the cloud region of your origin. This is a free-form field with the name of the region your cloud uses to host your origin. For example, "us-east-1" for AWS or "us-ashburn-1" for OCI.
- access
Key String - The access key used for s3 bucket authentication. Required for updating or creating a backend that uses AWS v4 signature authentication, but will not be returned as part of the configuration when queried with a REST API GET request.
- access
Key StringId - The identifier of an access key used for s3 bucket authentication.
- access
Key StringVersion - The optional version identifier for the access key. You can use this to keep track of different iterations of your access key.
- origin
Region String - The name of the cloud region of your origin. This is a free-form field with the name of the region your cloud uses to host your origin. For example, "us-east-1" for AWS or "us-ashburn-1" for OCI.
- access
Key string - The access key used for s3 bucket authentication. Required for updating or creating a backend that uses AWS v4 signature authentication, but will not be returned as part of the configuration when queried with a REST API GET request.
- access
Key stringId - The identifier of an access key used for s3 bucket authentication.
- access
Key stringVersion - The optional version identifier for the access key. You can use this to keep track of different iterations of your access key.
- origin
Region string - The name of the cloud region of your origin. This is a free-form field with the name of the region your cloud uses to host your origin. For example, "us-east-1" for AWS or "us-ashburn-1" for OCI.
- access_
key str - The access key used for s3 bucket authentication. Required for updating or creating a backend that uses AWS v4 signature authentication, but will not be returned as part of the configuration when queried with a REST API GET request.
- access_
key_ strid - The identifier of an access key used for s3 bucket authentication.
- access_
key_ strversion - The optional version identifier for the access key. You can use this to keep track of different iterations of your access key.
- origin_
region str - The name of the cloud region of your origin. This is a free-form field with the name of the region your cloud uses to host your origin. For example, "us-east-1" for AWS or "us-ashburn-1" for OCI.
- access
Key String - The access key used for s3 bucket authentication. Required for updating or creating a backend that uses AWS v4 signature authentication, but will not be returned as part of the configuration when queried with a REST API GET request.
- access
Key StringId - The identifier of an access key used for s3 bucket authentication.
- access
Key StringVersion - The optional version identifier for the access key. You can use this to keep track of different iterations of your access key.
- origin
Region String - The name of the cloud region of your origin. This is a free-form field with the name of the region your cloud uses to host your origin. For example, "us-east-1" for AWS or "us-ashburn-1" for OCI.
BackendServiceStrongSessionAffinityCookie, BackendServiceStrongSessionAffinityCookieArgs
- Name string
- Name of the cookie.
- Path string
- Path to set for the cookie.
- Ttl
Backend
Service Strong Session Affinity Cookie Ttl - Lifetime of the cookie. Structure is documented below.
- Name string
- Name of the cookie.
- Path string
- Path to set for the cookie.
- Ttl
Backend
Service Strong Session Affinity Cookie Ttl - Lifetime of the cookie. Structure is documented below.
- name String
- Name of the cookie.
- path String
- Path to set for the cookie.
- ttl
Backend
Service Strong Session Affinity Cookie Ttl - Lifetime of the cookie. Structure is documented below.
- name string
- Name of the cookie.
- path string
- Path to set for the cookie.
- ttl
Backend
Service Strong Session Affinity Cookie Ttl - Lifetime of the cookie. Structure is documented below.
- name str
- Name of the cookie.
- path str
- Path to set for the cookie.
- ttl
Backend
Service Strong Session Affinity Cookie Ttl - Lifetime of the cookie. Structure is documented below.
- name String
- Name of the cookie.
- path String
- Path to set for the cookie.
- ttl Property Map
- Lifetime of the cookie. Structure is documented below.
BackendServiceStrongSessionAffinityCookieTtl, BackendServiceStrongSessionAffinityCookieTtlArgs
- Seconds int
- Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive.
- Nanos int
- Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive.
- Seconds int
- Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive.
- Nanos int
- Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive.
- seconds Integer
- Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive.
- nanos Integer
- Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive.
- seconds number
- Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive.
- nanos number
- Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive.
- seconds int
- Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive.
- nanos int
- Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive.
- seconds Number
- Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive.
- nanos Number
- Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive.
BackendServiceTlsSettings, BackendServiceTlsSettingsArgs
- Authentication
Config string - Reference to the BackendAuthenticationConfig resource from the networksecurity.googleapis.com namespace. Can be used in authenticating TLS connections to the backend, as specified by the authenticationMode field. Can only be specified if authenticationMode is not NONE.
- Sni string
- Server Name Indication - see RFC3546 section 3.1. If set, the load balancer sends this string as the SNI hostname in the TLS connection to the backend, and requires that this string match a Subject Alternative Name (SAN) in the backend's server certificate. With a Regional Internet NEG backend, if the SNI is specified here, the load balancer uses it regardless of whether the Regional Internet NEG is specified with FQDN or IP address and port.
- Subject
Alt List<BackendNames Service Tls Settings Subject Alt Name> - A list of Subject Alternative Names (SANs) that the Load Balancer verifies during a TLS handshake with the backend. When the server presents its X.509 certificate to the Load Balancer, the Load Balancer inspects the certificate's SAN field, and requires that at least one SAN match one of the subjectAltNames in the list. This field is limited to 5 entries. When both sni and subjectAltNames are specified, the load balancer matches the backend certificate's SAN only to subjectAltNames. Structure is documented below.
- Authentication
Config string - Reference to the BackendAuthenticationConfig resource from the networksecurity.googleapis.com namespace. Can be used in authenticating TLS connections to the backend, as specified by the authenticationMode field. Can only be specified if authenticationMode is not NONE.
- Sni string
- Server Name Indication - see RFC3546 section 3.1. If set, the load balancer sends this string as the SNI hostname in the TLS connection to the backend, and requires that this string match a Subject Alternative Name (SAN) in the backend's server certificate. With a Regional Internet NEG backend, if the SNI is specified here, the load balancer uses it regardless of whether the Regional Internet NEG is specified with FQDN or IP address and port.
- Subject
Alt []BackendNames Service Tls Settings Subject Alt Name - A list of Subject Alternative Names (SANs) that the Load Balancer verifies during a TLS handshake with the backend. When the server presents its X.509 certificate to the Load Balancer, the Load Balancer inspects the certificate's SAN field, and requires that at least one SAN match one of the subjectAltNames in the list. This field is limited to 5 entries. When both sni and subjectAltNames are specified, the load balancer matches the backend certificate's SAN only to subjectAltNames. Structure is documented below.
- authentication
Config String - Reference to the BackendAuthenticationConfig resource from the networksecurity.googleapis.com namespace. Can be used in authenticating TLS connections to the backend, as specified by the authenticationMode field. Can only be specified if authenticationMode is not NONE.
- sni String
- Server Name Indication - see RFC3546 section 3.1. If set, the load balancer sends this string as the SNI hostname in the TLS connection to the backend, and requires that this string match a Subject Alternative Name (SAN) in the backend's server certificate. With a Regional Internet NEG backend, if the SNI is specified here, the load balancer uses it regardless of whether the Regional Internet NEG is specified with FQDN or IP address and port.
- subject
Alt List<BackendNames Service Tls Settings Subject Alt Name> - A list of Subject Alternative Names (SANs) that the Load Balancer verifies during a TLS handshake with the backend. When the server presents its X.509 certificate to the Load Balancer, the Load Balancer inspects the certificate's SAN field, and requires that at least one SAN match one of the subjectAltNames in the list. This field is limited to 5 entries. When both sni and subjectAltNames are specified, the load balancer matches the backend certificate's SAN only to subjectAltNames. Structure is documented below.
- authentication
Config string - Reference to the BackendAuthenticationConfig resource from the networksecurity.googleapis.com namespace. Can be used in authenticating TLS connections to the backend, as specified by the authenticationMode field. Can only be specified if authenticationMode is not NONE.
- sni string
- Server Name Indication - see RFC3546 section 3.1. If set, the load balancer sends this string as the SNI hostname in the TLS connection to the backend, and requires that this string match a Subject Alternative Name (SAN) in the backend's server certificate. With a Regional Internet NEG backend, if the SNI is specified here, the load balancer uses it regardless of whether the Regional Internet NEG is specified with FQDN or IP address and port.
- subject
Alt BackendNames Service Tls Settings Subject Alt Name[] - A list of Subject Alternative Names (SANs) that the Load Balancer verifies during a TLS handshake with the backend. When the server presents its X.509 certificate to the Load Balancer, the Load Balancer inspects the certificate's SAN field, and requires that at least one SAN match one of the subjectAltNames in the list. This field is limited to 5 entries. When both sni and subjectAltNames are specified, the load balancer matches the backend certificate's SAN only to subjectAltNames. Structure is documented below.
- authentication_
config str - Reference to the BackendAuthenticationConfig resource from the networksecurity.googleapis.com namespace. Can be used in authenticating TLS connections to the backend, as specified by the authenticationMode field. Can only be specified if authenticationMode is not NONE.
- sni str
- Server Name Indication - see RFC3546 section 3.1. If set, the load balancer sends this string as the SNI hostname in the TLS connection to the backend, and requires that this string match a Subject Alternative Name (SAN) in the backend's server certificate. With a Regional Internet NEG backend, if the SNI is specified here, the load balancer uses it regardless of whether the Regional Internet NEG is specified with FQDN or IP address and port.
- subject_
alt_ Sequence[Backendnames Service Tls Settings Subject Alt Name] - A list of Subject Alternative Names (SANs) that the Load Balancer verifies during a TLS handshake with the backend. When the server presents its X.509 certificate to the Load Balancer, the Load Balancer inspects the certificate's SAN field, and requires that at least one SAN match one of the subjectAltNames in the list. This field is limited to 5 entries. When both sni and subjectAltNames are specified, the load balancer matches the backend certificate's SAN only to subjectAltNames. Structure is documented below.
- authentication
Config String - Reference to the BackendAuthenticationConfig resource from the networksecurity.googleapis.com namespace. Can be used in authenticating TLS connections to the backend, as specified by the authenticationMode field. Can only be specified if authenticationMode is not NONE.
- sni String
- Server Name Indication - see RFC3546 section 3.1. If set, the load balancer sends this string as the SNI hostname in the TLS connection to the backend, and requires that this string match a Subject Alternative Name (SAN) in the backend's server certificate. With a Regional Internet NEG backend, if the SNI is specified here, the load balancer uses it regardless of whether the Regional Internet NEG is specified with FQDN or IP address and port.
- subject
Alt List<Property Map>Names - A list of Subject Alternative Names (SANs) that the Load Balancer verifies during a TLS handshake with the backend. When the server presents its X.509 certificate to the Load Balancer, the Load Balancer inspects the certificate's SAN field, and requires that at least one SAN match one of the subjectAltNames in the list. This field is limited to 5 entries. When both sni and subjectAltNames are specified, the load balancer matches the backend certificate's SAN only to subjectAltNames. Structure is documented below.
BackendServiceTlsSettingsSubjectAltName, BackendServiceTlsSettingsSubjectAltNameArgs
- Dns
Name string - The SAN specified as a DNS Name.
- Uniform
Resource stringIdentifier - The SAN specified as a URI.
- Dns
Name string - The SAN specified as a DNS Name.
- Uniform
Resource stringIdentifier - The SAN specified as a URI.
- dns
Name String - The SAN specified as a DNS Name.
- uniform
Resource StringIdentifier - The SAN specified as a URI.
- dns
Name string - The SAN specified as a DNS Name.
- uniform
Resource stringIdentifier - The SAN specified as a URI.
- dns_
name str - The SAN specified as a DNS Name.
- uniform_
resource_ stridentifier - The SAN specified as a URI.
- dns
Name String - The SAN specified as a DNS Name.
- uniform
Resource StringIdentifier - The SAN specified as a URI.
Import
BackendService can be imported using any of these accepted formats:
projects/{{project}}/global/backendServices/{{name}}{{project}}/{{name}}{{name}}
When using the pulumi import command, BackendService can be imported using one of the formats above. For example:
$ pulumi import gcp:compute/backendService:BackendService default projects/{{project}}/global/backendServices/{{name}}
$ pulumi import gcp:compute/backendService:BackendService default {{project}}/{{name}}
$ pulumi import gcp:compute/backendService:BackendService default {{name}}
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Google Cloud (GCP) Classic pulumi/pulumi-gcp
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
google-betaTerraform Provider.
