gcp.compute.GlobalForwardingRule
Explore with Pulumi AI
Represents a GlobalForwardingRule resource. Global forwarding rules are used to forward traffic to the correct load balancer for HTTP load balancing. Global forwarding rules can only be used for HTTP load balancing.
For more information, see https://cloud.google.com/compute/docs/load-balancing/http/
Example Usage
Global Forwarding Rule Http
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const defaultHttpHealthCheck = new gcp.compute.HttpHealthCheck("default", {
name: "check-backend",
requestPath: "/",
checkIntervalSec: 1,
timeoutSec: 1,
});
const defaultBackendService = new gcp.compute.BackendService("default", {
name: "backend",
portName: "http",
protocol: "HTTP",
timeoutSec: 10,
healthChecks: defaultHttpHealthCheck.id,
});
const defaultURLMap = new gcp.compute.URLMap("default", {
name: "url-map-target-proxy",
description: "a description",
defaultService: defaultBackendService.id,
hostRules: [{
hosts: ["mysite.com"],
pathMatcher: "allpaths",
}],
pathMatchers: [{
name: "allpaths",
defaultService: defaultBackendService.id,
pathRules: [{
paths: ["/*"],
service: defaultBackendService.id,
}],
}],
});
const defaultTargetHttpProxy = new gcp.compute.TargetHttpProxy("default", {
name: "target-proxy",
description: "a description",
urlMap: defaultURLMap.id,
});
const _default = new gcp.compute.GlobalForwardingRule("default", {
name: "global-rule",
target: defaultTargetHttpProxy.id,
portRange: "80",
});
import pulumi
import pulumi_gcp as gcp
default_http_health_check = gcp.compute.HttpHealthCheck("default",
name="check-backend",
request_path="/",
check_interval_sec=1,
timeout_sec=1)
default_backend_service = gcp.compute.BackendService("default",
name="backend",
port_name="http",
protocol="HTTP",
timeout_sec=10,
health_checks=default_http_health_check.id)
default_url_map = gcp.compute.URLMap("default",
name="url-map-target-proxy",
description="a description",
default_service=default_backend_service.id,
host_rules=[gcp.compute.URLMapHostRuleArgs(
hosts=["mysite.com"],
path_matcher="allpaths",
)],
path_matchers=[gcp.compute.URLMapPathMatcherArgs(
name="allpaths",
default_service=default_backend_service.id,
path_rules=[gcp.compute.URLMapPathMatcherPathRuleArgs(
paths=["/*"],
service=default_backend_service.id,
)],
)])
default_target_http_proxy = gcp.compute.TargetHttpProxy("default",
name="target-proxy",
description="a description",
url_map=default_url_map.id)
default = gcp.compute.GlobalForwardingRule("default",
name="global-rule",
target=default_target_http_proxy.id,
port_range="80")
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
defaultHttpHealthCheck, err := compute.NewHttpHealthCheck(ctx, "default", &compute.HttpHealthCheckArgs{
Name: pulumi.String("check-backend"),
RequestPath: pulumi.String("/"),
CheckIntervalSec: pulumi.Int(1),
TimeoutSec: pulumi.Int(1),
})
if err != nil {
return err
}
defaultBackendService, err := compute.NewBackendService(ctx, "default", &compute.BackendServiceArgs{
Name: pulumi.String("backend"),
PortName: pulumi.String("http"),
Protocol: pulumi.String("HTTP"),
TimeoutSec: pulumi.Int(10),
HealthChecks: defaultHttpHealthCheck.ID(),
})
if err != nil {
return err
}
defaultURLMap, err := compute.NewURLMap(ctx, "default", &compute.URLMapArgs{
Name: pulumi.String("url-map-target-proxy"),
Description: pulumi.String("a description"),
DefaultService: defaultBackendService.ID(),
HostRules: compute.URLMapHostRuleArray{
&compute.URLMapHostRuleArgs{
Hosts: pulumi.StringArray{
pulumi.String("mysite.com"),
},
PathMatcher: pulumi.String("allpaths"),
},
},
PathMatchers: compute.URLMapPathMatcherArray{
&compute.URLMapPathMatcherArgs{
Name: pulumi.String("allpaths"),
DefaultService: defaultBackendService.ID(),
PathRules: compute.URLMapPathMatcherPathRuleArray{
&compute.URLMapPathMatcherPathRuleArgs{
Paths: pulumi.StringArray{
pulumi.String("/*"),
},
Service: defaultBackendService.ID(),
},
},
},
},
})
if err != nil {
return err
}
defaultTargetHttpProxy, err := compute.NewTargetHttpProxy(ctx, "default", &compute.TargetHttpProxyArgs{
Name: pulumi.String("target-proxy"),
Description: pulumi.String("a description"),
UrlMap: defaultURLMap.ID(),
})
if err != nil {
return err
}
_, err = compute.NewGlobalForwardingRule(ctx, "default", &compute.GlobalForwardingRuleArgs{
Name: pulumi.String("global-rule"),
Target: defaultTargetHttpProxy.ID(),
PortRange: pulumi.String("80"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var defaultHttpHealthCheck = new Gcp.Compute.HttpHealthCheck("default", new()
{
Name = "check-backend",
RequestPath = "/",
CheckIntervalSec = 1,
TimeoutSec = 1,
});
var defaultBackendService = new Gcp.Compute.BackendService("default", new()
{
Name = "backend",
PortName = "http",
Protocol = "HTTP",
TimeoutSec = 10,
HealthChecks = defaultHttpHealthCheck.Id,
});
var defaultURLMap = new Gcp.Compute.URLMap("default", new()
{
Name = "url-map-target-proxy",
Description = "a description",
DefaultService = defaultBackendService.Id,
HostRules = new[]
{
new Gcp.Compute.Inputs.URLMapHostRuleArgs
{
Hosts = new[]
{
"mysite.com",
},
PathMatcher = "allpaths",
},
},
PathMatchers = new[]
{
new Gcp.Compute.Inputs.URLMapPathMatcherArgs
{
Name = "allpaths",
DefaultService = defaultBackendService.Id,
PathRules = new[]
{
new Gcp.Compute.Inputs.URLMapPathMatcherPathRuleArgs
{
Paths = new[]
{
"/*",
},
Service = defaultBackendService.Id,
},
},
},
},
});
var defaultTargetHttpProxy = new Gcp.Compute.TargetHttpProxy("default", new()
{
Name = "target-proxy",
Description = "a description",
UrlMap = defaultURLMap.Id,
});
var @default = new Gcp.Compute.GlobalForwardingRule("default", new()
{
Name = "global-rule",
Target = defaultTargetHttpProxy.Id,
PortRange = "80",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.compute.HttpHealthCheck;
import com.pulumi.gcp.compute.HttpHealthCheckArgs;
import com.pulumi.gcp.compute.BackendService;
import com.pulumi.gcp.compute.BackendServiceArgs;
import com.pulumi.gcp.compute.URLMap;
import com.pulumi.gcp.compute.URLMapArgs;
import com.pulumi.gcp.compute.inputs.URLMapHostRuleArgs;
import com.pulumi.gcp.compute.inputs.URLMapPathMatcherArgs;
import com.pulumi.gcp.compute.TargetHttpProxy;
import com.pulumi.gcp.compute.TargetHttpProxyArgs;
import com.pulumi.gcp.compute.GlobalForwardingRule;
import com.pulumi.gcp.compute.GlobalForwardingRuleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var defaultHttpHealthCheck = new HttpHealthCheck("defaultHttpHealthCheck", HttpHealthCheckArgs.builder()
.name("check-backend")
.requestPath("/")
.checkIntervalSec(1)
.timeoutSec(1)
.build());
var defaultBackendService = new BackendService("defaultBackendService", BackendServiceArgs.builder()
.name("backend")
.portName("http")
.protocol("HTTP")
.timeoutSec(10)
.healthChecks(defaultHttpHealthCheck.id())
.build());
var defaultURLMap = new URLMap("defaultURLMap", URLMapArgs.builder()
.name("url-map-target-proxy")
.description("a description")
.defaultService(defaultBackendService.id())
.hostRules(URLMapHostRuleArgs.builder()
.hosts("mysite.com")
.pathMatcher("allpaths")
.build())
.pathMatchers(URLMapPathMatcherArgs.builder()
.name("allpaths")
.defaultService(defaultBackendService.id())
.pathRules(URLMapPathMatcherPathRuleArgs.builder()
.paths("/*")
.service(defaultBackendService.id())
.build())
.build())
.build());
var defaultTargetHttpProxy = new TargetHttpProxy("defaultTargetHttpProxy", TargetHttpProxyArgs.builder()
.name("target-proxy")
.description("a description")
.urlMap(defaultURLMap.id())
.build());
var default_ = new GlobalForwardingRule("default", GlobalForwardingRuleArgs.builder()
.name("global-rule")
.target(defaultTargetHttpProxy.id())
.portRange("80")
.build());
}
}
resources:
default:
type: gcp:compute:GlobalForwardingRule
properties:
name: global-rule
target: ${defaultTargetHttpProxy.id}
portRange: '80'
defaultTargetHttpProxy:
type: gcp:compute:TargetHttpProxy
name: default
properties:
name: target-proxy
description: a description
urlMap: ${defaultURLMap.id}
defaultURLMap:
type: gcp:compute:URLMap
name: default
properties:
name: url-map-target-proxy
description: a description
defaultService: ${defaultBackendService.id}
hostRules:
- hosts:
- mysite.com
pathMatcher: allpaths
pathMatchers:
- name: allpaths
defaultService: ${defaultBackendService.id}
pathRules:
- paths:
- /*
service: ${defaultBackendService.id}
defaultBackendService:
type: gcp:compute:BackendService
name: default
properties:
name: backend
portName: http
protocol: HTTP
timeoutSec: 10
healthChecks: ${defaultHttpHealthCheck.id}
defaultHttpHealthCheck:
type: gcp:compute:HttpHealthCheck
name: default
properties:
name: check-backend
requestPath: /
checkIntervalSec: 1
timeoutSec: 1
Global Forwarding Rule Internal
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const debianImage = gcp.compute.getImage({
family: "debian-11",
project: "debian-cloud",
});
const instanceTemplate = new gcp.compute.InstanceTemplate("instance_template", {
name: "template-backend",
machineType: "e2-medium",
networkInterfaces: [{
network: "default",
}],
disks: [{
sourceImage: debianImage.then(debianImage => debianImage.selfLink),
autoDelete: true,
boot: true,
}],
});
const igm = new gcp.compute.InstanceGroupManager("igm", {
name: "igm-internal",
versions: [{
instanceTemplate: instanceTemplate.id,
name: "primary",
}],
baseInstanceName: "internal-glb",
zone: "us-central1-f",
targetSize: 1,
});
const defaultHealthCheck = new gcp.compute.HealthCheck("default", {
name: "check-backend",
checkIntervalSec: 1,
timeoutSec: 1,
tcpHealthCheck: {
port: 80,
},
});
const defaultBackendService = new gcp.compute.BackendService("default", {
name: "backend",
portName: "http",
protocol: "HTTP",
timeoutSec: 10,
loadBalancingScheme: "INTERNAL_SELF_MANAGED",
backends: [{
group: igm.instanceGroup,
balancingMode: "RATE",
capacityScaler: 0.4,
maxRatePerInstance: 50,
}],
healthChecks: defaultHealthCheck.id,
});
const defaultURLMap = new gcp.compute.URLMap("default", {
name: "url-map-target-proxy",
description: "a description",
defaultService: defaultBackendService.id,
hostRules: [{
hosts: ["mysite.com"],
pathMatcher: "allpaths",
}],
pathMatchers: [{
name: "allpaths",
defaultService: defaultBackendService.id,
pathRules: [{
paths: ["/*"],
service: defaultBackendService.id,
}],
}],
});
const defaultTargetHttpProxy = new gcp.compute.TargetHttpProxy("default", {
name: "target-proxy",
description: "a description",
urlMap: defaultURLMap.id,
});
const _default = new gcp.compute.GlobalForwardingRule("default", {
name: "global-rule",
target: defaultTargetHttpProxy.id,
portRange: "80",
loadBalancingScheme: "INTERNAL_SELF_MANAGED",
ipAddress: "0.0.0.0",
metadataFilters: [{
filterMatchCriteria: "MATCH_ANY",
filterLabels: [{
name: "PLANET",
value: "MARS",
}],
}],
});
import pulumi
import pulumi_gcp as gcp
debian_image = gcp.compute.get_image(family="debian-11",
project="debian-cloud")
instance_template = gcp.compute.InstanceTemplate("instance_template",
name="template-backend",
machine_type="e2-medium",
network_interfaces=[gcp.compute.InstanceTemplateNetworkInterfaceArgs(
network="default",
)],
disks=[gcp.compute.InstanceTemplateDiskArgs(
source_image=debian_image.self_link,
auto_delete=True,
boot=True,
)])
igm = gcp.compute.InstanceGroupManager("igm",
name="igm-internal",
versions=[gcp.compute.InstanceGroupManagerVersionArgs(
instance_template=instance_template.id,
name="primary",
)],
base_instance_name="internal-glb",
zone="us-central1-f",
target_size=1)
default_health_check = gcp.compute.HealthCheck("default",
name="check-backend",
check_interval_sec=1,
timeout_sec=1,
tcp_health_check=gcp.compute.HealthCheckTcpHealthCheckArgs(
port=80,
))
default_backend_service = gcp.compute.BackendService("default",
name="backend",
port_name="http",
protocol="HTTP",
timeout_sec=10,
load_balancing_scheme="INTERNAL_SELF_MANAGED",
backends=[gcp.compute.BackendServiceBackendArgs(
group=igm.instance_group,
balancing_mode="RATE",
capacity_scaler=0.4,
max_rate_per_instance=50,
)],
health_checks=default_health_check.id)
default_url_map = gcp.compute.URLMap("default",
name="url-map-target-proxy",
description="a description",
default_service=default_backend_service.id,
host_rules=[gcp.compute.URLMapHostRuleArgs(
hosts=["mysite.com"],
path_matcher="allpaths",
)],
path_matchers=[gcp.compute.URLMapPathMatcherArgs(
name="allpaths",
default_service=default_backend_service.id,
path_rules=[gcp.compute.URLMapPathMatcherPathRuleArgs(
paths=["/*"],
service=default_backend_service.id,
)],
)])
default_target_http_proxy = gcp.compute.TargetHttpProxy("default",
name="target-proxy",
description="a description",
url_map=default_url_map.id)
default = gcp.compute.GlobalForwardingRule("default",
name="global-rule",
target=default_target_http_proxy.id,
port_range="80",
load_balancing_scheme="INTERNAL_SELF_MANAGED",
ip_address="0.0.0.0",
metadata_filters=[gcp.compute.GlobalForwardingRuleMetadataFilterArgs(
filter_match_criteria="MATCH_ANY",
filter_labels=[gcp.compute.GlobalForwardingRuleMetadataFilterFilterLabelArgs(
name="PLANET",
value="MARS",
)],
)])
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
debianImage, err := compute.LookupImage(ctx, &compute.LookupImageArgs{
Family: pulumi.StringRef("debian-11"),
Project: pulumi.StringRef("debian-cloud"),
}, nil)
if err != nil {
return err
}
instanceTemplate, err := compute.NewInstanceTemplate(ctx, "instance_template", &compute.InstanceTemplateArgs{
Name: pulumi.String("template-backend"),
MachineType: pulumi.String("e2-medium"),
NetworkInterfaces: compute.InstanceTemplateNetworkInterfaceArray{
&compute.InstanceTemplateNetworkInterfaceArgs{
Network: pulumi.String("default"),
},
},
Disks: compute.InstanceTemplateDiskArray{
&compute.InstanceTemplateDiskArgs{
SourceImage: pulumi.String(debianImage.SelfLink),
AutoDelete: pulumi.Bool(true),
Boot: pulumi.Bool(true),
},
},
})
if err != nil {
return err
}
igm, err := compute.NewInstanceGroupManager(ctx, "igm", &compute.InstanceGroupManagerArgs{
Name: pulumi.String("igm-internal"),
Versions: compute.InstanceGroupManagerVersionArray{
&compute.InstanceGroupManagerVersionArgs{
InstanceTemplate: instanceTemplate.ID(),
Name: pulumi.String("primary"),
},
},
BaseInstanceName: pulumi.String("internal-glb"),
Zone: pulumi.String("us-central1-f"),
TargetSize: pulumi.Int(1),
})
if err != nil {
return err
}
defaultHealthCheck, err := compute.NewHealthCheck(ctx, "default", &compute.HealthCheckArgs{
Name: pulumi.String("check-backend"),
CheckIntervalSec: pulumi.Int(1),
TimeoutSec: pulumi.Int(1),
TcpHealthCheck: &compute.HealthCheckTcpHealthCheckArgs{
Port: pulumi.Int(80),
},
})
if err != nil {
return err
}
defaultBackendService, err := compute.NewBackendService(ctx, "default", &compute.BackendServiceArgs{
Name: pulumi.String("backend"),
PortName: pulumi.String("http"),
Protocol: pulumi.String("HTTP"),
TimeoutSec: pulumi.Int(10),
LoadBalancingScheme: pulumi.String("INTERNAL_SELF_MANAGED"),
Backends: compute.BackendServiceBackendArray{
&compute.BackendServiceBackendArgs{
Group: igm.InstanceGroup,
BalancingMode: pulumi.String("RATE"),
CapacityScaler: pulumi.Float64(0.4),
MaxRatePerInstance: pulumi.Float64(50),
},
},
HealthChecks: defaultHealthCheck.ID(),
})
if err != nil {
return err
}
defaultURLMap, err := compute.NewURLMap(ctx, "default", &compute.URLMapArgs{
Name: pulumi.String("url-map-target-proxy"),
Description: pulumi.String("a description"),
DefaultService: defaultBackendService.ID(),
HostRules: compute.URLMapHostRuleArray{
&compute.URLMapHostRuleArgs{
Hosts: pulumi.StringArray{
pulumi.String("mysite.com"),
},
PathMatcher: pulumi.String("allpaths"),
},
},
PathMatchers: compute.URLMapPathMatcherArray{
&compute.URLMapPathMatcherArgs{
Name: pulumi.String("allpaths"),
DefaultService: defaultBackendService.ID(),
PathRules: compute.URLMapPathMatcherPathRuleArray{
&compute.URLMapPathMatcherPathRuleArgs{
Paths: pulumi.StringArray{
pulumi.String("/*"),
},
Service: defaultBackendService.ID(),
},
},
},
},
})
if err != nil {
return err
}
defaultTargetHttpProxy, err := compute.NewTargetHttpProxy(ctx, "default", &compute.TargetHttpProxyArgs{
Name: pulumi.String("target-proxy"),
Description: pulumi.String("a description"),
UrlMap: defaultURLMap.ID(),
})
if err != nil {
return err
}
_, err = compute.NewGlobalForwardingRule(ctx, "default", &compute.GlobalForwardingRuleArgs{
Name: pulumi.String("global-rule"),
Target: defaultTargetHttpProxy.ID(),
PortRange: pulumi.String("80"),
LoadBalancingScheme: pulumi.String("INTERNAL_SELF_MANAGED"),
IpAddress: pulumi.String("0.0.0.0"),
MetadataFilters: compute.GlobalForwardingRuleMetadataFilterArray{
&compute.GlobalForwardingRuleMetadataFilterArgs{
FilterMatchCriteria: pulumi.String("MATCH_ANY"),
FilterLabels: compute.GlobalForwardingRuleMetadataFilterFilterLabelArray{
&compute.GlobalForwardingRuleMetadataFilterFilterLabelArgs{
Name: pulumi.String("PLANET"),
Value: pulumi.String("MARS"),
},
},
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var debianImage = Gcp.Compute.GetImage.Invoke(new()
{
Family = "debian-11",
Project = "debian-cloud",
});
var instanceTemplate = new Gcp.Compute.InstanceTemplate("instance_template", new()
{
Name = "template-backend",
MachineType = "e2-medium",
NetworkInterfaces = new[]
{
new Gcp.Compute.Inputs.InstanceTemplateNetworkInterfaceArgs
{
Network = "default",
},
},
Disks = new[]
{
new Gcp.Compute.Inputs.InstanceTemplateDiskArgs
{
SourceImage = debianImage.Apply(getImageResult => getImageResult.SelfLink),
AutoDelete = true,
Boot = true,
},
},
});
var igm = new Gcp.Compute.InstanceGroupManager("igm", new()
{
Name = "igm-internal",
Versions = new[]
{
new Gcp.Compute.Inputs.InstanceGroupManagerVersionArgs
{
InstanceTemplate = instanceTemplate.Id,
Name = "primary",
},
},
BaseInstanceName = "internal-glb",
Zone = "us-central1-f",
TargetSize = 1,
});
var defaultHealthCheck = new Gcp.Compute.HealthCheck("default", new()
{
Name = "check-backend",
CheckIntervalSec = 1,
TimeoutSec = 1,
TcpHealthCheck = new Gcp.Compute.Inputs.HealthCheckTcpHealthCheckArgs
{
Port = 80,
},
});
var defaultBackendService = new Gcp.Compute.BackendService("default", new()
{
Name = "backend",
PortName = "http",
Protocol = "HTTP",
TimeoutSec = 10,
LoadBalancingScheme = "INTERNAL_SELF_MANAGED",
Backends = new[]
{
new Gcp.Compute.Inputs.BackendServiceBackendArgs
{
Group = igm.InstanceGroup,
BalancingMode = "RATE",
CapacityScaler = 0.4,
MaxRatePerInstance = 50,
},
},
HealthChecks = defaultHealthCheck.Id,
});
var defaultURLMap = new Gcp.Compute.URLMap("default", new()
{
Name = "url-map-target-proxy",
Description = "a description",
DefaultService = defaultBackendService.Id,
HostRules = new[]
{
new Gcp.Compute.Inputs.URLMapHostRuleArgs
{
Hosts = new[]
{
"mysite.com",
},
PathMatcher = "allpaths",
},
},
PathMatchers = new[]
{
new Gcp.Compute.Inputs.URLMapPathMatcherArgs
{
Name = "allpaths",
DefaultService = defaultBackendService.Id,
PathRules = new[]
{
new Gcp.Compute.Inputs.URLMapPathMatcherPathRuleArgs
{
Paths = new[]
{
"/*",
},
Service = defaultBackendService.Id,
},
},
},
},
});
var defaultTargetHttpProxy = new Gcp.Compute.TargetHttpProxy("default", new()
{
Name = "target-proxy",
Description = "a description",
UrlMap = defaultURLMap.Id,
});
var @default = new Gcp.Compute.GlobalForwardingRule("default", new()
{
Name = "global-rule",
Target = defaultTargetHttpProxy.Id,
PortRange = "80",
LoadBalancingScheme = "INTERNAL_SELF_MANAGED",
IpAddress = "0.0.0.0",
MetadataFilters = new[]
{
new Gcp.Compute.Inputs.GlobalForwardingRuleMetadataFilterArgs
{
FilterMatchCriteria = "MATCH_ANY",
FilterLabels = new[]
{
new Gcp.Compute.Inputs.GlobalForwardingRuleMetadataFilterFilterLabelArgs
{
Name = "PLANET",
Value = "MARS",
},
},
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.compute.ComputeFunctions;
import com.pulumi.gcp.compute.inputs.GetImageArgs;
import com.pulumi.gcp.compute.InstanceTemplate;
import com.pulumi.gcp.compute.InstanceTemplateArgs;
import com.pulumi.gcp.compute.inputs.InstanceTemplateNetworkInterfaceArgs;
import com.pulumi.gcp.compute.inputs.InstanceTemplateDiskArgs;
import com.pulumi.gcp.compute.InstanceGroupManager;
import com.pulumi.gcp.compute.InstanceGroupManagerArgs;
import com.pulumi.gcp.compute.inputs.InstanceGroupManagerVersionArgs;
import com.pulumi.gcp.compute.HealthCheck;
import com.pulumi.gcp.compute.HealthCheckArgs;
import com.pulumi.gcp.compute.inputs.HealthCheckTcpHealthCheckArgs;
import com.pulumi.gcp.compute.BackendService;
import com.pulumi.gcp.compute.BackendServiceArgs;
import com.pulumi.gcp.compute.inputs.BackendServiceBackendArgs;
import com.pulumi.gcp.compute.URLMap;
import com.pulumi.gcp.compute.URLMapArgs;
import com.pulumi.gcp.compute.inputs.URLMapHostRuleArgs;
import com.pulumi.gcp.compute.inputs.URLMapPathMatcherArgs;
import com.pulumi.gcp.compute.TargetHttpProxy;
import com.pulumi.gcp.compute.TargetHttpProxyArgs;
import com.pulumi.gcp.compute.GlobalForwardingRule;
import com.pulumi.gcp.compute.GlobalForwardingRuleArgs;
import com.pulumi.gcp.compute.inputs.GlobalForwardingRuleMetadataFilterArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var debianImage = ComputeFunctions.getImage(GetImageArgs.builder()
.family("debian-11")
.project("debian-cloud")
.build());
var instanceTemplate = new InstanceTemplate("instanceTemplate", InstanceTemplateArgs.builder()
.name("template-backend")
.machineType("e2-medium")
.networkInterfaces(InstanceTemplateNetworkInterfaceArgs.builder()
.network("default")
.build())
.disks(InstanceTemplateDiskArgs.builder()
.sourceImage(debianImage.applyValue(getImageResult -> getImageResult.selfLink()))
.autoDelete(true)
.boot(true)
.build())
.build());
var igm = new InstanceGroupManager("igm", InstanceGroupManagerArgs.builder()
.name("igm-internal")
.versions(InstanceGroupManagerVersionArgs.builder()
.instanceTemplate(instanceTemplate.id())
.name("primary")
.build())
.baseInstanceName("internal-glb")
.zone("us-central1-f")
.targetSize(1)
.build());
var defaultHealthCheck = new HealthCheck("defaultHealthCheck", HealthCheckArgs.builder()
.name("check-backend")
.checkIntervalSec(1)
.timeoutSec(1)
.tcpHealthCheck(HealthCheckTcpHealthCheckArgs.builder()
.port("80")
.build())
.build());
var defaultBackendService = new BackendService("defaultBackendService", BackendServiceArgs.builder()
.name("backend")
.portName("http")
.protocol("HTTP")
.timeoutSec(10)
.loadBalancingScheme("INTERNAL_SELF_MANAGED")
.backends(BackendServiceBackendArgs.builder()
.group(igm.instanceGroup())
.balancingMode("RATE")
.capacityScaler(0.4)
.maxRatePerInstance(50)
.build())
.healthChecks(defaultHealthCheck.id())
.build());
var defaultURLMap = new URLMap("defaultURLMap", URLMapArgs.builder()
.name("url-map-target-proxy")
.description("a description")
.defaultService(defaultBackendService.id())
.hostRules(URLMapHostRuleArgs.builder()
.hosts("mysite.com")
.pathMatcher("allpaths")
.build())
.pathMatchers(URLMapPathMatcherArgs.builder()
.name("allpaths")
.defaultService(defaultBackendService.id())
.pathRules(URLMapPathMatcherPathRuleArgs.builder()
.paths("/*")
.service(defaultBackendService.id())
.build())
.build())
.build());
var defaultTargetHttpProxy = new TargetHttpProxy("defaultTargetHttpProxy", TargetHttpProxyArgs.builder()
.name("target-proxy")
.description("a description")
.urlMap(defaultURLMap.id())
.build());
var default_ = new GlobalForwardingRule("default", GlobalForwardingRuleArgs.builder()
.name("global-rule")
.target(defaultTargetHttpProxy.id())
.portRange("80")
.loadBalancingScheme("INTERNAL_SELF_MANAGED")
.ipAddress("0.0.0.0")
.metadataFilters(GlobalForwardingRuleMetadataFilterArgs.builder()
.filterMatchCriteria("MATCH_ANY")
.filterLabels(GlobalForwardingRuleMetadataFilterFilterLabelArgs.builder()
.name("PLANET")
.value("MARS")
.build())
.build())
.build());
}
}
resources:
default:
type: gcp:compute:GlobalForwardingRule
properties:
name: global-rule
target: ${defaultTargetHttpProxy.id}
portRange: '80'
loadBalancingScheme: INTERNAL_SELF_MANAGED
ipAddress: 0.0.0.0
metadataFilters:
- filterMatchCriteria: MATCH_ANY
filterLabels:
- name: PLANET
value: MARS
defaultTargetHttpProxy:
type: gcp:compute:TargetHttpProxy
name: default
properties:
name: target-proxy
description: a description
urlMap: ${defaultURLMap.id}
defaultURLMap:
type: gcp:compute:URLMap
name: default
properties:
name: url-map-target-proxy
description: a description
defaultService: ${defaultBackendService.id}
hostRules:
- hosts:
- mysite.com
pathMatcher: allpaths
pathMatchers:
- name: allpaths
defaultService: ${defaultBackendService.id}
pathRules:
- paths:
- /*
service: ${defaultBackendService.id}
defaultBackendService:
type: gcp:compute:BackendService
name: default
properties:
name: backend
portName: http
protocol: HTTP
timeoutSec: 10
loadBalancingScheme: INTERNAL_SELF_MANAGED
backends:
- group: ${igm.instanceGroup}
balancingMode: RATE
capacityScaler: 0.4
maxRatePerInstance: 50
healthChecks: ${defaultHealthCheck.id}
igm:
type: gcp:compute:InstanceGroupManager
properties:
name: igm-internal
versions:
- instanceTemplate: ${instanceTemplate.id}
name: primary
baseInstanceName: internal-glb
zone: us-central1-f
targetSize: 1
instanceTemplate:
type: gcp:compute:InstanceTemplate
name: instance_template
properties:
name: template-backend
machineType: e2-medium
networkInterfaces:
- network: default
disks:
- sourceImage: ${debianImage.selfLink}
autoDelete: true
boot: true
defaultHealthCheck:
type: gcp:compute:HealthCheck
name: default
properties:
name: check-backend
checkIntervalSec: 1
timeoutSec: 1
tcpHealthCheck:
port: '80'
variables:
debianImage:
fn::invoke:
Function: gcp:compute:getImage
Arguments:
family: debian-11
project: debian-cloud
Global Forwarding Rule External Managed
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const defaultBackendService = new gcp.compute.BackendService("default", {
name: "backend",
portName: "http",
protocol: "HTTP",
timeoutSec: 10,
loadBalancingScheme: "EXTERNAL_MANAGED",
});
const defaultURLMap = new gcp.compute.URLMap("default", {
name: "url-map-target-proxy",
description: "a description",
defaultService: defaultBackendService.id,
hostRules: [{
hosts: ["mysite.com"],
pathMatcher: "allpaths",
}],
pathMatchers: [{
name: "allpaths",
defaultService: defaultBackendService.id,
pathRules: [{
paths: ["/*"],
service: defaultBackendService.id,
}],
}],
});
const defaultTargetHttpProxy = new gcp.compute.TargetHttpProxy("default", {
name: "target-proxy",
description: "a description",
urlMap: defaultURLMap.id,
});
const _default = new gcp.compute.GlobalForwardingRule("default", {
name: "global-rule",
target: defaultTargetHttpProxy.id,
portRange: "80",
loadBalancingScheme: "EXTERNAL_MANAGED",
});
import pulumi
import pulumi_gcp as gcp
default_backend_service = gcp.compute.BackendService("default",
name="backend",
port_name="http",
protocol="HTTP",
timeout_sec=10,
load_balancing_scheme="EXTERNAL_MANAGED")
default_url_map = gcp.compute.URLMap("default",
name="url-map-target-proxy",
description="a description",
default_service=default_backend_service.id,
host_rules=[gcp.compute.URLMapHostRuleArgs(
hosts=["mysite.com"],
path_matcher="allpaths",
)],
path_matchers=[gcp.compute.URLMapPathMatcherArgs(
name="allpaths",
default_service=default_backend_service.id,
path_rules=[gcp.compute.URLMapPathMatcherPathRuleArgs(
paths=["/*"],
service=default_backend_service.id,
)],
)])
default_target_http_proxy = gcp.compute.TargetHttpProxy("default",
name="target-proxy",
description="a description",
url_map=default_url_map.id)
default = gcp.compute.GlobalForwardingRule("default",
name="global-rule",
target=default_target_http_proxy.id,
port_range="80",
load_balancing_scheme="EXTERNAL_MANAGED")
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
defaultBackendService, err := compute.NewBackendService(ctx, "default", &compute.BackendServiceArgs{
Name: pulumi.String("backend"),
PortName: pulumi.String("http"),
Protocol: pulumi.String("HTTP"),
TimeoutSec: pulumi.Int(10),
LoadBalancingScheme: pulumi.String("EXTERNAL_MANAGED"),
})
if err != nil {
return err
}
defaultURLMap, err := compute.NewURLMap(ctx, "default", &compute.URLMapArgs{
Name: pulumi.String("url-map-target-proxy"),
Description: pulumi.String("a description"),
DefaultService: defaultBackendService.ID(),
HostRules: compute.URLMapHostRuleArray{
&compute.URLMapHostRuleArgs{
Hosts: pulumi.StringArray{
pulumi.String("mysite.com"),
},
PathMatcher: pulumi.String("allpaths"),
},
},
PathMatchers: compute.URLMapPathMatcherArray{
&compute.URLMapPathMatcherArgs{
Name: pulumi.String("allpaths"),
DefaultService: defaultBackendService.ID(),
PathRules: compute.URLMapPathMatcherPathRuleArray{
&compute.URLMapPathMatcherPathRuleArgs{
Paths: pulumi.StringArray{
pulumi.String("/*"),
},
Service: defaultBackendService.ID(),
},
},
},
},
})
if err != nil {
return err
}
defaultTargetHttpProxy, err := compute.NewTargetHttpProxy(ctx, "default", &compute.TargetHttpProxyArgs{
Name: pulumi.String("target-proxy"),
Description: pulumi.String("a description"),
UrlMap: defaultURLMap.ID(),
})
if err != nil {
return err
}
_, err = compute.NewGlobalForwardingRule(ctx, "default", &compute.GlobalForwardingRuleArgs{
Name: pulumi.String("global-rule"),
Target: defaultTargetHttpProxy.ID(),
PortRange: pulumi.String("80"),
LoadBalancingScheme: pulumi.String("EXTERNAL_MANAGED"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var defaultBackendService = new Gcp.Compute.BackendService("default", new()
{
Name = "backend",
PortName = "http",
Protocol = "HTTP",
TimeoutSec = 10,
LoadBalancingScheme = "EXTERNAL_MANAGED",
});
var defaultURLMap = new Gcp.Compute.URLMap("default", new()
{
Name = "url-map-target-proxy",
Description = "a description",
DefaultService = defaultBackendService.Id,
HostRules = new[]
{
new Gcp.Compute.Inputs.URLMapHostRuleArgs
{
Hosts = new[]
{
"mysite.com",
},
PathMatcher = "allpaths",
},
},
PathMatchers = new[]
{
new Gcp.Compute.Inputs.URLMapPathMatcherArgs
{
Name = "allpaths",
DefaultService = defaultBackendService.Id,
PathRules = new[]
{
new Gcp.Compute.Inputs.URLMapPathMatcherPathRuleArgs
{
Paths = new[]
{
"/*",
},
Service = defaultBackendService.Id,
},
},
},
},
});
var defaultTargetHttpProxy = new Gcp.Compute.TargetHttpProxy("default", new()
{
Name = "target-proxy",
Description = "a description",
UrlMap = defaultURLMap.Id,
});
var @default = new Gcp.Compute.GlobalForwardingRule("default", new()
{
Name = "global-rule",
Target = defaultTargetHttpProxy.Id,
PortRange = "80",
LoadBalancingScheme = "EXTERNAL_MANAGED",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.compute.BackendService;
import com.pulumi.gcp.compute.BackendServiceArgs;
import com.pulumi.gcp.compute.URLMap;
import com.pulumi.gcp.compute.URLMapArgs;
import com.pulumi.gcp.compute.inputs.URLMapHostRuleArgs;
import com.pulumi.gcp.compute.inputs.URLMapPathMatcherArgs;
import com.pulumi.gcp.compute.TargetHttpProxy;
import com.pulumi.gcp.compute.TargetHttpProxyArgs;
import com.pulumi.gcp.compute.GlobalForwardingRule;
import com.pulumi.gcp.compute.GlobalForwardingRuleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var defaultBackendService = new BackendService("defaultBackendService", BackendServiceArgs.builder()
.name("backend")
.portName("http")
.protocol("HTTP")
.timeoutSec(10)
.loadBalancingScheme("EXTERNAL_MANAGED")
.build());
var defaultURLMap = new URLMap("defaultURLMap", URLMapArgs.builder()
.name("url-map-target-proxy")
.description("a description")
.defaultService(defaultBackendService.id())
.hostRules(URLMapHostRuleArgs.builder()
.hosts("mysite.com")
.pathMatcher("allpaths")
.build())
.pathMatchers(URLMapPathMatcherArgs.builder()
.name("allpaths")
.defaultService(defaultBackendService.id())
.pathRules(URLMapPathMatcherPathRuleArgs.builder()
.paths("/*")
.service(defaultBackendService.id())
.build())
.build())
.build());
var defaultTargetHttpProxy = new TargetHttpProxy("defaultTargetHttpProxy", TargetHttpProxyArgs.builder()
.name("target-proxy")
.description("a description")
.urlMap(defaultURLMap.id())
.build());
var default_ = new GlobalForwardingRule("default", GlobalForwardingRuleArgs.builder()
.name("global-rule")
.target(defaultTargetHttpProxy.id())
.portRange("80")
.loadBalancingScheme("EXTERNAL_MANAGED")
.build());
}
}
resources:
default:
type: gcp:compute:GlobalForwardingRule
properties:
name: global-rule
target: ${defaultTargetHttpProxy.id}
portRange: '80'
loadBalancingScheme: EXTERNAL_MANAGED
defaultTargetHttpProxy:
type: gcp:compute:TargetHttpProxy
name: default
properties:
name: target-proxy
description: a description
urlMap: ${defaultURLMap.id}
defaultURLMap:
type: gcp:compute:URLMap
name: default
properties:
name: url-map-target-proxy
description: a description
defaultService: ${defaultBackendService.id}
hostRules:
- hosts:
- mysite.com
pathMatcher: allpaths
pathMatchers:
- name: allpaths
defaultService: ${defaultBackendService.id}
pathRules:
- paths:
- /*
service: ${defaultBackendService.id}
defaultBackendService:
type: gcp:compute:BackendService
name: default
properties:
name: backend
portName: http
protocol: HTTP
timeoutSec: 10
loadBalancingScheme: EXTERNAL_MANAGED
Global Forwarding Rule Hybrid
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const config = new pulumi.Config();
const subnetworkCidr = config.get("subnetworkCidr") || "10.0.0.0/24";
const _default = new gcp.compute.Network("default", {name: "my-network"});
const internal = new gcp.compute.Network("internal", {
name: "my-internal-network",
autoCreateSubnetworks: false,
});
const internalSubnetwork = new gcp.compute.Subnetwork("internal", {
name: "my-subnetwork",
network: internal.id,
ipCidrRange: subnetworkCidr,
region: "us-central1",
privateIpGoogleAccess: true,
});
// Zonal NEG with GCE_VM_IP_PORT
const defaultNetworkEndpointGroup = new gcp.compute.NetworkEndpointGroup("default", {
name: "default-neg",
network: _default.id,
defaultPort: 90,
zone: "us-central1-a",
networkEndpointType: "GCE_VM_IP_PORT",
});
// Zonal NEG with GCE_VM_IP
const internalNetworkEndpointGroup = new gcp.compute.NetworkEndpointGroup("internal", {
name: "internal-neg",
network: internal.id,
subnetwork: internalSubnetwork.id,
zone: "us-central1-a",
networkEndpointType: "GCE_VM_IP",
});
// Hybrid connectivity NEG
const hybrid = new gcp.compute.NetworkEndpointGroup("hybrid", {
name: "hybrid-neg",
network: _default.id,
defaultPort: 90,
zone: "us-central1-a",
networkEndpointType: "NON_GCP_PRIVATE_IP_PORT",
});
const hybrid_endpoint = new gcp.compute.NetworkEndpoint("hybrid-endpoint", {
networkEndpointGroup: hybrid.name,
port: hybrid.defaultPort,
ipAddress: "127.0.0.1",
});
const defaultHealthCheck = new gcp.compute.HealthCheck("default", {
name: "health-check",
timeoutSec: 1,
checkIntervalSec: 1,
tcpHealthCheck: {
port: 80,
},
});
// Backend service for Zonal NEG
const defaultBackendService = new gcp.compute.BackendService("default", {
name: "backend-default",
portName: "http",
protocol: "HTTP",
timeoutSec: 10,
backends: [{
group: defaultNetworkEndpointGroup.id,
balancingMode: "RATE",
maxRatePerEndpoint: 10,
}],
healthChecks: defaultHealthCheck.id,
});
// Backgend service for Hybrid NEG
const hybridBackendService = new gcp.compute.BackendService("hybrid", {
name: "backend-hybrid",
portName: "http",
protocol: "HTTP",
timeoutSec: 10,
backends: [{
group: hybrid.id,
balancingMode: "RATE",
maxRatePerEndpoint: 10,
}],
healthChecks: defaultHealthCheck.id,
});
const defaultURLMap = new gcp.compute.URLMap("default", {
name: "url-map-target-proxy",
description: "a description",
defaultService: defaultBackendService.id,
hostRules: [{
hosts: ["mysite.com"],
pathMatcher: "allpaths",
}],
pathMatchers: [{
name: "allpaths",
defaultService: defaultBackendService.id,
pathRules: [
{
paths: ["/*"],
service: defaultBackendService.id,
},
{
paths: ["/hybrid"],
service: hybridBackendService.id,
},
],
}],
});
const defaultTargetHttpProxy = new gcp.compute.TargetHttpProxy("default", {
name: "target-proxy",
description: "a description",
urlMap: defaultURLMap.id,
});
const defaultGlobalForwardingRule = new gcp.compute.GlobalForwardingRule("default", {
name: "global-rule",
target: defaultTargetHttpProxy.id,
portRange: "80",
});
import pulumi
import pulumi_gcp as gcp
config = pulumi.Config()
subnetwork_cidr = config.get("subnetworkCidr")
if subnetwork_cidr is None:
subnetwork_cidr = "10.0.0.0/24"
default = gcp.compute.Network("default", name="my-network")
internal = gcp.compute.Network("internal",
name="my-internal-network",
auto_create_subnetworks=False)
internal_subnetwork = gcp.compute.Subnetwork("internal",
name="my-subnetwork",
network=internal.id,
ip_cidr_range=subnetwork_cidr,
region="us-central1",
private_ip_google_access=True)
# Zonal NEG with GCE_VM_IP_PORT
default_network_endpoint_group = gcp.compute.NetworkEndpointGroup("default",
name="default-neg",
network=default.id,
default_port=90,
zone="us-central1-a",
network_endpoint_type="GCE_VM_IP_PORT")
# Zonal NEG with GCE_VM_IP
internal_network_endpoint_group = gcp.compute.NetworkEndpointGroup("internal",
name="internal-neg",
network=internal.id,
subnetwork=internal_subnetwork.id,
zone="us-central1-a",
network_endpoint_type="GCE_VM_IP")
# Hybrid connectivity NEG
hybrid = gcp.compute.NetworkEndpointGroup("hybrid",
name="hybrid-neg",
network=default.id,
default_port=90,
zone="us-central1-a",
network_endpoint_type="NON_GCP_PRIVATE_IP_PORT")
hybrid_endpoint = gcp.compute.NetworkEndpoint("hybrid-endpoint",
network_endpoint_group=hybrid.name,
port=hybrid.default_port,
ip_address="127.0.0.1")
default_health_check = gcp.compute.HealthCheck("default",
name="health-check",
timeout_sec=1,
check_interval_sec=1,
tcp_health_check=gcp.compute.HealthCheckTcpHealthCheckArgs(
port=80,
))
# Backend service for Zonal NEG
default_backend_service = gcp.compute.BackendService("default",
name="backend-default",
port_name="http",
protocol="HTTP",
timeout_sec=10,
backends=[gcp.compute.BackendServiceBackendArgs(
group=default_network_endpoint_group.id,
balancing_mode="RATE",
max_rate_per_endpoint=10,
)],
health_checks=default_health_check.id)
# Backgend service for Hybrid NEG
hybrid_backend_service = gcp.compute.BackendService("hybrid",
name="backend-hybrid",
port_name="http",
protocol="HTTP",
timeout_sec=10,
backends=[gcp.compute.BackendServiceBackendArgs(
group=hybrid.id,
balancing_mode="RATE",
max_rate_per_endpoint=10,
)],
health_checks=default_health_check.id)
default_url_map = gcp.compute.URLMap("default",
name="url-map-target-proxy",
description="a description",
default_service=default_backend_service.id,
host_rules=[gcp.compute.URLMapHostRuleArgs(
hosts=["mysite.com"],
path_matcher="allpaths",
)],
path_matchers=[gcp.compute.URLMapPathMatcherArgs(
name="allpaths",
default_service=default_backend_service.id,
path_rules=[
gcp.compute.URLMapPathMatcherPathRuleArgs(
paths=["/*"],
service=default_backend_service.id,
),
gcp.compute.URLMapPathMatcherPathRuleArgs(
paths=["/hybrid"],
service=hybrid_backend_service.id,
),
],
)])
default_target_http_proxy = gcp.compute.TargetHttpProxy("default",
name="target-proxy",
description="a description",
url_map=default_url_map.id)
default_global_forwarding_rule = gcp.compute.GlobalForwardingRule("default",
name="global-rule",
target=default_target_http_proxy.id,
port_range="80")
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
cfg := config.New(ctx, "")
subnetworkCidr := "10.0.0.0/24"
if param := cfg.Get("subnetworkCidr"); param != "" {
subnetworkCidr = param
}
_, err := compute.NewNetwork(ctx, "default", &compute.NetworkArgs{
Name: pulumi.String("my-network"),
})
if err != nil {
return err
}
internal, err := compute.NewNetwork(ctx, "internal", &compute.NetworkArgs{
Name: pulumi.String("my-internal-network"),
AutoCreateSubnetworks: pulumi.Bool(false),
})
if err != nil {
return err
}
internalSubnetwork, err := compute.NewSubnetwork(ctx, "internal", &compute.SubnetworkArgs{
Name: pulumi.String("my-subnetwork"),
Network: internal.ID(),
IpCidrRange: pulumi.String(subnetworkCidr),
Region: pulumi.String("us-central1"),
PrivateIpGoogleAccess: pulumi.Bool(true),
})
if err != nil {
return err
}
// Zonal NEG with GCE_VM_IP_PORT
defaultNetworkEndpointGroup, err := compute.NewNetworkEndpointGroup(ctx, "default", &compute.NetworkEndpointGroupArgs{
Name: pulumi.String("default-neg"),
Network: _default.ID(),
DefaultPort: pulumi.Int(90),
Zone: pulumi.String("us-central1-a"),
NetworkEndpointType: pulumi.String("GCE_VM_IP_PORT"),
})
if err != nil {
return err
}
// Zonal NEG with GCE_VM_IP
_, err = compute.NewNetworkEndpointGroup(ctx, "internal", &compute.NetworkEndpointGroupArgs{
Name: pulumi.String("internal-neg"),
Network: internal.ID(),
Subnetwork: internalSubnetwork.ID(),
Zone: pulumi.String("us-central1-a"),
NetworkEndpointType: pulumi.String("GCE_VM_IP"),
})
if err != nil {
return err
}
// Hybrid connectivity NEG
hybrid, err := compute.NewNetworkEndpointGroup(ctx, "hybrid", &compute.NetworkEndpointGroupArgs{
Name: pulumi.String("hybrid-neg"),
Network: _default.ID(),
DefaultPort: pulumi.Int(90),
Zone: pulumi.String("us-central1-a"),
NetworkEndpointType: pulumi.String("NON_GCP_PRIVATE_IP_PORT"),
})
if err != nil {
return err
}
_, err = compute.NewNetworkEndpoint(ctx, "hybrid-endpoint", &compute.NetworkEndpointArgs{
NetworkEndpointGroup: hybrid.Name,
Port: hybrid.DefaultPort,
IpAddress: pulumi.String("127.0.0.1"),
})
if err != nil {
return err
}
defaultHealthCheck, err := compute.NewHealthCheck(ctx, "default", &compute.HealthCheckArgs{
Name: pulumi.String("health-check"),
TimeoutSec: pulumi.Int(1),
CheckIntervalSec: pulumi.Int(1),
TcpHealthCheck: &compute.HealthCheckTcpHealthCheckArgs{
Port: pulumi.Int(80),
},
})
if err != nil {
return err
}
// Backend service for Zonal NEG
defaultBackendService, err := compute.NewBackendService(ctx, "default", &compute.BackendServiceArgs{
Name: pulumi.String("backend-default"),
PortName: pulumi.String("http"),
Protocol: pulumi.String("HTTP"),
TimeoutSec: pulumi.Int(10),
Backends: compute.BackendServiceBackendArray{
&compute.BackendServiceBackendArgs{
Group: defaultNetworkEndpointGroup.ID(),
BalancingMode: pulumi.String("RATE"),
MaxRatePerEndpoint: pulumi.Float64(10),
},
},
HealthChecks: defaultHealthCheck.ID(),
})
if err != nil {
return err
}
// Backgend service for Hybrid NEG
hybridBackendService, err := compute.NewBackendService(ctx, "hybrid", &compute.BackendServiceArgs{
Name: pulumi.String("backend-hybrid"),
PortName: pulumi.String("http"),
Protocol: pulumi.String("HTTP"),
TimeoutSec: pulumi.Int(10),
Backends: compute.BackendServiceBackendArray{
&compute.BackendServiceBackendArgs{
Group: hybrid.ID(),
BalancingMode: pulumi.String("RATE"),
MaxRatePerEndpoint: pulumi.Float64(10),
},
},
HealthChecks: defaultHealthCheck.ID(),
})
if err != nil {
return err
}
defaultURLMap, err := compute.NewURLMap(ctx, "default", &compute.URLMapArgs{
Name: pulumi.String("url-map-target-proxy"),
Description: pulumi.String("a description"),
DefaultService: defaultBackendService.ID(),
HostRules: compute.URLMapHostRuleArray{
&compute.URLMapHostRuleArgs{
Hosts: pulumi.StringArray{
pulumi.String("mysite.com"),
},
PathMatcher: pulumi.String("allpaths"),
},
},
PathMatchers: compute.URLMapPathMatcherArray{
&compute.URLMapPathMatcherArgs{
Name: pulumi.String("allpaths"),
DefaultService: defaultBackendService.ID(),
PathRules: compute.URLMapPathMatcherPathRuleArray{
&compute.URLMapPathMatcherPathRuleArgs{
Paths: pulumi.StringArray{
pulumi.String("/*"),
},
Service: defaultBackendService.ID(),
},
&compute.URLMapPathMatcherPathRuleArgs{
Paths: pulumi.StringArray{
pulumi.String("/hybrid"),
},
Service: hybridBackendService.ID(),
},
},
},
},
})
if err != nil {
return err
}
defaultTargetHttpProxy, err := compute.NewTargetHttpProxy(ctx, "default", &compute.TargetHttpProxyArgs{
Name: pulumi.String("target-proxy"),
Description: pulumi.String("a description"),
UrlMap: defaultURLMap.ID(),
})
if err != nil {
return err
}
_, err = compute.NewGlobalForwardingRule(ctx, "default", &compute.GlobalForwardingRuleArgs{
Name: pulumi.String("global-rule"),
Target: defaultTargetHttpProxy.ID(),
PortRange: pulumi.String("80"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var config = new Config();
var subnetworkCidr = config.Get("subnetworkCidr") ?? "10.0.0.0/24";
var @default = new Gcp.Compute.Network("default", new()
{
Name = "my-network",
});
var @internal = new Gcp.Compute.Network("internal", new()
{
Name = "my-internal-network",
AutoCreateSubnetworks = false,
});
var internalSubnetwork = new Gcp.Compute.Subnetwork("internal", new()
{
Name = "my-subnetwork",
Network = @internal.Id,
IpCidrRange = subnetworkCidr,
Region = "us-central1",
PrivateIpGoogleAccess = true,
});
// Zonal NEG with GCE_VM_IP_PORT
var defaultNetworkEndpointGroup = new Gcp.Compute.NetworkEndpointGroup("default", new()
{
Name = "default-neg",
Network = @default.Id,
DefaultPort = 90,
Zone = "us-central1-a",
NetworkEndpointType = "GCE_VM_IP_PORT",
});
// Zonal NEG with GCE_VM_IP
var internalNetworkEndpointGroup = new Gcp.Compute.NetworkEndpointGroup("internal", new()
{
Name = "internal-neg",
Network = @internal.Id,
Subnetwork = internalSubnetwork.Id,
Zone = "us-central1-a",
NetworkEndpointType = "GCE_VM_IP",
});
// Hybrid connectivity NEG
var hybrid = new Gcp.Compute.NetworkEndpointGroup("hybrid", new()
{
Name = "hybrid-neg",
Network = @default.Id,
DefaultPort = 90,
Zone = "us-central1-a",
NetworkEndpointType = "NON_GCP_PRIVATE_IP_PORT",
});
var hybrid_endpoint = new Gcp.Compute.NetworkEndpoint("hybrid-endpoint", new()
{
NetworkEndpointGroup = hybrid.Name,
Port = hybrid.DefaultPort,
IpAddress = "127.0.0.1",
});
var defaultHealthCheck = new Gcp.Compute.HealthCheck("default", new()
{
Name = "health-check",
TimeoutSec = 1,
CheckIntervalSec = 1,
TcpHealthCheck = new Gcp.Compute.Inputs.HealthCheckTcpHealthCheckArgs
{
Port = 80,
},
});
// Backend service for Zonal NEG
var defaultBackendService = new Gcp.Compute.BackendService("default", new()
{
Name = "backend-default",
PortName = "http",
Protocol = "HTTP",
TimeoutSec = 10,
Backends = new[]
{
new Gcp.Compute.Inputs.BackendServiceBackendArgs
{
Group = defaultNetworkEndpointGroup.Id,
BalancingMode = "RATE",
MaxRatePerEndpoint = 10,
},
},
HealthChecks = defaultHealthCheck.Id,
});
// Backgend service for Hybrid NEG
var hybridBackendService = new Gcp.Compute.BackendService("hybrid", new()
{
Name = "backend-hybrid",
PortName = "http",
Protocol = "HTTP",
TimeoutSec = 10,
Backends = new[]
{
new Gcp.Compute.Inputs.BackendServiceBackendArgs
{
Group = hybrid.Id,
BalancingMode = "RATE",
MaxRatePerEndpoint = 10,
},
},
HealthChecks = defaultHealthCheck.Id,
});
var defaultURLMap = new Gcp.Compute.URLMap("default", new()
{
Name = "url-map-target-proxy",
Description = "a description",
DefaultService = defaultBackendService.Id,
HostRules = new[]
{
new Gcp.Compute.Inputs.URLMapHostRuleArgs
{
Hosts = new[]
{
"mysite.com",
},
PathMatcher = "allpaths",
},
},
PathMatchers = new[]
{
new Gcp.Compute.Inputs.URLMapPathMatcherArgs
{
Name = "allpaths",
DefaultService = defaultBackendService.Id,
PathRules = new[]
{
new Gcp.Compute.Inputs.URLMapPathMatcherPathRuleArgs
{
Paths = new[]
{
"/*",
},
Service = defaultBackendService.Id,
},
new Gcp.Compute.Inputs.URLMapPathMatcherPathRuleArgs
{
Paths = new[]
{
"/hybrid",
},
Service = hybridBackendService.Id,
},
},
},
},
});
var defaultTargetHttpProxy = new Gcp.Compute.TargetHttpProxy("default", new()
{
Name = "target-proxy",
Description = "a description",
UrlMap = defaultURLMap.Id,
});
var defaultGlobalForwardingRule = new Gcp.Compute.GlobalForwardingRule("default", new()
{
Name = "global-rule",
Target = defaultTargetHttpProxy.Id,
PortRange = "80",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.compute.Network;
import com.pulumi.gcp.compute.NetworkArgs;
import com.pulumi.gcp.compute.Subnetwork;
import com.pulumi.gcp.compute.SubnetworkArgs;
import com.pulumi.gcp.compute.NetworkEndpointGroup;
import com.pulumi.gcp.compute.NetworkEndpointGroupArgs;
import com.pulumi.gcp.compute.NetworkEndpoint;
import com.pulumi.gcp.compute.NetworkEndpointArgs;
import com.pulumi.gcp.compute.HealthCheck;
import com.pulumi.gcp.compute.HealthCheckArgs;
import com.pulumi.gcp.compute.inputs.HealthCheckTcpHealthCheckArgs;
import com.pulumi.gcp.compute.BackendService;
import com.pulumi.gcp.compute.BackendServiceArgs;
import com.pulumi.gcp.compute.inputs.BackendServiceBackendArgs;
import com.pulumi.gcp.compute.URLMap;
import com.pulumi.gcp.compute.URLMapArgs;
import com.pulumi.gcp.compute.inputs.URLMapHostRuleArgs;
import com.pulumi.gcp.compute.inputs.URLMapPathMatcherArgs;
import com.pulumi.gcp.compute.TargetHttpProxy;
import com.pulumi.gcp.compute.TargetHttpProxyArgs;
import com.pulumi.gcp.compute.GlobalForwardingRule;
import com.pulumi.gcp.compute.GlobalForwardingRuleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var config = ctx.config();
final var subnetworkCidr = config.get("subnetworkCidr").orElse("10.0.0.0/24");
var default_ = new Network("default", NetworkArgs.builder()
.name("my-network")
.build());
var internal = new Network("internal", NetworkArgs.builder()
.name("my-internal-network")
.autoCreateSubnetworks(false)
.build());
var internalSubnetwork = new Subnetwork("internalSubnetwork", SubnetworkArgs.builder()
.name("my-subnetwork")
.network(internal.id())
.ipCidrRange(subnetworkCidr)
.region("us-central1")
.privateIpGoogleAccess(true)
.build());
// Zonal NEG with GCE_VM_IP_PORT
var defaultNetworkEndpointGroup = new NetworkEndpointGroup("defaultNetworkEndpointGroup", NetworkEndpointGroupArgs.builder()
.name("default-neg")
.network(default_.id())
.defaultPort("90")
.zone("us-central1-a")
.networkEndpointType("GCE_VM_IP_PORT")
.build());
// Zonal NEG with GCE_VM_IP
var internalNetworkEndpointGroup = new NetworkEndpointGroup("internalNetworkEndpointGroup", NetworkEndpointGroupArgs.builder()
.name("internal-neg")
.network(internal.id())
.subnetwork(internalSubnetwork.id())
.zone("us-central1-a")
.networkEndpointType("GCE_VM_IP")
.build());
// Hybrid connectivity NEG
var hybrid = new NetworkEndpointGroup("hybrid", NetworkEndpointGroupArgs.builder()
.name("hybrid-neg")
.network(default_.id())
.defaultPort("90")
.zone("us-central1-a")
.networkEndpointType("NON_GCP_PRIVATE_IP_PORT")
.build());
var hybrid_endpoint = new NetworkEndpoint("hybrid-endpoint", NetworkEndpointArgs.builder()
.networkEndpointGroup(hybrid.name())
.port(hybrid.defaultPort())
.ipAddress("127.0.0.1")
.build());
var defaultHealthCheck = new HealthCheck("defaultHealthCheck", HealthCheckArgs.builder()
.name("health-check")
.timeoutSec(1)
.checkIntervalSec(1)
.tcpHealthCheck(HealthCheckTcpHealthCheckArgs.builder()
.port("80")
.build())
.build());
// Backend service for Zonal NEG
var defaultBackendService = new BackendService("defaultBackendService", BackendServiceArgs.builder()
.name("backend-default")
.portName("http")
.protocol("HTTP")
.timeoutSec(10)
.backends(BackendServiceBackendArgs.builder()
.group(defaultNetworkEndpointGroup.id())
.balancingMode("RATE")
.maxRatePerEndpoint(10)
.build())
.healthChecks(defaultHealthCheck.id())
.build());
// Backgend service for Hybrid NEG
var hybridBackendService = new BackendService("hybridBackendService", BackendServiceArgs.builder()
.name("backend-hybrid")
.portName("http")
.protocol("HTTP")
.timeoutSec(10)
.backends(BackendServiceBackendArgs.builder()
.group(hybrid.id())
.balancingMode("RATE")
.maxRatePerEndpoint(10)
.build())
.healthChecks(defaultHealthCheck.id())
.build());
var defaultURLMap = new URLMap("defaultURLMap", URLMapArgs.builder()
.name("url-map-target-proxy")
.description("a description")
.defaultService(defaultBackendService.id())
.hostRules(URLMapHostRuleArgs.builder()
.hosts("mysite.com")
.pathMatcher("allpaths")
.build())
.pathMatchers(URLMapPathMatcherArgs.builder()
.name("allpaths")
.defaultService(defaultBackendService.id())
.pathRules(
URLMapPathMatcherPathRuleArgs.builder()
.paths("/*")
.service(defaultBackendService.id())
.build(),
URLMapPathMatcherPathRuleArgs.builder()
.paths("/hybrid")
.service(hybridBackendService.id())
.build())
.build())
.build());
var defaultTargetHttpProxy = new TargetHttpProxy("defaultTargetHttpProxy", TargetHttpProxyArgs.builder()
.name("target-proxy")
.description("a description")
.urlMap(defaultURLMap.id())
.build());
var defaultGlobalForwardingRule = new GlobalForwardingRule("defaultGlobalForwardingRule", GlobalForwardingRuleArgs.builder()
.name("global-rule")
.target(defaultTargetHttpProxy.id())
.portRange("80")
.build());
}
}
configuration:
# Roughly mirrors https://cloud.google.com/load-balancing/docs/https/setting-up-ext-https-hybrid
subnetworkCidr:
type: string
default: 10.0.0.0/24
resources:
default:
type: gcp:compute:Network
properties:
name: my-network
internal:
type: gcp:compute:Network
properties:
name: my-internal-network
autoCreateSubnetworks: false
internalSubnetwork:
type: gcp:compute:Subnetwork
name: internal
properties:
name: my-subnetwork
network: ${internal.id}
ipCidrRange: ${subnetworkCidr}
region: us-central1
privateIpGoogleAccess: true
# Zonal NEG with GCE_VM_IP_PORT
defaultNetworkEndpointGroup:
type: gcp:compute:NetworkEndpointGroup
name: default
properties:
name: default-neg
network: ${default.id}
defaultPort: '90'
zone: us-central1-a
networkEndpointType: GCE_VM_IP_PORT
# Zonal NEG with GCE_VM_IP
internalNetworkEndpointGroup:
type: gcp:compute:NetworkEndpointGroup
name: internal
properties:
name: internal-neg
network: ${internal.id}
subnetwork: ${internalSubnetwork.id}
zone: us-central1-a
networkEndpointType: GCE_VM_IP
# Hybrid connectivity NEG
hybrid:
type: gcp:compute:NetworkEndpointGroup
properties:
name: hybrid-neg
network: ${default.id}
defaultPort: '90'
zone: us-central1-a
networkEndpointType: NON_GCP_PRIVATE_IP_PORT
hybrid-endpoint:
type: gcp:compute:NetworkEndpoint
properties:
networkEndpointGroup: ${hybrid.name}
port: ${hybrid.defaultPort}
ipAddress: 127.0.0.1
# Backend service for Zonal NEG
defaultBackendService:
type: gcp:compute:BackendService
name: default
properties:
name: backend-default
portName: http
protocol: HTTP
timeoutSec: 10
backends:
- group: ${defaultNetworkEndpointGroup.id}
balancingMode: RATE
maxRatePerEndpoint: 10
healthChecks: ${defaultHealthCheck.id}
# Backgend service for Hybrid NEG
hybridBackendService:
type: gcp:compute:BackendService
name: hybrid
properties:
name: backend-hybrid
portName: http
protocol: HTTP
timeoutSec: 10
backends:
- group: ${hybrid.id}
balancingMode: RATE
maxRatePerEndpoint: 10
healthChecks: ${defaultHealthCheck.id}
defaultHealthCheck:
type: gcp:compute:HealthCheck
name: default
properties:
name: health-check
timeoutSec: 1
checkIntervalSec: 1
tcpHealthCheck:
port: '80'
defaultURLMap:
type: gcp:compute:URLMap
name: default
properties:
name: url-map-target-proxy
description: a description
defaultService: ${defaultBackendService.id}
hostRules:
- hosts:
- mysite.com
pathMatcher: allpaths
pathMatchers:
- name: allpaths
defaultService: ${defaultBackendService.id}
pathRules:
- paths:
- /*
service: ${defaultBackendService.id}
- paths:
- /hybrid
service: ${hybridBackendService.id}
defaultTargetHttpProxy:
type: gcp:compute:TargetHttpProxy
name: default
properties:
name: target-proxy
description: a description
urlMap: ${defaultURLMap.id}
defaultGlobalForwardingRule:
type: gcp:compute:GlobalForwardingRule
name: default
properties:
name: global-rule
target: ${defaultTargetHttpProxy.id}
portRange: '80'
Private Service Connect Google Apis
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const network = new gcp.compute.Network("network", {
project: "my-project-name",
name: "my-network",
autoCreateSubnetworks: false,
});
const vpcSubnetwork = new gcp.compute.Subnetwork("vpc_subnetwork", {
project: network.project,
name: "my-subnetwork",
ipCidrRange: "10.2.0.0/16",
region: "us-central1",
network: network.id,
privateIpGoogleAccess: true,
});
const _default = new gcp.compute.GlobalAddress("default", {
project: network.project,
name: "global-psconnect-ip",
addressType: "INTERNAL",
purpose: "PRIVATE_SERVICE_CONNECT",
network: network.id,
address: "100.100.100.106",
});
const defaultGlobalForwardingRule = new gcp.compute.GlobalForwardingRule("default", {
project: network.project,
name: "globalrule",
target: "all-apis",
network: network.id,
ipAddress: _default.id,
loadBalancingScheme: "",
serviceDirectoryRegistrations: {
namespace: "sd-namespace",
serviceDirectoryRegion: "europe-west3",
},
});
import pulumi
import pulumi_gcp as gcp
network = gcp.compute.Network("network",
project="my-project-name",
name="my-network",
auto_create_subnetworks=False)
vpc_subnetwork = gcp.compute.Subnetwork("vpc_subnetwork",
project=network.project,
name="my-subnetwork",
ip_cidr_range="10.2.0.0/16",
region="us-central1",
network=network.id,
private_ip_google_access=True)
default = gcp.compute.GlobalAddress("default",
project=network.project,
name="global-psconnect-ip",
address_type="INTERNAL",
purpose="PRIVATE_SERVICE_CONNECT",
network=network.id,
address="100.100.100.106")
default_global_forwarding_rule = gcp.compute.GlobalForwardingRule("default",
project=network.project,
name="globalrule",
target="all-apis",
network=network.id,
ip_address=default.id,
load_balancing_scheme="",
service_directory_registrations=gcp.compute.GlobalForwardingRuleServiceDirectoryRegistrationsArgs(
namespace="sd-namespace",
service_directory_region="europe-west3",
))
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
network, err := compute.NewNetwork(ctx, "network", &compute.NetworkArgs{
Project: pulumi.String("my-project-name"),
Name: pulumi.String("my-network"),
AutoCreateSubnetworks: pulumi.Bool(false),
})
if err != nil {
return err
}
_, err = compute.NewSubnetwork(ctx, "vpc_subnetwork", &compute.SubnetworkArgs{
Project: network.Project,
Name: pulumi.String("my-subnetwork"),
IpCidrRange: pulumi.String("10.2.0.0/16"),
Region: pulumi.String("us-central1"),
Network: network.ID(),
PrivateIpGoogleAccess: pulumi.Bool(true),
})
if err != nil {
return err
}
_, err = compute.NewGlobalAddress(ctx, "default", &compute.GlobalAddressArgs{
Project: network.Project,
Name: pulumi.String("global-psconnect-ip"),
AddressType: pulumi.String("INTERNAL"),
Purpose: pulumi.String("PRIVATE_SERVICE_CONNECT"),
Network: network.ID(),
Address: pulumi.String("100.100.100.106"),
})
if err != nil {
return err
}
_, err = compute.NewGlobalForwardingRule(ctx, "default", &compute.GlobalForwardingRuleArgs{
Project: network.Project,
Name: pulumi.String("globalrule"),
Target: pulumi.String("all-apis"),
Network: network.ID(),
IpAddress: _default.ID(),
LoadBalancingScheme: pulumi.String(""),
ServiceDirectoryRegistrations: &compute.GlobalForwardingRuleServiceDirectoryRegistrationsArgs{
Namespace: pulumi.String("sd-namespace"),
ServiceDirectoryRegion: pulumi.String("europe-west3"),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var network = new Gcp.Compute.Network("network", new()
{
Project = "my-project-name",
Name = "my-network",
AutoCreateSubnetworks = false,
});
var vpcSubnetwork = new Gcp.Compute.Subnetwork("vpc_subnetwork", new()
{
Project = network.Project,
Name = "my-subnetwork",
IpCidrRange = "10.2.0.0/16",
Region = "us-central1",
Network = network.Id,
PrivateIpGoogleAccess = true,
});
var @default = new Gcp.Compute.GlobalAddress("default", new()
{
Project = network.Project,
Name = "global-psconnect-ip",
AddressType = "INTERNAL",
Purpose = "PRIVATE_SERVICE_CONNECT",
Network = network.Id,
Address = "100.100.100.106",
});
var defaultGlobalForwardingRule = new Gcp.Compute.GlobalForwardingRule("default", new()
{
Project = network.Project,
Name = "globalrule",
Target = "all-apis",
Network = network.Id,
IpAddress = @default.Id,
LoadBalancingScheme = "",
ServiceDirectoryRegistrations = new Gcp.Compute.Inputs.GlobalForwardingRuleServiceDirectoryRegistrationsArgs
{
Namespace = "sd-namespace",
ServiceDirectoryRegion = "europe-west3",
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.compute.Network;
import com.pulumi.gcp.compute.NetworkArgs;
import com.pulumi.gcp.compute.Subnetwork;
import com.pulumi.gcp.compute.SubnetworkArgs;
import com.pulumi.gcp.compute.GlobalAddress;
import com.pulumi.gcp.compute.GlobalAddressArgs;
import com.pulumi.gcp.compute.GlobalForwardingRule;
import com.pulumi.gcp.compute.GlobalForwardingRuleArgs;
import com.pulumi.gcp.compute.inputs.GlobalForwardingRuleServiceDirectoryRegistrationsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var network = new Network("network", NetworkArgs.builder()
.project("my-project-name")
.name("my-network")
.autoCreateSubnetworks(false)
.build());
var vpcSubnetwork = new Subnetwork("vpcSubnetwork", SubnetworkArgs.builder()
.project(network.project())
.name("my-subnetwork")
.ipCidrRange("10.2.0.0/16")
.region("us-central1")
.network(network.id())
.privateIpGoogleAccess(true)
.build());
var default_ = new GlobalAddress("default", GlobalAddressArgs.builder()
.project(network.project())
.name("global-psconnect-ip")
.addressType("INTERNAL")
.purpose("PRIVATE_SERVICE_CONNECT")
.network(network.id())
.address("100.100.100.106")
.build());
var defaultGlobalForwardingRule = new GlobalForwardingRule("defaultGlobalForwardingRule", GlobalForwardingRuleArgs.builder()
.project(network.project())
.name("globalrule")
.target("all-apis")
.network(network.id())
.ipAddress(default_.id())
.loadBalancingScheme("")
.serviceDirectoryRegistrations(GlobalForwardingRuleServiceDirectoryRegistrationsArgs.builder()
.namespace("sd-namespace")
.serviceDirectoryRegion("europe-west3")
.build())
.build());
}
}
resources:
network:
type: gcp:compute:Network
properties:
project: my-project-name
name: my-network
autoCreateSubnetworks: false
vpcSubnetwork:
type: gcp:compute:Subnetwork
name: vpc_subnetwork
properties:
project: ${network.project}
name: my-subnetwork
ipCidrRange: 10.2.0.0/16
region: us-central1
network: ${network.id}
privateIpGoogleAccess: true
default:
type: gcp:compute:GlobalAddress
properties:
project: ${network.project}
name: global-psconnect-ip
addressType: INTERNAL
purpose: PRIVATE_SERVICE_CONNECT
network: ${network.id}
address: 100.100.100.106
defaultGlobalForwardingRule:
type: gcp:compute:GlobalForwardingRule
name: default
properties:
project: ${network.project}
name: globalrule
target: all-apis
network: ${network.id}
ipAddress: ${default.id}
loadBalancingScheme:
serviceDirectoryRegistrations:
namespace: sd-namespace
serviceDirectoryRegion: europe-west3
Private Service Connect Google Apis No Automate Dns
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const network = new gcp.compute.Network("network", {
project: "my-project-name",
name: "my-network",
autoCreateSubnetworks: false,
});
const vpcSubnetwork = new gcp.compute.Subnetwork("vpc_subnetwork", {
project: network.project,
name: "my-subnetwork",
ipCidrRange: "10.2.0.0/16",
region: "us-central1",
network: network.id,
privateIpGoogleAccess: true,
});
const _default = new gcp.compute.GlobalAddress("default", {
project: network.project,
name: "global-psconnect-ip",
addressType: "INTERNAL",
purpose: "PRIVATE_SERVICE_CONNECT",
network: network.id,
address: "100.100.100.106",
});
const defaultGlobalForwardingRule = new gcp.compute.GlobalForwardingRule("default", {
project: network.project,
name: "globalrule",
target: "all-apis",
network: network.id,
ipAddress: _default.id,
loadBalancingScheme: "",
noAutomateDnsZone: false,
});
import pulumi
import pulumi_gcp as gcp
network = gcp.compute.Network("network",
project="my-project-name",
name="my-network",
auto_create_subnetworks=False)
vpc_subnetwork = gcp.compute.Subnetwork("vpc_subnetwork",
project=network.project,
name="my-subnetwork",
ip_cidr_range="10.2.0.0/16",
region="us-central1",
network=network.id,
private_ip_google_access=True)
default = gcp.compute.GlobalAddress("default",
project=network.project,
name="global-psconnect-ip",
address_type="INTERNAL",
purpose="PRIVATE_SERVICE_CONNECT",
network=network.id,
address="100.100.100.106")
default_global_forwarding_rule = gcp.compute.GlobalForwardingRule("default",
project=network.project,
name="globalrule",
target="all-apis",
network=network.id,
ip_address=default.id,
load_balancing_scheme="",
no_automate_dns_zone=False)
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
network, err := compute.NewNetwork(ctx, "network", &compute.NetworkArgs{
Project: pulumi.String("my-project-name"),
Name: pulumi.String("my-network"),
AutoCreateSubnetworks: pulumi.Bool(false),
})
if err != nil {
return err
}
_, err = compute.NewSubnetwork(ctx, "vpc_subnetwork", &compute.SubnetworkArgs{
Project: network.Project,
Name: pulumi.String("my-subnetwork"),
IpCidrRange: pulumi.String("10.2.0.0/16"),
Region: pulumi.String("us-central1"),
Network: network.ID(),
PrivateIpGoogleAccess: pulumi.Bool(true),
})
if err != nil {
return err
}
_, err = compute.NewGlobalAddress(ctx, "default", &compute.GlobalAddressArgs{
Project: network.Project,
Name: pulumi.String("global-psconnect-ip"),
AddressType: pulumi.String("INTERNAL"),
Purpose: pulumi.String("PRIVATE_SERVICE_CONNECT"),
Network: network.ID(),
Address: pulumi.String("100.100.100.106"),
})
if err != nil {
return err
}
_, err = compute.NewGlobalForwardingRule(ctx, "default", &compute.GlobalForwardingRuleArgs{
Project: network.Project,
Name: pulumi.String("globalrule"),
Target: pulumi.String("all-apis"),
Network: network.ID(),
IpAddress: _default.ID(),
LoadBalancingScheme: pulumi.String(""),
NoAutomateDnsZone: pulumi.Bool(false),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var network = new Gcp.Compute.Network("network", new()
{
Project = "my-project-name",
Name = "my-network",
AutoCreateSubnetworks = false,
});
var vpcSubnetwork = new Gcp.Compute.Subnetwork("vpc_subnetwork", new()
{
Project = network.Project,
Name = "my-subnetwork",
IpCidrRange = "10.2.0.0/16",
Region = "us-central1",
Network = network.Id,
PrivateIpGoogleAccess = true,
});
var @default = new Gcp.Compute.GlobalAddress("default", new()
{
Project = network.Project,
Name = "global-psconnect-ip",
AddressType = "INTERNAL",
Purpose = "PRIVATE_SERVICE_CONNECT",
Network = network.Id,
Address = "100.100.100.106",
});
var defaultGlobalForwardingRule = new Gcp.Compute.GlobalForwardingRule("default", new()
{
Project = network.Project,
Name = "globalrule",
Target = "all-apis",
Network = network.Id,
IpAddress = @default.Id,
LoadBalancingScheme = "",
NoAutomateDnsZone = false,
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.compute.Network;
import com.pulumi.gcp.compute.NetworkArgs;
import com.pulumi.gcp.compute.Subnetwork;
import com.pulumi.gcp.compute.SubnetworkArgs;
import com.pulumi.gcp.compute.GlobalAddress;
import com.pulumi.gcp.compute.GlobalAddressArgs;
import com.pulumi.gcp.compute.GlobalForwardingRule;
import com.pulumi.gcp.compute.GlobalForwardingRuleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var network = new Network("network", NetworkArgs.builder()
.project("my-project-name")
.name("my-network")
.autoCreateSubnetworks(false)
.build());
var vpcSubnetwork = new Subnetwork("vpcSubnetwork", SubnetworkArgs.builder()
.project(network.project())
.name("my-subnetwork")
.ipCidrRange("10.2.0.0/16")
.region("us-central1")
.network(network.id())
.privateIpGoogleAccess(true)
.build());
var default_ = new GlobalAddress("default", GlobalAddressArgs.builder()
.project(network.project())
.name("global-psconnect-ip")
.addressType("INTERNAL")
.purpose("PRIVATE_SERVICE_CONNECT")
.network(network.id())
.address("100.100.100.106")
.build());
var defaultGlobalForwardingRule = new GlobalForwardingRule("defaultGlobalForwardingRule", GlobalForwardingRuleArgs.builder()
.project(network.project())
.name("globalrule")
.target("all-apis")
.network(network.id())
.ipAddress(default_.id())
.loadBalancingScheme("")
.noAutomateDnsZone(false)
.build());
}
}
resources:
network:
type: gcp:compute:Network
properties:
project: my-project-name
name: my-network
autoCreateSubnetworks: false
vpcSubnetwork:
type: gcp:compute:Subnetwork
name: vpc_subnetwork
properties:
project: ${network.project}
name: my-subnetwork
ipCidrRange: 10.2.0.0/16
region: us-central1
network: ${network.id}
privateIpGoogleAccess: true
default:
type: gcp:compute:GlobalAddress
properties:
project: ${network.project}
name: global-psconnect-ip
addressType: INTERNAL
purpose: PRIVATE_SERVICE_CONNECT
network: ${network.id}
address: 100.100.100.106
defaultGlobalForwardingRule:
type: gcp:compute:GlobalForwardingRule
name: default
properties:
project: ${network.project}
name: globalrule
target: all-apis
network: ${network.id}
ipAddress: ${default.id}
loadBalancingScheme:
noAutomateDnsZone: false
Create GlobalForwardingRule Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new GlobalForwardingRule(name: string, args: GlobalForwardingRuleArgs, opts?: CustomResourceOptions);
@overload
def GlobalForwardingRule(resource_name: str,
args: GlobalForwardingRuleArgs,
opts: Optional[ResourceOptions] = None)
@overload
def GlobalForwardingRule(resource_name: str,
opts: Optional[ResourceOptions] = None,
target: Optional[str] = None,
name: Optional[str] = None,
metadata_filters: Optional[Sequence[GlobalForwardingRuleMetadataFilterArgs]] = None,
ip_protocol: Optional[str] = None,
ip_version: Optional[str] = None,
network: Optional[str] = None,
load_balancing_scheme: Optional[str] = None,
ip_address: Optional[str] = None,
allow_psc_global_access: Optional[bool] = None,
labels: Optional[Mapping[str, str]] = None,
no_automate_dns_zone: Optional[bool] = None,
port_range: Optional[str] = None,
project: Optional[str] = None,
service_directory_registrations: Optional[GlobalForwardingRuleServiceDirectoryRegistrationsArgs] = None,
source_ip_ranges: Optional[Sequence[str]] = None,
subnetwork: Optional[str] = None,
description: Optional[str] = None)
func NewGlobalForwardingRule(ctx *Context, name string, args GlobalForwardingRuleArgs, opts ...ResourceOption) (*GlobalForwardingRule, error)
public GlobalForwardingRule(string name, GlobalForwardingRuleArgs args, CustomResourceOptions? opts = null)
public GlobalForwardingRule(String name, GlobalForwardingRuleArgs args)
public GlobalForwardingRule(String name, GlobalForwardingRuleArgs args, CustomResourceOptions options)
type: gcp:compute:GlobalForwardingRule
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args GlobalForwardingRuleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args GlobalForwardingRuleArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args GlobalForwardingRuleArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args GlobalForwardingRuleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args GlobalForwardingRuleArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var globalForwardingRuleResource = new Gcp.Compute.GlobalForwardingRule("globalForwardingRuleResource", new()
{
Target = "string",
Name = "string",
MetadataFilters = new[]
{
new Gcp.Compute.Inputs.GlobalForwardingRuleMetadataFilterArgs
{
FilterLabels = new[]
{
new Gcp.Compute.Inputs.GlobalForwardingRuleMetadataFilterFilterLabelArgs
{
Name = "string",
Value = "string",
},
},
FilterMatchCriteria = "string",
},
},
IpProtocol = "string",
IpVersion = "string",
Network = "string",
LoadBalancingScheme = "string",
IpAddress = "string",
AllowPscGlobalAccess = false,
Labels =
{
{ "string", "string" },
},
NoAutomateDnsZone = false,
PortRange = "string",
Project = "string",
ServiceDirectoryRegistrations = new Gcp.Compute.Inputs.GlobalForwardingRuleServiceDirectoryRegistrationsArgs
{
Namespace = "string",
ServiceDirectoryRegion = "string",
},
SourceIpRanges = new[]
{
"string",
},
Subnetwork = "string",
Description = "string",
});
example, err := compute.NewGlobalForwardingRule(ctx, "globalForwardingRuleResource", &compute.GlobalForwardingRuleArgs{
Target: pulumi.String("string"),
Name: pulumi.String("string"),
MetadataFilters: compute.GlobalForwardingRuleMetadataFilterArray{
&compute.GlobalForwardingRuleMetadataFilterArgs{
FilterLabels: compute.GlobalForwardingRuleMetadataFilterFilterLabelArray{
&compute.GlobalForwardingRuleMetadataFilterFilterLabelArgs{
Name: pulumi.String("string"),
Value: pulumi.String("string"),
},
},
FilterMatchCriteria: pulumi.String("string"),
},
},
IpProtocol: pulumi.String("string"),
IpVersion: pulumi.String("string"),
Network: pulumi.String("string"),
LoadBalancingScheme: pulumi.String("string"),
IpAddress: pulumi.String("string"),
AllowPscGlobalAccess: pulumi.Bool(false),
Labels: pulumi.StringMap{
"string": pulumi.String("string"),
},
NoAutomateDnsZone: pulumi.Bool(false),
PortRange: pulumi.String("string"),
Project: pulumi.String("string"),
ServiceDirectoryRegistrations: &compute.GlobalForwardingRuleServiceDirectoryRegistrationsArgs{
Namespace: pulumi.String("string"),
ServiceDirectoryRegion: pulumi.String("string"),
},
SourceIpRanges: pulumi.StringArray{
pulumi.String("string"),
},
Subnetwork: pulumi.String("string"),
Description: pulumi.String("string"),
})
var globalForwardingRuleResource = new GlobalForwardingRule("globalForwardingRuleResource", GlobalForwardingRuleArgs.builder()
.target("string")
.name("string")
.metadataFilters(GlobalForwardingRuleMetadataFilterArgs.builder()
.filterLabels(GlobalForwardingRuleMetadataFilterFilterLabelArgs.builder()
.name("string")
.value("string")
.build())
.filterMatchCriteria("string")
.build())
.ipProtocol("string")
.ipVersion("string")
.network("string")
.loadBalancingScheme("string")
.ipAddress("string")
.allowPscGlobalAccess(false)
.labels(Map.of("string", "string"))
.noAutomateDnsZone(false)
.portRange("string")
.project("string")
.serviceDirectoryRegistrations(GlobalForwardingRuleServiceDirectoryRegistrationsArgs.builder()
.namespace("string")
.serviceDirectoryRegion("string")
.build())
.sourceIpRanges("string")
.subnetwork("string")
.description("string")
.build());
global_forwarding_rule_resource = gcp.compute.GlobalForwardingRule("globalForwardingRuleResource",
target="string",
name="string",
metadata_filters=[gcp.compute.GlobalForwardingRuleMetadataFilterArgs(
filter_labels=[gcp.compute.GlobalForwardingRuleMetadataFilterFilterLabelArgs(
name="string",
value="string",
)],
filter_match_criteria="string",
)],
ip_protocol="string",
ip_version="string",
network="string",
load_balancing_scheme="string",
ip_address="string",
allow_psc_global_access=False,
labels={
"string": "string",
},
no_automate_dns_zone=False,
port_range="string",
project="string",
service_directory_registrations=gcp.compute.GlobalForwardingRuleServiceDirectoryRegistrationsArgs(
namespace="string",
service_directory_region="string",
),
source_ip_ranges=["string"],
subnetwork="string",
description="string")
const globalForwardingRuleResource = new gcp.compute.GlobalForwardingRule("globalForwardingRuleResource", {
target: "string",
name: "string",
metadataFilters: [{
filterLabels: [{
name: "string",
value: "string",
}],
filterMatchCriteria: "string",
}],
ipProtocol: "string",
ipVersion: "string",
network: "string",
loadBalancingScheme: "string",
ipAddress: "string",
allowPscGlobalAccess: false,
labels: {
string: "string",
},
noAutomateDnsZone: false,
portRange: "string",
project: "string",
serviceDirectoryRegistrations: {
namespace: "string",
serviceDirectoryRegion: "string",
},
sourceIpRanges: ["string"],
subnetwork: "string",
description: "string",
});
type: gcp:compute:GlobalForwardingRule
properties:
allowPscGlobalAccess: false
description: string
ipAddress: string
ipProtocol: string
ipVersion: string
labels:
string: string
loadBalancingScheme: string
metadataFilters:
- filterLabels:
- name: string
value: string
filterMatchCriteria: string
name: string
network: string
noAutomateDnsZone: false
portRange: string
project: string
serviceDirectoryRegistrations:
namespace: string
serviceDirectoryRegion: string
sourceIpRanges:
- string
subnetwork: string
target: string
GlobalForwardingRule Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The GlobalForwardingRule resource accepts the following input properties:
- Target string
The URL of the target resource to receive the matched traffic. For regional forwarding rules, this target must be in the same region as the forwarding rule. For global forwarding rules, this target must be a global load balancing resource. The forwarded traffic must be of a type appropriate to the target object.
- For load balancers, see the "Target" column in Port specifications.
- For Private Service Connect forwarding rules that forward traffic to Google APIs, provide the name of a supported Google API bundle:
vpc-sc
- APIs that support VPC Service Controls.all-apis
- All supported Google APIs.
For Private Service Connect forwarding rules that forward traffic to managed services, the target must be a service attachment.
- Allow
Psc boolGlobal Access - This is used in PSC consumer ForwardingRule to control whether the PSC endpoint can be accessed from another region.
- Description string
- An optional description of this resource. Provide this property when you create the resource.
- Ip
Address string IP address for which this forwarding rule accepts traffic. When a client sends traffic to this IP address, the forwarding rule directs the traffic to the referenced
target
. While creating a forwarding rule, specifying anIPAddress
is required under the following circumstances:- When the
target
is set totargetGrpcProxy
andvalidateForProxyless
is set totrue
, theIPAddress
should be set to0.0.0.0
. - When the
target
is a Private Service Connect Google APIs bundle, you must specify anIPAddress
.
Otherwise, you can optionally specify an IP address that references an existing static (reserved) IP address resource. When omitted, Google Cloud assigns an ephemeral IP address. Use one of the following formats to specify an IP address while creating a forwarding rule:
- IP address number, as in
100.1.2.3
- IPv6 address range, as in
2600:1234::/96
- Full resource URL, as in
https://www.googleapis.com/compute/v1/projects/project_id/regions/region/addresses/address-name
- Partial URL or by name, as in:
projects/project_id/regions/region/addresses/address-name
regions/region/addresses/address-name
global/addresses/address-name
address-name
The forwarding rule's
target
, and in most cases, also theloadBalancingScheme
, determine the type of IP address that you can use. For detailed information, see IP address specifications. When reading anIPAddress
, the API always returns the IP address number.- When the
- Ip
Protocol string - The IP protocol to which this rule applies.
For protocol forwarding, valid
options are
TCP
,UDP
,ESP
,AH
,SCTP
,ICMP
andL3_DEFAULT
. The valid IP protocols are different for different load balancing products as described in Load balancing features. Possible values are:TCP
,UDP
,ESP
,AH
,SCTP
,ICMP
. - Ip
Version string - The IP Version that will be used by this global forwarding rule.
Possible values are:
IPV4
,IPV6
. - Labels Dictionary<string, string>
Labels to apply to this forwarding rule. A list of key->value pairs.
Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field
effective_labels
for all of the labels present on the resource.- Load
Balancing stringScheme - Specifies the forwarding rule type.
For more information about forwarding rules, refer to
Forwarding rule concepts.
Default value is
EXTERNAL
. Possible values are:EXTERNAL
,EXTERNAL_MANAGED
,INTERNAL_MANAGED
,INTERNAL_SELF_MANAGED
. - Metadata
Filters List<GlobalForwarding Rule Metadata Filter> - Opaque filter criteria used by Loadbalancer to restrict routing configuration to a limited set xDS compliant clients. In their xDS requests to Loadbalancer, xDS clients present node metadata. If a match takes place, the relevant routing configuration is made available to those proxies. For each metadataFilter in this list, if its filterMatchCriteria is set to MATCH_ANY, at least one of the filterLabels must match the corresponding label provided in the metadata. If its filterMatchCriteria is set to MATCH_ALL, then all of its filterLabels must match with corresponding labels in the provided metadata. metadataFilters specified here can be overridden by those specified in the UrlMap that this ForwardingRule references. metadataFilters only applies to Loadbalancers that have their loadBalancingScheme set to INTERNAL_SELF_MANAGED. Structure is documented below.
- Name string
- Name of the resource; provided by the client when the resource is created.
The name must be 1-63 characters long, and comply with
RFC1035.
Specifically, the name must be 1-63 characters long and match the regular
expression
a-z?
which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. For Private Service Connect forwarding rules that forward traffic to Google APIs, the forwarding rule name must be a 1-20 characters string with lowercase letters and numbers and must start with a letter. - Network string
- This field is not used for external load balancing. For Internal TCP/UDP Load Balancing, this field identifies the network that the load balanced IP should belong to for this Forwarding Rule. If the subnetwork is specified, the network of the subnetwork will be used. If neither subnetwork nor this field is specified, the default network will be used. For Private Service Connect forwarding rules that forward traffic to Google APIs, a network must be provided.
- No
Automate boolDns Zone - This is used in PSC consumer ForwardingRule to control whether it should try to auto-generate a DNS zone or not. Non-PSC forwarding rules do not use this field.
- Port
Range string - The
portRange
field has the following limitations:- It requires that the forwarding rule
IPProtocol
be TCP, UDP, or SCTP, and - It's applicable only to the following products: external passthrough Network Load Balancers, internal and external proxy Network Load Balancers, internal and external Application Load Balancers, external protocol forwarding, and Classic VPN.
- Some products have restrictions on what ports can be used. See
port specifications
for details.
For external forwarding rules, two or more forwarding rules cannot use the
same
[IPAddress, IPProtocol]
pair, and cannot have overlappingportRange
s. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same[IPAddress, IPProtocol]
pair, and cannot have overlappingportRange
s.
- It requires that the forwarding rule
- Project string
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- Service
Directory GlobalRegistrations Forwarding Rule Service Directory Registrations - Service Directory resources to register this forwarding rule with. Currently, only supports a single Service Directory resource. Structure is documented below.
- Source
Ip List<string>Ranges - If not empty, this Forwarding Rule will only forward the traffic when the source IP address matches one of the IP addresses or CIDR ranges set here. Note that a Forwarding Rule can only have up to 64 source IP ranges, and this field can only be used with a regional Forwarding Rule whose scheme is EXTERNAL. Each sourceIpRange entry should be either an IP address (for example, 1.2.3.4) or a CIDR range (for example, 1.2.3.0/24).
- Subnetwork string
- This field identifies the subnetwork that the load balanced IP should belong to for this Forwarding Rule, used in internal load balancing and network load balancing with IPv6. If the network specified is in auto subnet mode, this field is optional. However, a subnetwork must be specified if the network is in custom subnet mode or when creating external forwarding rule with IPv6.
- Target string
The URL of the target resource to receive the matched traffic. For regional forwarding rules, this target must be in the same region as the forwarding rule. For global forwarding rules, this target must be a global load balancing resource. The forwarded traffic must be of a type appropriate to the target object.
- For load balancers, see the "Target" column in Port specifications.
- For Private Service Connect forwarding rules that forward traffic to Google APIs, provide the name of a supported Google API bundle:
vpc-sc
- APIs that support VPC Service Controls.all-apis
- All supported Google APIs.
For Private Service Connect forwarding rules that forward traffic to managed services, the target must be a service attachment.
- Allow
Psc boolGlobal Access - This is used in PSC consumer ForwardingRule to control whether the PSC endpoint can be accessed from another region.
- Description string
- An optional description of this resource. Provide this property when you create the resource.
- Ip
Address string IP address for which this forwarding rule accepts traffic. When a client sends traffic to this IP address, the forwarding rule directs the traffic to the referenced
target
. While creating a forwarding rule, specifying anIPAddress
is required under the following circumstances:- When the
target
is set totargetGrpcProxy
andvalidateForProxyless
is set totrue
, theIPAddress
should be set to0.0.0.0
. - When the
target
is a Private Service Connect Google APIs bundle, you must specify anIPAddress
.
Otherwise, you can optionally specify an IP address that references an existing static (reserved) IP address resource. When omitted, Google Cloud assigns an ephemeral IP address. Use one of the following formats to specify an IP address while creating a forwarding rule:
- IP address number, as in
100.1.2.3
- IPv6 address range, as in
2600:1234::/96
- Full resource URL, as in
https://www.googleapis.com/compute/v1/projects/project_id/regions/region/addresses/address-name
- Partial URL or by name, as in:
projects/project_id/regions/region/addresses/address-name
regions/region/addresses/address-name
global/addresses/address-name
address-name
The forwarding rule's
target
, and in most cases, also theloadBalancingScheme
, determine the type of IP address that you can use. For detailed information, see IP address specifications. When reading anIPAddress
, the API always returns the IP address number.- When the
- Ip
Protocol string - The IP protocol to which this rule applies.
For protocol forwarding, valid
options are
TCP
,UDP
,ESP
,AH
,SCTP
,ICMP
andL3_DEFAULT
. The valid IP protocols are different for different load balancing products as described in Load balancing features. Possible values are:TCP
,UDP
,ESP
,AH
,SCTP
,ICMP
. - Ip
Version string - The IP Version that will be used by this global forwarding rule.
Possible values are:
IPV4
,IPV6
. - Labels map[string]string
Labels to apply to this forwarding rule. A list of key->value pairs.
Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field
effective_labels
for all of the labels present on the resource.- Load
Balancing stringScheme - Specifies the forwarding rule type.
For more information about forwarding rules, refer to
Forwarding rule concepts.
Default value is
EXTERNAL
. Possible values are:EXTERNAL
,EXTERNAL_MANAGED
,INTERNAL_MANAGED
,INTERNAL_SELF_MANAGED
. - Metadata
Filters []GlobalForwarding Rule Metadata Filter Args - Opaque filter criteria used by Loadbalancer to restrict routing configuration to a limited set xDS compliant clients. In their xDS requests to Loadbalancer, xDS clients present node metadata. If a match takes place, the relevant routing configuration is made available to those proxies. For each metadataFilter in this list, if its filterMatchCriteria is set to MATCH_ANY, at least one of the filterLabels must match the corresponding label provided in the metadata. If its filterMatchCriteria is set to MATCH_ALL, then all of its filterLabels must match with corresponding labels in the provided metadata. metadataFilters specified here can be overridden by those specified in the UrlMap that this ForwardingRule references. metadataFilters only applies to Loadbalancers that have their loadBalancingScheme set to INTERNAL_SELF_MANAGED. Structure is documented below.
- Name string
- Name of the resource; provided by the client when the resource is created.
The name must be 1-63 characters long, and comply with
RFC1035.
Specifically, the name must be 1-63 characters long and match the regular
expression
a-z?
which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. For Private Service Connect forwarding rules that forward traffic to Google APIs, the forwarding rule name must be a 1-20 characters string with lowercase letters and numbers and must start with a letter. - Network string
- This field is not used for external load balancing. For Internal TCP/UDP Load Balancing, this field identifies the network that the load balanced IP should belong to for this Forwarding Rule. If the subnetwork is specified, the network of the subnetwork will be used. If neither subnetwork nor this field is specified, the default network will be used. For Private Service Connect forwarding rules that forward traffic to Google APIs, a network must be provided.
- No
Automate boolDns Zone - This is used in PSC consumer ForwardingRule to control whether it should try to auto-generate a DNS zone or not. Non-PSC forwarding rules do not use this field.
- Port
Range string - The
portRange
field has the following limitations:- It requires that the forwarding rule
IPProtocol
be TCP, UDP, or SCTP, and - It's applicable only to the following products: external passthrough Network Load Balancers, internal and external proxy Network Load Balancers, internal and external Application Load Balancers, external protocol forwarding, and Classic VPN.
- Some products have restrictions on what ports can be used. See
port specifications
for details.
For external forwarding rules, two or more forwarding rules cannot use the
same
[IPAddress, IPProtocol]
pair, and cannot have overlappingportRange
s. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same[IPAddress, IPProtocol]
pair, and cannot have overlappingportRange
s.
- It requires that the forwarding rule
- Project string
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- Service
Directory GlobalRegistrations Forwarding Rule Service Directory Registrations Args - Service Directory resources to register this forwarding rule with. Currently, only supports a single Service Directory resource. Structure is documented below.
- Source
Ip []stringRanges - If not empty, this Forwarding Rule will only forward the traffic when the source IP address matches one of the IP addresses or CIDR ranges set here. Note that a Forwarding Rule can only have up to 64 source IP ranges, and this field can only be used with a regional Forwarding Rule whose scheme is EXTERNAL. Each sourceIpRange entry should be either an IP address (for example, 1.2.3.4) or a CIDR range (for example, 1.2.3.0/24).
- Subnetwork string
- This field identifies the subnetwork that the load balanced IP should belong to for this Forwarding Rule, used in internal load balancing and network load balancing with IPv6. If the network specified is in auto subnet mode, this field is optional. However, a subnetwork must be specified if the network is in custom subnet mode or when creating external forwarding rule with IPv6.
- target String
The URL of the target resource to receive the matched traffic. For regional forwarding rules, this target must be in the same region as the forwarding rule. For global forwarding rules, this target must be a global load balancing resource. The forwarded traffic must be of a type appropriate to the target object.
- For load balancers, see the "Target" column in Port specifications.
- For Private Service Connect forwarding rules that forward traffic to Google APIs, provide the name of a supported Google API bundle:
vpc-sc
- APIs that support VPC Service Controls.all-apis
- All supported Google APIs.
For Private Service Connect forwarding rules that forward traffic to managed services, the target must be a service attachment.
- allow
Psc BooleanGlobal Access - This is used in PSC consumer ForwardingRule to control whether the PSC endpoint can be accessed from another region.
- description String
- An optional description of this resource. Provide this property when you create the resource.
- ip
Address String IP address for which this forwarding rule accepts traffic. When a client sends traffic to this IP address, the forwarding rule directs the traffic to the referenced
target
. While creating a forwarding rule, specifying anIPAddress
is required under the following circumstances:- When the
target
is set totargetGrpcProxy
andvalidateForProxyless
is set totrue
, theIPAddress
should be set to0.0.0.0
. - When the
target
is a Private Service Connect Google APIs bundle, you must specify anIPAddress
.
Otherwise, you can optionally specify an IP address that references an existing static (reserved) IP address resource. When omitted, Google Cloud assigns an ephemeral IP address. Use one of the following formats to specify an IP address while creating a forwarding rule:
- IP address number, as in
100.1.2.3
- IPv6 address range, as in
2600:1234::/96
- Full resource URL, as in
https://www.googleapis.com/compute/v1/projects/project_id/regions/region/addresses/address-name
- Partial URL or by name, as in:
projects/project_id/regions/region/addresses/address-name
regions/region/addresses/address-name
global/addresses/address-name
address-name
The forwarding rule's
target
, and in most cases, also theloadBalancingScheme
, determine the type of IP address that you can use. For detailed information, see IP address specifications. When reading anIPAddress
, the API always returns the IP address number.- When the
- ip
Protocol String - The IP protocol to which this rule applies.
For protocol forwarding, valid
options are
TCP
,UDP
,ESP
,AH
,SCTP
,ICMP
andL3_DEFAULT
. The valid IP protocols are different for different load balancing products as described in Load balancing features. Possible values are:TCP
,UDP
,ESP
,AH
,SCTP
,ICMP
. - ip
Version String - The IP Version that will be used by this global forwarding rule.
Possible values are:
IPV4
,IPV6
. - labels Map<String,String>
Labels to apply to this forwarding rule. A list of key->value pairs.
Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field
effective_labels
for all of the labels present on the resource.- load
Balancing StringScheme - Specifies the forwarding rule type.
For more information about forwarding rules, refer to
Forwarding rule concepts.
Default value is
EXTERNAL
. Possible values are:EXTERNAL
,EXTERNAL_MANAGED
,INTERNAL_MANAGED
,INTERNAL_SELF_MANAGED
. - metadata
Filters List<GlobalForwarding Rule Metadata Filter> - Opaque filter criteria used by Loadbalancer to restrict routing configuration to a limited set xDS compliant clients. In their xDS requests to Loadbalancer, xDS clients present node metadata. If a match takes place, the relevant routing configuration is made available to those proxies. For each metadataFilter in this list, if its filterMatchCriteria is set to MATCH_ANY, at least one of the filterLabels must match the corresponding label provided in the metadata. If its filterMatchCriteria is set to MATCH_ALL, then all of its filterLabels must match with corresponding labels in the provided metadata. metadataFilters specified here can be overridden by those specified in the UrlMap that this ForwardingRule references. metadataFilters only applies to Loadbalancers that have their loadBalancingScheme set to INTERNAL_SELF_MANAGED. Structure is documented below.
- name String
- Name of the resource; provided by the client when the resource is created.
The name must be 1-63 characters long, and comply with
RFC1035.
Specifically, the name must be 1-63 characters long and match the regular
expression
a-z?
which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. For Private Service Connect forwarding rules that forward traffic to Google APIs, the forwarding rule name must be a 1-20 characters string with lowercase letters and numbers and must start with a letter. - network String
- This field is not used for external load balancing. For Internal TCP/UDP Load Balancing, this field identifies the network that the load balanced IP should belong to for this Forwarding Rule. If the subnetwork is specified, the network of the subnetwork will be used. If neither subnetwork nor this field is specified, the default network will be used. For Private Service Connect forwarding rules that forward traffic to Google APIs, a network must be provided.
- no
Automate BooleanDns Zone - This is used in PSC consumer ForwardingRule to control whether it should try to auto-generate a DNS zone or not. Non-PSC forwarding rules do not use this field.
- port
Range String - The
portRange
field has the following limitations:- It requires that the forwarding rule
IPProtocol
be TCP, UDP, or SCTP, and - It's applicable only to the following products: external passthrough Network Load Balancers, internal and external proxy Network Load Balancers, internal and external Application Load Balancers, external protocol forwarding, and Classic VPN.
- Some products have restrictions on what ports can be used. See
port specifications
for details.
For external forwarding rules, two or more forwarding rules cannot use the
same
[IPAddress, IPProtocol]
pair, and cannot have overlappingportRange
s. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same[IPAddress, IPProtocol]
pair, and cannot have overlappingportRange
s.
- It requires that the forwarding rule
- project String
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- service
Directory GlobalRegistrations Forwarding Rule Service Directory Registrations - Service Directory resources to register this forwarding rule with. Currently, only supports a single Service Directory resource. Structure is documented below.
- source
Ip List<String>Ranges - If not empty, this Forwarding Rule will only forward the traffic when the source IP address matches one of the IP addresses or CIDR ranges set here. Note that a Forwarding Rule can only have up to 64 source IP ranges, and this field can only be used with a regional Forwarding Rule whose scheme is EXTERNAL. Each sourceIpRange entry should be either an IP address (for example, 1.2.3.4) or a CIDR range (for example, 1.2.3.0/24).
- subnetwork String
- This field identifies the subnetwork that the load balanced IP should belong to for this Forwarding Rule, used in internal load balancing and network load balancing with IPv6. If the network specified is in auto subnet mode, this field is optional. However, a subnetwork must be specified if the network is in custom subnet mode or when creating external forwarding rule with IPv6.
- target string
The URL of the target resource to receive the matched traffic. For regional forwarding rules, this target must be in the same region as the forwarding rule. For global forwarding rules, this target must be a global load balancing resource. The forwarded traffic must be of a type appropriate to the target object.
- For load balancers, see the "Target" column in Port specifications.
- For Private Service Connect forwarding rules that forward traffic to Google APIs, provide the name of a supported Google API bundle:
vpc-sc
- APIs that support VPC Service Controls.all-apis
- All supported Google APIs.
For Private Service Connect forwarding rules that forward traffic to managed services, the target must be a service attachment.
- allow
Psc booleanGlobal Access - This is used in PSC consumer ForwardingRule to control whether the PSC endpoint can be accessed from another region.
- description string
- An optional description of this resource. Provide this property when you create the resource.
- ip
Address string IP address for which this forwarding rule accepts traffic. When a client sends traffic to this IP address, the forwarding rule directs the traffic to the referenced
target
. While creating a forwarding rule, specifying anIPAddress
is required under the following circumstances:- When the
target
is set totargetGrpcProxy
andvalidateForProxyless
is set totrue
, theIPAddress
should be set to0.0.0.0
. - When the
target
is a Private Service Connect Google APIs bundle, you must specify anIPAddress
.
Otherwise, you can optionally specify an IP address that references an existing static (reserved) IP address resource. When omitted, Google Cloud assigns an ephemeral IP address. Use one of the following formats to specify an IP address while creating a forwarding rule:
- IP address number, as in
100.1.2.3
- IPv6 address range, as in
2600:1234::/96
- Full resource URL, as in
https://www.googleapis.com/compute/v1/projects/project_id/regions/region/addresses/address-name
- Partial URL or by name, as in:
projects/project_id/regions/region/addresses/address-name
regions/region/addresses/address-name
global/addresses/address-name
address-name
The forwarding rule's
target
, and in most cases, also theloadBalancingScheme
, determine the type of IP address that you can use. For detailed information, see IP address specifications. When reading anIPAddress
, the API always returns the IP address number.- When the
- ip
Protocol string - The IP protocol to which this rule applies.
For protocol forwarding, valid
options are
TCP
,UDP
,ESP
,AH
,SCTP
,ICMP
andL3_DEFAULT
. The valid IP protocols are different for different load balancing products as described in Load balancing features. Possible values are:TCP
,UDP
,ESP
,AH
,SCTP
,ICMP
. - ip
Version string - The IP Version that will be used by this global forwarding rule.
Possible values are:
IPV4
,IPV6
. - labels {[key: string]: string}
Labels to apply to this forwarding rule. A list of key->value pairs.
Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field
effective_labels
for all of the labels present on the resource.- load
Balancing stringScheme - Specifies the forwarding rule type.
For more information about forwarding rules, refer to
Forwarding rule concepts.
Default value is
EXTERNAL
. Possible values are:EXTERNAL
,EXTERNAL_MANAGED
,INTERNAL_MANAGED
,INTERNAL_SELF_MANAGED
. - metadata
Filters GlobalForwarding Rule Metadata Filter[] - Opaque filter criteria used by Loadbalancer to restrict routing configuration to a limited set xDS compliant clients. In their xDS requests to Loadbalancer, xDS clients present node metadata. If a match takes place, the relevant routing configuration is made available to those proxies. For each metadataFilter in this list, if its filterMatchCriteria is set to MATCH_ANY, at least one of the filterLabels must match the corresponding label provided in the metadata. If its filterMatchCriteria is set to MATCH_ALL, then all of its filterLabels must match with corresponding labels in the provided metadata. metadataFilters specified here can be overridden by those specified in the UrlMap that this ForwardingRule references. metadataFilters only applies to Loadbalancers that have their loadBalancingScheme set to INTERNAL_SELF_MANAGED. Structure is documented below.
- name string
- Name of the resource; provided by the client when the resource is created.
The name must be 1-63 characters long, and comply with
RFC1035.
Specifically, the name must be 1-63 characters long and match the regular
expression
a-z?
which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. For Private Service Connect forwarding rules that forward traffic to Google APIs, the forwarding rule name must be a 1-20 characters string with lowercase letters and numbers and must start with a letter. - network string
- This field is not used for external load balancing. For Internal TCP/UDP Load Balancing, this field identifies the network that the load balanced IP should belong to for this Forwarding Rule. If the subnetwork is specified, the network of the subnetwork will be used. If neither subnetwork nor this field is specified, the default network will be used. For Private Service Connect forwarding rules that forward traffic to Google APIs, a network must be provided.
- no
Automate booleanDns Zone - This is used in PSC consumer ForwardingRule to control whether it should try to auto-generate a DNS zone or not. Non-PSC forwarding rules do not use this field.
- port
Range string - The
portRange
field has the following limitations:- It requires that the forwarding rule
IPProtocol
be TCP, UDP, or SCTP, and - It's applicable only to the following products: external passthrough Network Load Balancers, internal and external proxy Network Load Balancers, internal and external Application Load Balancers, external protocol forwarding, and Classic VPN.
- Some products have restrictions on what ports can be used. See
port specifications
for details.
For external forwarding rules, two or more forwarding rules cannot use the
same
[IPAddress, IPProtocol]
pair, and cannot have overlappingportRange
s. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same[IPAddress, IPProtocol]
pair, and cannot have overlappingportRange
s.
- It requires that the forwarding rule
- project string
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- service
Directory GlobalRegistrations Forwarding Rule Service Directory Registrations - Service Directory resources to register this forwarding rule with. Currently, only supports a single Service Directory resource. Structure is documented below.
- source
Ip string[]Ranges - If not empty, this Forwarding Rule will only forward the traffic when the source IP address matches one of the IP addresses or CIDR ranges set here. Note that a Forwarding Rule can only have up to 64 source IP ranges, and this field can only be used with a regional Forwarding Rule whose scheme is EXTERNAL. Each sourceIpRange entry should be either an IP address (for example, 1.2.3.4) or a CIDR range (for example, 1.2.3.0/24).
- subnetwork string
- This field identifies the subnetwork that the load balanced IP should belong to for this Forwarding Rule, used in internal load balancing and network load balancing with IPv6. If the network specified is in auto subnet mode, this field is optional. However, a subnetwork must be specified if the network is in custom subnet mode or when creating external forwarding rule with IPv6.
- target str
The URL of the target resource to receive the matched traffic. For regional forwarding rules, this target must be in the same region as the forwarding rule. For global forwarding rules, this target must be a global load balancing resource. The forwarded traffic must be of a type appropriate to the target object.
- For load balancers, see the "Target" column in Port specifications.
- For Private Service Connect forwarding rules that forward traffic to Google APIs, provide the name of a supported Google API bundle:
vpc-sc
- APIs that support VPC Service Controls.all-apis
- All supported Google APIs.
For Private Service Connect forwarding rules that forward traffic to managed services, the target must be a service attachment.
- allow_
psc_ boolglobal_ access - This is used in PSC consumer ForwardingRule to control whether the PSC endpoint can be accessed from another region.
- description str
- An optional description of this resource. Provide this property when you create the resource.
- ip_
address str IP address for which this forwarding rule accepts traffic. When a client sends traffic to this IP address, the forwarding rule directs the traffic to the referenced
target
. While creating a forwarding rule, specifying anIPAddress
is required under the following circumstances:- When the
target
is set totargetGrpcProxy
andvalidateForProxyless
is set totrue
, theIPAddress
should be set to0.0.0.0
. - When the
target
is a Private Service Connect Google APIs bundle, you must specify anIPAddress
.
Otherwise, you can optionally specify an IP address that references an existing static (reserved) IP address resource. When omitted, Google Cloud assigns an ephemeral IP address. Use one of the following formats to specify an IP address while creating a forwarding rule:
- IP address number, as in
100.1.2.3
- IPv6 address range, as in
2600:1234::/96
- Full resource URL, as in
https://www.googleapis.com/compute/v1/projects/project_id/regions/region/addresses/address-name
- Partial URL or by name, as in:
projects/project_id/regions/region/addresses/address-name
regions/region/addresses/address-name
global/addresses/address-name
address-name
The forwarding rule's
target
, and in most cases, also theloadBalancingScheme
, determine the type of IP address that you can use. For detailed information, see IP address specifications. When reading anIPAddress
, the API always returns the IP address number.- When the
- ip_
protocol str - The IP protocol to which this rule applies.
For protocol forwarding, valid
options are
TCP
,UDP
,ESP
,AH
,SCTP
,ICMP
andL3_DEFAULT
. The valid IP protocols are different for different load balancing products as described in Load balancing features. Possible values are:TCP
,UDP
,ESP
,AH
,SCTP
,ICMP
. - ip_
version str - The IP Version that will be used by this global forwarding rule.
Possible values are:
IPV4
,IPV6
. - labels Mapping[str, str]
Labels to apply to this forwarding rule. A list of key->value pairs.
Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field
effective_labels
for all of the labels present on the resource.- load_
balancing_ strscheme - Specifies the forwarding rule type.
For more information about forwarding rules, refer to
Forwarding rule concepts.
Default value is
EXTERNAL
. Possible values are:EXTERNAL
,EXTERNAL_MANAGED
,INTERNAL_MANAGED
,INTERNAL_SELF_MANAGED
. - metadata_
filters Sequence[GlobalForwarding Rule Metadata Filter Args] - Opaque filter criteria used by Loadbalancer to restrict routing configuration to a limited set xDS compliant clients. In their xDS requests to Loadbalancer, xDS clients present node metadata. If a match takes place, the relevant routing configuration is made available to those proxies. For each metadataFilter in this list, if its filterMatchCriteria is set to MATCH_ANY, at least one of the filterLabels must match the corresponding label provided in the metadata. If its filterMatchCriteria is set to MATCH_ALL, then all of its filterLabels must match with corresponding labels in the provided metadata. metadataFilters specified here can be overridden by those specified in the UrlMap that this ForwardingRule references. metadataFilters only applies to Loadbalancers that have their loadBalancingScheme set to INTERNAL_SELF_MANAGED. Structure is documented below.
- name str
- Name of the resource; provided by the client when the resource is created.
The name must be 1-63 characters long, and comply with
RFC1035.
Specifically, the name must be 1-63 characters long and match the regular
expression
a-z?
which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. For Private Service Connect forwarding rules that forward traffic to Google APIs, the forwarding rule name must be a 1-20 characters string with lowercase letters and numbers and must start with a letter. - network str
- This field is not used for external load balancing. For Internal TCP/UDP Load Balancing, this field identifies the network that the load balanced IP should belong to for this Forwarding Rule. If the subnetwork is specified, the network of the subnetwork will be used. If neither subnetwork nor this field is specified, the default network will be used. For Private Service Connect forwarding rules that forward traffic to Google APIs, a network must be provided.
- no_
automate_ booldns_ zone - This is used in PSC consumer ForwardingRule to control whether it should try to auto-generate a DNS zone or not. Non-PSC forwarding rules do not use this field.
- port_
range str - The
portRange
field has the following limitations:- It requires that the forwarding rule
IPProtocol
be TCP, UDP, or SCTP, and - It's applicable only to the following products: external passthrough Network Load Balancers, internal and external proxy Network Load Balancers, internal and external Application Load Balancers, external protocol forwarding, and Classic VPN.
- Some products have restrictions on what ports can be used. See
port specifications
for details.
For external forwarding rules, two or more forwarding rules cannot use the
same
[IPAddress, IPProtocol]
pair, and cannot have overlappingportRange
s. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same[IPAddress, IPProtocol]
pair, and cannot have overlappingportRange
s.
- It requires that the forwarding rule
- project str
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- service_
directory_ Globalregistrations Forwarding Rule Service Directory Registrations Args - Service Directory resources to register this forwarding rule with. Currently, only supports a single Service Directory resource. Structure is documented below.
- source_
ip_ Sequence[str]ranges - If not empty, this Forwarding Rule will only forward the traffic when the source IP address matches one of the IP addresses or CIDR ranges set here. Note that a Forwarding Rule can only have up to 64 source IP ranges, and this field can only be used with a regional Forwarding Rule whose scheme is EXTERNAL. Each sourceIpRange entry should be either an IP address (for example, 1.2.3.4) or a CIDR range (for example, 1.2.3.0/24).
- subnetwork str
- This field identifies the subnetwork that the load balanced IP should belong to for this Forwarding Rule, used in internal load balancing and network load balancing with IPv6. If the network specified is in auto subnet mode, this field is optional. However, a subnetwork must be specified if the network is in custom subnet mode or when creating external forwarding rule with IPv6.
- target String
The URL of the target resource to receive the matched traffic. For regional forwarding rules, this target must be in the same region as the forwarding rule. For global forwarding rules, this target must be a global load balancing resource. The forwarded traffic must be of a type appropriate to the target object.
- For load balancers, see the "Target" column in Port specifications.
- For Private Service Connect forwarding rules that forward traffic to Google APIs, provide the name of a supported Google API bundle:
vpc-sc
- APIs that support VPC Service Controls.all-apis
- All supported Google APIs.
For Private Service Connect forwarding rules that forward traffic to managed services, the target must be a service attachment.
- allow
Psc BooleanGlobal Access - This is used in PSC consumer ForwardingRule to control whether the PSC endpoint can be accessed from another region.
- description String
- An optional description of this resource. Provide this property when you create the resource.
- ip
Address String IP address for which this forwarding rule accepts traffic. When a client sends traffic to this IP address, the forwarding rule directs the traffic to the referenced
target
. While creating a forwarding rule, specifying anIPAddress
is required under the following circumstances:- When the
target
is set totargetGrpcProxy
andvalidateForProxyless
is set totrue
, theIPAddress
should be set to0.0.0.0
. - When the
target
is a Private Service Connect Google APIs bundle, you must specify anIPAddress
.
Otherwise, you can optionally specify an IP address that references an existing static (reserved) IP address resource. When omitted, Google Cloud assigns an ephemeral IP address. Use one of the following formats to specify an IP address while creating a forwarding rule:
- IP address number, as in
100.1.2.3
- IPv6 address range, as in
2600:1234::/96
- Full resource URL, as in
https://www.googleapis.com/compute/v1/projects/project_id/regions/region/addresses/address-name
- Partial URL or by name, as in:
projects/project_id/regions/region/addresses/address-name
regions/region/addresses/address-name
global/addresses/address-name
address-name
The forwarding rule's
target
, and in most cases, also theloadBalancingScheme
, determine the type of IP address that you can use. For detailed information, see IP address specifications. When reading anIPAddress
, the API always returns the IP address number.- When the
- ip
Protocol String - The IP protocol to which this rule applies.
For protocol forwarding, valid
options are
TCP
,UDP
,ESP
,AH
,SCTP
,ICMP
andL3_DEFAULT
. The valid IP protocols are different for different load balancing products as described in Load balancing features. Possible values are:TCP
,UDP
,ESP
,AH
,SCTP
,ICMP
. - ip
Version String - The IP Version that will be used by this global forwarding rule.
Possible values are:
IPV4
,IPV6
. - labels Map<String>
Labels to apply to this forwarding rule. A list of key->value pairs.
Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field
effective_labels
for all of the labels present on the resource.- load
Balancing StringScheme - Specifies the forwarding rule type.
For more information about forwarding rules, refer to
Forwarding rule concepts.
Default value is
EXTERNAL
. Possible values are:EXTERNAL
,EXTERNAL_MANAGED
,INTERNAL_MANAGED
,INTERNAL_SELF_MANAGED
. - metadata
Filters List<Property Map> - Opaque filter criteria used by Loadbalancer to restrict routing configuration to a limited set xDS compliant clients. In their xDS requests to Loadbalancer, xDS clients present node metadata. If a match takes place, the relevant routing configuration is made available to those proxies. For each metadataFilter in this list, if its filterMatchCriteria is set to MATCH_ANY, at least one of the filterLabels must match the corresponding label provided in the metadata. If its filterMatchCriteria is set to MATCH_ALL, then all of its filterLabels must match with corresponding labels in the provided metadata. metadataFilters specified here can be overridden by those specified in the UrlMap that this ForwardingRule references. metadataFilters only applies to Loadbalancers that have their loadBalancingScheme set to INTERNAL_SELF_MANAGED. Structure is documented below.
- name String
- Name of the resource; provided by the client when the resource is created.
The name must be 1-63 characters long, and comply with
RFC1035.
Specifically, the name must be 1-63 characters long and match the regular
expression
a-z?
which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. For Private Service Connect forwarding rules that forward traffic to Google APIs, the forwarding rule name must be a 1-20 characters string with lowercase letters and numbers and must start with a letter. - network String
- This field is not used for external load balancing. For Internal TCP/UDP Load Balancing, this field identifies the network that the load balanced IP should belong to for this Forwarding Rule. If the subnetwork is specified, the network of the subnetwork will be used. If neither subnetwork nor this field is specified, the default network will be used. For Private Service Connect forwarding rules that forward traffic to Google APIs, a network must be provided.
- no
Automate BooleanDns Zone - This is used in PSC consumer ForwardingRule to control whether it should try to auto-generate a DNS zone or not. Non-PSC forwarding rules do not use this field.
- port
Range String - The
portRange
field has the following limitations:- It requires that the forwarding rule
IPProtocol
be TCP, UDP, or SCTP, and - It's applicable only to the following products: external passthrough Network Load Balancers, internal and external proxy Network Load Balancers, internal and external Application Load Balancers, external protocol forwarding, and Classic VPN.
- Some products have restrictions on what ports can be used. See
port specifications
for details.
For external forwarding rules, two or more forwarding rules cannot use the
same
[IPAddress, IPProtocol]
pair, and cannot have overlappingportRange
s. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same[IPAddress, IPProtocol]
pair, and cannot have overlappingportRange
s.
- It requires that the forwarding rule
- project String
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- service
Directory Property MapRegistrations - Service Directory resources to register this forwarding rule with. Currently, only supports a single Service Directory resource. Structure is documented below.
- source
Ip List<String>Ranges - If not empty, this Forwarding Rule will only forward the traffic when the source IP address matches one of the IP addresses or CIDR ranges set here. Note that a Forwarding Rule can only have up to 64 source IP ranges, and this field can only be used with a regional Forwarding Rule whose scheme is EXTERNAL. Each sourceIpRange entry should be either an IP address (for example, 1.2.3.4) or a CIDR range (for example, 1.2.3.0/24).
- subnetwork String
- This field identifies the subnetwork that the load balanced IP should belong to for this Forwarding Rule, used in internal load balancing and network load balancing with IPv6. If the network specified is in auto subnet mode, this field is optional. However, a subnetwork must be specified if the network is in custom subnet mode or when creating external forwarding rule with IPv6.
Outputs
All input properties are implicitly available as output properties. Additionally, the GlobalForwardingRule resource produces the following output properties:
- Base
Forwarding stringRule - [Output Only] The URL for the corresponding base Forwarding Rule. By base Forwarding Rule, we mean the Forwarding Rule that has the same IP address, protocol, and port settings with the current Forwarding Rule, but without sourceIPRanges specified. Always empty if the current Forwarding Rule does not have sourceIPRanges specified.
- Effective
Labels Dictionary<string, string> - All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
- Id string
- The provider-assigned unique ID for this managed resource.
- Label
Fingerprint string - The fingerprint used for optimistic locking of this resource. Used internally during updates.
- Psc
Connection stringId - The PSC connection id of the PSC Forwarding Rule.
- Psc
Connection stringStatus - The PSC connection status of the PSC Forwarding Rule. Possible values:
STATUS_UNSPECIFIED
,PENDING
,ACCEPTED
,REJECTED
,CLOSED
- Pulumi
Labels Dictionary<string, string> - The combination of labels configured directly on the resource and default labels configured on the provider.
- Self
Link string - The URI of the created resource.
- Base
Forwarding stringRule - [Output Only] The URL for the corresponding base Forwarding Rule. By base Forwarding Rule, we mean the Forwarding Rule that has the same IP address, protocol, and port settings with the current Forwarding Rule, but without sourceIPRanges specified. Always empty if the current Forwarding Rule does not have sourceIPRanges specified.
- Effective
Labels map[string]string - All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
- Id string
- The provider-assigned unique ID for this managed resource.
- Label
Fingerprint string - The fingerprint used for optimistic locking of this resource. Used internally during updates.
- Psc
Connection stringId - The PSC connection id of the PSC Forwarding Rule.
- Psc
Connection stringStatus - The PSC connection status of the PSC Forwarding Rule. Possible values:
STATUS_UNSPECIFIED
,PENDING
,ACCEPTED
,REJECTED
,CLOSED
- Pulumi
Labels map[string]string - The combination of labels configured directly on the resource and default labels configured on the provider.
- Self
Link string - The URI of the created resource.
- base
Forwarding StringRule - [Output Only] The URL for the corresponding base Forwarding Rule. By base Forwarding Rule, we mean the Forwarding Rule that has the same IP address, protocol, and port settings with the current Forwarding Rule, but without sourceIPRanges specified. Always empty if the current Forwarding Rule does not have sourceIPRanges specified.
- effective
Labels Map<String,String> - All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
- id String
- The provider-assigned unique ID for this managed resource.
- label
Fingerprint String - The fingerprint used for optimistic locking of this resource. Used internally during updates.
- psc
Connection StringId - The PSC connection id of the PSC Forwarding Rule.
- psc
Connection StringStatus - The PSC connection status of the PSC Forwarding Rule. Possible values:
STATUS_UNSPECIFIED
,PENDING
,ACCEPTED
,REJECTED
,CLOSED
- pulumi
Labels Map<String,String> - The combination of labels configured directly on the resource and default labels configured on the provider.
- self
Link String - The URI of the created resource.
- base
Forwarding stringRule - [Output Only] The URL for the corresponding base Forwarding Rule. By base Forwarding Rule, we mean the Forwarding Rule that has the same IP address, protocol, and port settings with the current Forwarding Rule, but without sourceIPRanges specified. Always empty if the current Forwarding Rule does not have sourceIPRanges specified.
- effective
Labels {[key: string]: string} - All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
- id string
- The provider-assigned unique ID for this managed resource.
- label
Fingerprint string - The fingerprint used for optimistic locking of this resource. Used internally during updates.
- psc
Connection stringId - The PSC connection id of the PSC Forwarding Rule.
- psc
Connection stringStatus - The PSC connection status of the PSC Forwarding Rule. Possible values:
STATUS_UNSPECIFIED
,PENDING
,ACCEPTED
,REJECTED
,CLOSED
- pulumi
Labels {[key: string]: string} - The combination of labels configured directly on the resource and default labels configured on the provider.
- self
Link string - The URI of the created resource.
- base_
forwarding_ strrule - [Output Only] The URL for the corresponding base Forwarding Rule. By base Forwarding Rule, we mean the Forwarding Rule that has the same IP address, protocol, and port settings with the current Forwarding Rule, but without sourceIPRanges specified. Always empty if the current Forwarding Rule does not have sourceIPRanges specified.
- effective_
labels Mapping[str, str] - All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
- id str
- The provider-assigned unique ID for this managed resource.
- label_
fingerprint str - The fingerprint used for optimistic locking of this resource. Used internally during updates.
- psc_
connection_ strid - The PSC connection id of the PSC Forwarding Rule.
- psc_
connection_ strstatus - The PSC connection status of the PSC Forwarding Rule. Possible values:
STATUS_UNSPECIFIED
,PENDING
,ACCEPTED
,REJECTED
,CLOSED
- pulumi_
labels Mapping[str, str] - The combination of labels configured directly on the resource and default labels configured on the provider.
- self_
link str - The URI of the created resource.
- base
Forwarding StringRule - [Output Only] The URL for the corresponding base Forwarding Rule. By base Forwarding Rule, we mean the Forwarding Rule that has the same IP address, protocol, and port settings with the current Forwarding Rule, but without sourceIPRanges specified. Always empty if the current Forwarding Rule does not have sourceIPRanges specified.
- effective
Labels Map<String> - All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
- id String
- The provider-assigned unique ID for this managed resource.
- label
Fingerprint String - The fingerprint used for optimistic locking of this resource. Used internally during updates.
- psc
Connection StringId - The PSC connection id of the PSC Forwarding Rule.
- psc
Connection StringStatus - The PSC connection status of the PSC Forwarding Rule. Possible values:
STATUS_UNSPECIFIED
,PENDING
,ACCEPTED
,REJECTED
,CLOSED
- pulumi
Labels Map<String> - The combination of labels configured directly on the resource and default labels configured on the provider.
- self
Link String - The URI of the created resource.
Look up Existing GlobalForwardingRule Resource
Get an existing GlobalForwardingRule resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: GlobalForwardingRuleState, opts?: CustomResourceOptions): GlobalForwardingRule
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
allow_psc_global_access: Optional[bool] = None,
base_forwarding_rule: Optional[str] = None,
description: Optional[str] = None,
effective_labels: Optional[Mapping[str, str]] = None,
ip_address: Optional[str] = None,
ip_protocol: Optional[str] = None,
ip_version: Optional[str] = None,
label_fingerprint: Optional[str] = None,
labels: Optional[Mapping[str, str]] = None,
load_balancing_scheme: Optional[str] = None,
metadata_filters: Optional[Sequence[GlobalForwardingRuleMetadataFilterArgs]] = None,
name: Optional[str] = None,
network: Optional[str] = None,
no_automate_dns_zone: Optional[bool] = None,
port_range: Optional[str] = None,
project: Optional[str] = None,
psc_connection_id: Optional[str] = None,
psc_connection_status: Optional[str] = None,
pulumi_labels: Optional[Mapping[str, str]] = None,
self_link: Optional[str] = None,
service_directory_registrations: Optional[GlobalForwardingRuleServiceDirectoryRegistrationsArgs] = None,
source_ip_ranges: Optional[Sequence[str]] = None,
subnetwork: Optional[str] = None,
target: Optional[str] = None) -> GlobalForwardingRule
func GetGlobalForwardingRule(ctx *Context, name string, id IDInput, state *GlobalForwardingRuleState, opts ...ResourceOption) (*GlobalForwardingRule, error)
public static GlobalForwardingRule Get(string name, Input<string> id, GlobalForwardingRuleState? state, CustomResourceOptions? opts = null)
public static GlobalForwardingRule get(String name, Output<String> id, GlobalForwardingRuleState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Allow
Psc boolGlobal Access - This is used in PSC consumer ForwardingRule to control whether the PSC endpoint can be accessed from another region.
- Base
Forwarding stringRule - [Output Only] The URL for the corresponding base Forwarding Rule. By base Forwarding Rule, we mean the Forwarding Rule that has the same IP address, protocol, and port settings with the current Forwarding Rule, but without sourceIPRanges specified. Always empty if the current Forwarding Rule does not have sourceIPRanges specified.
- Description string
- An optional description of this resource. Provide this property when you create the resource.
- Effective
Labels Dictionary<string, string> - All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
- Ip
Address string IP address for which this forwarding rule accepts traffic. When a client sends traffic to this IP address, the forwarding rule directs the traffic to the referenced
target
. While creating a forwarding rule, specifying anIPAddress
is required under the following circumstances:- When the
target
is set totargetGrpcProxy
andvalidateForProxyless
is set totrue
, theIPAddress
should be set to0.0.0.0
. - When the
target
is a Private Service Connect Google APIs bundle, you must specify anIPAddress
.
Otherwise, you can optionally specify an IP address that references an existing static (reserved) IP address resource. When omitted, Google Cloud assigns an ephemeral IP address. Use one of the following formats to specify an IP address while creating a forwarding rule:
- IP address number, as in
100.1.2.3
- IPv6 address range, as in
2600:1234::/96
- Full resource URL, as in
https://www.googleapis.com/compute/v1/projects/project_id/regions/region/addresses/address-name
- Partial URL or by name, as in:
projects/project_id/regions/region/addresses/address-name
regions/region/addresses/address-name
global/addresses/address-name
address-name
The forwarding rule's
target
, and in most cases, also theloadBalancingScheme
, determine the type of IP address that you can use. For detailed information, see IP address specifications. When reading anIPAddress
, the API always returns the IP address number.- When the
- Ip
Protocol string - The IP protocol to which this rule applies.
For protocol forwarding, valid
options are
TCP
,UDP
,ESP
,AH
,SCTP
,ICMP
andL3_DEFAULT
. The valid IP protocols are different for different load balancing products as described in Load balancing features. Possible values are:TCP
,UDP
,ESP
,AH
,SCTP
,ICMP
. - Ip
Version string - The IP Version that will be used by this global forwarding rule.
Possible values are:
IPV4
,IPV6
. - Label
Fingerprint string - The fingerprint used for optimistic locking of this resource. Used internally during updates.
- Labels Dictionary<string, string>
Labels to apply to this forwarding rule. A list of key->value pairs.
Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field
effective_labels
for all of the labels present on the resource.- Load
Balancing stringScheme - Specifies the forwarding rule type.
For more information about forwarding rules, refer to
Forwarding rule concepts.
Default value is
EXTERNAL
. Possible values are:EXTERNAL
,EXTERNAL_MANAGED
,INTERNAL_MANAGED
,INTERNAL_SELF_MANAGED
. - Metadata
Filters List<GlobalForwarding Rule Metadata Filter> - Opaque filter criteria used by Loadbalancer to restrict routing configuration to a limited set xDS compliant clients. In their xDS requests to Loadbalancer, xDS clients present node metadata. If a match takes place, the relevant routing configuration is made available to those proxies. For each metadataFilter in this list, if its filterMatchCriteria is set to MATCH_ANY, at least one of the filterLabels must match the corresponding label provided in the metadata. If its filterMatchCriteria is set to MATCH_ALL, then all of its filterLabels must match with corresponding labels in the provided metadata. metadataFilters specified here can be overridden by those specified in the UrlMap that this ForwardingRule references. metadataFilters only applies to Loadbalancers that have their loadBalancingScheme set to INTERNAL_SELF_MANAGED. Structure is documented below.
- Name string
- Name of the resource; provided by the client when the resource is created.
The name must be 1-63 characters long, and comply with
RFC1035.
Specifically, the name must be 1-63 characters long and match the regular
expression
a-z?
which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. For Private Service Connect forwarding rules that forward traffic to Google APIs, the forwarding rule name must be a 1-20 characters string with lowercase letters and numbers and must start with a letter. - Network string
- This field is not used for external load balancing. For Internal TCP/UDP Load Balancing, this field identifies the network that the load balanced IP should belong to for this Forwarding Rule. If the subnetwork is specified, the network of the subnetwork will be used. If neither subnetwork nor this field is specified, the default network will be used. For Private Service Connect forwarding rules that forward traffic to Google APIs, a network must be provided.
- No
Automate boolDns Zone - This is used in PSC consumer ForwardingRule to control whether it should try to auto-generate a DNS zone or not. Non-PSC forwarding rules do not use this field.
- Port
Range string - The
portRange
field has the following limitations:- It requires that the forwarding rule
IPProtocol
be TCP, UDP, or SCTP, and - It's applicable only to the following products: external passthrough Network Load Balancers, internal and external proxy Network Load Balancers, internal and external Application Load Balancers, external protocol forwarding, and Classic VPN.
- Some products have restrictions on what ports can be used. See
port specifications
for details.
For external forwarding rules, two or more forwarding rules cannot use the
same
[IPAddress, IPProtocol]
pair, and cannot have overlappingportRange
s. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same[IPAddress, IPProtocol]
pair, and cannot have overlappingportRange
s.
- It requires that the forwarding rule
- Project string
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- Psc
Connection stringId - The PSC connection id of the PSC Forwarding Rule.
- Psc
Connection stringStatus - The PSC connection status of the PSC Forwarding Rule. Possible values:
STATUS_UNSPECIFIED
,PENDING
,ACCEPTED
,REJECTED
,CLOSED
- Pulumi
Labels Dictionary<string, string> - The combination of labels configured directly on the resource and default labels configured on the provider.
- Self
Link string - The URI of the created resource.
- Service
Directory GlobalRegistrations Forwarding Rule Service Directory Registrations - Service Directory resources to register this forwarding rule with. Currently, only supports a single Service Directory resource. Structure is documented below.
- Source
Ip List<string>Ranges - If not empty, this Forwarding Rule will only forward the traffic when the source IP address matches one of the IP addresses or CIDR ranges set here. Note that a Forwarding Rule can only have up to 64 source IP ranges, and this field can only be used with a regional Forwarding Rule whose scheme is EXTERNAL. Each sourceIpRange entry should be either an IP address (for example, 1.2.3.4) or a CIDR range (for example, 1.2.3.0/24).
- Subnetwork string
- This field identifies the subnetwork that the load balanced IP should belong to for this Forwarding Rule, used in internal load balancing and network load balancing with IPv6. If the network specified is in auto subnet mode, this field is optional. However, a subnetwork must be specified if the network is in custom subnet mode or when creating external forwarding rule with IPv6.
- Target string
The URL of the target resource to receive the matched traffic. For regional forwarding rules, this target must be in the same region as the forwarding rule. For global forwarding rules, this target must be a global load balancing resource. The forwarded traffic must be of a type appropriate to the target object.
- For load balancers, see the "Target" column in Port specifications.
- For Private Service Connect forwarding rules that forward traffic to Google APIs, provide the name of a supported Google API bundle:
vpc-sc
- APIs that support VPC Service Controls.all-apis
- All supported Google APIs.
For Private Service Connect forwarding rules that forward traffic to managed services, the target must be a service attachment.
- Allow
Psc boolGlobal Access - This is used in PSC consumer ForwardingRule to control whether the PSC endpoint can be accessed from another region.
- Base
Forwarding stringRule - [Output Only] The URL for the corresponding base Forwarding Rule. By base Forwarding Rule, we mean the Forwarding Rule that has the same IP address, protocol, and port settings with the current Forwarding Rule, but without sourceIPRanges specified. Always empty if the current Forwarding Rule does not have sourceIPRanges specified.
- Description string
- An optional description of this resource. Provide this property when you create the resource.
- Effective
Labels map[string]string - All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
- Ip
Address string IP address for which this forwarding rule accepts traffic. When a client sends traffic to this IP address, the forwarding rule directs the traffic to the referenced
target
. While creating a forwarding rule, specifying anIPAddress
is required under the following circumstances:- When the
target
is set totargetGrpcProxy
andvalidateForProxyless
is set totrue
, theIPAddress
should be set to0.0.0.0
. - When the
target
is a Private Service Connect Google APIs bundle, you must specify anIPAddress
.
Otherwise, you can optionally specify an IP address that references an existing static (reserved) IP address resource. When omitted, Google Cloud assigns an ephemeral IP address. Use one of the following formats to specify an IP address while creating a forwarding rule:
- IP address number, as in
100.1.2.3
- IPv6 address range, as in
2600:1234::/96
- Full resource URL, as in
https://www.googleapis.com/compute/v1/projects/project_id/regions/region/addresses/address-name
- Partial URL or by name, as in:
projects/project_id/regions/region/addresses/address-name
regions/region/addresses/address-name
global/addresses/address-name
address-name
The forwarding rule's
target
, and in most cases, also theloadBalancingScheme
, determine the type of IP address that you can use. For detailed information, see IP address specifications. When reading anIPAddress
, the API always returns the IP address number.- When the
- Ip
Protocol string - The IP protocol to which this rule applies.
For protocol forwarding, valid
options are
TCP
,UDP
,ESP
,AH
,SCTP
,ICMP
andL3_DEFAULT
. The valid IP protocols are different for different load balancing products as described in Load balancing features. Possible values are:TCP
,UDP
,ESP
,AH
,SCTP
,ICMP
. - Ip
Version string - The IP Version that will be used by this global forwarding rule.
Possible values are:
IPV4
,IPV6
. - Label
Fingerprint string - The fingerprint used for optimistic locking of this resource. Used internally during updates.
- Labels map[string]string
Labels to apply to this forwarding rule. A list of key->value pairs.
Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field
effective_labels
for all of the labels present on the resource.- Load
Balancing stringScheme - Specifies the forwarding rule type.
For more information about forwarding rules, refer to
Forwarding rule concepts.
Default value is
EXTERNAL
. Possible values are:EXTERNAL
,EXTERNAL_MANAGED
,INTERNAL_MANAGED
,INTERNAL_SELF_MANAGED
. - Metadata
Filters []GlobalForwarding Rule Metadata Filter Args - Opaque filter criteria used by Loadbalancer to restrict routing configuration to a limited set xDS compliant clients. In their xDS requests to Loadbalancer, xDS clients present node metadata. If a match takes place, the relevant routing configuration is made available to those proxies. For each metadataFilter in this list, if its filterMatchCriteria is set to MATCH_ANY, at least one of the filterLabels must match the corresponding label provided in the metadata. If its filterMatchCriteria is set to MATCH_ALL, then all of its filterLabels must match with corresponding labels in the provided metadata. metadataFilters specified here can be overridden by those specified in the UrlMap that this ForwardingRule references. metadataFilters only applies to Loadbalancers that have their loadBalancingScheme set to INTERNAL_SELF_MANAGED. Structure is documented below.
- Name string
- Name of the resource; provided by the client when the resource is created.
The name must be 1-63 characters long, and comply with
RFC1035.
Specifically, the name must be 1-63 characters long and match the regular
expression
a-z?
which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. For Private Service Connect forwarding rules that forward traffic to Google APIs, the forwarding rule name must be a 1-20 characters string with lowercase letters and numbers and must start with a letter. - Network string
- This field is not used for external load balancing. For Internal TCP/UDP Load Balancing, this field identifies the network that the load balanced IP should belong to for this Forwarding Rule. If the subnetwork is specified, the network of the subnetwork will be used. If neither subnetwork nor this field is specified, the default network will be used. For Private Service Connect forwarding rules that forward traffic to Google APIs, a network must be provided.
- No
Automate boolDns Zone - This is used in PSC consumer ForwardingRule to control whether it should try to auto-generate a DNS zone or not. Non-PSC forwarding rules do not use this field.
- Port
Range string - The
portRange
field has the following limitations:- It requires that the forwarding rule
IPProtocol
be TCP, UDP, or SCTP, and - It's applicable only to the following products: external passthrough Network Load Balancers, internal and external proxy Network Load Balancers, internal and external Application Load Balancers, external protocol forwarding, and Classic VPN.
- Some products have restrictions on what ports can be used. See
port specifications
for details.
For external forwarding rules, two or more forwarding rules cannot use the
same
[IPAddress, IPProtocol]
pair, and cannot have overlappingportRange
s. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same[IPAddress, IPProtocol]
pair, and cannot have overlappingportRange
s.
- It requires that the forwarding rule
- Project string
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- Psc
Connection stringId - The PSC connection id of the PSC Forwarding Rule.
- Psc
Connection stringStatus - The PSC connection status of the PSC Forwarding Rule. Possible values:
STATUS_UNSPECIFIED
,PENDING
,ACCEPTED
,REJECTED
,CLOSED
- Pulumi
Labels map[string]string - The combination of labels configured directly on the resource and default labels configured on the provider.
- Self
Link string - The URI of the created resource.
- Service
Directory GlobalRegistrations Forwarding Rule Service Directory Registrations Args - Service Directory resources to register this forwarding rule with. Currently, only supports a single Service Directory resource. Structure is documented below.
- Source
Ip []stringRanges - If not empty, this Forwarding Rule will only forward the traffic when the source IP address matches one of the IP addresses or CIDR ranges set here. Note that a Forwarding Rule can only have up to 64 source IP ranges, and this field can only be used with a regional Forwarding Rule whose scheme is EXTERNAL. Each sourceIpRange entry should be either an IP address (for example, 1.2.3.4) or a CIDR range (for example, 1.2.3.0/24).
- Subnetwork string
- This field identifies the subnetwork that the load balanced IP should belong to for this Forwarding Rule, used in internal load balancing and network load balancing with IPv6. If the network specified is in auto subnet mode, this field is optional. However, a subnetwork must be specified if the network is in custom subnet mode or when creating external forwarding rule with IPv6.
- Target string
The URL of the target resource to receive the matched traffic. For regional forwarding rules, this target must be in the same region as the forwarding rule. For global forwarding rules, this target must be a global load balancing resource. The forwarded traffic must be of a type appropriate to the target object.
- For load balancers, see the "Target" column in Port specifications.
- For Private Service Connect forwarding rules that forward traffic to Google APIs, provide the name of a supported Google API bundle:
vpc-sc
- APIs that support VPC Service Controls.all-apis
- All supported Google APIs.
For Private Service Connect forwarding rules that forward traffic to managed services, the target must be a service attachment.
- allow
Psc BooleanGlobal Access - This is used in PSC consumer ForwardingRule to control whether the PSC endpoint can be accessed from another region.
- base
Forwarding StringRule - [Output Only] The URL for the corresponding base Forwarding Rule. By base Forwarding Rule, we mean the Forwarding Rule that has the same IP address, protocol, and port settings with the current Forwarding Rule, but without sourceIPRanges specified. Always empty if the current Forwarding Rule does not have sourceIPRanges specified.
- description String
- An optional description of this resource. Provide this property when you create the resource.
- effective
Labels Map<String,String> - All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
- ip
Address String IP address for which this forwarding rule accepts traffic. When a client sends traffic to this IP address, the forwarding rule directs the traffic to the referenced
target
. While creating a forwarding rule, specifying anIPAddress
is required under the following circumstances:- When the
target
is set totargetGrpcProxy
andvalidateForProxyless
is set totrue
, theIPAddress
should be set to0.0.0.0
. - When the
target
is a Private Service Connect Google APIs bundle, you must specify anIPAddress
.
Otherwise, you can optionally specify an IP address that references an existing static (reserved) IP address resource. When omitted, Google Cloud assigns an ephemeral IP address. Use one of the following formats to specify an IP address while creating a forwarding rule:
- IP address number, as in
100.1.2.3
- IPv6 address range, as in
2600:1234::/96
- Full resource URL, as in
https://www.googleapis.com/compute/v1/projects/project_id/regions/region/addresses/address-name
- Partial URL or by name, as in:
projects/project_id/regions/region/addresses/address-name
regions/region/addresses/address-name
global/addresses/address-name
address-name
The forwarding rule's
target
, and in most cases, also theloadBalancingScheme
, determine the type of IP address that you can use. For detailed information, see IP address specifications. When reading anIPAddress
, the API always returns the IP address number.- When the
- ip
Protocol String - The IP protocol to which this rule applies.
For protocol forwarding, valid
options are
TCP
,UDP
,ESP
,AH
,SCTP
,ICMP
andL3_DEFAULT
. The valid IP protocols are different for different load balancing products as described in Load balancing features. Possible values are:TCP
,UDP
,ESP
,AH
,SCTP
,ICMP
. - ip
Version String - The IP Version that will be used by this global forwarding rule.
Possible values are:
IPV4
,IPV6
. - label
Fingerprint String - The fingerprint used for optimistic locking of this resource. Used internally during updates.
- labels Map<String,String>
Labels to apply to this forwarding rule. A list of key->value pairs.
Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field
effective_labels
for all of the labels present on the resource.- load
Balancing StringScheme - Specifies the forwarding rule type.
For more information about forwarding rules, refer to
Forwarding rule concepts.
Default value is
EXTERNAL
. Possible values are:EXTERNAL
,EXTERNAL_MANAGED
,INTERNAL_MANAGED
,INTERNAL_SELF_MANAGED
. - metadata
Filters List<GlobalForwarding Rule Metadata Filter> - Opaque filter criteria used by Loadbalancer to restrict routing configuration to a limited set xDS compliant clients. In their xDS requests to Loadbalancer, xDS clients present node metadata. If a match takes place, the relevant routing configuration is made available to those proxies. For each metadataFilter in this list, if its filterMatchCriteria is set to MATCH_ANY, at least one of the filterLabels must match the corresponding label provided in the metadata. If its filterMatchCriteria is set to MATCH_ALL, then all of its filterLabels must match with corresponding labels in the provided metadata. metadataFilters specified here can be overridden by those specified in the UrlMap that this ForwardingRule references. metadataFilters only applies to Loadbalancers that have their loadBalancingScheme set to INTERNAL_SELF_MANAGED. Structure is documented below.
- name String
- Name of the resource; provided by the client when the resource is created.
The name must be 1-63 characters long, and comply with
RFC1035.
Specifically, the name must be 1-63 characters long and match the regular
expression
a-z?
which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. For Private Service Connect forwarding rules that forward traffic to Google APIs, the forwarding rule name must be a 1-20 characters string with lowercase letters and numbers and must start with a letter. - network String
- This field is not used for external load balancing. For Internal TCP/UDP Load Balancing, this field identifies the network that the load balanced IP should belong to for this Forwarding Rule. If the subnetwork is specified, the network of the subnetwork will be used. If neither subnetwork nor this field is specified, the default network will be used. For Private Service Connect forwarding rules that forward traffic to Google APIs, a network must be provided.
- no
Automate BooleanDns Zone - This is used in PSC consumer ForwardingRule to control whether it should try to auto-generate a DNS zone or not. Non-PSC forwarding rules do not use this field.
- port
Range String - The
portRange
field has the following limitations:- It requires that the forwarding rule
IPProtocol
be TCP, UDP, or SCTP, and - It's applicable only to the following products: external passthrough Network Load Balancers, internal and external proxy Network Load Balancers, internal and external Application Load Balancers, external protocol forwarding, and Classic VPN.
- Some products have restrictions on what ports can be used. See
port specifications
for details.
For external forwarding rules, two or more forwarding rules cannot use the
same
[IPAddress, IPProtocol]
pair, and cannot have overlappingportRange
s. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same[IPAddress, IPProtocol]
pair, and cannot have overlappingportRange
s.
- It requires that the forwarding rule
- project String
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- psc
Connection StringId - The PSC connection id of the PSC Forwarding Rule.
- psc
Connection StringStatus - The PSC connection status of the PSC Forwarding Rule. Possible values:
STATUS_UNSPECIFIED
,PENDING
,ACCEPTED
,REJECTED
,CLOSED
- pulumi
Labels Map<String,String> - The combination of labels configured directly on the resource and default labels configured on the provider.
- self
Link String - The URI of the created resource.
- service
Directory GlobalRegistrations Forwarding Rule Service Directory Registrations - Service Directory resources to register this forwarding rule with. Currently, only supports a single Service Directory resource. Structure is documented below.
- source
Ip List<String>Ranges - If not empty, this Forwarding Rule will only forward the traffic when the source IP address matches one of the IP addresses or CIDR ranges set here. Note that a Forwarding Rule can only have up to 64 source IP ranges, and this field can only be used with a regional Forwarding Rule whose scheme is EXTERNAL. Each sourceIpRange entry should be either an IP address (for example, 1.2.3.4) or a CIDR range (for example, 1.2.3.0/24).
- subnetwork String
- This field identifies the subnetwork that the load balanced IP should belong to for this Forwarding Rule, used in internal load balancing and network load balancing with IPv6. If the network specified is in auto subnet mode, this field is optional. However, a subnetwork must be specified if the network is in custom subnet mode or when creating external forwarding rule with IPv6.
- target String
The URL of the target resource to receive the matched traffic. For regional forwarding rules, this target must be in the same region as the forwarding rule. For global forwarding rules, this target must be a global load balancing resource. The forwarded traffic must be of a type appropriate to the target object.
- For load balancers, see the "Target" column in Port specifications.
- For Private Service Connect forwarding rules that forward traffic to Google APIs, provide the name of a supported Google API bundle:
vpc-sc
- APIs that support VPC Service Controls.all-apis
- All supported Google APIs.
For Private Service Connect forwarding rules that forward traffic to managed services, the target must be a service attachment.
- allow
Psc booleanGlobal Access - This is used in PSC consumer ForwardingRule to control whether the PSC endpoint can be accessed from another region.
- base
Forwarding stringRule - [Output Only] The URL for the corresponding base Forwarding Rule. By base Forwarding Rule, we mean the Forwarding Rule that has the same IP address, protocol, and port settings with the current Forwarding Rule, but without sourceIPRanges specified. Always empty if the current Forwarding Rule does not have sourceIPRanges specified.
- description string
- An optional description of this resource. Provide this property when you create the resource.
- effective
Labels {[key: string]: string} - All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
- ip
Address string IP address for which this forwarding rule accepts traffic. When a client sends traffic to this IP address, the forwarding rule directs the traffic to the referenced
target
. While creating a forwarding rule, specifying anIPAddress
is required under the following circumstances:- When the
target
is set totargetGrpcProxy
andvalidateForProxyless
is set totrue
, theIPAddress
should be set to0.0.0.0
. - When the
target
is a Private Service Connect Google APIs bundle, you must specify anIPAddress
.
Otherwise, you can optionally specify an IP address that references an existing static (reserved) IP address resource. When omitted, Google Cloud assigns an ephemeral IP address. Use one of the following formats to specify an IP address while creating a forwarding rule:
- IP address number, as in
100.1.2.3
- IPv6 address range, as in
2600:1234::/96
- Full resource URL, as in
https://www.googleapis.com/compute/v1/projects/project_id/regions/region/addresses/address-name
- Partial URL or by name, as in:
projects/project_id/regions/region/addresses/address-name
regions/region/addresses/address-name
global/addresses/address-name
address-name
The forwarding rule's
target
, and in most cases, also theloadBalancingScheme
, determine the type of IP address that you can use. For detailed information, see IP address specifications. When reading anIPAddress
, the API always returns the IP address number.- When the
- ip
Protocol string - The IP protocol to which this rule applies.
For protocol forwarding, valid
options are
TCP
,UDP
,ESP
,AH
,SCTP
,ICMP
andL3_DEFAULT
. The valid IP protocols are different for different load balancing products as described in Load balancing features. Possible values are:TCP
,UDP
,ESP
,AH
,SCTP
,ICMP
. - ip
Version string - The IP Version that will be used by this global forwarding rule.
Possible values are:
IPV4
,IPV6
. - label
Fingerprint string - The fingerprint used for optimistic locking of this resource. Used internally during updates.
- labels {[key: string]: string}
Labels to apply to this forwarding rule. A list of key->value pairs.
Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field
effective_labels
for all of the labels present on the resource.- load
Balancing stringScheme - Specifies the forwarding rule type.
For more information about forwarding rules, refer to
Forwarding rule concepts.
Default value is
EXTERNAL
. Possible values are:EXTERNAL
,EXTERNAL_MANAGED
,INTERNAL_MANAGED
,INTERNAL_SELF_MANAGED
. - metadata
Filters GlobalForwarding Rule Metadata Filter[] - Opaque filter criteria used by Loadbalancer to restrict routing configuration to a limited set xDS compliant clients. In their xDS requests to Loadbalancer, xDS clients present node metadata. If a match takes place, the relevant routing configuration is made available to those proxies. For each metadataFilter in this list, if its filterMatchCriteria is set to MATCH_ANY, at least one of the filterLabels must match the corresponding label provided in the metadata. If its filterMatchCriteria is set to MATCH_ALL, then all of its filterLabels must match with corresponding labels in the provided metadata. metadataFilters specified here can be overridden by those specified in the UrlMap that this ForwardingRule references. metadataFilters only applies to Loadbalancers that have their loadBalancingScheme set to INTERNAL_SELF_MANAGED. Structure is documented below.
- name string
- Name of the resource; provided by the client when the resource is created.
The name must be 1-63 characters long, and comply with
RFC1035.
Specifically, the name must be 1-63 characters long and match the regular
expression
a-z?
which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. For Private Service Connect forwarding rules that forward traffic to Google APIs, the forwarding rule name must be a 1-20 characters string with lowercase letters and numbers and must start with a letter. - network string
- This field is not used for external load balancing. For Internal TCP/UDP Load Balancing, this field identifies the network that the load balanced IP should belong to for this Forwarding Rule. If the subnetwork is specified, the network of the subnetwork will be used. If neither subnetwork nor this field is specified, the default network will be used. For Private Service Connect forwarding rules that forward traffic to Google APIs, a network must be provided.
- no
Automate booleanDns Zone - This is used in PSC consumer ForwardingRule to control whether it should try to auto-generate a DNS zone or not. Non-PSC forwarding rules do not use this field.
- port
Range string - The
portRange
field has the following limitations:- It requires that the forwarding rule
IPProtocol
be TCP, UDP, or SCTP, and - It's applicable only to the following products: external passthrough Network Load Balancers, internal and external proxy Network Load Balancers, internal and external Application Load Balancers, external protocol forwarding, and Classic VPN.
- Some products have restrictions on what ports can be used. See
port specifications
for details.
For external forwarding rules, two or more forwarding rules cannot use the
same
[IPAddress, IPProtocol]
pair, and cannot have overlappingportRange
s. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same[IPAddress, IPProtocol]
pair, and cannot have overlappingportRange
s.
- It requires that the forwarding rule
- project string
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- psc
Connection stringId - The PSC connection id of the PSC Forwarding Rule.
- psc
Connection stringStatus - The PSC connection status of the PSC Forwarding Rule. Possible values:
STATUS_UNSPECIFIED
,PENDING
,ACCEPTED
,REJECTED
,CLOSED
- pulumi
Labels {[key: string]: string} - The combination of labels configured directly on the resource and default labels configured on the provider.
- self
Link string - The URI of the created resource.
- service
Directory GlobalRegistrations Forwarding Rule Service Directory Registrations - Service Directory resources to register this forwarding rule with. Currently, only supports a single Service Directory resource. Structure is documented below.
- source
Ip string[]Ranges - If not empty, this Forwarding Rule will only forward the traffic when the source IP address matches one of the IP addresses or CIDR ranges set here. Note that a Forwarding Rule can only have up to 64 source IP ranges, and this field can only be used with a regional Forwarding Rule whose scheme is EXTERNAL. Each sourceIpRange entry should be either an IP address (for example, 1.2.3.4) or a CIDR range (for example, 1.2.3.0/24).
- subnetwork string
- This field identifies the subnetwork that the load balanced IP should belong to for this Forwarding Rule, used in internal load balancing and network load balancing with IPv6. If the network specified is in auto subnet mode, this field is optional. However, a subnetwork must be specified if the network is in custom subnet mode or when creating external forwarding rule with IPv6.
- target string
The URL of the target resource to receive the matched traffic. For regional forwarding rules, this target must be in the same region as the forwarding rule. For global forwarding rules, this target must be a global load balancing resource. The forwarded traffic must be of a type appropriate to the target object.
- For load balancers, see the "Target" column in Port specifications.
- For Private Service Connect forwarding rules that forward traffic to Google APIs, provide the name of a supported Google API bundle:
vpc-sc
- APIs that support VPC Service Controls.all-apis
- All supported Google APIs.
For Private Service Connect forwarding rules that forward traffic to managed services, the target must be a service attachment.
- allow_
psc_ boolglobal_ access - This is used in PSC consumer ForwardingRule to control whether the PSC endpoint can be accessed from another region.
- base_
forwarding_ strrule - [Output Only] The URL for the corresponding base Forwarding Rule. By base Forwarding Rule, we mean the Forwarding Rule that has the same IP address, protocol, and port settings with the current Forwarding Rule, but without sourceIPRanges specified. Always empty if the current Forwarding Rule does not have sourceIPRanges specified.
- description str
- An optional description of this resource. Provide this property when you create the resource.
- effective_
labels Mapping[str, str] - All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
- ip_
address str IP address for which this forwarding rule accepts traffic. When a client sends traffic to this IP address, the forwarding rule directs the traffic to the referenced
target
. While creating a forwarding rule, specifying anIPAddress
is required under the following circumstances:- When the
target
is set totargetGrpcProxy
andvalidateForProxyless
is set totrue
, theIPAddress
should be set to0.0.0.0
. - When the
target
is a Private Service Connect Google APIs bundle, you must specify anIPAddress
.
Otherwise, you can optionally specify an IP address that references an existing static (reserved) IP address resource. When omitted, Google Cloud assigns an ephemeral IP address. Use one of the following formats to specify an IP address while creating a forwarding rule:
- IP address number, as in
100.1.2.3
- IPv6 address range, as in
2600:1234::/96
- Full resource URL, as in
https://www.googleapis.com/compute/v1/projects/project_id/regions/region/addresses/address-name
- Partial URL or by name, as in:
projects/project_id/regions/region/addresses/address-name
regions/region/addresses/address-name
global/addresses/address-name
address-name
The forwarding rule's
target
, and in most cases, also theloadBalancingScheme
, determine the type of IP address that you can use. For detailed information, see IP address specifications. When reading anIPAddress
, the API always returns the IP address number.- When the
- ip_
protocol str - The IP protocol to which this rule applies.
For protocol forwarding, valid
options are
TCP
,UDP
,ESP
,AH
,SCTP
,ICMP
andL3_DEFAULT
. The valid IP protocols are different for different load balancing products as described in Load balancing features. Possible values are:TCP
,UDP
,ESP
,AH
,SCTP
,ICMP
. - ip_
version str - The IP Version that will be used by this global forwarding rule.
Possible values are:
IPV4
,IPV6
. - label_
fingerprint str - The fingerprint used for optimistic locking of this resource. Used internally during updates.
- labels Mapping[str, str]
Labels to apply to this forwarding rule. A list of key->value pairs.
Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field
effective_labels
for all of the labels present on the resource.- load_
balancing_ strscheme - Specifies the forwarding rule type.
For more information about forwarding rules, refer to
Forwarding rule concepts.
Default value is
EXTERNAL
. Possible values are:EXTERNAL
,EXTERNAL_MANAGED
,INTERNAL_MANAGED
,INTERNAL_SELF_MANAGED
. - metadata_
filters Sequence[GlobalForwarding Rule Metadata Filter Args] - Opaque filter criteria used by Loadbalancer to restrict routing configuration to a limited set xDS compliant clients. In their xDS requests to Loadbalancer, xDS clients present node metadata. If a match takes place, the relevant routing configuration is made available to those proxies. For each metadataFilter in this list, if its filterMatchCriteria is set to MATCH_ANY, at least one of the filterLabels must match the corresponding label provided in the metadata. If its filterMatchCriteria is set to MATCH_ALL, then all of its filterLabels must match with corresponding labels in the provided metadata. metadataFilters specified here can be overridden by those specified in the UrlMap that this ForwardingRule references. metadataFilters only applies to Loadbalancers that have their loadBalancingScheme set to INTERNAL_SELF_MANAGED. Structure is documented below.
- name str
- Name of the resource; provided by the client when the resource is created.
The name must be 1-63 characters long, and comply with
RFC1035.
Specifically, the name must be 1-63 characters long and match the regular
expression
a-z?
which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. For Private Service Connect forwarding rules that forward traffic to Google APIs, the forwarding rule name must be a 1-20 characters string with lowercase letters and numbers and must start with a letter. - network str
- This field is not used for external load balancing. For Internal TCP/UDP Load Balancing, this field identifies the network that the load balanced IP should belong to for this Forwarding Rule. If the subnetwork is specified, the network of the subnetwork will be used. If neither subnetwork nor this field is specified, the default network will be used. For Private Service Connect forwarding rules that forward traffic to Google APIs, a network must be provided.
- no_
automate_ booldns_ zone - This is used in PSC consumer ForwardingRule to control whether it should try to auto-generate a DNS zone or not. Non-PSC forwarding rules do not use this field.
- port_
range str - The
portRange
field has the following limitations:- It requires that the forwarding rule
IPProtocol
be TCP, UDP, or SCTP, and - It's applicable only to the following products: external passthrough Network Load Balancers, internal and external proxy Network Load Balancers, internal and external Application Load Balancers, external protocol forwarding, and Classic VPN.
- Some products have restrictions on what ports can be used. See
port specifications
for details.
For external forwarding rules, two or more forwarding rules cannot use the
same
[IPAddress, IPProtocol]
pair, and cannot have overlappingportRange
s. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same[IPAddress, IPProtocol]
pair, and cannot have overlappingportRange
s.
- It requires that the forwarding rule
- project str
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- psc_
connection_ strid - The PSC connection id of the PSC Forwarding Rule.
- psc_
connection_ strstatus - The PSC connection status of the PSC Forwarding Rule. Possible values:
STATUS_UNSPECIFIED
,PENDING
,ACCEPTED
,REJECTED
,CLOSED
- pulumi_
labels Mapping[str, str] - The combination of labels configured directly on the resource and default labels configured on the provider.
- self_
link str - The URI of the created resource.
- service_
directory_ Globalregistrations Forwarding Rule Service Directory Registrations Args - Service Directory resources to register this forwarding rule with. Currently, only supports a single Service Directory resource. Structure is documented below.
- source_
ip_ Sequence[str]ranges - If not empty, this Forwarding Rule will only forward the traffic when the source IP address matches one of the IP addresses or CIDR ranges set here. Note that a Forwarding Rule can only have up to 64 source IP ranges, and this field can only be used with a regional Forwarding Rule whose scheme is EXTERNAL. Each sourceIpRange entry should be either an IP address (for example, 1.2.3.4) or a CIDR range (for example, 1.2.3.0/24).
- subnetwork str
- This field identifies the subnetwork that the load balanced IP should belong to for this Forwarding Rule, used in internal load balancing and network load balancing with IPv6. If the network specified is in auto subnet mode, this field is optional. However, a subnetwork must be specified if the network is in custom subnet mode or when creating external forwarding rule with IPv6.
- target str
The URL of the target resource to receive the matched traffic. For regional forwarding rules, this target must be in the same region as the forwarding rule. For global forwarding rules, this target must be a global load balancing resource. The forwarded traffic must be of a type appropriate to the target object.
- For load balancers, see the "Target" column in Port specifications.
- For Private Service Connect forwarding rules that forward traffic to Google APIs, provide the name of a supported Google API bundle:
vpc-sc
- APIs that support VPC Service Controls.all-apis
- All supported Google APIs.
For Private Service Connect forwarding rules that forward traffic to managed services, the target must be a service attachment.
- allow
Psc BooleanGlobal Access - This is used in PSC consumer ForwardingRule to control whether the PSC endpoint can be accessed from another region.
- base
Forwarding StringRule - [Output Only] The URL for the corresponding base Forwarding Rule. By base Forwarding Rule, we mean the Forwarding Rule that has the same IP address, protocol, and port settings with the current Forwarding Rule, but without sourceIPRanges specified. Always empty if the current Forwarding Rule does not have sourceIPRanges specified.
- description String
- An optional description of this resource. Provide this property when you create the resource.
- effective
Labels Map<String> - All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
- ip
Address String IP address for which this forwarding rule accepts traffic. When a client sends traffic to this IP address, the forwarding rule directs the traffic to the referenced
target
. While creating a forwarding rule, specifying anIPAddress
is required under the following circumstances:- When the
target
is set totargetGrpcProxy
andvalidateForProxyless
is set totrue
, theIPAddress
should be set to0.0.0.0
. - When the
target
is a Private Service Connect Google APIs bundle, you must specify anIPAddress
.
Otherwise, you can optionally specify an IP address that references an existing static (reserved) IP address resource. When omitted, Google Cloud assigns an ephemeral IP address. Use one of the following formats to specify an IP address while creating a forwarding rule:
- IP address number, as in
100.1.2.3
- IPv6 address range, as in
2600:1234::/96
- Full resource URL, as in
https://www.googleapis.com/compute/v1/projects/project_id/regions/region/addresses/address-name
- Partial URL or by name, as in:
projects/project_id/regions/region/addresses/address-name
regions/region/addresses/address-name
global/addresses/address-name
address-name
The forwarding rule's
target
, and in most cases, also theloadBalancingScheme
, determine the type of IP address that you can use. For detailed information, see IP address specifications. When reading anIPAddress
, the API always returns the IP address number.- When the
- ip
Protocol String - The IP protocol to which this rule applies.
For protocol forwarding, valid
options are
TCP
,UDP
,ESP
,AH
,SCTP
,ICMP
andL3_DEFAULT
. The valid IP protocols are different for different load balancing products as described in Load balancing features. Possible values are:TCP
,UDP
,ESP
,AH
,SCTP
,ICMP
. - ip
Version String - The IP Version that will be used by this global forwarding rule.
Possible values are:
IPV4
,IPV6
. - label
Fingerprint String - The fingerprint used for optimistic locking of this resource. Used internally during updates.
- labels Map<String>
Labels to apply to this forwarding rule. A list of key->value pairs.
Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field
effective_labels
for all of the labels present on the resource.- load
Balancing StringScheme - Specifies the forwarding rule type.
For more information about forwarding rules, refer to
Forwarding rule concepts.
Default value is
EXTERNAL
. Possible values are:EXTERNAL
,EXTERNAL_MANAGED
,INTERNAL_MANAGED
,INTERNAL_SELF_MANAGED
. - metadata
Filters List<Property Map> - Opaque filter criteria used by Loadbalancer to restrict routing configuration to a limited set xDS compliant clients. In their xDS requests to Loadbalancer, xDS clients present node metadata. If a match takes place, the relevant routing configuration is made available to those proxies. For each metadataFilter in this list, if its filterMatchCriteria is set to MATCH_ANY, at least one of the filterLabels must match the corresponding label provided in the metadata. If its filterMatchCriteria is set to MATCH_ALL, then all of its filterLabels must match with corresponding labels in the provided metadata. metadataFilters specified here can be overridden by those specified in the UrlMap that this ForwardingRule references. metadataFilters only applies to Loadbalancers that have their loadBalancingScheme set to INTERNAL_SELF_MANAGED. Structure is documented below.
- name String
- Name of the resource; provided by the client when the resource is created.
The name must be 1-63 characters long, and comply with
RFC1035.
Specifically, the name must be 1-63 characters long and match the regular
expression
a-z?
which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. For Private Service Connect forwarding rules that forward traffic to Google APIs, the forwarding rule name must be a 1-20 characters string with lowercase letters and numbers and must start with a letter. - network String
- This field is not used for external load balancing. For Internal TCP/UDP Load Balancing, this field identifies the network that the load balanced IP should belong to for this Forwarding Rule. If the subnetwork is specified, the network of the subnetwork will be used. If neither subnetwork nor this field is specified, the default network will be used. For Private Service Connect forwarding rules that forward traffic to Google APIs, a network must be provided.
- no
Automate BooleanDns Zone - This is used in PSC consumer ForwardingRule to control whether it should try to auto-generate a DNS zone or not. Non-PSC forwarding rules do not use this field.
- port
Range String - The
portRange
field has the following limitations:- It requires that the forwarding rule
IPProtocol
be TCP, UDP, or SCTP, and - It's applicable only to the following products: external passthrough Network Load Balancers, internal and external proxy Network Load Balancers, internal and external Application Load Balancers, external protocol forwarding, and Classic VPN.
- Some products have restrictions on what ports can be used. See
port specifications
for details.
For external forwarding rules, two or more forwarding rules cannot use the
same
[IPAddress, IPProtocol]
pair, and cannot have overlappingportRange
s. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same[IPAddress, IPProtocol]
pair, and cannot have overlappingportRange
s.
- It requires that the forwarding rule
- project String
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- psc
Connection StringId - The PSC connection id of the PSC Forwarding Rule.
- psc
Connection StringStatus - The PSC connection status of the PSC Forwarding Rule. Possible values:
STATUS_UNSPECIFIED
,PENDING
,ACCEPTED
,REJECTED
,CLOSED
- pulumi
Labels Map<String> - The combination of labels configured directly on the resource and default labels configured on the provider.
- self
Link String - The URI of the created resource.
- service
Directory Property MapRegistrations - Service Directory resources to register this forwarding rule with. Currently, only supports a single Service Directory resource. Structure is documented below.
- source
Ip List<String>Ranges - If not empty, this Forwarding Rule will only forward the traffic when the source IP address matches one of the IP addresses or CIDR ranges set here. Note that a Forwarding Rule can only have up to 64 source IP ranges, and this field can only be used with a regional Forwarding Rule whose scheme is EXTERNAL. Each sourceIpRange entry should be either an IP address (for example, 1.2.3.4) or a CIDR range (for example, 1.2.3.0/24).
- subnetwork String
- This field identifies the subnetwork that the load balanced IP should belong to for this Forwarding Rule, used in internal load balancing and network load balancing with IPv6. If the network specified is in auto subnet mode, this field is optional. However, a subnetwork must be specified if the network is in custom subnet mode or when creating external forwarding rule with IPv6.
- target String
The URL of the target resource to receive the matched traffic. For regional forwarding rules, this target must be in the same region as the forwarding rule. For global forwarding rules, this target must be a global load balancing resource. The forwarded traffic must be of a type appropriate to the target object.
- For load balancers, see the "Target" column in Port specifications.
- For Private Service Connect forwarding rules that forward traffic to Google APIs, provide the name of a supported Google API bundle:
vpc-sc
- APIs that support VPC Service Controls.all-apis
- All supported Google APIs.
For Private Service Connect forwarding rules that forward traffic to managed services, the target must be a service attachment.
Supporting Types
GlobalForwardingRuleMetadataFilter, GlobalForwardingRuleMetadataFilterArgs
- Filter
Labels List<GlobalForwarding Rule Metadata Filter Filter Label> - The list of label value pairs that must match labels in the provided metadata based on filterMatchCriteria This list must not be empty and can have at the most 64 entries. Structure is documented below.
- Filter
Match stringCriteria - Specifies how individual filterLabel matches within the list of
filterLabels contribute towards the overall metadataFilter match.
MATCH_ANY - At least one of the filterLabels must have a matching
label in the provided metadata.
MATCH_ALL - All filterLabels must have matching labels in the
provided metadata.
Possible values are:
MATCH_ANY
,MATCH_ALL
.
- Filter
Labels []GlobalForwarding Rule Metadata Filter Filter Label - The list of label value pairs that must match labels in the provided metadata based on filterMatchCriteria This list must not be empty and can have at the most 64 entries. Structure is documented below.
- Filter
Match stringCriteria - Specifies how individual filterLabel matches within the list of
filterLabels contribute towards the overall metadataFilter match.
MATCH_ANY - At least one of the filterLabels must have a matching
label in the provided metadata.
MATCH_ALL - All filterLabels must have matching labels in the
provided metadata.
Possible values are:
MATCH_ANY
,MATCH_ALL
.
- filter
Labels List<GlobalForwarding Rule Metadata Filter Filter Label> - The list of label value pairs that must match labels in the provided metadata based on filterMatchCriteria This list must not be empty and can have at the most 64 entries. Structure is documented below.
- filter
Match StringCriteria - Specifies how individual filterLabel matches within the list of
filterLabels contribute towards the overall metadataFilter match.
MATCH_ANY - At least one of the filterLabels must have a matching
label in the provided metadata.
MATCH_ALL - All filterLabels must have matching labels in the
provided metadata.
Possible values are:
MATCH_ANY
,MATCH_ALL
.
- filter
Labels GlobalForwarding Rule Metadata Filter Filter Label[] - The list of label value pairs that must match labels in the provided metadata based on filterMatchCriteria This list must not be empty and can have at the most 64 entries. Structure is documented below.
- filter
Match stringCriteria - Specifies how individual filterLabel matches within the list of
filterLabels contribute towards the overall metadataFilter match.
MATCH_ANY - At least one of the filterLabels must have a matching
label in the provided metadata.
MATCH_ALL - All filterLabels must have matching labels in the
provided metadata.
Possible values are:
MATCH_ANY
,MATCH_ALL
.
- filter_
labels Sequence[GlobalForwarding Rule Metadata Filter Filter Label] - The list of label value pairs that must match labels in the provided metadata based on filterMatchCriteria This list must not be empty and can have at the most 64 entries. Structure is documented below.
- filter_
match_ strcriteria - Specifies how individual filterLabel matches within the list of
filterLabels contribute towards the overall metadataFilter match.
MATCH_ANY - At least one of the filterLabels must have a matching
label in the provided metadata.
MATCH_ALL - All filterLabels must have matching labels in the
provided metadata.
Possible values are:
MATCH_ANY
,MATCH_ALL
.
- filter
Labels List<Property Map> - The list of label value pairs that must match labels in the provided metadata based on filterMatchCriteria This list must not be empty and can have at the most 64 entries. Structure is documented below.
- filter
Match StringCriteria - Specifies how individual filterLabel matches within the list of
filterLabels contribute towards the overall metadataFilter match.
MATCH_ANY - At least one of the filterLabels must have a matching
label in the provided metadata.
MATCH_ALL - All filterLabels must have matching labels in the
provided metadata.
Possible values are:
MATCH_ANY
,MATCH_ALL
.
GlobalForwardingRuleMetadataFilterFilterLabel, GlobalForwardingRuleMetadataFilterFilterLabelArgs
GlobalForwardingRuleServiceDirectoryRegistrations, GlobalForwardingRuleServiceDirectoryRegistrationsArgs
- Namespace string
- Service Directory namespace to register the forwarding rule under.
- Service
Directory stringRegion - [Optional] Service Directory region to register this global forwarding rule under. Default to "us-central1". Only used for PSC for Google APIs. All PSC for Google APIs Forwarding Rules on the same network should use the same Service Directory region.
- Namespace string
- Service Directory namespace to register the forwarding rule under.
- Service
Directory stringRegion - [Optional] Service Directory region to register this global forwarding rule under. Default to "us-central1". Only used for PSC for Google APIs. All PSC for Google APIs Forwarding Rules on the same network should use the same Service Directory region.
- namespace String
- Service Directory namespace to register the forwarding rule under.
- service
Directory StringRegion - [Optional] Service Directory region to register this global forwarding rule under. Default to "us-central1". Only used for PSC for Google APIs. All PSC for Google APIs Forwarding Rules on the same network should use the same Service Directory region.
- namespace string
- Service Directory namespace to register the forwarding rule under.
- service
Directory stringRegion - [Optional] Service Directory region to register this global forwarding rule under. Default to "us-central1". Only used for PSC for Google APIs. All PSC for Google APIs Forwarding Rules on the same network should use the same Service Directory region.
- namespace str
- Service Directory namespace to register the forwarding rule under.
- service_
directory_ strregion - [Optional] Service Directory region to register this global forwarding rule under. Default to "us-central1". Only used for PSC for Google APIs. All PSC for Google APIs Forwarding Rules on the same network should use the same Service Directory region.
- namespace String
- Service Directory namespace to register the forwarding rule under.
- service
Directory StringRegion - [Optional] Service Directory region to register this global forwarding rule under. Default to "us-central1". Only used for PSC for Google APIs. All PSC for Google APIs Forwarding Rules on the same network should use the same Service Directory region.
Import
GlobalForwardingRule can be imported using any of these accepted formats:
projects/{{project}}/global/forwardingRules/{{name}}
{{project}}/{{name}}
{{name}}
When using the pulumi import
command, GlobalForwardingRule can be imported using one of the formats above. For example:
$ pulumi import gcp:compute/globalForwardingRule:GlobalForwardingRule default projects/{{project}}/global/forwardingRules/{{name}}
$ pulumi import gcp:compute/globalForwardingRule:GlobalForwardingRule default {{project}}/{{name}}
$ pulumi import gcp:compute/globalForwardingRule:GlobalForwardingRule default {{name}}
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Google Cloud (GCP) Classic pulumi/pulumi-gcp
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
google-beta
Terraform Provider.