gcp.compute.GlobalForwardingRule
Explore with Pulumi AI
Represents a GlobalForwardingRule resource. Global forwarding rules are used to forward traffic to the correct load balancer for HTTP load balancing. Global forwarding rules can only be used for HTTP load balancing.
For more information, see https://cloud.google.com/compute/docs/load-balancing/http/
Example Usage
External Ssl Proxy Lb Mig Backend
Coming soon!
Coming soon!
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.compute.Network;
import com.pulumi.gcp.compute.NetworkArgs;
import com.pulumi.gcp.compute.Subnetwork;
import com.pulumi.gcp.compute.SubnetworkArgs;
import com.pulumi.gcp.compute.GlobalAddress;
import com.pulumi.tls.PrivateKey;
import com.pulumi.tls.PrivateKeyArgs;
import com.pulumi.tls.SelfSignedCert;
import com.pulumi.tls.SelfSignedCertArgs;
import com.pulumi.tls.inputs.SelfSignedCertSubjectArgs;
import com.pulumi.gcp.compute.SSLCertificate;
import com.pulumi.gcp.compute.SSLCertificateArgs;
import com.pulumi.gcp.compute.HealthCheck;
import com.pulumi.gcp.compute.HealthCheckArgs;
import com.pulumi.gcp.compute.inputs.HealthCheckTcpHealthCheckArgs;
import com.pulumi.gcp.compute.InstanceTemplate;
import com.pulumi.gcp.compute.InstanceTemplateArgs;
import com.pulumi.gcp.compute.inputs.InstanceTemplateNetworkInterfaceArgs;
import com.pulumi.gcp.compute.inputs.InstanceTemplateDiskArgs;
import com.pulumi.gcp.compute.InstanceGroupManager;
import com.pulumi.gcp.compute.InstanceGroupManagerArgs;
import com.pulumi.gcp.compute.inputs.InstanceGroupManagerNamedPortArgs;
import com.pulumi.gcp.compute.inputs.InstanceGroupManagerVersionArgs;
import com.pulumi.gcp.compute.BackendService;
import com.pulumi.gcp.compute.BackendServiceArgs;
import com.pulumi.gcp.compute.inputs.BackendServiceBackendArgs;
import com.pulumi.gcp.compute.TargetSSLProxy;
import com.pulumi.gcp.compute.TargetSSLProxyArgs;
import com.pulumi.gcp.compute.GlobalForwardingRule;
import com.pulumi.gcp.compute.GlobalForwardingRuleArgs;
import com.pulumi.gcp.compute.Firewall;
import com.pulumi.gcp.compute.FirewallArgs;
import com.pulumi.gcp.compute.inputs.FirewallAllowArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var defaultNetwork = new Network("defaultNetwork", NetworkArgs.builder()
.autoCreateSubnetworks(false)
.build(), CustomResourceOptions.builder()
.provider(google)
.build());
var defaultSubnetwork = new Subnetwork("defaultSubnetwork", SubnetworkArgs.builder()
.ipCidrRange("10.0.1.0/24")
.region("us-central1")
.network(defaultNetwork.id())
.build(), CustomResourceOptions.builder()
.provider(google)
.build());
var defaultGlobalAddress = new GlobalAddress("defaultGlobalAddress");
var defaultPrivateKey = new PrivateKey("defaultPrivateKey", PrivateKeyArgs.builder()
.algorithm("RSA")
.rsaBits(2048)
.build());
var defaultSelfSignedCert = new SelfSignedCert("defaultSelfSignedCert", SelfSignedCertArgs.builder()
.keyAlgorithm(defaultPrivateKey.algorithm())
.privateKeyPem(defaultPrivateKey.privateKeyPem())
.validityPeriodHours(12)
.earlyRenewalHours(3)
.allowedUses(
"key_encipherment",
"digital_signature",
"server_auth")
.dnsNames("example.com")
.subject(SelfSignedCertSubjectArgs.builder()
.commonName("example.com")
.organization("ACME Examples, Inc")
.build())
.build());
var defaultSSLCertificate = new SSLCertificate("defaultSSLCertificate", SSLCertificateArgs.builder()
.privateKey(defaultPrivateKey.privateKeyPem())
.certificate(defaultSelfSignedCert.certPem())
.build());
var defaultHealthCheck = new HealthCheck("defaultHealthCheck", HealthCheckArgs.builder()
.timeoutSec(1)
.checkIntervalSec(1)
.tcpHealthCheck(HealthCheckTcpHealthCheckArgs.builder()
.port("443")
.build())
.build());
var defaultInstanceTemplate = new InstanceTemplate("defaultInstanceTemplate", InstanceTemplateArgs.builder()
.machineType("e2-small")
.tags("allow-health-check")
.networkInterfaces(InstanceTemplateNetworkInterfaceArgs.builder()
.network(defaultNetwork.id())
.subnetwork(defaultSubnetwork.id())
.accessConfigs()
.build())
.disks(InstanceTemplateDiskArgs.builder()
.sourceImage("debian-cloud/debian-10")
.autoDelete(true)
.boot(true)
.build())
.metadata(Map.of("startup-script", """
#! /bin/bash
set -euo pipefail
export DEBIAN_FRONTEND=noninteractive
sudo apt-get update
sudo apt-get install -y apache2 jq
sudo a2ensite default-ssl
sudo a2enmod ssl
sudo service apache2 restart
NAME=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/hostname")
IP=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/0/ip")
METADATA=$(curl -f -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/attributes/?recursive=True" | jq 'del(.["startup-script"])')
cat <<EOF > /var/www/html/index.html
<h1>SSL Load Balancer</h1>
<pre>
Name: $NAME
IP: $IP
Metadata: $METADATA
</pre>
EOF
"""))
.build(), CustomResourceOptions.builder()
.provider(google)
.build());
var defaultInstanceGroupManager = new InstanceGroupManager("defaultInstanceGroupManager", InstanceGroupManagerArgs.builder()
.zone("us-central1-c")
.namedPorts(InstanceGroupManagerNamedPortArgs.builder()
.name("tcp")
.port(443)
.build())
.versions(InstanceGroupManagerVersionArgs.builder()
.instanceTemplate(defaultInstanceTemplate.id())
.name("primary")
.build())
.baseInstanceName("vm")
.targetSize(2)
.build(), CustomResourceOptions.builder()
.provider(google)
.build());
var defaultBackendService = new BackendService("defaultBackendService", BackendServiceArgs.builder()
.protocol("SSL")
.portName("tcp")
.loadBalancingScheme("EXTERNAL")
.timeoutSec(10)
.healthChecks(defaultHealthCheck.id())
.backends(BackendServiceBackendArgs.builder()
.group(defaultInstanceGroupManager.instanceGroup())
.balancingMode("UTILIZATION")
.maxUtilization(1)
.capacityScaler(1)
.build())
.build());
var defaultTargetSSLProxy = new TargetSSLProxy("defaultTargetSSLProxy", TargetSSLProxyArgs.builder()
.backendService(defaultBackendService.id())
.sslCertificates(defaultSSLCertificate.id())
.build());
var defaultGlobalForwardingRule = new GlobalForwardingRule("defaultGlobalForwardingRule", GlobalForwardingRuleArgs.builder()
.ipProtocol("TCP")
.loadBalancingScheme("EXTERNAL")
.portRange("443")
.target(defaultTargetSSLProxy.id())
.ipAddress(defaultGlobalAddress.id())
.build(), CustomResourceOptions.builder()
.provider(google)
.build());
var defaultFirewall = new Firewall("defaultFirewall", FirewallArgs.builder()
.direction("INGRESS")
.network(defaultNetwork.id())
.sourceRanges(
"130.211.0.0/22",
"35.191.0.0/16")
.allows(FirewallAllowArgs.builder()
.protocol("tcp")
.build())
.targetTags("allow-health-check")
.build(), CustomResourceOptions.builder()
.provider(google)
.build());
}
}
Coming soon!
Coming soon!
resources:
# External SSL proxy load balancer with managed instance group backend
# VPC
defaultNetwork:
type: gcp:compute:Network
properties:
autoCreateSubnetworks: false
options:
provider: ${google}
# backend subnet
defaultSubnetwork:
type: gcp:compute:Subnetwork
properties:
ipCidrRange: 10.0.1.0/24
region: us-central1
network: ${defaultNetwork.id}
options:
provider: ${google}
# reserved IP address
defaultGlobalAddress:
type: gcp:compute:GlobalAddress
# Self-signed regional SSL certificate for testing
defaultPrivateKey:
type: tls:PrivateKey
properties:
algorithm: RSA
rsaBits: 2048
defaultSelfSignedCert:
type: tls:SelfSignedCert
properties:
keyAlgorithm: ${defaultPrivateKey.algorithm}
privateKeyPem: ${defaultPrivateKey.privateKeyPem}
# Certificate expires after 12 hours.
validityPeriodHours: 12
# Generate a new certificate if Terraform is run within three
# # hours of the certificate's expiration time.
earlyRenewalHours: 3
# Reasonable set of uses for a server SSL certificate.
allowedUses:
- key_encipherment
- digital_signature
- server_auth
dnsNames:
- example.com
subject:
commonName: example.com
organization: ACME Examples, Inc
defaultSSLCertificate:
type: gcp:compute:SSLCertificate
properties:
privateKey: ${defaultPrivateKey.privateKeyPem}
certificate: ${defaultSelfSignedCert.certPem}
defaultTargetSSLProxy:
type: gcp:compute:TargetSSLProxy
properties:
backendService: ${defaultBackendService.id}
sslCertificates:
- ${defaultSSLCertificate.id}
# forwarding rule
defaultGlobalForwardingRule:
type: gcp:compute:GlobalForwardingRule
properties:
ipProtocol: TCP
loadBalancingScheme: EXTERNAL
portRange: '443'
target: ${defaultTargetSSLProxy.id}
ipAddress: ${defaultGlobalAddress.id}
options:
provider: ${google}
# backend service
defaultBackendService:
type: gcp:compute:BackendService
properties:
protocol: SSL
portName: tcp
loadBalancingScheme: EXTERNAL
timeoutSec: 10
healthChecks:
- ${defaultHealthCheck.id}
backends:
- group: ${defaultInstanceGroupManager.instanceGroup}
balancingMode: UTILIZATION
maxUtilization: 1
capacityScaler: 1
defaultHealthCheck:
type: gcp:compute:HealthCheck
properties:
timeoutSec: 1
checkIntervalSec: 1
tcpHealthCheck:
port: '443'
# instance template
defaultInstanceTemplate:
type: gcp:compute:InstanceTemplate
properties:
machineType: e2-small
tags:
- allow-health-check
networkInterfaces:
- network: ${defaultNetwork.id}
subnetwork: ${defaultSubnetwork.id}
accessConfigs:
- {}
disks:
- sourceImage: debian-cloud/debian-10
autoDelete: true
boot: true
# install nginx and serve a simple web page
metadata:
startup-script: |
#! /bin/bash
set -euo pipefail
export DEBIAN_FRONTEND=noninteractive
sudo apt-get update
sudo apt-get install -y apache2 jq
sudo a2ensite default-ssl
sudo a2enmod ssl
sudo service apache2 restart
NAME=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/hostname")
IP=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/0/ip")
METADATA=$(curl -f -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/attributes/?recursive=True" | jq 'del(.["startup-script"])')
cat <<EOF > /var/www/html/index.html
<h1>SSL Load Balancer</h1>
<pre>
Name: $NAME
IP: $IP
Metadata: $METADATA
</pre>
EOF
options:
provider: ${google}
# MIG
defaultInstanceGroupManager:
type: gcp:compute:InstanceGroupManager
properties:
zone: us-central1-c
namedPorts:
- name: tcp
port: 443
versions:
- instanceTemplate: ${defaultInstanceTemplate.id}
name: primary
baseInstanceName: vm
targetSize: 2
options:
provider: ${google}
# allow access from health check ranges
defaultFirewall:
type: gcp:compute:Firewall
properties:
direction: INGRESS
network: ${defaultNetwork.id}
sourceRanges:
- 130.211.0.0/22
- 35.191.0.0/16
allows:
- protocol: tcp
targetTags:
- allow-health-check
options:
provider: ${google}
External Tcp Proxy Lb Mig Backend
Coming soon!
Coming soon!
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.compute.Network;
import com.pulumi.gcp.compute.NetworkArgs;
import com.pulumi.gcp.compute.Subnetwork;
import com.pulumi.gcp.compute.SubnetworkArgs;
import com.pulumi.gcp.compute.GlobalAddress;
import com.pulumi.gcp.compute.GlobalAddressArgs;
import com.pulumi.gcp.compute.HealthCheck;
import com.pulumi.gcp.compute.HealthCheckArgs;
import com.pulumi.gcp.compute.inputs.HealthCheckTcpHealthCheckArgs;
import com.pulumi.gcp.compute.InstanceTemplate;
import com.pulumi.gcp.compute.InstanceTemplateArgs;
import com.pulumi.gcp.compute.inputs.InstanceTemplateNetworkInterfaceArgs;
import com.pulumi.gcp.compute.inputs.InstanceTemplateDiskArgs;
import com.pulumi.gcp.compute.InstanceGroupManager;
import com.pulumi.gcp.compute.InstanceGroupManagerArgs;
import com.pulumi.gcp.compute.inputs.InstanceGroupManagerNamedPortArgs;
import com.pulumi.gcp.compute.inputs.InstanceGroupManagerVersionArgs;
import com.pulumi.gcp.compute.BackendService;
import com.pulumi.gcp.compute.BackendServiceArgs;
import com.pulumi.gcp.compute.inputs.BackendServiceBackendArgs;
import com.pulumi.gcp.compute.TargetTCPProxy;
import com.pulumi.gcp.compute.TargetTCPProxyArgs;
import com.pulumi.gcp.compute.GlobalForwardingRule;
import com.pulumi.gcp.compute.GlobalForwardingRuleArgs;
import com.pulumi.gcp.compute.Firewall;
import com.pulumi.gcp.compute.FirewallArgs;
import com.pulumi.gcp.compute.inputs.FirewallAllowArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var defaultNetwork = new Network("defaultNetwork", NetworkArgs.builder()
.autoCreateSubnetworks(false)
.build(), CustomResourceOptions.builder()
.provider(google_beta)
.build());
var defaultSubnetwork = new Subnetwork("defaultSubnetwork", SubnetworkArgs.builder()
.ipCidrRange("10.0.1.0/24")
.region("us-central1")
.network(defaultNetwork.id())
.build(), CustomResourceOptions.builder()
.provider(google_beta)
.build());
var defaultGlobalAddress = new GlobalAddress("defaultGlobalAddress", GlobalAddressArgs.Empty, CustomResourceOptions.builder()
.provider(google_beta)
.build());
var defaultHealthCheck = new HealthCheck("defaultHealthCheck", HealthCheckArgs.builder()
.timeoutSec(1)
.checkIntervalSec(1)
.tcpHealthCheck(HealthCheckTcpHealthCheckArgs.builder()
.port("80")
.build())
.build(), CustomResourceOptions.builder()
.provider(google_beta)
.build());
var defaultInstanceTemplate = new InstanceTemplate("defaultInstanceTemplate", InstanceTemplateArgs.builder()
.machineType("e2-small")
.tags("allow-health-check")
.networkInterfaces(InstanceTemplateNetworkInterfaceArgs.builder()
.network(defaultNetwork.id())
.subnetwork(defaultSubnetwork.id())
.accessConfigs()
.build())
.disks(InstanceTemplateDiskArgs.builder()
.sourceImage("debian-cloud/debian-10")
.autoDelete(true)
.boot(true)
.build())
.metadata(Map.of("startup-script", """
#! /bin/bash
set -euo pipefail
export DEBIAN_FRONTEND=noninteractive
apt-get update
apt-get install -y nginx-light jq
NAME=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/hostname")
IP=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/0/ip")
METADATA=$(curl -f -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/attributes/?recursive=True" | jq 'del(.["startup-script"])')
cat <<EOF > /var/www/html/index.html
<pre>
Name: $NAME
IP: $IP
Metadata: $METADATA
</pre>
EOF
"""))
.build(), CustomResourceOptions.builder()
.provider(google_beta)
.build());
var defaultInstanceGroupManager = new InstanceGroupManager("defaultInstanceGroupManager", InstanceGroupManagerArgs.builder()
.zone("us-central1-c")
.namedPorts(InstanceGroupManagerNamedPortArgs.builder()
.name("tcp")
.port(80)
.build())
.versions(InstanceGroupManagerVersionArgs.builder()
.instanceTemplate(defaultInstanceTemplate.id())
.name("primary")
.build())
.baseInstanceName("vm")
.targetSize(2)
.build(), CustomResourceOptions.builder()
.provider(google_beta)
.build());
var defaultBackendService = new BackendService("defaultBackendService", BackendServiceArgs.builder()
.protocol("TCP")
.portName("tcp")
.loadBalancingScheme("EXTERNAL")
.timeoutSec(10)
.healthChecks(defaultHealthCheck.id())
.backends(BackendServiceBackendArgs.builder()
.group(defaultInstanceGroupManager.instanceGroup())
.balancingMode("UTILIZATION")
.maxUtilization(1)
.capacityScaler(1)
.build())
.build(), CustomResourceOptions.builder()
.provider(google_beta)
.build());
var defaultTargetTCPProxy = new TargetTCPProxy("defaultTargetTCPProxy", TargetTCPProxyArgs.builder()
.backendService(defaultBackendService.id())
.build(), CustomResourceOptions.builder()
.provider(google_beta)
.build());
var defaultGlobalForwardingRule = new GlobalForwardingRule("defaultGlobalForwardingRule", GlobalForwardingRuleArgs.builder()
.ipProtocol("TCP")
.loadBalancingScheme("EXTERNAL")
.portRange("110")
.target(defaultTargetTCPProxy.id())
.ipAddress(defaultGlobalAddress.id())
.build(), CustomResourceOptions.builder()
.provider(google_beta)
.build());
var defaultFirewall = new Firewall("defaultFirewall", FirewallArgs.builder()
.direction("INGRESS")
.network(defaultNetwork.id())
.sourceRanges(
"130.211.0.0/22",
"35.191.0.0/16")
.allows(FirewallAllowArgs.builder()
.protocol("tcp")
.build())
.targetTags("allow-health-check")
.build(), CustomResourceOptions.builder()
.provider(google_beta)
.build());
}
}
Coming soon!
Coming soon!
resources:
# External TCP proxy load balancer with managed instance group backend
# VPC
defaultNetwork:
type: gcp:compute:Network
properties:
autoCreateSubnetworks: false
options:
provider: ${["google-beta"]}
# backend subnet
defaultSubnetwork:
type: gcp:compute:Subnetwork
properties:
ipCidrRange: 10.0.1.0/24
region: us-central1
network: ${defaultNetwork.id}
options:
provider: ${["google-beta"]}
# reserved IP address
defaultGlobalAddress:
type: gcp:compute:GlobalAddress
options:
provider: ${["google-beta"]}
# forwarding rule
defaultGlobalForwardingRule:
type: gcp:compute:GlobalForwardingRule
properties:
ipProtocol: TCP
loadBalancingScheme: EXTERNAL
portRange: '110'
target: ${defaultTargetTCPProxy.id}
ipAddress: ${defaultGlobalAddress.id}
options:
provider: ${["google-beta"]}
defaultTargetTCPProxy:
type: gcp:compute:TargetTCPProxy
properties:
backendService: ${defaultBackendService.id}
options:
provider: ${["google-beta"]}
# backend service
defaultBackendService:
type: gcp:compute:BackendService
properties:
protocol: TCP
portName: tcp
loadBalancingScheme: EXTERNAL
timeoutSec: 10
healthChecks:
- ${defaultHealthCheck.id}
backends:
- group: ${defaultInstanceGroupManager.instanceGroup}
balancingMode: UTILIZATION
maxUtilization: 1
capacityScaler: 1
options:
provider: ${["google-beta"]}
defaultHealthCheck:
type: gcp:compute:HealthCheck
properties:
timeoutSec: 1
checkIntervalSec: 1
tcpHealthCheck:
port: '80'
options:
provider: ${["google-beta"]}
# instance template
defaultInstanceTemplate:
type: gcp:compute:InstanceTemplate
properties:
machineType: e2-small
tags:
- allow-health-check
networkInterfaces:
- network: ${defaultNetwork.id}
subnetwork: ${defaultSubnetwork.id}
accessConfigs:
- {}
disks:
- sourceImage: debian-cloud/debian-10
autoDelete: true
boot: true
# install nginx and serve a simple web page
metadata:
startup-script: |
#! /bin/bash
set -euo pipefail
export DEBIAN_FRONTEND=noninteractive
apt-get update
apt-get install -y nginx-light jq
NAME=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/hostname")
IP=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/0/ip")
METADATA=$(curl -f -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/attributes/?recursive=True" | jq 'del(.["startup-script"])')
cat <<EOF > /var/www/html/index.html
<pre>
Name: $NAME
IP: $IP
Metadata: $METADATA
</pre>
EOF
options:
provider: ${["google-beta"]}
# MIG
defaultInstanceGroupManager:
type: gcp:compute:InstanceGroupManager
properties:
zone: us-central1-c
namedPorts:
- name: tcp
port: 80
versions:
- instanceTemplate: ${defaultInstanceTemplate.id}
name: primary
baseInstanceName: vm
targetSize: 2
options:
provider: ${["google-beta"]}
# allow access from health check ranges
defaultFirewall:
type: gcp:compute:Firewall
properties:
direction: INGRESS
network: ${defaultNetwork.id}
sourceRanges:
- 130.211.0.0/22
- 35.191.0.0/16
allows:
- protocol: tcp
targetTags:
- allow-health-check
options:
provider: ${["google-beta"]}
External Http Lb Mig Backend Custom Header
Coming soon!
Coming soon!
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.compute.Network;
import com.pulumi.gcp.compute.NetworkArgs;
import com.pulumi.gcp.compute.Subnetwork;
import com.pulumi.gcp.compute.SubnetworkArgs;
import com.pulumi.gcp.compute.GlobalAddress;
import com.pulumi.gcp.compute.GlobalAddressArgs;
import com.pulumi.gcp.compute.HealthCheck;
import com.pulumi.gcp.compute.HealthCheckArgs;
import com.pulumi.gcp.compute.inputs.HealthCheckHttpHealthCheckArgs;
import com.pulumi.gcp.compute.InstanceTemplate;
import com.pulumi.gcp.compute.InstanceTemplateArgs;
import com.pulumi.gcp.compute.inputs.InstanceTemplateNetworkInterfaceArgs;
import com.pulumi.gcp.compute.inputs.InstanceTemplateDiskArgs;
import com.pulumi.gcp.compute.InstanceGroupManager;
import com.pulumi.gcp.compute.InstanceGroupManagerArgs;
import com.pulumi.gcp.compute.inputs.InstanceGroupManagerNamedPortArgs;
import com.pulumi.gcp.compute.inputs.InstanceGroupManagerVersionArgs;
import com.pulumi.gcp.compute.BackendService;
import com.pulumi.gcp.compute.BackendServiceArgs;
import com.pulumi.gcp.compute.inputs.BackendServiceBackendArgs;
import com.pulumi.gcp.compute.URLMap;
import com.pulumi.gcp.compute.URLMapArgs;
import com.pulumi.gcp.compute.TargetHttpProxy;
import com.pulumi.gcp.compute.TargetHttpProxyArgs;
import com.pulumi.gcp.compute.GlobalForwardingRule;
import com.pulumi.gcp.compute.GlobalForwardingRuleArgs;
import com.pulumi.gcp.compute.Firewall;
import com.pulumi.gcp.compute.FirewallArgs;
import com.pulumi.gcp.compute.inputs.FirewallAllowArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var defaultNetwork = new Network("defaultNetwork", NetworkArgs.builder()
.autoCreateSubnetworks(false)
.build(), CustomResourceOptions.builder()
.provider(google_beta)
.build());
var defaultSubnetwork = new Subnetwork("defaultSubnetwork", SubnetworkArgs.builder()
.ipCidrRange("10.0.1.0/24")
.region("us-central1")
.network(defaultNetwork.id())
.build(), CustomResourceOptions.builder()
.provider(google_beta)
.build());
var defaultGlobalAddress = new GlobalAddress("defaultGlobalAddress", GlobalAddressArgs.Empty, CustomResourceOptions.builder()
.provider(google_beta)
.build());
var defaultHealthCheck = new HealthCheck("defaultHealthCheck", HealthCheckArgs.builder()
.httpHealthCheck(HealthCheckHttpHealthCheckArgs.builder()
.portSpecification("USE_SERVING_PORT")
.build())
.build(), CustomResourceOptions.builder()
.provider(google_beta)
.build());
var defaultInstanceTemplate = new InstanceTemplate("defaultInstanceTemplate", InstanceTemplateArgs.builder()
.machineType("e2-small")
.tags("allow-health-check")
.networkInterfaces(InstanceTemplateNetworkInterfaceArgs.builder()
.network(defaultNetwork.id())
.subnetwork(defaultSubnetwork.id())
.accessConfigs()
.build())
.disks(InstanceTemplateDiskArgs.builder()
.sourceImage("debian-cloud/debian-10")
.autoDelete(true)
.boot(true)
.build())
.metadata(Map.of("startup-script", """
#! /bin/bash
set -euo pipefail
export DEBIAN_FRONTEND=noninteractive
apt-get update
apt-get install -y nginx-light jq
NAME=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/hostname")
IP=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/0/ip")
METADATA=$(curl -f -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/attributes/?recursive=True" | jq 'del(.["startup-script"])')
cat <<EOF > /var/www/html/index.html
<pre>
Name: $NAME
IP: $IP
Metadata: $METADATA
</pre>
EOF
"""))
.build(), CustomResourceOptions.builder()
.provider(google_beta)
.build());
var defaultInstanceGroupManager = new InstanceGroupManager("defaultInstanceGroupManager", InstanceGroupManagerArgs.builder()
.zone("us-central1-c")
.namedPorts(InstanceGroupManagerNamedPortArgs.builder()
.name("http")
.port(8080)
.build())
.versions(InstanceGroupManagerVersionArgs.builder()
.instanceTemplate(defaultInstanceTemplate.id())
.name("primary")
.build())
.baseInstanceName("vm")
.targetSize(2)
.build(), CustomResourceOptions.builder()
.provider(google_beta)
.build());
var defaultBackendService = new BackendService("defaultBackendService", BackendServiceArgs.builder()
.protocol("HTTP")
.portName("my-port")
.loadBalancingScheme("EXTERNAL")
.timeoutSec(10)
.enableCdn(true)
.customRequestHeaders("X-Client-Geo-Location: {client_region_subdivision}, {client_city}")
.customResponseHeaders("X-Cache-Hit: {cdn_cache_status}")
.healthChecks(defaultHealthCheck.id())
.backends(BackendServiceBackendArgs.builder()
.group(defaultInstanceGroupManager.instanceGroup())
.balancingMode("UTILIZATION")
.capacityScaler(1)
.build())
.build(), CustomResourceOptions.builder()
.provider(google_beta)
.build());
var defaultURLMap = new URLMap("defaultURLMap", URLMapArgs.builder()
.defaultService(defaultBackendService.id())
.build(), CustomResourceOptions.builder()
.provider(google_beta)
.build());
var defaultTargetHttpProxy = new TargetHttpProxy("defaultTargetHttpProxy", TargetHttpProxyArgs.builder()
.urlMap(defaultURLMap.id())
.build(), CustomResourceOptions.builder()
.provider(google_beta)
.build());
var defaultGlobalForwardingRule = new GlobalForwardingRule("defaultGlobalForwardingRule", GlobalForwardingRuleArgs.builder()
.ipProtocol("TCP")
.loadBalancingScheme("EXTERNAL")
.portRange("80")
.target(defaultTargetHttpProxy.id())
.ipAddress(defaultGlobalAddress.id())
.build(), CustomResourceOptions.builder()
.provider(google_beta)
.build());
var defaultFirewall = new Firewall("defaultFirewall", FirewallArgs.builder()
.direction("INGRESS")
.network(defaultNetwork.id())
.sourceRanges(
"130.211.0.0/22",
"35.191.0.0/16")
.allows(FirewallAllowArgs.builder()
.protocol("tcp")
.build())
.targetTags("allow-health-check")
.build(), CustomResourceOptions.builder()
.provider(google_beta)
.build());
}
}
Coming soon!
Coming soon!
resources:
# External HTTP load balancer with a CDN-enabled managed instance group backend
# and custom request and response headers
# VPC
defaultNetwork:
type: gcp:compute:Network
properties:
autoCreateSubnetworks: false
options:
provider: ${["google-beta"]}
# backend subnet
defaultSubnetwork:
type: gcp:compute:Subnetwork
properties:
ipCidrRange: 10.0.1.0/24
region: us-central1
network: ${defaultNetwork.id}
options:
provider: ${["google-beta"]}
# reserved IP address
defaultGlobalAddress:
type: gcp:compute:GlobalAddress
options:
provider: ${["google-beta"]}
# forwarding rule
defaultGlobalForwardingRule:
type: gcp:compute:GlobalForwardingRule
properties:
ipProtocol: TCP
loadBalancingScheme: EXTERNAL
portRange: '80'
target: ${defaultTargetHttpProxy.id}
ipAddress: ${defaultGlobalAddress.id}
options:
provider: ${["google-beta"]}
# http proxy
defaultTargetHttpProxy:
type: gcp:compute:TargetHttpProxy
properties:
urlMap: ${defaultURLMap.id}
options:
provider: ${["google-beta"]}
# url map
defaultURLMap:
type: gcp:compute:URLMap
properties:
defaultService: ${defaultBackendService.id}
options:
provider: ${["google-beta"]}
# backend service with custom request and response headers
defaultBackendService:
type: gcp:compute:BackendService
properties:
protocol: HTTP
portName: my-port
loadBalancingScheme: EXTERNAL
timeoutSec: 10
enableCdn: true
customRequestHeaders:
- 'X-Client-Geo-Location: {client_region_subdivision}, {client_city}'
customResponseHeaders:
- 'X-Cache-Hit: {cdn_cache_status}'
healthChecks:
- ${defaultHealthCheck.id}
backends:
- group: ${defaultInstanceGroupManager.instanceGroup}
balancingMode: UTILIZATION
capacityScaler: 1
options:
provider: ${["google-beta"]}
# instance template
defaultInstanceTemplate:
type: gcp:compute:InstanceTemplate
properties:
machineType: e2-small
tags:
- allow-health-check
networkInterfaces:
- network: ${defaultNetwork.id}
subnetwork: ${defaultSubnetwork.id}
accessConfigs:
- {}
disks:
- sourceImage: debian-cloud/debian-10
autoDelete: true
boot: true
# install nginx and serve a simple web page
metadata:
startup-script: |
#! /bin/bash
set -euo pipefail
export DEBIAN_FRONTEND=noninteractive
apt-get update
apt-get install -y nginx-light jq
NAME=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/hostname")
IP=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/0/ip")
METADATA=$(curl -f -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/attributes/?recursive=True" | jq 'del(.["startup-script"])')
cat <<EOF > /var/www/html/index.html
<pre>
Name: $NAME
IP: $IP
Metadata: $METADATA
</pre>
EOF
options:
provider: ${["google-beta"]}
# health check
defaultHealthCheck:
type: gcp:compute:HealthCheck
properties:
httpHealthCheck:
portSpecification: USE_SERVING_PORT
options:
provider: ${["google-beta"]}
# MIG
defaultInstanceGroupManager:
type: gcp:compute:InstanceGroupManager
properties:
zone: us-central1-c
namedPorts:
- name: http
port: 8080
versions:
- instanceTemplate: ${defaultInstanceTemplate.id}
name: primary
baseInstanceName: vm
targetSize: 2
options:
provider: ${["google-beta"]}
# allow access from health check ranges
defaultFirewall:
type: gcp:compute:Firewall
properties:
direction: INGRESS
network: ${defaultNetwork.id}
sourceRanges:
- 130.211.0.0/22
- 35.191.0.0/16
allows:
- protocol: tcp
targetTags:
- allow-health-check
options:
provider: ${["google-beta"]}
Global Forwarding Rule Http
Coming soon!
Coming soon!
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.compute.HttpHealthCheck;
import com.pulumi.gcp.compute.HttpHealthCheckArgs;
import com.pulumi.gcp.compute.BackendService;
import com.pulumi.gcp.compute.BackendServiceArgs;
import com.pulumi.gcp.compute.URLMap;
import com.pulumi.gcp.compute.URLMapArgs;
import com.pulumi.gcp.compute.inputs.URLMapHostRuleArgs;
import com.pulumi.gcp.compute.inputs.URLMapPathMatcherArgs;
import com.pulumi.gcp.compute.TargetHttpProxy;
import com.pulumi.gcp.compute.TargetHttpProxyArgs;
import com.pulumi.gcp.compute.GlobalForwardingRule;
import com.pulumi.gcp.compute.GlobalForwardingRuleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var defaultHttpHealthCheck = new HttpHealthCheck("defaultHttpHealthCheck", HttpHealthCheckArgs.builder()
.requestPath("/")
.checkIntervalSec(1)
.timeoutSec(1)
.build());
var defaultBackendService = new BackendService("defaultBackendService", BackendServiceArgs.builder()
.portName("http")
.protocol("HTTP")
.timeoutSec(10)
.healthChecks(defaultHttpHealthCheck.id())
.build());
var defaultURLMap = new URLMap("defaultURLMap", URLMapArgs.builder()
.description("a description")
.defaultService(defaultBackendService.id())
.hostRules(URLMapHostRuleArgs.builder()
.hosts("mysite.com")
.pathMatcher("allpaths")
.build())
.pathMatchers(URLMapPathMatcherArgs.builder()
.name("allpaths")
.defaultService(defaultBackendService.id())
.pathRules(URLMapPathMatcherPathRuleArgs.builder()
.paths("/*")
.service(defaultBackendService.id())
.build())
.build())
.build());
var defaultTargetHttpProxy = new TargetHttpProxy("defaultTargetHttpProxy", TargetHttpProxyArgs.builder()
.description("a description")
.urlMap(defaultURLMap.id())
.build());
var defaultGlobalForwardingRule = new GlobalForwardingRule("defaultGlobalForwardingRule", GlobalForwardingRuleArgs.builder()
.target(defaultTargetHttpProxy.id())
.portRange("80")
.build());
}
}
Coming soon!
Coming soon!
resources:
defaultGlobalForwardingRule:
type: gcp:compute:GlobalForwardingRule
properties:
target: ${defaultTargetHttpProxy.id}
portRange: '80'
defaultTargetHttpProxy:
type: gcp:compute:TargetHttpProxy
properties:
description: a description
urlMap: ${defaultURLMap.id}
defaultURLMap:
type: gcp:compute:URLMap
properties:
description: a description
defaultService: ${defaultBackendService.id}
hostRules:
- hosts:
- mysite.com
pathMatcher: allpaths
pathMatchers:
- name: allpaths
defaultService: ${defaultBackendService.id}
pathRules:
- paths:
- /*
service: ${defaultBackendService.id}
defaultBackendService:
type: gcp:compute:BackendService
properties:
portName: http
protocol: HTTP
timeoutSec: 10
healthChecks:
- ${defaultHttpHealthCheck.id}
defaultHttpHealthCheck:
type: gcp:compute:HttpHealthCheck
properties:
requestPath: /
checkIntervalSec: 1
timeoutSec: 1
Global Forwarding Rule Internal
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var defaultBackendService = new Gcp.Compute.BackendService("defaultBackendService", new()
{
PortName = "http",
Protocol = "HTTP",
TimeoutSec = 10,
LoadBalancingScheme = "EXTERNAL_MANAGED",
});
var defaultURLMap = new Gcp.Compute.URLMap("defaultURLMap", new()
{
Description = "a description",
DefaultService = defaultBackendService.Id,
HostRules = new[]
{
new Gcp.Compute.Inputs.URLMapHostRuleArgs
{
Hosts = new[]
{
"mysite.com",
},
PathMatcher = "allpaths",
},
},
PathMatchers = new[]
{
new Gcp.Compute.Inputs.URLMapPathMatcherArgs
{
Name = "allpaths",
DefaultService = defaultBackendService.Id,
PathRules = new[]
{
new Gcp.Compute.Inputs.URLMapPathMatcherPathRuleArgs
{
Paths = new[]
{
"/*",
},
Service = defaultBackendService.Id,
},
},
},
},
});
var defaultTargetHttpProxy = new Gcp.Compute.TargetHttpProxy("defaultTargetHttpProxy", new()
{
Description = "a description",
UrlMap = defaultURLMap.Id,
});
var defaultGlobalForwardingRule = new Gcp.Compute.GlobalForwardingRule("defaultGlobalForwardingRule", new()
{
Target = defaultTargetHttpProxy.Id,
PortRange = "80",
LoadBalancingScheme = "EXTERNAL_MANAGED",
});
});
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
defaultBackendService, err := compute.NewBackendService(ctx, "defaultBackendService", &compute.BackendServiceArgs{
PortName: pulumi.String("http"),
Protocol: pulumi.String("HTTP"),
TimeoutSec: pulumi.Int(10),
LoadBalancingScheme: pulumi.String("EXTERNAL_MANAGED"),
})
if err != nil {
return err
}
defaultURLMap, err := compute.NewURLMap(ctx, "defaultURLMap", &compute.URLMapArgs{
Description: pulumi.String("a description"),
DefaultService: defaultBackendService.ID(),
HostRules: compute.URLMapHostRuleArray{
&compute.URLMapHostRuleArgs{
Hosts: pulumi.StringArray{
pulumi.String("mysite.com"),
},
PathMatcher: pulumi.String("allpaths"),
},
},
PathMatchers: compute.URLMapPathMatcherArray{
&compute.URLMapPathMatcherArgs{
Name: pulumi.String("allpaths"),
DefaultService: defaultBackendService.ID(),
PathRules: compute.URLMapPathMatcherPathRuleArray{
&compute.URLMapPathMatcherPathRuleArgs{
Paths: pulumi.StringArray{
pulumi.String("/*"),
},
Service: defaultBackendService.ID(),
},
},
},
},
})
if err != nil {
return err
}
defaultTargetHttpProxy, err := compute.NewTargetHttpProxy(ctx, "defaultTargetHttpProxy", &compute.TargetHttpProxyArgs{
Description: pulumi.String("a description"),
UrlMap: defaultURLMap.ID(),
})
if err != nil {
return err
}
_, err = compute.NewGlobalForwardingRule(ctx, "defaultGlobalForwardingRule", &compute.GlobalForwardingRuleArgs{
Target: defaultTargetHttpProxy.ID(),
PortRange: pulumi.String("80"),
LoadBalancingScheme: pulumi.String("EXTERNAL_MANAGED"),
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.compute.ComputeFunctions;
import com.pulumi.gcp.compute.inputs.GetImageArgs;
import com.pulumi.gcp.compute.InstanceTemplate;
import com.pulumi.gcp.compute.InstanceTemplateArgs;
import com.pulumi.gcp.compute.inputs.InstanceTemplateNetworkInterfaceArgs;
import com.pulumi.gcp.compute.inputs.InstanceTemplateDiskArgs;
import com.pulumi.gcp.compute.InstanceGroupManager;
import com.pulumi.gcp.compute.InstanceGroupManagerArgs;
import com.pulumi.gcp.compute.inputs.InstanceGroupManagerVersionArgs;
import com.pulumi.gcp.compute.HealthCheck;
import com.pulumi.gcp.compute.HealthCheckArgs;
import com.pulumi.gcp.compute.inputs.HealthCheckTcpHealthCheckArgs;
import com.pulumi.gcp.compute.BackendService;
import com.pulumi.gcp.compute.BackendServiceArgs;
import com.pulumi.gcp.compute.inputs.BackendServiceBackendArgs;
import com.pulumi.gcp.compute.URLMap;
import com.pulumi.gcp.compute.URLMapArgs;
import com.pulumi.gcp.compute.inputs.URLMapHostRuleArgs;
import com.pulumi.gcp.compute.inputs.URLMapPathMatcherArgs;
import com.pulumi.gcp.compute.TargetHttpProxy;
import com.pulumi.gcp.compute.TargetHttpProxyArgs;
import com.pulumi.gcp.compute.GlobalForwardingRule;
import com.pulumi.gcp.compute.GlobalForwardingRuleArgs;
import com.pulumi.gcp.compute.inputs.GlobalForwardingRuleMetadataFilterArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var debianImage = ComputeFunctions.getImage(GetImageArgs.builder()
.family("debian-11")
.project("debian-cloud")
.build());
var instanceTemplate = new InstanceTemplate("instanceTemplate", InstanceTemplateArgs.builder()
.machineType("e2-medium")
.networkInterfaces(InstanceTemplateNetworkInterfaceArgs.builder()
.network("default")
.build())
.disks(InstanceTemplateDiskArgs.builder()
.sourceImage(debianImage.applyValue(getImageResult -> getImageResult.selfLink()))
.autoDelete(true)
.boot(true)
.build())
.build(), CustomResourceOptions.builder()
.provider(google_beta)
.build());
var igm = new InstanceGroupManager("igm", InstanceGroupManagerArgs.builder()
.versions(InstanceGroupManagerVersionArgs.builder()
.instanceTemplate(instanceTemplate.id())
.name("primary")
.build())
.baseInstanceName("internal-glb")
.zone("us-central1-f")
.targetSize(1)
.build(), CustomResourceOptions.builder()
.provider(google_beta)
.build());
var defaultHealthCheck = new HealthCheck("defaultHealthCheck", HealthCheckArgs.builder()
.checkIntervalSec(1)
.timeoutSec(1)
.tcpHealthCheck(HealthCheckTcpHealthCheckArgs.builder()
.port("80")
.build())
.build(), CustomResourceOptions.builder()
.provider(google_beta)
.build());
var defaultBackendService = new BackendService("defaultBackendService", BackendServiceArgs.builder()
.portName("http")
.protocol("HTTP")
.timeoutSec(10)
.loadBalancingScheme("INTERNAL_SELF_MANAGED")
.backends(BackendServiceBackendArgs.builder()
.group(igm.instanceGroup())
.balancingMode("RATE")
.capacityScaler(0.4)
.maxRatePerInstance(50)
.build())
.healthChecks(defaultHealthCheck.id())
.build(), CustomResourceOptions.builder()
.provider(google_beta)
.build());
var defaultURLMap = new URLMap("defaultURLMap", URLMapArgs.builder()
.description("a description")
.defaultService(defaultBackendService.id())
.hostRules(URLMapHostRuleArgs.builder()
.hosts("mysite.com")
.pathMatcher("allpaths")
.build())
.pathMatchers(URLMapPathMatcherArgs.builder()
.name("allpaths")
.defaultService(defaultBackendService.id())
.pathRules(URLMapPathMatcherPathRuleArgs.builder()
.paths("/*")
.service(defaultBackendService.id())
.build())
.build())
.build(), CustomResourceOptions.builder()
.provider(google_beta)
.build());
var defaultTargetHttpProxy = new TargetHttpProxy("defaultTargetHttpProxy", TargetHttpProxyArgs.builder()
.description("a description")
.urlMap(defaultURLMap.id())
.build(), CustomResourceOptions.builder()
.provider(google_beta)
.build());
var defaultGlobalForwardingRule = new GlobalForwardingRule("defaultGlobalForwardingRule", GlobalForwardingRuleArgs.builder()
.target(defaultTargetHttpProxy.id())
.portRange("80")
.loadBalancingScheme("INTERNAL_SELF_MANAGED")
.ipAddress("0.0.0.0")
.metadataFilters(GlobalForwardingRuleMetadataFilterArgs.builder()
.filterMatchCriteria("MATCH_ANY")
.filterLabels(GlobalForwardingRuleMetadataFilterFilterLabelArgs.builder()
.name("PLANET")
.value("MARS")
.build())
.build())
.build(), CustomResourceOptions.builder()
.provider(google_beta)
.build());
}
}
import pulumi
import pulumi_gcp as gcp
default_backend_service = gcp.compute.BackendService("defaultBackendService",
port_name="http",
protocol="HTTP",
timeout_sec=10,
load_balancing_scheme="EXTERNAL_MANAGED")
default_url_map = gcp.compute.URLMap("defaultURLMap",
description="a description",
default_service=default_backend_service.id,
host_rules=[gcp.compute.URLMapHostRuleArgs(
hosts=["mysite.com"],
path_matcher="allpaths",
)],
path_matchers=[gcp.compute.URLMapPathMatcherArgs(
name="allpaths",
default_service=default_backend_service.id,
path_rules=[gcp.compute.URLMapPathMatcherPathRuleArgs(
paths=["/*"],
service=default_backend_service.id,
)],
)])
default_target_http_proxy = gcp.compute.TargetHttpProxy("defaultTargetHttpProxy",
description="a description",
url_map=default_url_map.id)
default_global_forwarding_rule = gcp.compute.GlobalForwardingRule("defaultGlobalForwardingRule",
target=default_target_http_proxy.id,
port_range="80",
load_balancing_scheme="EXTERNAL_MANAGED")
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const defaultBackendService = new gcp.compute.BackendService("defaultBackendService", {
portName: "http",
protocol: "HTTP",
timeoutSec: 10,
loadBalancingScheme: "EXTERNAL_MANAGED",
});
const defaultURLMap = new gcp.compute.URLMap("defaultURLMap", {
description: "a description",
defaultService: defaultBackendService.id,
hostRules: [{
hosts: ["mysite.com"],
pathMatcher: "allpaths",
}],
pathMatchers: [{
name: "allpaths",
defaultService: defaultBackendService.id,
pathRules: [{
paths: ["/*"],
service: defaultBackendService.id,
}],
}],
});
const defaultTargetHttpProxy = new gcp.compute.TargetHttpProxy("defaultTargetHttpProxy", {
description: "a description",
urlMap: defaultURLMap.id,
});
const defaultGlobalForwardingRule = new gcp.compute.GlobalForwardingRule("defaultGlobalForwardingRule", {
target: defaultTargetHttpProxy.id,
portRange: "80",
loadBalancingScheme: "EXTERNAL_MANAGED",
});
resources:
defaultGlobalForwardingRule:
type: gcp:compute:GlobalForwardingRule
properties:
target: ${defaultTargetHttpProxy.id}
portRange: '80'
loadBalancingScheme: INTERNAL_SELF_MANAGED
ipAddress: 0.0.0.0
metadataFilters:
- filterMatchCriteria: MATCH_ANY
filterLabels:
- name: PLANET
value: MARS
options:
provider: ${["google-beta"]}
defaultTargetHttpProxy:
type: gcp:compute:TargetHttpProxy
properties:
description: a description
urlMap: ${defaultURLMap.id}
options:
provider: ${["google-beta"]}
defaultURLMap:
type: gcp:compute:URLMap
properties:
description: a description
defaultService: ${defaultBackendService.id}
hostRules:
- hosts:
- mysite.com
pathMatcher: allpaths
pathMatchers:
- name: allpaths
defaultService: ${defaultBackendService.id}
pathRules:
- paths:
- /*
service: ${defaultBackendService.id}
options:
provider: ${["google-beta"]}
defaultBackendService:
type: gcp:compute:BackendService
properties:
portName: http
protocol: HTTP
timeoutSec: 10
loadBalancingScheme: INTERNAL_SELF_MANAGED
backends:
- group: ${igm.instanceGroup}
balancingMode: RATE
capacityScaler: 0.4
maxRatePerInstance: 50
healthChecks:
- ${defaultHealthCheck.id}
options:
provider: ${["google-beta"]}
igm:
type: gcp:compute:InstanceGroupManager
properties:
versions:
- instanceTemplate: ${instanceTemplate.id}
name: primary
baseInstanceName: internal-glb
zone: us-central1-f
targetSize: 1
options:
provider: ${["google-beta"]}
instanceTemplate:
type: gcp:compute:InstanceTemplate
properties:
machineType: e2-medium
networkInterfaces:
- network: default
disks:
- sourceImage: ${debianImage.selfLink}
autoDelete: true
boot: true
options:
provider: ${["google-beta"]}
defaultHealthCheck:
type: gcp:compute:HealthCheck
properties:
checkIntervalSec: 1
timeoutSec: 1
tcpHealthCheck:
port: '80'
options:
provider: ${["google-beta"]}
variables:
debianImage:
fn::invoke:
Function: gcp:compute:getImage
Arguments:
family: debian-11
project: debian-cloud
Global Forwarding Rule External Managed
Coming soon!
Coming soon!
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.compute.BackendService;
import com.pulumi.gcp.compute.BackendServiceArgs;
import com.pulumi.gcp.compute.URLMap;
import com.pulumi.gcp.compute.URLMapArgs;
import com.pulumi.gcp.compute.inputs.URLMapHostRuleArgs;
import com.pulumi.gcp.compute.inputs.URLMapPathMatcherArgs;
import com.pulumi.gcp.compute.TargetHttpProxy;
import com.pulumi.gcp.compute.TargetHttpProxyArgs;
import com.pulumi.gcp.compute.GlobalForwardingRule;
import com.pulumi.gcp.compute.GlobalForwardingRuleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var defaultBackendService = new BackendService("defaultBackendService", BackendServiceArgs.builder()
.portName("http")
.protocol("HTTP")
.timeoutSec(10)
.loadBalancingScheme("EXTERNAL_MANAGED")
.build());
var defaultURLMap = new URLMap("defaultURLMap", URLMapArgs.builder()
.description("a description")
.defaultService(defaultBackendService.id())
.hostRules(URLMapHostRuleArgs.builder()
.hosts("mysite.com")
.pathMatcher("allpaths")
.build())
.pathMatchers(URLMapPathMatcherArgs.builder()
.name("allpaths")
.defaultService(defaultBackendService.id())
.pathRules(URLMapPathMatcherPathRuleArgs.builder()
.paths("/*")
.service(defaultBackendService.id())
.build())
.build())
.build());
var defaultTargetHttpProxy = new TargetHttpProxy("defaultTargetHttpProxy", TargetHttpProxyArgs.builder()
.description("a description")
.urlMap(defaultURLMap.id())
.build());
var defaultGlobalForwardingRule = new GlobalForwardingRule("defaultGlobalForwardingRule", GlobalForwardingRuleArgs.builder()
.target(defaultTargetHttpProxy.id())
.portRange("80")
.loadBalancingScheme("EXTERNAL_MANAGED")
.build());
}
}
Coming soon!
Coming soon!
resources:
defaultGlobalForwardingRule:
type: gcp:compute:GlobalForwardingRule
properties:
target: ${defaultTargetHttpProxy.id}
portRange: '80'
loadBalancingScheme: EXTERNAL_MANAGED
defaultTargetHttpProxy:
type: gcp:compute:TargetHttpProxy
properties:
description: a description
urlMap: ${defaultURLMap.id}
defaultURLMap:
type: gcp:compute:URLMap
properties:
description: a description
defaultService: ${defaultBackendService.id}
hostRules:
- hosts:
- mysite.com
pathMatcher: allpaths
pathMatchers:
- name: allpaths
defaultService: ${defaultBackendService.id}
pathRules:
- paths:
- /*
service: ${defaultBackendService.id}
defaultBackendService:
type: gcp:compute:BackendService
properties:
portName: http
protocol: HTTP
timeoutSec: 10
loadBalancingScheme: EXTERNAL_MANAGED
Global Forwarding Rule Hybrid
Coming soon!
Coming soon!
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.compute.Network;
import com.pulumi.gcp.compute.NetworkArgs;
import com.pulumi.gcp.compute.Subnetwork;
import com.pulumi.gcp.compute.SubnetworkArgs;
import com.pulumi.gcp.compute.NetworkEndpointGroup;
import com.pulumi.gcp.compute.NetworkEndpointGroupArgs;
import com.pulumi.gcp.compute.NetworkEndpoint;
import com.pulumi.gcp.compute.NetworkEndpointArgs;
import com.pulumi.gcp.compute.HealthCheck;
import com.pulumi.gcp.compute.HealthCheckArgs;
import com.pulumi.gcp.compute.inputs.HealthCheckTcpHealthCheckArgs;
import com.pulumi.gcp.compute.BackendService;
import com.pulumi.gcp.compute.BackendServiceArgs;
import com.pulumi.gcp.compute.inputs.BackendServiceBackendArgs;
import com.pulumi.gcp.compute.URLMap;
import com.pulumi.gcp.compute.URLMapArgs;
import com.pulumi.gcp.compute.inputs.URLMapHostRuleArgs;
import com.pulumi.gcp.compute.inputs.URLMapPathMatcherArgs;
import com.pulumi.gcp.compute.TargetHttpProxy;
import com.pulumi.gcp.compute.TargetHttpProxyArgs;
import com.pulumi.gcp.compute.GlobalForwardingRule;
import com.pulumi.gcp.compute.GlobalForwardingRuleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var config = ctx.config();
final var subnetworkCidr = config.get("subnetworkCidr").orElse("10.0.0.0/24");
var defaultNetwork = new Network("defaultNetwork");
var internalNetwork = new Network("internalNetwork", NetworkArgs.builder()
.autoCreateSubnetworks(false)
.build());
var internalSubnetwork = new Subnetwork("internalSubnetwork", SubnetworkArgs.builder()
.network(internalNetwork.id())
.ipCidrRange(subnetworkCidr)
.region("us-central1")
.privateIpGoogleAccess(true)
.build());
var defaultNetworkEndpointGroup = new NetworkEndpointGroup("defaultNetworkEndpointGroup", NetworkEndpointGroupArgs.builder()
.network(defaultNetwork.id())
.defaultPort("90")
.zone("us-central1-a")
.networkEndpointType("GCE_VM_IP_PORT")
.build());
var internalNetworkEndpointGroup = new NetworkEndpointGroup("internalNetworkEndpointGroup", NetworkEndpointGroupArgs.builder()
.network(internalNetwork.id())
.subnetwork(internalSubnetwork.id())
.zone("us-central1-a")
.networkEndpointType("GCE_VM_IP")
.build());
var hybridNetworkEndpointGroup = new NetworkEndpointGroup("hybridNetworkEndpointGroup", NetworkEndpointGroupArgs.builder()
.network(defaultNetwork.id())
.defaultPort("90")
.zone("us-central1-a")
.networkEndpointType("NON_GCP_PRIVATE_IP_PORT")
.build());
var hybrid_endpoint = new NetworkEndpoint("hybrid-endpoint", NetworkEndpointArgs.builder()
.networkEndpointGroup(hybridNetworkEndpointGroup.name())
.port(hybridNetworkEndpointGroup.defaultPort())
.ipAddress("127.0.0.1")
.build());
var defaultHealthCheck = new HealthCheck("defaultHealthCheck", HealthCheckArgs.builder()
.timeoutSec(1)
.checkIntervalSec(1)
.tcpHealthCheck(HealthCheckTcpHealthCheckArgs.builder()
.port("80")
.build())
.build());
var defaultBackendService = new BackendService("defaultBackendService", BackendServiceArgs.builder()
.portName("http")
.protocol("HTTP")
.timeoutSec(10)
.backends(BackendServiceBackendArgs.builder()
.group(defaultNetworkEndpointGroup.id())
.balancingMode("RATE")
.maxRatePerEndpoint(10)
.build())
.healthChecks(defaultHealthCheck.id())
.build());
var hybridBackendService = new BackendService("hybridBackendService", BackendServiceArgs.builder()
.portName("http")
.protocol("HTTP")
.timeoutSec(10)
.backends(BackendServiceBackendArgs.builder()
.group(hybridNetworkEndpointGroup.id())
.balancingMode("RATE")
.maxRatePerEndpoint(10)
.build())
.healthChecks(defaultHealthCheck.id())
.build());
var defaultURLMap = new URLMap("defaultURLMap", URLMapArgs.builder()
.description("a description")
.defaultService(defaultBackendService.id())
.hostRules(URLMapHostRuleArgs.builder()
.hosts("mysite.com")
.pathMatcher("allpaths")
.build())
.pathMatchers(URLMapPathMatcherArgs.builder()
.name("allpaths")
.defaultService(defaultBackendService.id())
.pathRules(
URLMapPathMatcherPathRuleArgs.builder()
.paths("/*")
.service(defaultBackendService.id())
.build(),
URLMapPathMatcherPathRuleArgs.builder()
.paths("/hybrid")
.service(hybridBackendService.id())
.build())
.build())
.build());
var defaultTargetHttpProxy = new TargetHttpProxy("defaultTargetHttpProxy", TargetHttpProxyArgs.builder()
.description("a description")
.urlMap(defaultURLMap.id())
.build());
var defaultGlobalForwardingRule = new GlobalForwardingRule("defaultGlobalForwardingRule", GlobalForwardingRuleArgs.builder()
.target(defaultTargetHttpProxy.id())
.portRange("80")
.build());
}
}
Coming soon!
Coming soon!
configuration:
# Roughly mirrors https://cloud.google.com/load-balancing/docs/https/setting-up-ext-https-hybrid
subnetworkCidr:
type: string
default: 10.0.0.0/24
resources:
defaultNetwork:
type: gcp:compute:Network
internalNetwork:
type: gcp:compute:Network
properties:
autoCreateSubnetworks: false
internalSubnetwork:
type: gcp:compute:Subnetwork
properties:
network: ${internalNetwork.id}
ipCidrRange: ${subnetworkCidr}
region: us-central1
privateIpGoogleAccess: true
# Zonal NEG with GCE_VM_IP_PORT
defaultNetworkEndpointGroup:
type: gcp:compute:NetworkEndpointGroup
properties:
network: ${defaultNetwork.id}
defaultPort: '90'
zone: us-central1-a
networkEndpointType: GCE_VM_IP_PORT
# Zonal NEG with GCE_VM_IP
internalNetworkEndpointGroup:
type: gcp:compute:NetworkEndpointGroup
properties:
network: ${internalNetwork.id}
subnetwork: ${internalSubnetwork.id}
zone: us-central1-a
networkEndpointType: GCE_VM_IP
# Hybrid connectivity NEG
hybridNetworkEndpointGroup:
type: gcp:compute:NetworkEndpointGroup
properties:
network: ${defaultNetwork.id}
defaultPort: '90'
zone: us-central1-a
networkEndpointType: NON_GCP_PRIVATE_IP_PORT
hybrid-endpoint:
type: gcp:compute:NetworkEndpoint
properties:
networkEndpointGroup: ${hybridNetworkEndpointGroup.name}
port: ${hybridNetworkEndpointGroup.defaultPort}
ipAddress: 127.0.0.1
# Backend service for Zonal NEG
defaultBackendService:
type: gcp:compute:BackendService
properties:
portName: http
protocol: HTTP
timeoutSec: 10
backends:
- group: ${defaultNetworkEndpointGroup.id}
balancingMode: RATE
maxRatePerEndpoint: 10
healthChecks:
- ${defaultHealthCheck.id}
# Backgend service for Hybrid NEG
hybridBackendService:
type: gcp:compute:BackendService
properties:
portName: http
protocol: HTTP
timeoutSec: 10
backends:
- group: ${hybridNetworkEndpointGroup.id}
balancingMode: RATE
maxRatePerEndpoint: 10
healthChecks:
- ${defaultHealthCheck.id}
defaultHealthCheck:
type: gcp:compute:HealthCheck
properties:
timeoutSec: 1
checkIntervalSec: 1
tcpHealthCheck:
port: '80'
defaultURLMap:
type: gcp:compute:URLMap
properties:
description: a description
defaultService: ${defaultBackendService.id}
hostRules:
- hosts:
- mysite.com
pathMatcher: allpaths
pathMatchers:
- name: allpaths
defaultService: ${defaultBackendService.id}
pathRules:
- paths:
- /*
service: ${defaultBackendService.id}
- paths:
- /hybrid
service: ${hybridBackendService.id}
defaultTargetHttpProxy:
type: gcp:compute:TargetHttpProxy
properties:
description: a description
urlMap: ${defaultURLMap.id}
defaultGlobalForwardingRule:
type: gcp:compute:GlobalForwardingRule
properties:
target: ${defaultTargetHttpProxy.id}
portRange: '80'
Global Internal Http Lb With Mig Backend
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var network = new Gcp.Compute.Network("network", new()
{
Project = "my-project-name",
AutoCreateSubnetworks = false,
}, new CustomResourceOptions
{
Provider = google_beta,
});
var vpcSubnetwork = new Gcp.Compute.Subnetwork("vpcSubnetwork", new()
{
Project = network.Project,
IpCidrRange = "10.2.0.0/16",
Region = "us-central1",
Network = network.Id,
PrivateIpGoogleAccess = true,
}, new CustomResourceOptions
{
Provider = google_beta,
});
var defaultGlobalAddress = new Gcp.Compute.GlobalAddress("defaultGlobalAddress", new()
{
Project = network.Project,
AddressType = "INTERNAL",
Purpose = "PRIVATE_SERVICE_CONNECT",
Network = network.Id,
Address = "100.100.100.106",
}, new CustomResourceOptions
{
Provider = google_beta,
});
var defaultGlobalForwardingRule = new Gcp.Compute.GlobalForwardingRule("defaultGlobalForwardingRule", new()
{
Project = network.Project,
Target = "all-apis",
Network = network.Id,
IpAddress = defaultGlobalAddress.Id,
LoadBalancingScheme = "",
}, new CustomResourceOptions
{
Provider = google_beta,
});
});
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
network, err := compute.NewNetwork(ctx, "network", &compute.NetworkArgs{
Project: pulumi.String("my-project-name"),
AutoCreateSubnetworks: pulumi.Bool(false),
}, pulumi.Provider(google_beta))
if err != nil {
return err
}
_, err = compute.NewSubnetwork(ctx, "vpcSubnetwork", &compute.SubnetworkArgs{
Project: network.Project,
IpCidrRange: pulumi.String("10.2.0.0/16"),
Region: pulumi.String("us-central1"),
Network: network.ID(),
PrivateIpGoogleAccess: pulumi.Bool(true),
}, pulumi.Provider(google_beta))
if err != nil {
return err
}
defaultGlobalAddress, err := compute.NewGlobalAddress(ctx, "defaultGlobalAddress", &compute.GlobalAddressArgs{
Project: network.Project,
AddressType: pulumi.String("INTERNAL"),
Purpose: pulumi.String("PRIVATE_SERVICE_CONNECT"),
Network: network.ID(),
Address: pulumi.String("100.100.100.106"),
}, pulumi.Provider(google_beta))
if err != nil {
return err
}
_, err = compute.NewGlobalForwardingRule(ctx, "defaultGlobalForwardingRule", &compute.GlobalForwardingRuleArgs{
Project: network.Project,
Target: pulumi.String("all-apis"),
Network: network.ID(),
IpAddress: defaultGlobalAddress.ID(),
LoadBalancingScheme: pulumi.String(""),
}, pulumi.Provider(google_beta))
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.compute.Network;
import com.pulumi.gcp.compute.NetworkArgs;
import com.pulumi.gcp.compute.Subnetwork;
import com.pulumi.gcp.compute.SubnetworkArgs;
import com.pulumi.gcp.compute.HealthCheck;
import com.pulumi.gcp.compute.HealthCheckArgs;
import com.pulumi.gcp.compute.inputs.HealthCheckHttpHealthCheckArgs;
import com.pulumi.gcp.compute.InstanceTemplate;
import com.pulumi.gcp.compute.InstanceTemplateArgs;
import com.pulumi.gcp.compute.inputs.InstanceTemplateNetworkInterfaceArgs;
import com.pulumi.gcp.compute.inputs.InstanceTemplateDiskArgs;
import com.pulumi.gcp.compute.InstanceGroupManager;
import com.pulumi.gcp.compute.InstanceGroupManagerArgs;
import com.pulumi.gcp.compute.inputs.InstanceGroupManagerVersionArgs;
import com.pulumi.gcp.compute.BackendService;
import com.pulumi.gcp.compute.BackendServiceArgs;
import com.pulumi.gcp.compute.inputs.BackendServiceBackendArgs;
import com.pulumi.gcp.compute.URLMap;
import com.pulumi.gcp.compute.URLMapArgs;
import com.pulumi.gcp.compute.TargetHttpProxy;
import com.pulumi.gcp.compute.TargetHttpProxyArgs;
import com.pulumi.gcp.compute.GlobalForwardingRule;
import com.pulumi.gcp.compute.GlobalForwardingRuleArgs;
import com.pulumi.gcp.compute.Firewall;
import com.pulumi.gcp.compute.FirewallArgs;
import com.pulumi.gcp.compute.inputs.FirewallAllowArgs;
import com.pulumi.gcp.compute.Instance;
import com.pulumi.gcp.compute.InstanceArgs;
import com.pulumi.gcp.compute.inputs.InstanceNetworkInterfaceArgs;
import com.pulumi.gcp.compute.inputs.InstanceBootDiskArgs;
import com.pulumi.gcp.compute.inputs.InstanceBootDiskInitializeParamsArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var gilbNetwork = new Network("gilbNetwork", NetworkArgs.builder()
.autoCreateSubnetworks(false)
.build(), CustomResourceOptions.builder()
.provider(google_beta)
.build());
var proxySubnet = new Subnetwork("proxySubnet", SubnetworkArgs.builder()
.ipCidrRange("10.0.0.0/24")
.region("europe-west1")
.purpose("GLOBAL_MANAGED_PROXY")
.role("ACTIVE")
.network(gilbNetwork.id())
.build(), CustomResourceOptions.builder()
.provider(google_beta)
.build());
var gilbSubnet = new Subnetwork("gilbSubnet", SubnetworkArgs.builder()
.ipCidrRange("10.0.1.0/24")
.region("europe-west1")
.network(gilbNetwork.id())
.build(), CustomResourceOptions.builder()
.provider(google_beta)
.build());
var defaultHealthCheck = new HealthCheck("defaultHealthCheck", HealthCheckArgs.builder()
.httpHealthCheck(HealthCheckHttpHealthCheckArgs.builder()
.portSpecification("USE_SERVING_PORT")
.build())
.build(), CustomResourceOptions.builder()
.provider(google_beta)
.build());
var instanceTemplate = new InstanceTemplate("instanceTemplate", InstanceTemplateArgs.builder()
.machineType("e2-small")
.tags("http-server")
.networkInterfaces(InstanceTemplateNetworkInterfaceArgs.builder()
.network(gilbNetwork.id())
.subnetwork(gilbSubnet.id())
.accessConfigs()
.build())
.disks(InstanceTemplateDiskArgs.builder()
.sourceImage("debian-cloud/debian-10")
.autoDelete(true)
.boot(true)
.build())
.metadata(Map.of("startup-script", """
#! /bin/bash
set -euo pipefail
export DEBIAN_FRONTEND=noninteractive
apt-get update
apt-get install -y nginx-light jq
NAME=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/hostname")
IP=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/0/ip")
METADATA=$(curl -f -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/attributes/?recursive=True" | jq 'del(.["startup-script"])')
cat <<EOF > /var/www/html/index.html
<pre>
Name: $NAME
IP: $IP
Metadata: $METADATA
</pre>
EOF
"""))
.build(), CustomResourceOptions.builder()
.provider(google_beta)
.build());
var mig = new InstanceGroupManager("mig", InstanceGroupManagerArgs.builder()
.zone("europe-west1-b")
.versions(InstanceGroupManagerVersionArgs.builder()
.instanceTemplate(instanceTemplate.id())
.name("primary")
.build())
.baseInstanceName("vm")
.targetSize(2)
.build(), CustomResourceOptions.builder()
.provider(google_beta)
.build());
var defaultBackendService = new BackendService("defaultBackendService", BackendServiceArgs.builder()
.protocol("HTTP")
.loadBalancingScheme("INTERNAL_MANAGED")
.timeoutSec(10)
.healthChecks(defaultHealthCheck.id())
.backends(BackendServiceBackendArgs.builder()
.group(mig.instanceGroup())
.balancingMode("UTILIZATION")
.capacityScaler(1)
.build())
.build(), CustomResourceOptions.builder()
.provider(google_beta)
.build());
var defaultURLMap = new URLMap("defaultURLMap", URLMapArgs.builder()
.defaultService(defaultBackendService.id())
.build(), CustomResourceOptions.builder()
.provider(google_beta)
.build());
var defaultTargetHttpProxy = new TargetHttpProxy("defaultTargetHttpProxy", TargetHttpProxyArgs.builder()
.urlMap(defaultURLMap.id())
.build(), CustomResourceOptions.builder()
.provider(google_beta)
.build());
var googleComputeForwardingRule = new GlobalForwardingRule("googleComputeForwardingRule", GlobalForwardingRuleArgs.builder()
.ipProtocol("TCP")
.loadBalancingScheme("INTERNAL_MANAGED")
.portRange("80")
.target(defaultTargetHttpProxy.id())
.network(gilbNetwork.id())
.subnetwork(gilbSubnet.id())
.build(), CustomResourceOptions.builder()
.provider(google_beta)
.dependsOn(proxySubnet)
.build());
var fw_iap = new Firewall("fw-iap", FirewallArgs.builder()
.direction("INGRESS")
.network(gilbNetwork.id())
.sourceRanges(
"130.211.0.0/22",
"35.191.0.0/16",
"35.235.240.0/20")
.allows(FirewallAllowArgs.builder()
.protocol("tcp")
.build())
.build(), CustomResourceOptions.builder()
.provider(google_beta)
.build());
var fw_gilb_to_backends = new Firewall("fw-gilb-to-backends", FirewallArgs.builder()
.direction("INGRESS")
.network(gilbNetwork.id())
.sourceRanges("10.0.0.0/24")
.targetTags("http-server")
.allows(FirewallAllowArgs.builder()
.protocol("tcp")
.ports(
"80",
"443",
"8080")
.build())
.build(), CustomResourceOptions.builder()
.provider(google_beta)
.build());
var vm_test = new Instance("vm-test", InstanceArgs.builder()
.zone("europe-west1-b")
.machineType("e2-small")
.networkInterfaces(InstanceNetworkInterfaceArgs.builder()
.network(gilbNetwork.id())
.subnetwork(gilbSubnet.id())
.build())
.bootDisk(InstanceBootDiskArgs.builder()
.initializeParams(InstanceBootDiskInitializeParamsArgs.builder()
.image("debian-cloud/debian-10")
.build())
.build())
.build(), CustomResourceOptions.builder()
.provider(google_beta)
.build());
}
}
import pulumi
import pulumi_gcp as gcp
network = gcp.compute.Network("network",
project="my-project-name",
auto_create_subnetworks=False,
opts=pulumi.ResourceOptions(provider=google_beta))
vpc_subnetwork = gcp.compute.Subnetwork("vpcSubnetwork",
project=network.project,
ip_cidr_range="10.2.0.0/16",
region="us-central1",
network=network.id,
private_ip_google_access=True,
opts=pulumi.ResourceOptions(provider=google_beta))
default_global_address = gcp.compute.GlobalAddress("defaultGlobalAddress",
project=network.project,
address_type="INTERNAL",
purpose="PRIVATE_SERVICE_CONNECT",
network=network.id,
address="100.100.100.106",
opts=pulumi.ResourceOptions(provider=google_beta))
default_global_forwarding_rule = gcp.compute.GlobalForwardingRule("defaultGlobalForwardingRule",
project=network.project,
target="all-apis",
network=network.id,
ip_address=default_global_address.id,
load_balancing_scheme="",
opts=pulumi.ResourceOptions(provider=google_beta))
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const network = new gcp.compute.Network("network", {
project: "my-project-name",
autoCreateSubnetworks: false,
}, {
provider: google_beta,
});
const vpcSubnetwork = new gcp.compute.Subnetwork("vpcSubnetwork", {
project: network.project,
ipCidrRange: "10.2.0.0/16",
region: "us-central1",
network: network.id,
privateIpGoogleAccess: true,
}, {
provider: google_beta,
});
const defaultGlobalAddress = new gcp.compute.GlobalAddress("defaultGlobalAddress", {
project: network.project,
addressType: "INTERNAL",
purpose: "PRIVATE_SERVICE_CONNECT",
network: network.id,
address: "100.100.100.106",
}, {
provider: google_beta,
});
const defaultGlobalForwardingRule = new gcp.compute.GlobalForwardingRule("defaultGlobalForwardingRule", {
project: network.project,
target: "all-apis",
network: network.id,
ipAddress: defaultGlobalAddress.id,
loadBalancingScheme: "",
}, {
provider: google_beta,
});
resources:
# Global Internal HTTP load balancer with a managed instance group backend
# VPC network
gilbNetwork:
type: gcp:compute:Network
properties:
autoCreateSubnetworks: false
options:
provider: ${["google-beta"]}
# proxy-only subnet
proxySubnet:
type: gcp:compute:Subnetwork
properties:
ipCidrRange: 10.0.0.0/24
region: europe-west1
purpose: GLOBAL_MANAGED_PROXY
role: ACTIVE
network: ${gilbNetwork.id}
options:
provider: ${["google-beta"]}
# backend subnet
gilbSubnet:
type: gcp:compute:Subnetwork
properties:
ipCidrRange: 10.0.1.0/24
region: europe-west1
network: ${gilbNetwork.id}
options:
provider: ${["google-beta"]}
# forwarding rule
googleComputeForwardingRule:
type: gcp:compute:GlobalForwardingRule
properties:
ipProtocol: TCP
loadBalancingScheme: INTERNAL_MANAGED
portRange: '80'
target: ${defaultTargetHttpProxy.id}
network: ${gilbNetwork.id}
subnetwork: ${gilbSubnet.id}
options:
provider: ${["google-beta"]}
dependson:
- ${proxySubnet}
# HTTP target proxy
defaultTargetHttpProxy:
type: gcp:compute:TargetHttpProxy
properties:
urlMap: ${defaultURLMap.id}
options:
provider: ${["google-beta"]}
# URL map
defaultURLMap:
type: gcp:compute:URLMap
properties:
defaultService: ${defaultBackendService.id}
options:
provider: ${["google-beta"]}
# backend service
defaultBackendService:
type: gcp:compute:BackendService
properties:
protocol: HTTP
loadBalancingScheme: INTERNAL_MANAGED
timeoutSec: 10
healthChecks:
- ${defaultHealthCheck.id}
backends:
- group: ${mig.instanceGroup}
balancingMode: UTILIZATION
capacityScaler: 1
options:
provider: ${["google-beta"]}
# instance template
instanceTemplate:
type: gcp:compute:InstanceTemplate
properties:
machineType: e2-small
tags:
- http-server
networkInterfaces:
- network: ${gilbNetwork.id}
subnetwork: ${gilbSubnet.id}
accessConfigs:
- {}
disks:
- sourceImage: debian-cloud/debian-10
autoDelete: true
boot: true
# install nginx and serve a simple web page
metadata:
startup-script: |
#! /bin/bash
set -euo pipefail
export DEBIAN_FRONTEND=noninteractive
apt-get update
apt-get install -y nginx-light jq
NAME=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/hostname")
IP=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/0/ip")
METADATA=$(curl -f -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/attributes/?recursive=True" | jq 'del(.["startup-script"])')
cat <<EOF > /var/www/html/index.html
<pre>
Name: $NAME
IP: $IP
Metadata: $METADATA
</pre>
EOF
options:
provider: ${["google-beta"]}
# health check
defaultHealthCheck:
type: gcp:compute:HealthCheck
properties:
httpHealthCheck:
portSpecification: USE_SERVING_PORT
options:
provider: ${["google-beta"]}
# MIG
mig:
type: gcp:compute:InstanceGroupManager
properties:
zone: europe-west1-b
versions:
- instanceTemplate: ${instanceTemplate.id}
name: primary
baseInstanceName: vm
targetSize: 2
options:
provider: ${["google-beta"]}
# allow all access from IAP and health check ranges
fw-iap:
type: gcp:compute:Firewall
properties:
direction: INGRESS
network: ${gilbNetwork.id}
sourceRanges:
- 130.211.0.0/22
- 35.191.0.0/16
- 35.235.240.0/20
allows:
- protocol: tcp
options:
provider: ${["google-beta"]}
# allow http from proxy subnet to backends
fw-gilb-to-backends:
type: gcp:compute:Firewall
properties:
direction: INGRESS
network: ${gilbNetwork.id}
sourceRanges:
- 10.0.0.0/24
targetTags:
- http-server
allows:
- protocol: tcp
ports:
- '80'
- '443'
- '8080'
options:
provider: ${["google-beta"]}
# test instance
vm-test:
type: gcp:compute:Instance
properties:
zone: europe-west1-b
machineType: e2-small
networkInterfaces:
- network: ${gilbNetwork.id}
subnetwork: ${gilbSubnet.id}
bootDisk:
initializeParams:
image: debian-cloud/debian-10
options:
provider: ${["google-beta"]}
Private Service Connect Google Apis
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var network = new Gcp.Compute.Network("network", new()
{
Project = "my-project-name",
AutoCreateSubnetworks = false,
}, new CustomResourceOptions
{
Provider = google_beta,
});
var vpcSubnetwork = new Gcp.Compute.Subnetwork("vpcSubnetwork", new()
{
Project = network.Project,
IpCidrRange = "10.2.0.0/16",
Region = "us-central1",
Network = network.Id,
PrivateIpGoogleAccess = true,
}, new CustomResourceOptions
{
Provider = google_beta,
});
var defaultGlobalAddress = new Gcp.Compute.GlobalAddress("defaultGlobalAddress", new()
{
Project = network.Project,
AddressType = "INTERNAL",
Purpose = "PRIVATE_SERVICE_CONNECT",
Network = network.Id,
Address = "100.100.100.106",
}, new CustomResourceOptions
{
Provider = google_beta,
});
var defaultGlobalForwardingRule = new Gcp.Compute.GlobalForwardingRule("defaultGlobalForwardingRule", new()
{
Project = network.Project,
Target = "all-apis",
Network = network.Id,
IpAddress = defaultGlobalAddress.Id,
LoadBalancingScheme = "",
NoAutomateDnsZone = false,
}, new CustomResourceOptions
{
Provider = google_beta,
});
});
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
network, err := compute.NewNetwork(ctx, "network", &compute.NetworkArgs{
Project: pulumi.String("my-project-name"),
AutoCreateSubnetworks: pulumi.Bool(false),
}, pulumi.Provider(google_beta))
if err != nil {
return err
}
_, err = compute.NewSubnetwork(ctx, "vpcSubnetwork", &compute.SubnetworkArgs{
Project: network.Project,
IpCidrRange: pulumi.String("10.2.0.0/16"),
Region: pulumi.String("us-central1"),
Network: network.ID(),
PrivateIpGoogleAccess: pulumi.Bool(true),
}, pulumi.Provider(google_beta))
if err != nil {
return err
}
defaultGlobalAddress, err := compute.NewGlobalAddress(ctx, "defaultGlobalAddress", &compute.GlobalAddressArgs{
Project: network.Project,
AddressType: pulumi.String("INTERNAL"),
Purpose: pulumi.String("PRIVATE_SERVICE_CONNECT"),
Network: network.ID(),
Address: pulumi.String("100.100.100.106"),
}, pulumi.Provider(google_beta))
if err != nil {
return err
}
_, err = compute.NewGlobalForwardingRule(ctx, "defaultGlobalForwardingRule", &compute.GlobalForwardingRuleArgs{
Project: network.Project,
Target: pulumi.String("all-apis"),
Network: network.ID(),
IpAddress: defaultGlobalAddress.ID(),
LoadBalancingScheme: pulumi.String(""),
NoAutomateDnsZone: pulumi.Bool(false),
}, pulumi.Provider(google_beta))
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.compute.Network;
import com.pulumi.gcp.compute.NetworkArgs;
import com.pulumi.gcp.compute.Subnetwork;
import com.pulumi.gcp.compute.SubnetworkArgs;
import com.pulumi.gcp.compute.GlobalAddress;
import com.pulumi.gcp.compute.GlobalAddressArgs;
import com.pulumi.gcp.compute.GlobalForwardingRule;
import com.pulumi.gcp.compute.GlobalForwardingRuleArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var network = new Network("network", NetworkArgs.builder()
.project("my-project-name")
.autoCreateSubnetworks(false)
.build(), CustomResourceOptions.builder()
.provider(google_beta)
.build());
var vpcSubnetwork = new Subnetwork("vpcSubnetwork", SubnetworkArgs.builder()
.project(network.project())
.ipCidrRange("10.2.0.0/16")
.region("us-central1")
.network(network.id())
.privateIpGoogleAccess(true)
.build(), CustomResourceOptions.builder()
.provider(google_beta)
.build());
var defaultGlobalAddress = new GlobalAddress("defaultGlobalAddress", GlobalAddressArgs.builder()
.project(network.project())
.addressType("INTERNAL")
.purpose("PRIVATE_SERVICE_CONNECT")
.network(network.id())
.address("100.100.100.106")
.build(), CustomResourceOptions.builder()
.provider(google_beta)
.build());
var defaultGlobalForwardingRule = new GlobalForwardingRule("defaultGlobalForwardingRule", GlobalForwardingRuleArgs.builder()
.project(network.project())
.target("all-apis")
.network(network.id())
.ipAddress(defaultGlobalAddress.id())
.loadBalancingScheme("")
.build(), CustomResourceOptions.builder()
.provider(google_beta)
.build());
}
}
import pulumi
import pulumi_gcp as gcp
network = gcp.compute.Network("network",
project="my-project-name",
auto_create_subnetworks=False,
opts=pulumi.ResourceOptions(provider=google_beta))
vpc_subnetwork = gcp.compute.Subnetwork("vpcSubnetwork",
project=network.project,
ip_cidr_range="10.2.0.0/16",
region="us-central1",
network=network.id,
private_ip_google_access=True,
opts=pulumi.ResourceOptions(provider=google_beta))
default_global_address = gcp.compute.GlobalAddress("defaultGlobalAddress",
project=network.project,
address_type="INTERNAL",
purpose="PRIVATE_SERVICE_CONNECT",
network=network.id,
address="100.100.100.106",
opts=pulumi.ResourceOptions(provider=google_beta))
default_global_forwarding_rule = gcp.compute.GlobalForwardingRule("defaultGlobalForwardingRule",
project=network.project,
target="all-apis",
network=network.id,
ip_address=default_global_address.id,
load_balancing_scheme="",
no_automate_dns_zone=False,
opts=pulumi.ResourceOptions(provider=google_beta))
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const network = new gcp.compute.Network("network", {
project: "my-project-name",
autoCreateSubnetworks: false,
}, {
provider: google_beta,
});
const vpcSubnetwork = new gcp.compute.Subnetwork("vpcSubnetwork", {
project: network.project,
ipCidrRange: "10.2.0.0/16",
region: "us-central1",
network: network.id,
privateIpGoogleAccess: true,
}, {
provider: google_beta,
});
const defaultGlobalAddress = new gcp.compute.GlobalAddress("defaultGlobalAddress", {
project: network.project,
addressType: "INTERNAL",
purpose: "PRIVATE_SERVICE_CONNECT",
network: network.id,
address: "100.100.100.106",
}, {
provider: google_beta,
});
const defaultGlobalForwardingRule = new gcp.compute.GlobalForwardingRule("defaultGlobalForwardingRule", {
project: network.project,
target: "all-apis",
network: network.id,
ipAddress: defaultGlobalAddress.id,
loadBalancingScheme: "",
noAutomateDnsZone: false,
}, {
provider: google_beta,
});
resources:
network:
type: gcp:compute:Network
properties:
project: my-project-name
autoCreateSubnetworks: false
options:
provider: ${["google-beta"]}
vpcSubnetwork:
type: gcp:compute:Subnetwork
properties:
project: ${network.project}
ipCidrRange: 10.2.0.0/16
region: us-central1
network: ${network.id}
privateIpGoogleAccess: true
options:
provider: ${["google-beta"]}
defaultGlobalAddress:
type: gcp:compute:GlobalAddress
properties:
project: ${network.project}
addressType: INTERNAL
purpose: PRIVATE_SERVICE_CONNECT
network: ${network.id}
address: 100.100.100.106
options:
provider: ${["google-beta"]}
defaultGlobalForwardingRule:
type: gcp:compute:GlobalForwardingRule
properties:
project: ${network.project}
target: all-apis
network: ${network.id}
ipAddress: ${defaultGlobalAddress.id}
loadBalancingScheme:
options:
provider: ${["google-beta"]}
Private Service Connect Google Apis No Automate Dns
Coming soon!
Coming soon!
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.compute.Network;
import com.pulumi.gcp.compute.NetworkArgs;
import com.pulumi.gcp.compute.Subnetwork;
import com.pulumi.gcp.compute.SubnetworkArgs;
import com.pulumi.gcp.compute.GlobalAddress;
import com.pulumi.gcp.compute.GlobalAddressArgs;
import com.pulumi.gcp.compute.GlobalForwardingRule;
import com.pulumi.gcp.compute.GlobalForwardingRuleArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var network = new Network("network", NetworkArgs.builder()
.project("my-project-name")
.autoCreateSubnetworks(false)
.build(), CustomResourceOptions.builder()
.provider(google_beta)
.build());
var vpcSubnetwork = new Subnetwork("vpcSubnetwork", SubnetworkArgs.builder()
.project(network.project())
.ipCidrRange("10.2.0.0/16")
.region("us-central1")
.network(network.id())
.privateIpGoogleAccess(true)
.build(), CustomResourceOptions.builder()
.provider(google_beta)
.build());
var defaultGlobalAddress = new GlobalAddress("defaultGlobalAddress", GlobalAddressArgs.builder()
.project(network.project())
.addressType("INTERNAL")
.purpose("PRIVATE_SERVICE_CONNECT")
.network(network.id())
.address("100.100.100.106")
.build(), CustomResourceOptions.builder()
.provider(google_beta)
.build());
var defaultGlobalForwardingRule = new GlobalForwardingRule("defaultGlobalForwardingRule", GlobalForwardingRuleArgs.builder()
.project(network.project())
.target("all-apis")
.network(network.id())
.ipAddress(defaultGlobalAddress.id())
.loadBalancingScheme("")
.noAutomateDnsZone(false)
.build(), CustomResourceOptions.builder()
.provider(google_beta)
.build());
}
}
Coming soon!
Coming soon!
resources:
network:
type: gcp:compute:Network
properties:
project: my-project-name
autoCreateSubnetworks: false
options:
provider: ${["google-beta"]}
vpcSubnetwork:
type: gcp:compute:Subnetwork
properties:
project: ${network.project}
ipCidrRange: 10.2.0.0/16
region: us-central1
network: ${network.id}
privateIpGoogleAccess: true
options:
provider: ${["google-beta"]}
defaultGlobalAddress:
type: gcp:compute:GlobalAddress
properties:
project: ${network.project}
addressType: INTERNAL
purpose: PRIVATE_SERVICE_CONNECT
network: ${network.id}
address: 100.100.100.106
options:
provider: ${["google-beta"]}
defaultGlobalForwardingRule:
type: gcp:compute:GlobalForwardingRule
properties:
project: ${network.project}
target: all-apis
network: ${network.id}
ipAddress: ${defaultGlobalAddress.id}
loadBalancingScheme:
noAutomateDnsZone: false
options:
provider: ${["google-beta"]}
Create GlobalForwardingRule Resource
new GlobalForwardingRule(name: string, args: GlobalForwardingRuleArgs, opts?: CustomResourceOptions);
@overload
def GlobalForwardingRule(resource_name: str,
opts: Optional[ResourceOptions] = None,
allow_psc_global_access: Optional[bool] = None,
description: Optional[str] = None,
ip_address: Optional[str] = None,
ip_protocol: Optional[str] = None,
ip_version: Optional[str] = None,
labels: Optional[Mapping[str, str]] = None,
load_balancing_scheme: Optional[str] = None,
metadata_filters: Optional[Sequence[GlobalForwardingRuleMetadataFilterArgs]] = None,
name: Optional[str] = None,
network: Optional[str] = None,
no_automate_dns_zone: Optional[bool] = None,
port_range: Optional[str] = None,
project: Optional[str] = None,
source_ip_ranges: Optional[Sequence[str]] = None,
subnetwork: Optional[str] = None,
target: Optional[str] = None)
@overload
def GlobalForwardingRule(resource_name: str,
args: GlobalForwardingRuleArgs,
opts: Optional[ResourceOptions] = None)
func NewGlobalForwardingRule(ctx *Context, name string, args GlobalForwardingRuleArgs, opts ...ResourceOption) (*GlobalForwardingRule, error)
public GlobalForwardingRule(string name, GlobalForwardingRuleArgs args, CustomResourceOptions? opts = null)
public GlobalForwardingRule(String name, GlobalForwardingRuleArgs args)
public GlobalForwardingRule(String name, GlobalForwardingRuleArgs args, CustomResourceOptions options)
type: gcp:compute:GlobalForwardingRule
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args GlobalForwardingRuleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args GlobalForwardingRuleArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args GlobalForwardingRuleArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args GlobalForwardingRuleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args GlobalForwardingRuleArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
GlobalForwardingRule Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The GlobalForwardingRule resource accepts the following input properties:
- Target string
The URL of the target resource to receive the matched traffic. For regional forwarding rules, this target must be in the same region as the forwarding rule. For global forwarding rules, this target must be a global load balancing resource. The forwarded traffic must be of a type appropriate to the target object.
- For load balancers, see the "Target" column in Port specifications.
- For Private Service Connect forwarding rules that forward traffic to Google APIs, provide the name of a supported Google API bundle:
vpc-sc
- APIs that support VPC Service Controls.all-apis
- All supported Google APIs.
For Private Service Connect forwarding rules that forward traffic to managed services, the target must be a service attachment.
- Allow
Psc boolGlobal Access This is used in PSC consumer ForwardingRule to control whether the PSC endpoint can be accessed from another region.
- Description string
An optional description of this resource. Provide this property when you create the resource.
- Ip
Address string IP address for which this forwarding rule accepts traffic. When a client sends traffic to this IP address, the forwarding rule directs the traffic to the referenced
target
. While creating a forwarding rule, specifying anIPAddress
is required under the following circumstances:- When the
target
is set totargetGrpcProxy
andvalidateForProxyless
is set totrue
, theIPAddress
should be set to0.0.0.0
. - When the
target
is a Private Service Connect Google APIs bundle, you must specify anIPAddress
.
Otherwise, you can optionally specify an IP address that references an existing static (reserved) IP address resource. When omitted, Google Cloud assigns an ephemeral IP address. Use one of the following formats to specify an IP address while creating a forwarding rule:
- IP address number, as in
100.1.2.3
- IPv6 address range, as in
2600:1234::/96
- Full resource URL, as in
https://www.googleapis.com/compute/v1/projects/project_id/regions/region/addresses/address-name
- Partial URL or by name, as in:
projects/project_id/regions/region/addresses/address-name
regions/region/addresses/address-name
global/addresses/address-name
address-name
The forwarding rule's
target
, and in most cases, also theloadBalancingScheme
, determine the type of IP address that you can use. For detailed information, see IP address specifications. When reading anIPAddress
, the API always returns the IP address number.- When the
- Ip
Protocol string The IP protocol to which this rule applies. For protocol forwarding, valid options are
TCP
,UDP
,ESP
,AH
,SCTP
,ICMP
andL3_DEFAULT
. The valid IP protocols are different for different load balancing products as described in Load balancing features. Possible values are:TCP
,UDP
,ESP
,AH
,SCTP
,ICMP
.- Ip
Version string The IP Version that will be used by this global forwarding rule. Possible values are:
IPV4
,IPV6
.- Labels Dictionary<string, string>
Labels to apply to this forwarding rule. A list of key->value pairs.
Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field
effective_labels
for all of the labels present on the resource.- Load
Balancing stringScheme Specifies the forwarding rule type. For more information about forwarding rules, refer to Forwarding rule concepts. Default value is
EXTERNAL
. Possible values are:EXTERNAL
,EXTERNAL_MANAGED
,INTERNAL_MANAGED
,INTERNAL_SELF_MANAGED
.- Metadata
Filters List<GlobalForwarding Rule Metadata Filter> Opaque filter criteria used by Loadbalancer to restrict routing configuration to a limited set xDS compliant clients. In their xDS requests to Loadbalancer, xDS clients present node metadata. If a match takes place, the relevant routing configuration is made available to those proxies. For each metadataFilter in this list, if its filterMatchCriteria is set to MATCH_ANY, at least one of the filterLabels must match the corresponding label provided in the metadata. If its filterMatchCriteria is set to MATCH_ALL, then all of its filterLabels must match with corresponding labels in the provided metadata. metadataFilters specified here can be overridden by those specified in the UrlMap that this ForwardingRule references. metadataFilters only applies to Loadbalancers that have their loadBalancingScheme set to INTERNAL_SELF_MANAGED. Structure is documented below.
- Name string
Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression
a-z?
which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. For Private Service Connect forwarding rules that forward traffic to Google APIs, the forwarding rule name must be a 1-20 characters string with lowercase letters and numbers and must start with a letter.- Network string
This field is not used for external load balancing. For Internal TCP/UDP Load Balancing, this field identifies the network that the load balanced IP should belong to for this Forwarding Rule. If the subnetwork is specified, the network of the subnetwork will be used. If neither subnetwork nor this field is specified, the default network will be used. For Private Service Connect forwarding rules that forward traffic to Google APIs, a network must be provided.
- No
Automate boolDns Zone This is used in PSC consumer ForwardingRule to control whether it should try to auto-generate a DNS zone or not. Non-PSC forwarding rules do not use this field.
- Port
Range string The
portRange
field has the following limitations:- It requires that the forwarding rule
IPProtocol
be TCP, UDP, or SCTP, and - It's applicable only to the following products: external passthrough Network Load Balancers, internal and external proxy Network Load Balancers, internal and external Application Load Balancers, external protocol forwarding, and Classic VPN.
- Some products have restrictions on what ports can be used. See
port specifications
for details.
For external forwarding rules, two or more forwarding rules cannot use the
same
[IPAddress, IPProtocol]
pair, and cannot have overlappingportRange
s. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same[IPAddress, IPProtocol]
pair, and cannot have overlappingportRange
s.
- It requires that the forwarding rule
- Project string
The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- Source
Ip List<string>Ranges If not empty, this Forwarding Rule will only forward the traffic when the source IP address matches one of the IP addresses or CIDR ranges set here. Note that a Forwarding Rule can only have up to 64 source IP ranges, and this field can only be used with a regional Forwarding Rule whose scheme is EXTERNAL. Each sourceIpRange entry should be either an IP address (for example, 1.2.3.4) or a CIDR range (for example, 1.2.3.0/24).
- Subnetwork string
This field identifies the subnetwork that the load balanced IP should belong to for this Forwarding Rule, used in internal load balancing and network load balancing with IPv6. If the network specified is in auto subnet mode, this field is optional. However, a subnetwork must be specified if the network is in custom subnet mode or when creating external forwarding rule with IPv6.
- Target string
The URL of the target resource to receive the matched traffic. For regional forwarding rules, this target must be in the same region as the forwarding rule. For global forwarding rules, this target must be a global load balancing resource. The forwarded traffic must be of a type appropriate to the target object.
- For load balancers, see the "Target" column in Port specifications.
- For Private Service Connect forwarding rules that forward traffic to Google APIs, provide the name of a supported Google API bundle:
vpc-sc
- APIs that support VPC Service Controls.all-apis
- All supported Google APIs.
For Private Service Connect forwarding rules that forward traffic to managed services, the target must be a service attachment.
- Allow
Psc boolGlobal Access This is used in PSC consumer ForwardingRule to control whether the PSC endpoint can be accessed from another region.
- Description string
An optional description of this resource. Provide this property when you create the resource.
- Ip
Address string IP address for which this forwarding rule accepts traffic. When a client sends traffic to this IP address, the forwarding rule directs the traffic to the referenced
target
. While creating a forwarding rule, specifying anIPAddress
is required under the following circumstances:- When the
target
is set totargetGrpcProxy
andvalidateForProxyless
is set totrue
, theIPAddress
should be set to0.0.0.0
. - When the
target
is a Private Service Connect Google APIs bundle, you must specify anIPAddress
.
Otherwise, you can optionally specify an IP address that references an existing static (reserved) IP address resource. When omitted, Google Cloud assigns an ephemeral IP address. Use one of the following formats to specify an IP address while creating a forwarding rule:
- IP address number, as in
100.1.2.3
- IPv6 address range, as in
2600:1234::/96
- Full resource URL, as in
https://www.googleapis.com/compute/v1/projects/project_id/regions/region/addresses/address-name
- Partial URL or by name, as in:
projects/project_id/regions/region/addresses/address-name
regions/region/addresses/address-name
global/addresses/address-name
address-name
The forwarding rule's
target
, and in most cases, also theloadBalancingScheme
, determine the type of IP address that you can use. For detailed information, see IP address specifications. When reading anIPAddress
, the API always returns the IP address number.- When the
- Ip
Protocol string The IP protocol to which this rule applies. For protocol forwarding, valid options are
TCP
,UDP
,ESP
,AH
,SCTP
,ICMP
andL3_DEFAULT
. The valid IP protocols are different for different load balancing products as described in Load balancing features. Possible values are:TCP
,UDP
,ESP
,AH
,SCTP
,ICMP
.- Ip
Version string The IP Version that will be used by this global forwarding rule. Possible values are:
IPV4
,IPV6
.- Labels map[string]string
Labels to apply to this forwarding rule. A list of key->value pairs.
Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field
effective_labels
for all of the labels present on the resource.- Load
Balancing stringScheme Specifies the forwarding rule type. For more information about forwarding rules, refer to Forwarding rule concepts. Default value is
EXTERNAL
. Possible values are:EXTERNAL
,EXTERNAL_MANAGED
,INTERNAL_MANAGED
,INTERNAL_SELF_MANAGED
.- Metadata
Filters []GlobalForwarding Rule Metadata Filter Args Opaque filter criteria used by Loadbalancer to restrict routing configuration to a limited set xDS compliant clients. In their xDS requests to Loadbalancer, xDS clients present node metadata. If a match takes place, the relevant routing configuration is made available to those proxies. For each metadataFilter in this list, if its filterMatchCriteria is set to MATCH_ANY, at least one of the filterLabels must match the corresponding label provided in the metadata. If its filterMatchCriteria is set to MATCH_ALL, then all of its filterLabels must match with corresponding labels in the provided metadata. metadataFilters specified here can be overridden by those specified in the UrlMap that this ForwardingRule references. metadataFilters only applies to Loadbalancers that have their loadBalancingScheme set to INTERNAL_SELF_MANAGED. Structure is documented below.
- Name string
Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression
a-z?
which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. For Private Service Connect forwarding rules that forward traffic to Google APIs, the forwarding rule name must be a 1-20 characters string with lowercase letters and numbers and must start with a letter.- Network string
This field is not used for external load balancing. For Internal TCP/UDP Load Balancing, this field identifies the network that the load balanced IP should belong to for this Forwarding Rule. If the subnetwork is specified, the network of the subnetwork will be used. If neither subnetwork nor this field is specified, the default network will be used. For Private Service Connect forwarding rules that forward traffic to Google APIs, a network must be provided.
- No
Automate boolDns Zone This is used in PSC consumer ForwardingRule to control whether it should try to auto-generate a DNS zone or not. Non-PSC forwarding rules do not use this field.
- Port
Range string The
portRange
field has the following limitations:- It requires that the forwarding rule
IPProtocol
be TCP, UDP, or SCTP, and - It's applicable only to the following products: external passthrough Network Load Balancers, internal and external proxy Network Load Balancers, internal and external Application Load Balancers, external protocol forwarding, and Classic VPN.
- Some products have restrictions on what ports can be used. See
port specifications
for details.
For external forwarding rules, two or more forwarding rules cannot use the
same
[IPAddress, IPProtocol]
pair, and cannot have overlappingportRange
s. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same[IPAddress, IPProtocol]
pair, and cannot have overlappingportRange
s.
- It requires that the forwarding rule
- Project string
The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- Source
Ip []stringRanges If not empty, this Forwarding Rule will only forward the traffic when the source IP address matches one of the IP addresses or CIDR ranges set here. Note that a Forwarding Rule can only have up to 64 source IP ranges, and this field can only be used with a regional Forwarding Rule whose scheme is EXTERNAL. Each sourceIpRange entry should be either an IP address (for example, 1.2.3.4) or a CIDR range (for example, 1.2.3.0/24).
- Subnetwork string
This field identifies the subnetwork that the load balanced IP should belong to for this Forwarding Rule, used in internal load balancing and network load balancing with IPv6. If the network specified is in auto subnet mode, this field is optional. However, a subnetwork must be specified if the network is in custom subnet mode or when creating external forwarding rule with IPv6.
- target String
The URL of the target resource to receive the matched traffic. For regional forwarding rules, this target must be in the same region as the forwarding rule. For global forwarding rules, this target must be a global load balancing resource. The forwarded traffic must be of a type appropriate to the target object.
- For load balancers, see the "Target" column in Port specifications.
- For Private Service Connect forwarding rules that forward traffic to Google APIs, provide the name of a supported Google API bundle:
vpc-sc
- APIs that support VPC Service Controls.all-apis
- All supported Google APIs.
For Private Service Connect forwarding rules that forward traffic to managed services, the target must be a service attachment.
- allow
Psc BooleanGlobal Access This is used in PSC consumer ForwardingRule to control whether the PSC endpoint can be accessed from another region.
- description String
An optional description of this resource. Provide this property when you create the resource.
- ip
Address String IP address for which this forwarding rule accepts traffic. When a client sends traffic to this IP address, the forwarding rule directs the traffic to the referenced
target
. While creating a forwarding rule, specifying anIPAddress
is required under the following circumstances:- When the
target
is set totargetGrpcProxy
andvalidateForProxyless
is set totrue
, theIPAddress
should be set to0.0.0.0
. - When the
target
is a Private Service Connect Google APIs bundle, you must specify anIPAddress
.
Otherwise, you can optionally specify an IP address that references an existing static (reserved) IP address resource. When omitted, Google Cloud assigns an ephemeral IP address. Use one of the following formats to specify an IP address while creating a forwarding rule:
- IP address number, as in
100.1.2.3
- IPv6 address range, as in
2600:1234::/96
- Full resource URL, as in
https://www.googleapis.com/compute/v1/projects/project_id/regions/region/addresses/address-name
- Partial URL or by name, as in:
projects/project_id/regions/region/addresses/address-name
regions/region/addresses/address-name
global/addresses/address-name
address-name
The forwarding rule's
target
, and in most cases, also theloadBalancingScheme
, determine the type of IP address that you can use. For detailed information, see IP address specifications. When reading anIPAddress
, the API always returns the IP address number.- When the
- ip
Protocol String The IP protocol to which this rule applies. For protocol forwarding, valid options are
TCP
,UDP
,ESP
,AH
,SCTP
,ICMP
andL3_DEFAULT
. The valid IP protocols are different for different load balancing products as described in Load balancing features. Possible values are:TCP
,UDP
,ESP
,AH
,SCTP
,ICMP
.- ip
Version String The IP Version that will be used by this global forwarding rule. Possible values are:
IPV4
,IPV6
.- labels Map<String,String>
Labels to apply to this forwarding rule. A list of key->value pairs.
Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field
effective_labels
for all of the labels present on the resource.- load
Balancing StringScheme Specifies the forwarding rule type. For more information about forwarding rules, refer to Forwarding rule concepts. Default value is
EXTERNAL
. Possible values are:EXTERNAL
,EXTERNAL_MANAGED
,INTERNAL_MANAGED
,INTERNAL_SELF_MANAGED
.- metadata
Filters List<GlobalForwarding Rule Metadata Filter> Opaque filter criteria used by Loadbalancer to restrict routing configuration to a limited set xDS compliant clients. In their xDS requests to Loadbalancer, xDS clients present node metadata. If a match takes place, the relevant routing configuration is made available to those proxies. For each metadataFilter in this list, if its filterMatchCriteria is set to MATCH_ANY, at least one of the filterLabels must match the corresponding label provided in the metadata. If its filterMatchCriteria is set to MATCH_ALL, then all of its filterLabels must match with corresponding labels in the provided metadata. metadataFilters specified here can be overridden by those specified in the UrlMap that this ForwardingRule references. metadataFilters only applies to Loadbalancers that have their loadBalancingScheme set to INTERNAL_SELF_MANAGED. Structure is documented below.
- name String
Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression
a-z?
which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. For Private Service Connect forwarding rules that forward traffic to Google APIs, the forwarding rule name must be a 1-20 characters string with lowercase letters and numbers and must start with a letter.- network String
This field is not used for external load balancing. For Internal TCP/UDP Load Balancing, this field identifies the network that the load balanced IP should belong to for this Forwarding Rule. If the subnetwork is specified, the network of the subnetwork will be used. If neither subnetwork nor this field is specified, the default network will be used. For Private Service Connect forwarding rules that forward traffic to Google APIs, a network must be provided.
- no
Automate BooleanDns Zone This is used in PSC consumer ForwardingRule to control whether it should try to auto-generate a DNS zone or not. Non-PSC forwarding rules do not use this field.
- port
Range String The
portRange
field has the following limitations:- It requires that the forwarding rule
IPProtocol
be TCP, UDP, or SCTP, and - It's applicable only to the following products: external passthrough Network Load Balancers, internal and external proxy Network Load Balancers, internal and external Application Load Balancers, external protocol forwarding, and Classic VPN.
- Some products have restrictions on what ports can be used. See
port specifications
for details.
For external forwarding rules, two or more forwarding rules cannot use the
same
[IPAddress, IPProtocol]
pair, and cannot have overlappingportRange
s. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same[IPAddress, IPProtocol]
pair, and cannot have overlappingportRange
s.
- It requires that the forwarding rule
- project String
The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- source
Ip List<String>Ranges If not empty, this Forwarding Rule will only forward the traffic when the source IP address matches one of the IP addresses or CIDR ranges set here. Note that a Forwarding Rule can only have up to 64 source IP ranges, and this field can only be used with a regional Forwarding Rule whose scheme is EXTERNAL. Each sourceIpRange entry should be either an IP address (for example, 1.2.3.4) or a CIDR range (for example, 1.2.3.0/24).
- subnetwork String
This field identifies the subnetwork that the load balanced IP should belong to for this Forwarding Rule, used in internal load balancing and network load balancing with IPv6. If the network specified is in auto subnet mode, this field is optional. However, a subnetwork must be specified if the network is in custom subnet mode or when creating external forwarding rule with IPv6.
- target string
The URL of the target resource to receive the matched traffic. For regional forwarding rules, this target must be in the same region as the forwarding rule. For global forwarding rules, this target must be a global load balancing resource. The forwarded traffic must be of a type appropriate to the target object.
- For load balancers, see the "Target" column in Port specifications.
- For Private Service Connect forwarding rules that forward traffic to Google APIs, provide the name of a supported Google API bundle:
vpc-sc
- APIs that support VPC Service Controls.all-apis
- All supported Google APIs.
For Private Service Connect forwarding rules that forward traffic to managed services, the target must be a service attachment.
- allow
Psc booleanGlobal Access This is used in PSC consumer ForwardingRule to control whether the PSC endpoint can be accessed from another region.
- description string
An optional description of this resource. Provide this property when you create the resource.
- ip
Address string IP address for which this forwarding rule accepts traffic. When a client sends traffic to this IP address, the forwarding rule directs the traffic to the referenced
target
. While creating a forwarding rule, specifying anIPAddress
is required under the following circumstances:- When the
target
is set totargetGrpcProxy
andvalidateForProxyless
is set totrue
, theIPAddress
should be set to0.0.0.0
. - When the
target
is a Private Service Connect Google APIs bundle, you must specify anIPAddress
.
Otherwise, you can optionally specify an IP address that references an existing static (reserved) IP address resource. When omitted, Google Cloud assigns an ephemeral IP address. Use one of the following formats to specify an IP address while creating a forwarding rule:
- IP address number, as in
100.1.2.3
- IPv6 address range, as in
2600:1234::/96
- Full resource URL, as in
https://www.googleapis.com/compute/v1/projects/project_id/regions/region/addresses/address-name
- Partial URL or by name, as in:
projects/project_id/regions/region/addresses/address-name
regions/region/addresses/address-name
global/addresses/address-name
address-name
The forwarding rule's
target
, and in most cases, also theloadBalancingScheme
, determine the type of IP address that you can use. For detailed information, see IP address specifications. When reading anIPAddress
, the API always returns the IP address number.- When the
- ip
Protocol string The IP protocol to which this rule applies. For protocol forwarding, valid options are
TCP
,UDP
,ESP
,AH
,SCTP
,ICMP
andL3_DEFAULT
. The valid IP protocols are different for different load balancing products as described in Load balancing features. Possible values are:TCP
,UDP
,ESP
,AH
,SCTP
,ICMP
.- ip
Version string The IP Version that will be used by this global forwarding rule. Possible values are:
IPV4
,IPV6
.- labels {[key: string]: string}
Labels to apply to this forwarding rule. A list of key->value pairs.
Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field
effective_labels
for all of the labels present on the resource.- load
Balancing stringScheme Specifies the forwarding rule type. For more information about forwarding rules, refer to Forwarding rule concepts. Default value is
EXTERNAL
. Possible values are:EXTERNAL
,EXTERNAL_MANAGED
,INTERNAL_MANAGED
,INTERNAL_SELF_MANAGED
.- metadata
Filters GlobalForwarding Rule Metadata Filter[] Opaque filter criteria used by Loadbalancer to restrict routing configuration to a limited set xDS compliant clients. In their xDS requests to Loadbalancer, xDS clients present node metadata. If a match takes place, the relevant routing configuration is made available to those proxies. For each metadataFilter in this list, if its filterMatchCriteria is set to MATCH_ANY, at least one of the filterLabels must match the corresponding label provided in the metadata. If its filterMatchCriteria is set to MATCH_ALL, then all of its filterLabels must match with corresponding labels in the provided metadata. metadataFilters specified here can be overridden by those specified in the UrlMap that this ForwardingRule references. metadataFilters only applies to Loadbalancers that have their loadBalancingScheme set to INTERNAL_SELF_MANAGED. Structure is documented below.
- name string
Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression
a-z?
which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. For Private Service Connect forwarding rules that forward traffic to Google APIs, the forwarding rule name must be a 1-20 characters string with lowercase letters and numbers and must start with a letter.- network string
This field is not used for external load balancing. For Internal TCP/UDP Load Balancing, this field identifies the network that the load balanced IP should belong to for this Forwarding Rule. If the subnetwork is specified, the network of the subnetwork will be used. If neither subnetwork nor this field is specified, the default network will be used. For Private Service Connect forwarding rules that forward traffic to Google APIs, a network must be provided.
- no
Automate booleanDns Zone This is used in PSC consumer ForwardingRule to control whether it should try to auto-generate a DNS zone or not. Non-PSC forwarding rules do not use this field.
- port
Range string The
portRange
field has the following limitations:- It requires that the forwarding rule
IPProtocol
be TCP, UDP, or SCTP, and - It's applicable only to the following products: external passthrough Network Load Balancers, internal and external proxy Network Load Balancers, internal and external Application Load Balancers, external protocol forwarding, and Classic VPN.
- Some products have restrictions on what ports can be used. See
port specifications
for details.
For external forwarding rules, two or more forwarding rules cannot use the
same
[IPAddress, IPProtocol]
pair, and cannot have overlappingportRange
s. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same[IPAddress, IPProtocol]
pair, and cannot have overlappingportRange
s.
- It requires that the forwarding rule
- project string
The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- source
Ip string[]Ranges If not empty, this Forwarding Rule will only forward the traffic when the source IP address matches one of the IP addresses or CIDR ranges set here. Note that a Forwarding Rule can only have up to 64 source IP ranges, and this field can only be used with a regional Forwarding Rule whose scheme is EXTERNAL. Each sourceIpRange entry should be either an IP address (for example, 1.2.3.4) or a CIDR range (for example, 1.2.3.0/24).
- subnetwork string
This field identifies the subnetwork that the load balanced IP should belong to for this Forwarding Rule, used in internal load balancing and network load balancing with IPv6. If the network specified is in auto subnet mode, this field is optional. However, a subnetwork must be specified if the network is in custom subnet mode or when creating external forwarding rule with IPv6.
- target str
The URL of the target resource to receive the matched traffic. For regional forwarding rules, this target must be in the same region as the forwarding rule. For global forwarding rules, this target must be a global load balancing resource. The forwarded traffic must be of a type appropriate to the target object.
- For load balancers, see the "Target" column in Port specifications.
- For Private Service Connect forwarding rules that forward traffic to Google APIs, provide the name of a supported Google API bundle:
vpc-sc
- APIs that support VPC Service Controls.all-apis
- All supported Google APIs.
For Private Service Connect forwarding rules that forward traffic to managed services, the target must be a service attachment.
- allow_
psc_ boolglobal_ access This is used in PSC consumer ForwardingRule to control whether the PSC endpoint can be accessed from another region.
- description str
An optional description of this resource. Provide this property when you create the resource.
- ip_
address str IP address for which this forwarding rule accepts traffic. When a client sends traffic to this IP address, the forwarding rule directs the traffic to the referenced
target
. While creating a forwarding rule, specifying anIPAddress
is required under the following circumstances:- When the
target
is set totargetGrpcProxy
andvalidateForProxyless
is set totrue
, theIPAddress
should be set to0.0.0.0
. - When the
target
is a Private Service Connect Google APIs bundle, you must specify anIPAddress
.
Otherwise, you can optionally specify an IP address that references an existing static (reserved) IP address resource. When omitted, Google Cloud assigns an ephemeral IP address. Use one of the following formats to specify an IP address while creating a forwarding rule:
- IP address number, as in
100.1.2.3
- IPv6 address range, as in
2600:1234::/96
- Full resource URL, as in
https://www.googleapis.com/compute/v1/projects/project_id/regions/region/addresses/address-name
- Partial URL or by name, as in:
projects/project_id/regions/region/addresses/address-name
regions/region/addresses/address-name
global/addresses/address-name
address-name
The forwarding rule's
target
, and in most cases, also theloadBalancingScheme
, determine the type of IP address that you can use. For detailed information, see IP address specifications. When reading anIPAddress
, the API always returns the IP address number.- When the
- ip_
protocol str The IP protocol to which this rule applies. For protocol forwarding, valid options are
TCP
,UDP
,ESP
,AH
,SCTP
,ICMP
andL3_DEFAULT
. The valid IP protocols are different for different load balancing products as described in Load balancing features. Possible values are:TCP
,UDP
,ESP
,AH
,SCTP
,ICMP
.- ip_
version str The IP Version that will be used by this global forwarding rule. Possible values are:
IPV4
,IPV6
.- labels Mapping[str, str]
Labels to apply to this forwarding rule. A list of key->value pairs.
Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field
effective_labels
for all of the labels present on the resource.- load_
balancing_ strscheme Specifies the forwarding rule type. For more information about forwarding rules, refer to Forwarding rule concepts. Default value is
EXTERNAL
. Possible values are:EXTERNAL
,EXTERNAL_MANAGED
,INTERNAL_MANAGED
,INTERNAL_SELF_MANAGED
.- metadata_
filters Sequence[GlobalForwarding Rule Metadata Filter Args] Opaque filter criteria used by Loadbalancer to restrict routing configuration to a limited set xDS compliant clients. In their xDS requests to Loadbalancer, xDS clients present node metadata. If a match takes place, the relevant routing configuration is made available to those proxies. For each metadataFilter in this list, if its filterMatchCriteria is set to MATCH_ANY, at least one of the filterLabels must match the corresponding label provided in the metadata. If its filterMatchCriteria is set to MATCH_ALL, then all of its filterLabels must match with corresponding labels in the provided metadata. metadataFilters specified here can be overridden by those specified in the UrlMap that this ForwardingRule references. metadataFilters only applies to Loadbalancers that have their loadBalancingScheme set to INTERNAL_SELF_MANAGED. Structure is documented below.
- name str
Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression
a-z?
which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. For Private Service Connect forwarding rules that forward traffic to Google APIs, the forwarding rule name must be a 1-20 characters string with lowercase letters and numbers and must start with a letter.- network str
This field is not used for external load balancing. For Internal TCP/UDP Load Balancing, this field identifies the network that the load balanced IP should belong to for this Forwarding Rule. If the subnetwork is specified, the network of the subnetwork will be used. If neither subnetwork nor this field is specified, the default network will be used. For Private Service Connect forwarding rules that forward traffic to Google APIs, a network must be provided.
- no_
automate_ booldns_ zone This is used in PSC consumer ForwardingRule to control whether it should try to auto-generate a DNS zone or not. Non-PSC forwarding rules do not use this field.
- port_
range str The
portRange
field has the following limitations:- It requires that the forwarding rule
IPProtocol
be TCP, UDP, or SCTP, and - It's applicable only to the following products: external passthrough Network Load Balancers, internal and external proxy Network Load Balancers, internal and external Application Load Balancers, external protocol forwarding, and Classic VPN.
- Some products have restrictions on what ports can be used. See
port specifications
for details.
For external forwarding rules, two or more forwarding rules cannot use the
same
[IPAddress, IPProtocol]
pair, and cannot have overlappingportRange
s. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same[IPAddress, IPProtocol]
pair, and cannot have overlappingportRange
s.
- It requires that the forwarding rule
- project str
The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- source_
ip_ Sequence[str]ranges If not empty, this Forwarding Rule will only forward the traffic when the source IP address matches one of the IP addresses or CIDR ranges set here. Note that a Forwarding Rule can only have up to 64 source IP ranges, and this field can only be used with a regional Forwarding Rule whose scheme is EXTERNAL. Each sourceIpRange entry should be either an IP address (for example, 1.2.3.4) or a CIDR range (for example, 1.2.3.0/24).
- subnetwork str
This field identifies the subnetwork that the load balanced IP should belong to for this Forwarding Rule, used in internal load balancing and network load balancing with IPv6. If the network specified is in auto subnet mode, this field is optional. However, a subnetwork must be specified if the network is in custom subnet mode or when creating external forwarding rule with IPv6.
- target String
The URL of the target resource to receive the matched traffic. For regional forwarding rules, this target must be in the same region as the forwarding rule. For global forwarding rules, this target must be a global load balancing resource. The forwarded traffic must be of a type appropriate to the target object.
- For load balancers, see the "Target" column in Port specifications.
- For Private Service Connect forwarding rules that forward traffic to Google APIs, provide the name of a supported Google API bundle:
vpc-sc
- APIs that support VPC Service Controls.all-apis
- All supported Google APIs.
For Private Service Connect forwarding rules that forward traffic to managed services, the target must be a service attachment.
- allow
Psc BooleanGlobal Access This is used in PSC consumer ForwardingRule to control whether the PSC endpoint can be accessed from another region.
- description String
An optional description of this resource. Provide this property when you create the resource.
- ip
Address String IP address for which this forwarding rule accepts traffic. When a client sends traffic to this IP address, the forwarding rule directs the traffic to the referenced
target
. While creating a forwarding rule, specifying anIPAddress
is required under the following circumstances:- When the
target
is set totargetGrpcProxy
andvalidateForProxyless
is set totrue
, theIPAddress
should be set to0.0.0.0
. - When the
target
is a Private Service Connect Google APIs bundle, you must specify anIPAddress
.
Otherwise, you can optionally specify an IP address that references an existing static (reserved) IP address resource. When omitted, Google Cloud assigns an ephemeral IP address. Use one of the following formats to specify an IP address while creating a forwarding rule:
- IP address number, as in
100.1.2.3
- IPv6 address range, as in
2600:1234::/96
- Full resource URL, as in
https://www.googleapis.com/compute/v1/projects/project_id/regions/region/addresses/address-name
- Partial URL or by name, as in:
projects/project_id/regions/region/addresses/address-name
regions/region/addresses/address-name
global/addresses/address-name
address-name
The forwarding rule's
target
, and in most cases, also theloadBalancingScheme
, determine the type of IP address that you can use. For detailed information, see IP address specifications. When reading anIPAddress
, the API always returns the IP address number.- When the
- ip
Protocol String The IP protocol to which this rule applies. For protocol forwarding, valid options are
TCP
,UDP
,ESP
,AH
,SCTP
,ICMP
andL3_DEFAULT
. The valid IP protocols are different for different load balancing products as described in Load balancing features. Possible values are:TCP
,UDP
,ESP
,AH
,SCTP
,ICMP
.- ip
Version String The IP Version that will be used by this global forwarding rule. Possible values are:
IPV4
,IPV6
.- labels Map<String>
Labels to apply to this forwarding rule. A list of key->value pairs.
Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field
effective_labels
for all of the labels present on the resource.- load
Balancing StringScheme Specifies the forwarding rule type. For more information about forwarding rules, refer to Forwarding rule concepts. Default value is
EXTERNAL
. Possible values are:EXTERNAL
,EXTERNAL_MANAGED
,INTERNAL_MANAGED
,INTERNAL_SELF_MANAGED
.- metadata
Filters List<Property Map> Opaque filter criteria used by Loadbalancer to restrict routing configuration to a limited set xDS compliant clients. In their xDS requests to Loadbalancer, xDS clients present node metadata. If a match takes place, the relevant routing configuration is made available to those proxies. For each metadataFilter in this list, if its filterMatchCriteria is set to MATCH_ANY, at least one of the filterLabels must match the corresponding label provided in the metadata. If its filterMatchCriteria is set to MATCH_ALL, then all of its filterLabels must match with corresponding labels in the provided metadata. metadataFilters specified here can be overridden by those specified in the UrlMap that this ForwardingRule references. metadataFilters only applies to Loadbalancers that have their loadBalancingScheme set to INTERNAL_SELF_MANAGED. Structure is documented below.
- name String
Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression
a-z?
which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. For Private Service Connect forwarding rules that forward traffic to Google APIs, the forwarding rule name must be a 1-20 characters string with lowercase letters and numbers and must start with a letter.- network String
This field is not used for external load balancing. For Internal TCP/UDP Load Balancing, this field identifies the network that the load balanced IP should belong to for this Forwarding Rule. If the subnetwork is specified, the network of the subnetwork will be used. If neither subnetwork nor this field is specified, the default network will be used. For Private Service Connect forwarding rules that forward traffic to Google APIs, a network must be provided.
- no
Automate BooleanDns Zone This is used in PSC consumer ForwardingRule to control whether it should try to auto-generate a DNS zone or not. Non-PSC forwarding rules do not use this field.
- port
Range String The
portRange
field has the following limitations:- It requires that the forwarding rule
IPProtocol
be TCP, UDP, or SCTP, and - It's applicable only to the following products: external passthrough Network Load Balancers, internal and external proxy Network Load Balancers, internal and external Application Load Balancers, external protocol forwarding, and Classic VPN.
- Some products have restrictions on what ports can be used. See
port specifications
for details.
For external forwarding rules, two or more forwarding rules cannot use the
same
[IPAddress, IPProtocol]
pair, and cannot have overlappingportRange
s. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same[IPAddress, IPProtocol]
pair, and cannot have overlappingportRange
s.
- It requires that the forwarding rule
- project String
The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- source
Ip List<String>Ranges If not empty, this Forwarding Rule will only forward the traffic when the source IP address matches one of the IP addresses or CIDR ranges set here. Note that a Forwarding Rule can only have up to 64 source IP ranges, and this field can only be used with a regional Forwarding Rule whose scheme is EXTERNAL. Each sourceIpRange entry should be either an IP address (for example, 1.2.3.4) or a CIDR range (for example, 1.2.3.0/24).
- subnetwork String
This field identifies the subnetwork that the load balanced IP should belong to for this Forwarding Rule, used in internal load balancing and network load balancing with IPv6. If the network specified is in auto subnet mode, this field is optional. However, a subnetwork must be specified if the network is in custom subnet mode or when creating external forwarding rule with IPv6.
Outputs
All input properties are implicitly available as output properties. Additionally, the GlobalForwardingRule resource produces the following output properties:
- Base
Forwarding stringRule [Output Only] The URL for the corresponding base Forwarding Rule. By base Forwarding Rule, we mean the Forwarding Rule that has the same IP address, protocol, and port settings with the current Forwarding Rule, but without sourceIPRanges specified. Always empty if the current Forwarding Rule does not have sourceIPRanges specified.
- Effective
Labels Dictionary<string, string> All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
- Id string
The provider-assigned unique ID for this managed resource.
- Label
Fingerprint string The fingerprint used for optimistic locking of this resource. Used internally during updates.
- Psc
Connection stringId The PSC connection id of the PSC Forwarding Rule.
- Psc
Connection stringStatus The PSC connection status of the PSC Forwarding Rule. Possible values:
STATUS_UNSPECIFIED
,PENDING
,ACCEPTED
,REJECTED
,CLOSED
- Pulumi
Labels Dictionary<string, string> The combination of labels configured directly on the resource and default labels configured on the provider.
- Self
Link string The URI of the created resource.
- Base
Forwarding stringRule [Output Only] The URL for the corresponding base Forwarding Rule. By base Forwarding Rule, we mean the Forwarding Rule that has the same IP address, protocol, and port settings with the current Forwarding Rule, but without sourceIPRanges specified. Always empty if the current Forwarding Rule does not have sourceIPRanges specified.
- Effective
Labels map[string]string All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
- Id string
The provider-assigned unique ID for this managed resource.
- Label
Fingerprint string The fingerprint used for optimistic locking of this resource. Used internally during updates.
- Psc
Connection stringId The PSC connection id of the PSC Forwarding Rule.
- Psc
Connection stringStatus The PSC connection status of the PSC Forwarding Rule. Possible values:
STATUS_UNSPECIFIED
,PENDING
,ACCEPTED
,REJECTED
,CLOSED
- Pulumi
Labels map[string]string The combination of labels configured directly on the resource and default labels configured on the provider.
- Self
Link string The URI of the created resource.
- base
Forwarding StringRule [Output Only] The URL for the corresponding base Forwarding Rule. By base Forwarding Rule, we mean the Forwarding Rule that has the same IP address, protocol, and port settings with the current Forwarding Rule, but without sourceIPRanges specified. Always empty if the current Forwarding Rule does not have sourceIPRanges specified.
- effective
Labels Map<String,String> All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
- id String
The provider-assigned unique ID for this managed resource.
- label
Fingerprint String The fingerprint used for optimistic locking of this resource. Used internally during updates.
- psc
Connection StringId The PSC connection id of the PSC Forwarding Rule.
- psc
Connection StringStatus The PSC connection status of the PSC Forwarding Rule. Possible values:
STATUS_UNSPECIFIED
,PENDING
,ACCEPTED
,REJECTED
,CLOSED
- pulumi
Labels Map<String,String> The combination of labels configured directly on the resource and default labels configured on the provider.
- self
Link String The URI of the created resource.
- base
Forwarding stringRule [Output Only] The URL for the corresponding base Forwarding Rule. By base Forwarding Rule, we mean the Forwarding Rule that has the same IP address, protocol, and port settings with the current Forwarding Rule, but without sourceIPRanges specified. Always empty if the current Forwarding Rule does not have sourceIPRanges specified.
- effective
Labels {[key: string]: string} All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
- id string
The provider-assigned unique ID for this managed resource.
- label
Fingerprint string The fingerprint used for optimistic locking of this resource. Used internally during updates.
- psc
Connection stringId The PSC connection id of the PSC Forwarding Rule.
- psc
Connection stringStatus The PSC connection status of the PSC Forwarding Rule. Possible values:
STATUS_UNSPECIFIED
,PENDING
,ACCEPTED
,REJECTED
,CLOSED
- pulumi
Labels {[key: string]: string} The combination of labels configured directly on the resource and default labels configured on the provider.
- self
Link string The URI of the created resource.
- base_
forwarding_ strrule [Output Only] The URL for the corresponding base Forwarding Rule. By base Forwarding Rule, we mean the Forwarding Rule that has the same IP address, protocol, and port settings with the current Forwarding Rule, but without sourceIPRanges specified. Always empty if the current Forwarding Rule does not have sourceIPRanges specified.
- effective_
labels Mapping[str, str] All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
- id str
The provider-assigned unique ID for this managed resource.
- label_
fingerprint str The fingerprint used for optimistic locking of this resource. Used internally during updates.
- psc_
connection_ strid The PSC connection id of the PSC Forwarding Rule.
- psc_
connection_ strstatus The PSC connection status of the PSC Forwarding Rule. Possible values:
STATUS_UNSPECIFIED
,PENDING
,ACCEPTED
,REJECTED
,CLOSED
- pulumi_
labels Mapping[str, str] The combination of labels configured directly on the resource and default labels configured on the provider.
- self_
link str The URI of the created resource.
- base
Forwarding StringRule [Output Only] The URL for the corresponding base Forwarding Rule. By base Forwarding Rule, we mean the Forwarding Rule that has the same IP address, protocol, and port settings with the current Forwarding Rule, but without sourceIPRanges specified. Always empty if the current Forwarding Rule does not have sourceIPRanges specified.
- effective
Labels Map<String> All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
- id String
The provider-assigned unique ID for this managed resource.
- label
Fingerprint String The fingerprint used for optimistic locking of this resource. Used internally during updates.
- psc
Connection StringId The PSC connection id of the PSC Forwarding Rule.
- psc
Connection StringStatus The PSC connection status of the PSC Forwarding Rule. Possible values:
STATUS_UNSPECIFIED
,PENDING
,ACCEPTED
,REJECTED
,CLOSED
- pulumi
Labels Map<String> The combination of labels configured directly on the resource and default labels configured on the provider.
- self
Link String The URI of the created resource.
Look up Existing GlobalForwardingRule Resource
Get an existing GlobalForwardingRule resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: GlobalForwardingRuleState, opts?: CustomResourceOptions): GlobalForwardingRule
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
allow_psc_global_access: Optional[bool] = None,
base_forwarding_rule: Optional[str] = None,
description: Optional[str] = None,
effective_labels: Optional[Mapping[str, str]] = None,
ip_address: Optional[str] = None,
ip_protocol: Optional[str] = None,
ip_version: Optional[str] = None,
label_fingerprint: Optional[str] = None,
labels: Optional[Mapping[str, str]] = None,
load_balancing_scheme: Optional[str] = None,
metadata_filters: Optional[Sequence[GlobalForwardingRuleMetadataFilterArgs]] = None,
name: Optional[str] = None,
network: Optional[str] = None,
no_automate_dns_zone: Optional[bool] = None,
port_range: Optional[str] = None,
project: Optional[str] = None,
psc_connection_id: Optional[str] = None,
psc_connection_status: Optional[str] = None,
pulumi_labels: Optional[Mapping[str, str]] = None,
self_link: Optional[str] = None,
source_ip_ranges: Optional[Sequence[str]] = None,
subnetwork: Optional[str] = None,
target: Optional[str] = None) -> GlobalForwardingRule
func GetGlobalForwardingRule(ctx *Context, name string, id IDInput, state *GlobalForwardingRuleState, opts ...ResourceOption) (*GlobalForwardingRule, error)
public static GlobalForwardingRule Get(string name, Input<string> id, GlobalForwardingRuleState? state, CustomResourceOptions? opts = null)
public static GlobalForwardingRule get(String name, Output<String> id, GlobalForwardingRuleState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Allow
Psc boolGlobal Access This is used in PSC consumer ForwardingRule to control whether the PSC endpoint can be accessed from another region.
- Base
Forwarding stringRule [Output Only] The URL for the corresponding base Forwarding Rule. By base Forwarding Rule, we mean the Forwarding Rule that has the same IP address, protocol, and port settings with the current Forwarding Rule, but without sourceIPRanges specified. Always empty if the current Forwarding Rule does not have sourceIPRanges specified.
- Description string
An optional description of this resource. Provide this property when you create the resource.
- Effective
Labels Dictionary<string, string> All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
- Ip
Address string IP address for which this forwarding rule accepts traffic. When a client sends traffic to this IP address, the forwarding rule directs the traffic to the referenced
target
. While creating a forwarding rule, specifying anIPAddress
is required under the following circumstances:- When the
target
is set totargetGrpcProxy
andvalidateForProxyless
is set totrue
, theIPAddress
should be set to0.0.0.0
. - When the
target
is a Private Service Connect Google APIs bundle, you must specify anIPAddress
.
Otherwise, you can optionally specify an IP address that references an existing static (reserved) IP address resource. When omitted, Google Cloud assigns an ephemeral IP address. Use one of the following formats to specify an IP address while creating a forwarding rule:
- IP address number, as in
100.1.2.3
- IPv6 address range, as in
2600:1234::/96
- Full resource URL, as in
https://www.googleapis.com/compute/v1/projects/project_id/regions/region/addresses/address-name
- Partial URL or by name, as in:
projects/project_id/regions/region/addresses/address-name
regions/region/addresses/address-name
global/addresses/address-name
address-name
The forwarding rule's
target
, and in most cases, also theloadBalancingScheme
, determine the type of IP address that you can use. For detailed information, see IP address specifications. When reading anIPAddress
, the API always returns the IP address number.- When the
- Ip
Protocol string The IP protocol to which this rule applies. For protocol forwarding, valid options are
TCP
,UDP
,ESP
,AH
,SCTP
,ICMP
andL3_DEFAULT
. The valid IP protocols are different for different load balancing products as described in Load balancing features. Possible values are:TCP
,UDP
,ESP
,AH
,SCTP
,ICMP
.- Ip
Version string The IP Version that will be used by this global forwarding rule. Possible values are:
IPV4
,IPV6
.- Label
Fingerprint string The fingerprint used for optimistic locking of this resource. Used internally during updates.
- Labels Dictionary<string, string>
Labels to apply to this forwarding rule. A list of key->value pairs.
Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field
effective_labels
for all of the labels present on the resource.- Load
Balancing stringScheme Specifies the forwarding rule type. For more information about forwarding rules, refer to Forwarding rule concepts. Default value is
EXTERNAL
. Possible values are:EXTERNAL
,EXTERNAL_MANAGED
,INTERNAL_MANAGED
,INTERNAL_SELF_MANAGED
.- Metadata
Filters List<GlobalForwarding Rule Metadata Filter> Opaque filter criteria used by Loadbalancer to restrict routing configuration to a limited set xDS compliant clients. In their xDS requests to Loadbalancer, xDS clients present node metadata. If a match takes place, the relevant routing configuration is made available to those proxies. For each metadataFilter in this list, if its filterMatchCriteria is set to MATCH_ANY, at least one of the filterLabels must match the corresponding label provided in the metadata. If its filterMatchCriteria is set to MATCH_ALL, then all of its filterLabels must match with corresponding labels in the provided metadata. metadataFilters specified here can be overridden by those specified in the UrlMap that this ForwardingRule references. metadataFilters only applies to Loadbalancers that have their loadBalancingScheme set to INTERNAL_SELF_MANAGED. Structure is documented below.
- Name string
Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression
a-z?
which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. For Private Service Connect forwarding rules that forward traffic to Google APIs, the forwarding rule name must be a 1-20 characters string with lowercase letters and numbers and must start with a letter.- Network string
This field is not used for external load balancing. For Internal TCP/UDP Load Balancing, this field identifies the network that the load balanced IP should belong to for this Forwarding Rule. If the subnetwork is specified, the network of the subnetwork will be used. If neither subnetwork nor this field is specified, the default network will be used. For Private Service Connect forwarding rules that forward traffic to Google APIs, a network must be provided.
- No
Automate boolDns Zone This is used in PSC consumer ForwardingRule to control whether it should try to auto-generate a DNS zone or not. Non-PSC forwarding rules do not use this field.
- Port
Range string The
portRange
field has the following limitations:- It requires that the forwarding rule
IPProtocol
be TCP, UDP, or SCTP, and - It's applicable only to the following products: external passthrough Network Load Balancers, internal and external proxy Network Load Balancers, internal and external Application Load Balancers, external protocol forwarding, and Classic VPN.
- Some products have restrictions on what ports can be used. See
port specifications
for details.
For external forwarding rules, two or more forwarding rules cannot use the
same
[IPAddress, IPProtocol]
pair, and cannot have overlappingportRange
s. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same[IPAddress, IPProtocol]
pair, and cannot have overlappingportRange
s.
- It requires that the forwarding rule
- Project string
The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- Psc
Connection stringId The PSC connection id of the PSC Forwarding Rule.
- Psc
Connection stringStatus The PSC connection status of the PSC Forwarding Rule. Possible values:
STATUS_UNSPECIFIED
,PENDING
,ACCEPTED
,REJECTED
,CLOSED
- Pulumi
Labels Dictionary<string, string> The combination of labels configured directly on the resource and default labels configured on the provider.
- Self
Link string The URI of the created resource.
- Source
Ip List<string>Ranges If not empty, this Forwarding Rule will only forward the traffic when the source IP address matches one of the IP addresses or CIDR ranges set here. Note that a Forwarding Rule can only have up to 64 source IP ranges, and this field can only be used with a regional Forwarding Rule whose scheme is EXTERNAL. Each sourceIpRange entry should be either an IP address (for example, 1.2.3.4) or a CIDR range (for example, 1.2.3.0/24).
- Subnetwork string
This field identifies the subnetwork that the load balanced IP should belong to for this Forwarding Rule, used in internal load balancing and network load balancing with IPv6. If the network specified is in auto subnet mode, this field is optional. However, a subnetwork must be specified if the network is in custom subnet mode or when creating external forwarding rule with IPv6.
- Target string
The URL of the target resource to receive the matched traffic. For regional forwarding rules, this target must be in the same region as the forwarding rule. For global forwarding rules, this target must be a global load balancing resource. The forwarded traffic must be of a type appropriate to the target object.
- For load balancers, see the "Target" column in Port specifications.
- For Private Service Connect forwarding rules that forward traffic to Google APIs, provide the name of a supported Google API bundle:
vpc-sc
- APIs that support VPC Service Controls.all-apis
- All supported Google APIs.
For Private Service Connect forwarding rules that forward traffic to managed services, the target must be a service attachment.
- Allow
Psc boolGlobal Access This is used in PSC consumer ForwardingRule to control whether the PSC endpoint can be accessed from another region.
- Base
Forwarding stringRule [Output Only] The URL for the corresponding base Forwarding Rule. By base Forwarding Rule, we mean the Forwarding Rule that has the same IP address, protocol, and port settings with the current Forwarding Rule, but without sourceIPRanges specified. Always empty if the current Forwarding Rule does not have sourceIPRanges specified.
- Description string
An optional description of this resource. Provide this property when you create the resource.
- Effective
Labels map[string]string All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
- Ip
Address string IP address for which this forwarding rule accepts traffic. When a client sends traffic to this IP address, the forwarding rule directs the traffic to the referenced
target
. While creating a forwarding rule, specifying anIPAddress
is required under the following circumstances:- When the
target
is set totargetGrpcProxy
andvalidateForProxyless
is set totrue
, theIPAddress
should be set to0.0.0.0
. - When the
target
is a Private Service Connect Google APIs bundle, you must specify anIPAddress
.
Otherwise, you can optionally specify an IP address that references an existing static (reserved) IP address resource. When omitted, Google Cloud assigns an ephemeral IP address. Use one of the following formats to specify an IP address while creating a forwarding rule:
- IP address number, as in
100.1.2.3
- IPv6 address range, as in
2600:1234::/96
- Full resource URL, as in
https://www.googleapis.com/compute/v1/projects/project_id/regions/region/addresses/address-name
- Partial URL or by name, as in:
projects/project_id/regions/region/addresses/address-name
regions/region/addresses/address-name
global/addresses/address-name
address-name
The forwarding rule's
target
, and in most cases, also theloadBalancingScheme
, determine the type of IP address that you can use. For detailed information, see IP address specifications. When reading anIPAddress
, the API always returns the IP address number.- When the
- Ip
Protocol string The IP protocol to which this rule applies. For protocol forwarding, valid options are
TCP
,UDP
,ESP
,AH
,SCTP
,ICMP
andL3_DEFAULT
. The valid IP protocols are different for different load balancing products as described in Load balancing features. Possible values are:TCP
,UDP
,ESP
,AH
,SCTP
,ICMP
.- Ip
Version string The IP Version that will be used by this global forwarding rule. Possible values are:
IPV4
,IPV6
.- Label
Fingerprint string The fingerprint used for optimistic locking of this resource. Used internally during updates.
- Labels map[string]string
Labels to apply to this forwarding rule. A list of key->value pairs.
Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field
effective_labels
for all of the labels present on the resource.- Load
Balancing stringScheme Specifies the forwarding rule type. For more information about forwarding rules, refer to Forwarding rule concepts. Default value is
EXTERNAL
. Possible values are:EXTERNAL
,EXTERNAL_MANAGED
,INTERNAL_MANAGED
,INTERNAL_SELF_MANAGED
.- Metadata
Filters []GlobalForwarding Rule Metadata Filter Args Opaque filter criteria used by Loadbalancer to restrict routing configuration to a limited set xDS compliant clients. In their xDS requests to Loadbalancer, xDS clients present node metadata. If a match takes place, the relevant routing configuration is made available to those proxies. For each metadataFilter in this list, if its filterMatchCriteria is set to MATCH_ANY, at least one of the filterLabels must match the corresponding label provided in the metadata. If its filterMatchCriteria is set to MATCH_ALL, then all of its filterLabels must match with corresponding labels in the provided metadata. metadataFilters specified here can be overridden by those specified in the UrlMap that this ForwardingRule references. metadataFilters only applies to Loadbalancers that have their loadBalancingScheme set to INTERNAL_SELF_MANAGED. Structure is documented below.
- Name string
Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression
a-z?
which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. For Private Service Connect forwarding rules that forward traffic to Google APIs, the forwarding rule name must be a 1-20 characters string with lowercase letters and numbers and must start with a letter.- Network string
This field is not used for external load balancing. For Internal TCP/UDP Load Balancing, this field identifies the network that the load balanced IP should belong to for this Forwarding Rule. If the subnetwork is specified, the network of the subnetwork will be used. If neither subnetwork nor this field is specified, the default network will be used. For Private Service Connect forwarding rules that forward traffic to Google APIs, a network must be provided.
- No
Automate boolDns Zone This is used in PSC consumer ForwardingRule to control whether it should try to auto-generate a DNS zone or not. Non-PSC forwarding rules do not use this field.
- Port
Range string The
portRange
field has the following limitations:- It requires that the forwarding rule
IPProtocol
be TCP, UDP, or SCTP, and - It's applicable only to the following products: external passthrough Network Load Balancers, internal and external proxy Network Load Balancers, internal and external Application Load Balancers, external protocol forwarding, and Classic VPN.
- Some products have restrictions on what ports can be used. See
port specifications
for details.
For external forwarding rules, two or more forwarding rules cannot use the
same
[IPAddress, IPProtocol]
pair, and cannot have overlappingportRange
s. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same[IPAddress, IPProtocol]
pair, and cannot have overlappingportRange
s.
- It requires that the forwarding rule
- Project string
The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- Psc
Connection stringId The PSC connection id of the PSC Forwarding Rule.
- Psc
Connection stringStatus The PSC connection status of the PSC Forwarding Rule. Possible values:
STATUS_UNSPECIFIED
,PENDING
,ACCEPTED
,REJECTED
,CLOSED
- Pulumi
Labels map[string]string The combination of labels configured directly on the resource and default labels configured on the provider.
- Self
Link string The URI of the created resource.
- Source
Ip []stringRanges If not empty, this Forwarding Rule will only forward the traffic when the source IP address matches one of the IP addresses or CIDR ranges set here. Note that a Forwarding Rule can only have up to 64 source IP ranges, and this field can only be used with a regional Forwarding Rule whose scheme is EXTERNAL. Each sourceIpRange entry should be either an IP address (for example, 1.2.3.4) or a CIDR range (for example, 1.2.3.0/24).
- Subnetwork string
This field identifies the subnetwork that the load balanced IP should belong to for this Forwarding Rule, used in internal load balancing and network load balancing with IPv6. If the network specified is in auto subnet mode, this field is optional. However, a subnetwork must be specified if the network is in custom subnet mode or when creating external forwarding rule with IPv6.
- Target string
The URL of the target resource to receive the matched traffic. For regional forwarding rules, this target must be in the same region as the forwarding rule. For global forwarding rules, this target must be a global load balancing resource. The forwarded traffic must be of a type appropriate to the target object.
- For load balancers, see the "Target" column in Port specifications.
- For Private Service Connect forwarding rules that forward traffic to Google APIs, provide the name of a supported Google API bundle:
vpc-sc
- APIs that support VPC Service Controls.all-apis
- All supported Google APIs.
For Private Service Connect forwarding rules that forward traffic to managed services, the target must be a service attachment.
- allow
Psc BooleanGlobal Access This is used in PSC consumer ForwardingRule to control whether the PSC endpoint can be accessed from another region.
- base
Forwarding StringRule [Output Only] The URL for the corresponding base Forwarding Rule. By base Forwarding Rule, we mean the Forwarding Rule that has the same IP address, protocol, and port settings with the current Forwarding Rule, but without sourceIPRanges specified. Always empty if the current Forwarding Rule does not have sourceIPRanges specified.
- description String
An optional description of this resource. Provide this property when you create the resource.
- effective
Labels Map<String,String> All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
- ip
Address String IP address for which this forwarding rule accepts traffic. When a client sends traffic to this IP address, the forwarding rule directs the traffic to the referenced
target
. While creating a forwarding rule, specifying anIPAddress
is required under the following circumstances:- When the
target
is set totargetGrpcProxy
andvalidateForProxyless
is set totrue
, theIPAddress
should be set to0.0.0.0
. - When the
target
is a Private Service Connect Google APIs bundle, you must specify anIPAddress
.
Otherwise, you can optionally specify an IP address that references an existing static (reserved) IP address resource. When omitted, Google Cloud assigns an ephemeral IP address. Use one of the following formats to specify an IP address while creating a forwarding rule:
- IP address number, as in
100.1.2.3
- IPv6 address range, as in
2600:1234::/96
- Full resource URL, as in
https://www.googleapis.com/compute/v1/projects/project_id/regions/region/addresses/address-name
- Partial URL or by name, as in:
projects/project_id/regions/region/addresses/address-name
regions/region/addresses/address-name
global/addresses/address-name
address-name
The forwarding rule's
target
, and in most cases, also theloadBalancingScheme
, determine the type of IP address that you can use. For detailed information, see IP address specifications. When reading anIPAddress
, the API always returns the IP address number.- When the
- ip
Protocol String The IP protocol to which this rule applies. For protocol forwarding, valid options are
TCP
,UDP
,ESP
,AH
,SCTP
,ICMP
andL3_DEFAULT
. The valid IP protocols are different for different load balancing products as described in Load balancing features. Possible values are:TCP
,UDP
,ESP
,AH
,SCTP
,ICMP
.- ip
Version String The IP Version that will be used by this global forwarding rule. Possible values are:
IPV4
,IPV6
.- label
Fingerprint String The fingerprint used for optimistic locking of this resource. Used internally during updates.
- labels Map<String,String>
Labels to apply to this forwarding rule. A list of key->value pairs.
Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field
effective_labels
for all of the labels present on the resource.- load
Balancing StringScheme Specifies the forwarding rule type. For more information about forwarding rules, refer to Forwarding rule concepts. Default value is
EXTERNAL
. Possible values are:EXTERNAL
,EXTERNAL_MANAGED
,INTERNAL_MANAGED
,INTERNAL_SELF_MANAGED
.- metadata
Filters List<GlobalForwarding Rule Metadata Filter> Opaque filter criteria used by Loadbalancer to restrict routing configuration to a limited set xDS compliant clients. In their xDS requests to Loadbalancer, xDS clients present node metadata. If a match takes place, the relevant routing configuration is made available to those proxies. For each metadataFilter in this list, if its filterMatchCriteria is set to MATCH_ANY, at least one of the filterLabels must match the corresponding label provided in the metadata. If its filterMatchCriteria is set to MATCH_ALL, then all of its filterLabels must match with corresponding labels in the provided metadata. metadataFilters specified here can be overridden by those specified in the UrlMap that this ForwardingRule references. metadataFilters only applies to Loadbalancers that have their loadBalancingScheme set to INTERNAL_SELF_MANAGED. Structure is documented below.
- name String
Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression
a-z?
which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. For Private Service Connect forwarding rules that forward traffic to Google APIs, the forwarding rule name must be a 1-20 characters string with lowercase letters and numbers and must start with a letter.- network String
This field is not used for external load balancing. For Internal TCP/UDP Load Balancing, this field identifies the network that the load balanced IP should belong to for this Forwarding Rule. If the subnetwork is specified, the network of the subnetwork will be used. If neither subnetwork nor this field is specified, the default network will be used. For Private Service Connect forwarding rules that forward traffic to Google APIs, a network must be provided.
- no
Automate BooleanDns Zone This is used in PSC consumer ForwardingRule to control whether it should try to auto-generate a DNS zone or not. Non-PSC forwarding rules do not use this field.
- port
Range String The
portRange
field has the following limitations:- It requires that the forwarding rule
IPProtocol
be TCP, UDP, or SCTP, and - It's applicable only to the following products: external passthrough Network Load Balancers, internal and external proxy Network Load Balancers, internal and external Application Load Balancers, external protocol forwarding, and Classic VPN.
- Some products have restrictions on what ports can be used. See
port specifications
for details.
For external forwarding rules, two or more forwarding rules cannot use the
same
[IPAddress, IPProtocol]
pair, and cannot have overlappingportRange
s. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same[IPAddress, IPProtocol]
pair, and cannot have overlappingportRange
s.
- It requires that the forwarding rule
- project String
The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- psc
Connection StringId The PSC connection id of the PSC Forwarding Rule.
- psc
Connection StringStatus The PSC connection status of the PSC Forwarding Rule. Possible values:
STATUS_UNSPECIFIED
,PENDING
,ACCEPTED
,REJECTED
,CLOSED
- pulumi
Labels Map<String,String> The combination of labels configured directly on the resource and default labels configured on the provider.
- self
Link String The URI of the created resource.
- source
Ip List<String>Ranges If not empty, this Forwarding Rule will only forward the traffic when the source IP address matches one of the IP addresses or CIDR ranges set here. Note that a Forwarding Rule can only have up to 64 source IP ranges, and this field can only be used with a regional Forwarding Rule whose scheme is EXTERNAL. Each sourceIpRange entry should be either an IP address (for example, 1.2.3.4) or a CIDR range (for example, 1.2.3.0/24).
- subnetwork String
This field identifies the subnetwork that the load balanced IP should belong to for this Forwarding Rule, used in internal load balancing and network load balancing with IPv6. If the network specified is in auto subnet mode, this field is optional. However, a subnetwork must be specified if the network is in custom subnet mode or when creating external forwarding rule with IPv6.
- target String
The URL of the target resource to receive the matched traffic. For regional forwarding rules, this target must be in the same region as the forwarding rule. For global forwarding rules, this target must be a global load balancing resource. The forwarded traffic must be of a type appropriate to the target object.
- For load balancers, see the "Target" column in Port specifications.
- For Private Service Connect forwarding rules that forward traffic to Google APIs, provide the name of a supported Google API bundle:
vpc-sc
- APIs that support VPC Service Controls.all-apis
- All supported Google APIs.
For Private Service Connect forwarding rules that forward traffic to managed services, the target must be a service attachment.
- allow
Psc booleanGlobal Access This is used in PSC consumer ForwardingRule to control whether the PSC endpoint can be accessed from another region.
- base
Forwarding stringRule [Output Only] The URL for the corresponding base Forwarding Rule. By base Forwarding Rule, we mean the Forwarding Rule that has the same IP address, protocol, and port settings with the current Forwarding Rule, but without sourceIPRanges specified. Always empty if the current Forwarding Rule does not have sourceIPRanges specified.
- description string
An optional description of this resource. Provide this property when you create the resource.
- effective
Labels {[key: string]: string} All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
- ip
Address string IP address for which this forwarding rule accepts traffic. When a client sends traffic to this IP address, the forwarding rule directs the traffic to the referenced
target
. While creating a forwarding rule, specifying anIPAddress
is required under the following circumstances:- When the
target
is set totargetGrpcProxy
andvalidateForProxyless
is set totrue
, theIPAddress
should be set to0.0.0.0
. - When the
target
is a Private Service Connect Google APIs bundle, you must specify anIPAddress
.
Otherwise, you can optionally specify an IP address that references an existing static (reserved) IP address resource. When omitted, Google Cloud assigns an ephemeral IP address. Use one of the following formats to specify an IP address while creating a forwarding rule:
- IP address number, as in
100.1.2.3
- IPv6 address range, as in
2600:1234::/96
- Full resource URL, as in
https://www.googleapis.com/compute/v1/projects/project_id/regions/region/addresses/address-name
- Partial URL or by name, as in:
projects/project_id/regions/region/addresses/address-name
regions/region/addresses/address-name
global/addresses/address-name
address-name
The forwarding rule's
target
, and in most cases, also theloadBalancingScheme
, determine the type of IP address that you can use. For detailed information, see IP address specifications. When reading anIPAddress
, the API always returns the IP address number.- When the
- ip
Protocol string The IP protocol to which this rule applies. For protocol forwarding, valid options are
TCP
,UDP
,ESP
,AH
,SCTP
,ICMP
andL3_DEFAULT
. The valid IP protocols are different for different load balancing products as described in Load balancing features. Possible values are:TCP
,UDP
,ESP
,AH
,SCTP
,ICMP
.- ip
Version string The IP Version that will be used by this global forwarding rule. Possible values are:
IPV4
,IPV6
.- label
Fingerprint string The fingerprint used for optimistic locking of this resource. Used internally during updates.
- labels {[key: string]: string}
Labels to apply to this forwarding rule. A list of key->value pairs.
Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field
effective_labels
for all of the labels present on the resource.- load
Balancing stringScheme Specifies the forwarding rule type. For more information about forwarding rules, refer to Forwarding rule concepts. Default value is
EXTERNAL
. Possible values are:EXTERNAL
,EXTERNAL_MANAGED
,INTERNAL_MANAGED
,INTERNAL_SELF_MANAGED
.- metadata
Filters GlobalForwarding Rule Metadata Filter[] Opaque filter criteria used by Loadbalancer to restrict routing configuration to a limited set xDS compliant clients. In their xDS requests to Loadbalancer, xDS clients present node metadata. If a match takes place, the relevant routing configuration is made available to those proxies. For each metadataFilter in this list, if its filterMatchCriteria is set to MATCH_ANY, at least one of the filterLabels must match the corresponding label provided in the metadata. If its filterMatchCriteria is set to MATCH_ALL, then all of its filterLabels must match with corresponding labels in the provided metadata. metadataFilters specified here can be overridden by those specified in the UrlMap that this ForwardingRule references. metadataFilters only applies to Loadbalancers that have their loadBalancingScheme set to INTERNAL_SELF_MANAGED. Structure is documented below.
- name string
Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression
a-z?
which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. For Private Service Connect forwarding rules that forward traffic to Google APIs, the forwarding rule name must be a 1-20 characters string with lowercase letters and numbers and must start with a letter.- network string
This field is not used for external load balancing. For Internal TCP/UDP Load Balancing, this field identifies the network that the load balanced IP should belong to for this Forwarding Rule. If the subnetwork is specified, the network of the subnetwork will be used. If neither subnetwork nor this field is specified, the default network will be used. For Private Service Connect forwarding rules that forward traffic to Google APIs, a network must be provided.
- no
Automate booleanDns Zone This is used in PSC consumer ForwardingRule to control whether it should try to auto-generate a DNS zone or not. Non-PSC forwarding rules do not use this field.
- port
Range string The
portRange
field has the following limitations:- It requires that the forwarding rule
IPProtocol
be TCP, UDP, or SCTP, and - It's applicable only to the following products: external passthrough Network Load Balancers, internal and external proxy Network Load Balancers, internal and external Application Load Balancers, external protocol forwarding, and Classic VPN.
- Some products have restrictions on what ports can be used. See
port specifications
for details.
For external forwarding rules, two or more forwarding rules cannot use the
same
[IPAddress, IPProtocol]
pair, and cannot have overlappingportRange
s. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same[IPAddress, IPProtocol]
pair, and cannot have overlappingportRange
s.
- It requires that the forwarding rule
- project string
The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- psc
Connection stringId The PSC connection id of the PSC Forwarding Rule.
- psc
Connection stringStatus The PSC connection status of the PSC Forwarding Rule. Possible values:
STATUS_UNSPECIFIED
,PENDING
,ACCEPTED
,REJECTED
,CLOSED
- pulumi
Labels {[key: string]: string} The combination of labels configured directly on the resource and default labels configured on the provider.
- self
Link string The URI of the created resource.
- source
Ip string[]Ranges If not empty, this Forwarding Rule will only forward the traffic when the source IP address matches one of the IP addresses or CIDR ranges set here. Note that a Forwarding Rule can only have up to 64 source IP ranges, and this field can only be used with a regional Forwarding Rule whose scheme is EXTERNAL. Each sourceIpRange entry should be either an IP address (for example, 1.2.3.4) or a CIDR range (for example, 1.2.3.0/24).
- subnetwork string
This field identifies the subnetwork that the load balanced IP should belong to for this Forwarding Rule, used in internal load balancing and network load balancing with IPv6. If the network specified is in auto subnet mode, this field is optional. However, a subnetwork must be specified if the network is in custom subnet mode or when creating external forwarding rule with IPv6.
- target string
The URL of the target resource to receive the matched traffic. For regional forwarding rules, this target must be in the same region as the forwarding rule. For global forwarding rules, this target must be a global load balancing resource. The forwarded traffic must be of a type appropriate to the target object.
- For load balancers, see the "Target" column in Port specifications.
- For Private Service Connect forwarding rules that forward traffic to Google APIs, provide the name of a supported Google API bundle:
vpc-sc
- APIs that support VPC Service Controls.all-apis
- All supported Google APIs.
For Private Service Connect forwarding rules that forward traffic to managed services, the target must be a service attachment.
- allow_
psc_ boolglobal_ access This is used in PSC consumer ForwardingRule to control whether the PSC endpoint can be accessed from another region.
- base_
forwarding_ strrule [Output Only] The URL for the corresponding base Forwarding Rule. By base Forwarding Rule, we mean the Forwarding Rule that has the same IP address, protocol, and port settings with the current Forwarding Rule, but without sourceIPRanges specified. Always empty if the current Forwarding Rule does not have sourceIPRanges specified.
- description str
An optional description of this resource. Provide this property when you create the resource.
- effective_
labels Mapping[str, str] All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
- ip_
address str IP address for which this forwarding rule accepts traffic. When a client sends traffic to this IP address, the forwarding rule directs the traffic to the referenced
target
. While creating a forwarding rule, specifying anIPAddress
is required under the following circumstances:- When the
target
is set totargetGrpcProxy
andvalidateForProxyless
is set totrue
, theIPAddress
should be set to0.0.0.0
. - When the
target
is a Private Service Connect Google APIs bundle, you must specify anIPAddress
.
Otherwise, you can optionally specify an IP address that references an existing static (reserved) IP address resource. When omitted, Google Cloud assigns an ephemeral IP address. Use one of the following formats to specify an IP address while creating a forwarding rule:
- IP address number, as in
100.1.2.3
- IPv6 address range, as in
2600:1234::/96
- Full resource URL, as in
https://www.googleapis.com/compute/v1/projects/project_id/regions/region/addresses/address-name
- Partial URL or by name, as in:
projects/project_id/regions/region/addresses/address-name
regions/region/addresses/address-name
global/addresses/address-name
address-name
The forwarding rule's
target
, and in most cases, also theloadBalancingScheme
, determine the type of IP address that you can use. For detailed information, see IP address specifications. When reading anIPAddress
, the API always returns the IP address number.- When the
- ip_
protocol str The IP protocol to which this rule applies. For protocol forwarding, valid options are
TCP
,UDP
,ESP
,AH
,SCTP
,ICMP
andL3_DEFAULT
. The valid IP protocols are different for different load balancing products as described in Load balancing features. Possible values are:TCP
,UDP
,ESP
,AH
,SCTP
,ICMP
.- ip_
version str The IP Version that will be used by this global forwarding rule. Possible values are:
IPV4
,IPV6
.- label_
fingerprint str The fingerprint used for optimistic locking of this resource. Used internally during updates.
- labels Mapping[str, str]
Labels to apply to this forwarding rule. A list of key->value pairs.
Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field
effective_labels
for all of the labels present on the resource.- load_
balancing_ strscheme Specifies the forwarding rule type. For more information about forwarding rules, refer to Forwarding rule concepts. Default value is
EXTERNAL
. Possible values are:EXTERNAL
,EXTERNAL_MANAGED
,INTERNAL_MANAGED
,INTERNAL_SELF_MANAGED
.- metadata_
filters Sequence[GlobalForwarding Rule Metadata Filter Args] Opaque filter criteria used by Loadbalancer to restrict routing configuration to a limited set xDS compliant clients. In their xDS requests to Loadbalancer, xDS clients present node metadata. If a match takes place, the relevant routing configuration is made available to those proxies. For each metadataFilter in this list, if its filterMatchCriteria is set to MATCH_ANY, at least one of the filterLabels must match the corresponding label provided in the metadata. If its filterMatchCriteria is set to MATCH_ALL, then all of its filterLabels must match with corresponding labels in the provided metadata. metadataFilters specified here can be overridden by those specified in the UrlMap that this ForwardingRule references. metadataFilters only applies to Loadbalancers that have their loadBalancingScheme set to INTERNAL_SELF_MANAGED. Structure is documented below.
- name str
Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression
a-z?
which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. For Private Service Connect forwarding rules that forward traffic to Google APIs, the forwarding rule name must be a 1-20 characters string with lowercase letters and numbers and must start with a letter.- network str
This field is not used for external load balancing. For Internal TCP/UDP Load Balancing, this field identifies the network that the load balanced IP should belong to for this Forwarding Rule. If the subnetwork is specified, the network of the subnetwork will be used. If neither subnetwork nor this field is specified, the default network will be used. For Private Service Connect forwarding rules that forward traffic to Google APIs, a network must be provided.
- no_
automate_ booldns_ zone This is used in PSC consumer ForwardingRule to control whether it should try to auto-generate a DNS zone or not. Non-PSC forwarding rules do not use this field.
- port_
range str The
portRange
field has the following limitations:- It requires that the forwarding rule
IPProtocol
be TCP, UDP, or SCTP, and - It's applicable only to the following products: external passthrough Network Load Balancers, internal and external proxy Network Load Balancers, internal and external Application Load Balancers, external protocol forwarding, and Classic VPN.
- Some products have restrictions on what ports can be used. See
port specifications
for details.
For external forwarding rules, two or more forwarding rules cannot use the
same
[IPAddress, IPProtocol]
pair, and cannot have overlappingportRange
s. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same[IPAddress, IPProtocol]
pair, and cannot have overlappingportRange
s.
- It requires that the forwarding rule
- project str
The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- psc_
connection_ strid The PSC connection id of the PSC Forwarding Rule.
- psc_
connection_ strstatus The PSC connection status of the PSC Forwarding Rule. Possible values:
STATUS_UNSPECIFIED
,PENDING
,ACCEPTED
,REJECTED
,CLOSED
- pulumi_
labels Mapping[str, str] The combination of labels configured directly on the resource and default labels configured on the provider.
- self_
link str The URI of the created resource.
- source_
ip_ Sequence[str]ranges If not empty, this Forwarding Rule will only forward the traffic when the source IP address matches one of the IP addresses or CIDR ranges set here. Note that a Forwarding Rule can only have up to 64 source IP ranges, and this field can only be used with a regional Forwarding Rule whose scheme is EXTERNAL. Each sourceIpRange entry should be either an IP address (for example, 1.2.3.4) or a CIDR range (for example, 1.2.3.0/24).
- subnetwork str
This field identifies the subnetwork that the load balanced IP should belong to for this Forwarding Rule, used in internal load balancing and network load balancing with IPv6. If the network specified is in auto subnet mode, this field is optional. However, a subnetwork must be specified if the network is in custom subnet mode or when creating external forwarding rule with IPv6.
- target str
The URL of the target resource to receive the matched traffic. For regional forwarding rules, this target must be in the same region as the forwarding rule. For global forwarding rules, this target must be a global load balancing resource. The forwarded traffic must be of a type appropriate to the target object.
- For load balancers, see the "Target" column in Port specifications.
- For Private Service Connect forwarding rules that forward traffic to Google APIs, provide the name of a supported Google API bundle:
vpc-sc
- APIs that support VPC Service Controls.all-apis
- All supported Google APIs.
For Private Service Connect forwarding rules that forward traffic to managed services, the target must be a service attachment.
- allow
Psc BooleanGlobal Access This is used in PSC consumer ForwardingRule to control whether the PSC endpoint can be accessed from another region.
- base
Forwarding StringRule [Output Only] The URL for the corresponding base Forwarding Rule. By base Forwarding Rule, we mean the Forwarding Rule that has the same IP address, protocol, and port settings with the current Forwarding Rule, but without sourceIPRanges specified. Always empty if the current Forwarding Rule does not have sourceIPRanges specified.
- description String
An optional description of this resource. Provide this property when you create the resource.
- effective
Labels Map<String> All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
- ip
Address String IP address for which this forwarding rule accepts traffic. When a client sends traffic to this IP address, the forwarding rule directs the traffic to the referenced
target
. While creating a forwarding rule, specifying anIPAddress
is required under the following circumstances:- When the
target
is set totargetGrpcProxy
andvalidateForProxyless
is set totrue
, theIPAddress
should be set to0.0.0.0
. - When the
target
is a Private Service Connect Google APIs bundle, you must specify anIPAddress
.
Otherwise, you can optionally specify an IP address that references an existing static (reserved) IP address resource. When omitted, Google Cloud assigns an ephemeral IP address. Use one of the following formats to specify an IP address while creating a forwarding rule:
- IP address number, as in
100.1.2.3
- IPv6 address range, as in
2600:1234::/96
- Full resource URL, as in
https://www.googleapis.com/compute/v1/projects/project_id/regions/region/addresses/address-name
- Partial URL or by name, as in:
projects/project_id/regions/region/addresses/address-name
regions/region/addresses/address-name
global/addresses/address-name
address-name
The forwarding rule's
target
, and in most cases, also theloadBalancingScheme
, determine the type of IP address that you can use. For detailed information, see IP address specifications. When reading anIPAddress
, the API always returns the IP address number.- When the
- ip
Protocol String The IP protocol to which this rule applies. For protocol forwarding, valid options are
TCP
,UDP
,ESP
,AH
,SCTP
,ICMP
andL3_DEFAULT
. The valid IP protocols are different for different load balancing products as described in Load balancing features. Possible values are:TCP
,UDP
,ESP
,AH
,SCTP
,ICMP
.- ip
Version String The IP Version that will be used by this global forwarding rule. Possible values are:
IPV4
,IPV6
.- label
Fingerprint String The fingerprint used for optimistic locking of this resource. Used internally during updates.
- labels Map<String>
Labels to apply to this forwarding rule. A list of key->value pairs.
Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field
effective_labels
for all of the labels present on the resource.- load
Balancing StringScheme Specifies the forwarding rule type. For more information about forwarding rules, refer to Forwarding rule concepts. Default value is
EXTERNAL
. Possible values are:EXTERNAL
,EXTERNAL_MANAGED
,INTERNAL_MANAGED
,INTERNAL_SELF_MANAGED
.- metadata
Filters List<Property Map> Opaque filter criteria used by Loadbalancer to restrict routing configuration to a limited set xDS compliant clients. In their xDS requests to Loadbalancer, xDS clients present node metadata. If a match takes place, the relevant routing configuration is made available to those proxies. For each metadataFilter in this list, if its filterMatchCriteria is set to MATCH_ANY, at least one of the filterLabels must match the corresponding label provided in the metadata. If its filterMatchCriteria is set to MATCH_ALL, then all of its filterLabels must match with corresponding labels in the provided metadata. metadataFilters specified here can be overridden by those specified in the UrlMap that this ForwardingRule references. metadataFilters only applies to Loadbalancers that have their loadBalancingScheme set to INTERNAL_SELF_MANAGED. Structure is documented below.
- name String
Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression
a-z?
which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. For Private Service Connect forwarding rules that forward traffic to Google APIs, the forwarding rule name must be a 1-20 characters string with lowercase letters and numbers and must start with a letter.- network String
This field is not used for external load balancing. For Internal TCP/UDP Load Balancing, this field identifies the network that the load balanced IP should belong to for this Forwarding Rule. If the subnetwork is specified, the network of the subnetwork will be used. If neither subnetwork nor this field is specified, the default network will be used. For Private Service Connect forwarding rules that forward traffic to Google APIs, a network must be provided.
- no
Automate BooleanDns Zone This is used in PSC consumer ForwardingRule to control whether it should try to auto-generate a DNS zone or not. Non-PSC forwarding rules do not use this field.
- port
Range String The
portRange
field has the following limitations:- It requires that the forwarding rule
IPProtocol
be TCP, UDP, or SCTP, and - It's applicable only to the following products: external passthrough Network Load Balancers, internal and external proxy Network Load Balancers, internal and external Application Load Balancers, external protocol forwarding, and Classic VPN.
- Some products have restrictions on what ports can be used. See
port specifications
for details.
For external forwarding rules, two or more forwarding rules cannot use the
same
[IPAddress, IPProtocol]
pair, and cannot have overlappingportRange
s. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same[IPAddress, IPProtocol]
pair, and cannot have overlappingportRange
s.
- It requires that the forwarding rule
- project String
The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- psc
Connection StringId The PSC connection id of the PSC Forwarding Rule.
- psc
Connection StringStatus The PSC connection status of the PSC Forwarding Rule. Possible values:
STATUS_UNSPECIFIED
,PENDING
,ACCEPTED
,REJECTED
,CLOSED
- pulumi
Labels Map<String> The combination of labels configured directly on the resource and default labels configured on the provider.
- self
Link String The URI of the created resource.
- source
Ip List<String>Ranges If not empty, this Forwarding Rule will only forward the traffic when the source IP address matches one of the IP addresses or CIDR ranges set here. Note that a Forwarding Rule can only have up to 64 source IP ranges, and this field can only be used with a regional Forwarding Rule whose scheme is EXTERNAL. Each sourceIpRange entry should be either an IP address (for example, 1.2.3.4) or a CIDR range (for example, 1.2.3.0/24).
- subnetwork String
This field identifies the subnetwork that the load balanced IP should belong to for this Forwarding Rule, used in internal load balancing and network load balancing with IPv6. If the network specified is in auto subnet mode, this field is optional. However, a subnetwork must be specified if the network is in custom subnet mode or when creating external forwarding rule with IPv6.
- target String
The URL of the target resource to receive the matched traffic. For regional forwarding rules, this target must be in the same region as the forwarding rule. For global forwarding rules, this target must be a global load balancing resource. The forwarded traffic must be of a type appropriate to the target object.
- For load balancers, see the "Target" column in Port specifications.
- For Private Service Connect forwarding rules that forward traffic to Google APIs, provide the name of a supported Google API bundle:
vpc-sc
- APIs that support VPC Service Controls.all-apis
- All supported Google APIs.
For Private Service Connect forwarding rules that forward traffic to managed services, the target must be a service attachment.
Supporting Types
GlobalForwardingRuleMetadataFilter, GlobalForwardingRuleMetadataFilterArgs
- Filter
Labels List<GlobalForwarding Rule Metadata Filter Filter Label> The list of label value pairs that must match labels in the provided metadata based on filterMatchCriteria This list must not be empty and can have at the most 64 entries. Structure is documented below.
- Filter
Match stringCriteria Specifies how individual filterLabel matches within the list of filterLabels contribute towards the overall metadataFilter match. MATCH_ANY - At least one of the filterLabels must have a matching label in the provided metadata. MATCH_ALL - All filterLabels must have matching labels in the provided metadata. Possible values are:
MATCH_ANY
,MATCH_ALL
.
- Filter
Labels []GlobalForwarding Rule Metadata Filter Filter Label The list of label value pairs that must match labels in the provided metadata based on filterMatchCriteria This list must not be empty and can have at the most 64 entries. Structure is documented below.
- Filter
Match stringCriteria Specifies how individual filterLabel matches within the list of filterLabels contribute towards the overall metadataFilter match. MATCH_ANY - At least one of the filterLabels must have a matching label in the provided metadata. MATCH_ALL - All filterLabels must have matching labels in the provided metadata. Possible values are:
MATCH_ANY
,MATCH_ALL
.
- filter
Labels List<GlobalForwarding Rule Metadata Filter Filter Label> The list of label value pairs that must match labels in the provided metadata based on filterMatchCriteria This list must not be empty and can have at the most 64 entries. Structure is documented below.
- filter
Match StringCriteria Specifies how individual filterLabel matches within the list of filterLabels contribute towards the overall metadataFilter match. MATCH_ANY - At least one of the filterLabels must have a matching label in the provided metadata. MATCH_ALL - All filterLabels must have matching labels in the provided metadata. Possible values are:
MATCH_ANY
,MATCH_ALL
.
- filter
Labels GlobalForwarding Rule Metadata Filter Filter Label[] The list of label value pairs that must match labels in the provided metadata based on filterMatchCriteria This list must not be empty and can have at the most 64 entries. Structure is documented below.
- filter
Match stringCriteria Specifies how individual filterLabel matches within the list of filterLabels contribute towards the overall metadataFilter match. MATCH_ANY - At least one of the filterLabels must have a matching label in the provided metadata. MATCH_ALL - All filterLabels must have matching labels in the provided metadata. Possible values are:
MATCH_ANY
,MATCH_ALL
.
- filter_
labels Sequence[GlobalForwarding Rule Metadata Filter Filter Label] The list of label value pairs that must match labels in the provided metadata based on filterMatchCriteria This list must not be empty and can have at the most 64 entries. Structure is documented below.
- filter_
match_ strcriteria Specifies how individual filterLabel matches within the list of filterLabels contribute towards the overall metadataFilter match. MATCH_ANY - At least one of the filterLabels must have a matching label in the provided metadata. MATCH_ALL - All filterLabels must have matching labels in the provided metadata. Possible values are:
MATCH_ANY
,MATCH_ALL
.
- filter
Labels List<Property Map> The list of label value pairs that must match labels in the provided metadata based on filterMatchCriteria This list must not be empty and can have at the most 64 entries. Structure is documented below.
- filter
Match StringCriteria Specifies how individual filterLabel matches within the list of filterLabels contribute towards the overall metadataFilter match. MATCH_ANY - At least one of the filterLabels must have a matching label in the provided metadata. MATCH_ALL - All filterLabels must have matching labels in the provided metadata. Possible values are:
MATCH_ANY
,MATCH_ALL
.
GlobalForwardingRuleMetadataFilterFilterLabel, GlobalForwardingRuleMetadataFilterFilterLabelArgs
Import
GlobalForwardingRule can be imported using any of these accepted formats* projects/{{project}}/global/forwardingRules/{{name}}
* {{project}}/{{name}}
* {{name}}
In Terraform v1.5.0 and later, use an import
block to import GlobalForwardingRule using one of the formats above. For exampletf import {
id = “projects/{{project}}/global/forwardingRules/{{name}}”
to = google_compute_global_forwarding_rule.default }
$ pulumi import gcp:compute/globalForwardingRule:GlobalForwardingRule When using the [`terraform import` command](https://developer.hashicorp.com/terraform/cli/commands/import), GlobalForwardingRule can be imported using one of the formats above. For example
$ pulumi import gcp:compute/globalForwardingRule:GlobalForwardingRule default projects/{{project}}/global/forwardingRules/{{name}}
$ pulumi import gcp:compute/globalForwardingRule:GlobalForwardingRule default {{project}}/{{name}}
$ pulumi import gcp:compute/globalForwardingRule:GlobalForwardingRule default {{name}}
Package Details
- Repository
- Google Cloud (GCP) Classic pulumi/pulumi-gcp
- License
- Apache-2.0
- Notes
This Pulumi package is based on the
google-beta
Terraform Provider.