ComputeForwardingRule
| Property | Value |
|---|---|
| Google Cloud Service Name | Compute Engine |
| Google Cloud Service Documentation | /compute/docs/ |
| Google Cloud REST Resource Name |
v1.forwardingRules v1.globalForwardingRules |
| Google Cloud REST Resource Documentation |
/compute/docs/reference/rest/v1/forwardingRules /compute/docs/reference/rest/v1/globalForwardingRules |
| Config Connector Resource Short Names | gcpcomputeforwardingrule gcpcomputeforwardingrules computeforwardingrule |
| Config Connector Service Name | compute.googleapis.com |
| Config Connector Resource Fully Qualified Name | computeforwardingrules.compute.cnrm.cloud.google.com |
| Can Be Referenced by IAMPolicy/IAMPolicyMember | No |
| Config Connector Default Average Reconcile Interval In Seconds | 600 |
ComputeForwardingRule can manage both global and regional forwarding rules. To manage a global ComputeForwardingRule use a value of global in
the spec.location field. To manage a regional ComputeForwardingRule, use a region name in the spec.location field.
Custom Resource Definition Properties
Annotations
| Fields | |
|---|---|
cnrm.cloud.google.com/project-id |
|
Spec
Schema
allPorts: boolean
allowGlobalAccess: boolean
allowPscGlobalAccess: boolean
backendServiceRef:
external: string
name: string
namespace: string
description: string
ipAddress:
addressRef:
external: string
name: string
namespace: string
ip: string
ipProtocol: string
ipVersion: string
isMirroringCollector: boolean
loadBalancingScheme: string
location: string
metadataFilters:
- filterLabels:
- name: string
value: string
filterMatchCriteria: string
networkRef:
external: string
name: string
namespace: string
networkTier: string
noAutomateDnsZone: boolean
portRange: string
ports:
- string
resourceID: string
serviceDirectoryRegistrations:
- namespace: string
service: string
serviceLabel: string
sourceIpRanges:
- string
subnetworkRef:
external: string
name: string
namespace: string
target:
googleAPIsBundle: string
serviceAttachmentRef:
external: string
name: string
namespace: string
targetGRPCProxyRef:
external: string
name: string
namespace: string
targetHTTPProxyRef:
external: string
name: string
namespace: string
targetHTTPSProxyRef:
external: string
name: string
namespace: string
targetSSLProxyRef:
external: string
name: string
namespace: string
targetTCPProxyRef:
external: string
name: string
namespace: string
targetVPNGatewayRef:
external: string
name: string
namespace: string
| Fields | |
|---|---|
|
Optional |
Immutable. This field can only be used: * If 'IPProtocol' is one of TCP, UDP, or SCTP. * By internal TCP/UDP load balancers, backend service-based network load balancers, and internal and external protocol forwarding. This option should be set to TRUE when the Forwarding Rule IPProtocol is set to L3_DEFAULT. Set this field to true to allow packets addressed to any port or packets lacking destination port information (for example, UDP fragments after the first fragment) to be forwarded to the backends configured with this forwarding rule. The 'ports', 'port_range', and 'allPorts' fields are mutually exclusive. |
|
Optional |
This field is used along with the 'backend_service' field for internal load balancing or with the 'target' field for internal TargetInstance. If the field is set to 'TRUE', clients can access ILB from all regions. Otherwise only allows access from clients in the same region as the internal load balancer. |
|
Optional |
This is used in PSC consumer ForwardingRule to control whether the PSC endpoint can be accessed from another region. |
|
Optional |
A ComputeBackendService to receive the matched traffic. This is used only for internal load balancing. |
|
Optional |
The ComputeBackendService selflink in the form "projects/{{project}}/global/backendServices/{{name}}" or "projects/{{project}}/regions/{{region}}/backendServices/{{name}}" when not managed by Config Connector. |
|
Optional |
The `name` field of a `ComputeBackendService` resource. |
|
Optional |
The `namespace` field of a `ComputeBackendService` resource. |
|
Optional |
Immutable. An optional description of this resource. Provide this property when you create the resource. |
|
Optional |
The IP address that this forwarding rule is serving on behalf of. Addresses are restricted based on the forwarding rule's load balancing scheme (EXTERNAL or INTERNAL) and scope (global or regional). When the load balancing scheme is EXTERNAL, for global forwarding rules, the address must be a global IP, and for regional forwarding rules, the address must live in the same region as the forwarding rule. If this field is empty, an ephemeral IPv4 address from the same scope (global or regional) will be assigned. A regional forwarding rule supports IPv4 only. A global forwarding rule supports either IPv4 or IPv6. When the load balancing scheme is INTERNAL, this can only be an RFC 1918 IP address belonging to the network/subnet configured for the forwarding rule. By default, if this field is empty, an ephemeral internal IP address will be automatically allocated from the IP range of the subnet or network configured for this forwarding rule. |
|
Optional |
|
|
Optional |
The ComputeAddress selflink in the form "projects/{{project}}/regions/{{region}}/addresses/{{name}}" when not managed by Config Connector. |
|
Optional |
The `name` field of a `ComputeAddress` resource. |
|
Optional |
The `namespace` field of a `ComputeAddress` resource. |
|
Optional |
|
|
Optional |
Immutable. The IP protocol to which this rule applies. For protocol forwarding, valid options are 'TCP', 'UDP', 'ESP', 'AH', 'SCTP', 'ICMP' and 'L3_DEFAULT'. The valid IP protocols are different for different load balancing products as described in [Load balancing features](https://cloud.google.com/load-balancing/docs/features#protocols_from_the_load_balancer_to_the_backends). A Forwarding Rule with protocol L3_DEFAULT can attach with target instance or backend service with UNSPECIFIED protocol. A forwarding rule with "L3_DEFAULT" IPProtocal cannot be attached to a backend service with TCP or UDP. Possible values: ["TCP", "UDP", "ESP", "AH", "SCTP", "ICMP", "L3_DEFAULT"]. |
|
Optional |
Immutable. The IP address version that will be used by this forwarding rule. Valid options are IPV4 and IPV6. If not set, the IPv4 address will be used by default. Possible values: ["IPV4", "IPV6"]. |
|
Optional |
Immutable. Indicates whether or not this load balancer can be used as a collector for packet mirroring. To prevent mirroring loops, instances behind this load balancer will not have their traffic mirrored even if a 'PacketMirroring' rule applies to them. This can only be set to true for load balancers that have their 'loadBalancingScheme' set to 'INTERNAL'. |
|
Optional |
Immutable. Specifies the forwarding rule type. Must set to empty for private service connect forwarding rule. For more information about forwarding rules, refer to [Forwarding rule concepts](https://cloud.google.com/load-balancing/docs/forwarding-rule-concepts). Default value: "EXTERNAL" Possible values: ["EXTERNAL", "EXTERNAL_MANAGED", "INTERNAL", "INTERNAL_MANAGED", ""]. |
|
Required* |
Location represents the geographical location of the ComputeForwardingRule. Specify a region name or "global" for global resources. Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/) |
|
Optional |
Immutable. Opaque filter criteria used by Loadbalancer to restrict routing configuration to a limited set xDS compliant clients. In their xDS requests to Loadbalancer, xDS clients present node metadata. If a match takes place, the relevant routing configuration is made available to those proxies. For each metadataFilter in this list, if its filterMatchCriteria is set to MATCH_ANY, at least one of the filterLabels must match the corresponding label provided in the metadata. If its filterMatchCriteria is set to MATCH_ALL, then all of its filterLabels must match with corresponding labels in the provided metadata. metadataFilters specified here can be overridden by those specified in the UrlMap that this ForwardingRule references. metadataFilters only applies to Loadbalancers that have their loadBalancingScheme set to INTERNAL_SELF_MANAGED. |
|
Optional |
|
|
Required* |
Immutable. The list of label value pairs that must match labels in the provided metadata based on filterMatchCriteria This list must not be empty and can have at the most 64 entries. |
|
Required* |
|
|
Required* |
Immutable. Name of the metadata label. The length must be between 1 and 1024 characters, inclusive. |
|
Required* |
Immutable. The value that the label must match. The value has a maximum length of 1024 characters. |
|
Required* |
Immutable. Specifies how individual filterLabel matches within the list of filterLabels contribute towards the overall metadataFilter match. MATCH_ANY - At least one of the filterLabels must have a matching label in the provided metadata. MATCH_ALL - All filterLabels must have matching labels in the provided metadata. Possible values: ["MATCH_ANY", "MATCH_ALL"]. |
|
Optional |
This field is not used for external load balancing. For internal load balancing, this field identifies the network that the load balanced IP should belong to for this forwarding rule. If this field is not specified, the default network will be used. |
|
Optional |
A reference to an externally managed Compute Network resource. Should be in the format `projects/ |
|
Optional |
The `name` field of a `ComputeNetwork` resource. |
|
Optional |
The `namespace` field of a `ComputeNetwork` resource. |
|
Optional |
Immutable. This signifies the networking tier used for configuring this load balancer and can only take the following values: 'PREMIUM', 'STANDARD'. For regional ForwardingRule, the valid values are 'PREMIUM' and 'STANDARD'. For GlobalForwardingRule, the valid value is 'PREMIUM'. If this field is not specified, it is assumed to be 'PREMIUM'. If 'IPAddress' is specified, this value must be equal to the networkTier of the Address. Possible values: ["PREMIUM", "STANDARD"]. |
|
Optional |
Immutable. This is used in PSC consumer ForwardingRule to control whether it should try to auto-generate a DNS zone or not. Non-PSC forwarding rules do not use this field. |
|
Optional |
Immutable. This field can only be used: * If 'IPProtocol' is one of TCP, UDP, or SCTP. * By backend service-based network load balancers, target pool-based network load balancers, internal proxy load balancers, external proxy load balancers, Traffic Director, external protocol forwarding, and Classic VPN. Some products have restrictions on what ports can be used. See [port specifications](https://cloud.google.com/load-balancing/docs/forwarding-rule-concepts#port_specifications) for details. Only packets addressed to ports in the specified range will be forwarded to the backends configured with this forwarding rule. The 'ports' and 'port_range' fields are mutually exclusive. For external forwarding rules, two or more forwarding rules cannot use the same '[IPAddress, IPProtocol]' pair, and cannot have overlapping 'portRange's. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same '[IPAddress, IPProtocol]' pair, and cannot have overlapping 'portRange's. |
|
Optional |
Immutable. This field can only be used: * If 'IPProtocol' is one of TCP, UDP, or SCTP. * By internal TCP/UDP load balancers, backend service-based network load balancers, internal protocol forwarding and when protocol is not L3_DEFAULT. You can specify a list of up to five ports by number, separated by commas. The ports can be contiguous or discontiguous. Only packets addressed to these ports will be forwarded to the backends configured with this forwarding rule. For external forwarding rules, two or more forwarding rules cannot use the same '[IPAddress, IPProtocol]' pair, and cannot share any values defined in 'ports'. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same '[IPAddress, IPProtocol]' pair, and cannot share any values defined in 'ports'. The 'ports' and 'port_range' fields are mutually exclusive. |
|
Optional |
|
|
Optional |
Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. |
|
Optional |
Immutable. Service Directory resources to register this forwarding rule with. Currently, only supports a single Service Directory resource. |
|
Optional |
|
|
Optional |
Immutable. Service Directory namespace to register the forwarding rule under. |
|
Optional |
Immutable. Service Directory service to register the forwarding rule under. |
|
Optional |
Immutable. An optional prefix to the service name for this Forwarding Rule. If specified, will be the first label of the fully qualified service name. The label must be 1-63 characters long, and comply with RFC1035. Specifically, the label must be 1-63 characters long and match the regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. This field is only used for INTERNAL load balancing. |
|
Optional |
Immutable. If not empty, this Forwarding Rule will only forward the traffic when the source IP address matches one of the IP addresses or CIDR ranges set here. Note that a Forwarding Rule can only have up to 64 source IP ranges, and this field can only be used with a regional Forwarding Rule whose scheme is EXTERNAL. Each sourceIpRange entry should be either an IP address (for example, 1.2.3.4) or a CIDR range (for example, 1.2.3.0/24). |
|
Optional |
|
|
Optional |
Immutable. The subnetwork that the load balanced IP should belong to for this forwarding rule. This field is only used for internal load balancing. If the network specified is in auto subnet mode, this field is optional. However, if the network is in custom subnet mode, a subnetwork must be specified. |
|
Optional |
The ComputeSubnetwork selflink of form "projects/{{project}}/regions/{{region}}/subnetworks/{{name}}", when not managed by Config Connector. |
|
Optional |
The `name` field of a `ComputeSubnetwork` resource. |
|
Optional |
The `namespace` field of a `ComputeSubnetwork` resource. |
|
Optional |
The target resource to receive the matched traffic. The forwarded traffic must be of a type appropriate to the target object. For INTERNAL_SELF_MANAGED load balancing, only HTTP and HTTPS targets are valid. |
|
Optional |
|
|
Optional |
|
|
Optional |
The ComputeServiceAttachment selflink in the form "projects/{{project}}/regions/{{region}}/serviceAttachments/{{name}}" when not managed by Config Connector. |
|
Optional |
The `name` field of a `ComputeServiceAttachment` resource. |
|
Optional |
The `namespace` field of a `ComputeServiceAttachment` resource. |
|
Optional |
|
|
Optional |
The ComputeTargetGrpcProxy selflink in the form "projects/{{project}}/global/targetGrpcProxies/{{name}}" when not managed by Config Connector. |
|
Optional |
The `name` field of a `ComputeTargetGrpcProxy` resource. |
|
Optional |
The `namespace` field of a `ComputeTargetGrpcProxy` resource. |
|
Optional |
|
|
Optional |
The ComputeTargetHTTPProxy selflink in the form "projects/{{project}}/global/targetHttpProxies/{{name}}" or "projects/{{project}}/regions/{{region}}/targetHttpProxies/{{name}}" when not managed by Config Connector. |
|
Optional |
The `name` field of a `ComputeTargetHTTPProxy` resource. |
|
Optional |
The `namespace` field of a `ComputeTargetHTTPProxy` resource. |
|
Optional |
|
|
Optional |
The ComputeTargetHTTPSProxy selflink in the form "projects/{{project}}/global/targetHttpProxies/{{name}}" or "projects/{{project}}/regions/{{region}}/targetHttpProxies/{{name}}" when not managed by Config Connector. |
|
Optional |
The `name` field of a `ComputeTargetHTTPSProxy` resource. |
|
Optional |
The `namespace` field of a `ComputeTargetHTTPSProxy` resource. |
|
Optional |
|
|
Optional |
The ComputeTargetSSLProxy selflink in the form "projects/{{project}}/global/targetSslProxies/{{name}}" when not managed by Config Connector. |
|
Optional |
The `name` field of a `ComputeTargetSSLProxy` resource. |
|
Optional |
The `namespace` field of a `ComputeTargetSSLProxy` resource. |
|
Optional |
|
|
Optional |
The ComputeTargetTCPProxy selflink in the form "projects/{{project}}/global/targetTcpProxies/{{name}}" or "projects/{{project}}/regions/{{region}}/targetTcpProxies/{{name}}" when not managed by Config Connector. |
|
Optional |
The `name` field of a `ComputeTargetTCPProxy` resource. |
|
Optional |
The `namespace` field of a `ComputeTargetTCPProxy` resource. |
|
Optional |
|
|
Optional |
The ComputeTargetVPNGateway selflink in the form "projects/{{project}}/regions/{{region}}/targetVpnGateways/{{name}}" when not managed by Config Connector. |
|
Optional |
The `name` field of a `ComputeTargetVPNGateway` resource. |
|
Optional |
The `namespace` field of a `ComputeTargetVPNGateway` resource. |
* Field is required when parent field is specified
Status
Schema
baseForwardingRule: string
conditions:
- lastTransitionTime: string
message: string
reason: string
status: string
type: string
creationTimestamp: string
externalRef: string
labelFingerprint: string
observedGeneration: integer
pscConnectionId: string
pscConnectionStatus: string
selfLink: string
serviceName: string
| Fields | |
|---|---|
baseForwardingRule |
[Output Only] The URL for the corresponding base Forwarding Rule. By base Forwarding Rule, we mean the Forwarding Rule that has the same IP address, protocol, and port settings with the current Forwarding Rule, but without sourceIPRanges specified. Always empty if the current Forwarding Rule does not have sourceIPRanges specified. |
conditions |
Conditions represent the latest available observations of the object's current state. |
conditions[] |
|
conditions[].lastTransitionTime |
Last time the condition transitioned from one status to another. |
conditions[].message |
Human-readable message indicating details about last transition. |
conditions[].reason |
Unique, one-word, CamelCase reason for the condition's last transition. |
conditions[].status |
Status is the status of the condition. Can be True, False, Unknown. |
conditions[].type |
Type is the type of the condition. |
creationTimestamp |
Creation timestamp in RFC3339 text format. |
externalRef |
A unique Config Connector specifier for the resource in GCP. |
labelFingerprint |
The fingerprint used for optimistic locking of this resource. Used internally during updates. |
observedGeneration |
ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. |
pscConnectionId |
The PSC connection id of the PSC Forwarding Rule. |
pscConnectionStatus |
The PSC connection status of the PSC Forwarding Rule. Possible values: 'STATUS_UNSPECIFIED', 'PENDING', 'ACCEPTED', 'REJECTED', 'CLOSED'. |
selfLink |
|
serviceName |
The internal fully qualified service name for this Forwarding Rule. This field is only used for INTERNAL load balancing. |
Sample YAML(s)
Global Forwarding Rule With Target Http Proxy
# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeForwardingRule
metadata:
labels:
label-one: "value-one"
name: computeforwardingrule-sample-global-with-target-http-proxy
spec:
description: "A global forwarding rule"
target:
targetHTTPProxyRef:
name: computeforwardingrule-dep-global-with-target-http-proxy
portRange: "80"
ipProtocol: "TCP"
ipVersion: "IPV4"
location: global
---
apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeBackendService
metadata:
name: computeforwardingrule-dep-global-with-target-http-proxy
spec:
healthChecks:
- healthCheckRef:
name: computeforwardingrule-dep-global-with-target-http-proxy
location: global
---
apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeHealthCheck
metadata:
name: computeforwardingrule-dep-global-with-target-http-proxy
spec:
checkIntervalSec: 10
httpHealthCheck:
port: 80
location: global
---
apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeTargetHTTPProxy
metadata:
name: computeforwardingrule-dep-global-with-target-http-proxy
spec:
urlMapRef:
name: computeforwardingrule-dep-global-with-target-http-proxy
location: global
---
apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeURLMap
metadata:
name: computeforwardingrule-dep-global-with-target-http-proxy
spec:
defaultService:
backendServiceRef:
name: computeforwardingrule-dep-global-with-target-http-proxy
location: global
Global Forwarding Rule With Target Ssl Proxy
# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeForwardingRule
metadata:
labels:
label-one: "value-one"
name: computeforwardingrule-sample-global-with-target-ssl-proxy
spec:
description: "A global forwarding rule"
target:
targetSSLProxyRef:
name: computeforwardingrule-dep-global-with-target-ssl-proxy
portRange: "995"
ipProtocol: "TCP"
ipVersion: "IPV4"
location: global
---
apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeBackendService
metadata:
name: computeforwardingrule-dep-global-with-target-ssl-proxy
spec:
healthChecks:
- healthCheckRef:
name: computeforwardingrule-dep-global-with-target-ssl-proxy
protocol: TCP
location: global
---
apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeHealthCheck
metadata:
name: computeforwardingrule-dep-global-with-target-ssl-proxy
spec:
checkIntervalSec: 10
sslHealthCheck:
port: 995
location: global
---
apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeSSLCertificate
metadata:
name: computeforwardingrule-dep-global-with-target-ssl-proxy
spec:
location: global
description: example compute SSL certificate
certificate:
valueFrom:
secretKeyRef:
name: computeforwardingrule-dep-global-with-target-ssl-proxy
key: certificate
privateKey:
valueFrom:
secretKeyRef:
name: computeforwardingrule-dep-global-with-target-ssl-proxy
key: privateKey
---
apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeTargetSSLProxy
metadata:
name: computeforwardingrule-dep-global-with-target-ssl-proxy
spec:
backendServiceRef:
name: computeforwardingrule-dep-global-with-target-ssl-proxy
sslCertificates:
- name: computeforwardingrule-dep-global-with-target-ssl-proxy
---
apiVersion: v1
kind: Secret
metadata:
name: computeforwardingrule-dep-global-with-target-ssl-proxy
stringData:
certificate: |
-----BEGIN CERTIFICATE-----
MIIDJTCCAg0CFHdD3ZGYMCmF3O4PvMwsP5i8d/V0MA0GCSqGSIb3DQEBCwUAME8x
CzAJBgNVBAYTAlVTMQswCQYDVQQIDAJXQTEhMB8GA1UECgwYSW50ZXJuZXQgV2lk
Z2l0cyBQdHkgTHRkMRAwDgYDVQQDDAdFeGFtcGxlMB4XDTE5MDkyOTIyMjgyOVoX
DTIwMDkyODIyMjgyOVowTzELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAldBMSEwHwYD
VQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxEDAOBgNVBAMMB0V4YW1wbGUw
ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDWLvOZIail12i6NXIqOspV
corkuS1Nl0ayrl0VuKHCvheun/s7lLLgEfifzRueYlSUtdGg4atWIwEKsbIE+AF9
uUTzkq/t6zHxFAAWgVZ6/hW696jqcZX3yU+LCuHPLSN0ruqD6ZygnYDVciDmYwxe
601xNfOOYRlm6dGRx6uTxGDZtfu8zsaNI0UxTugTp2x5cKB66SbgdlIJvc2Hb54a
7qOsb9CIf+rrK2xUdJUj4ueUEIMxjnY2u/Dc71SgfBVn+yFfN9MHNdcTWPXEUClE
Fxd/MB3dGn7hVavXyvy3NT4tWhBgYBphfEUudDFej5MmVq56JOEQ2UtaQ+Imscud
AgMBAAEwDQYJKoZIhvcNAQELBQADggEBAMYTQyjVlo6TCYoyK6akjPX7vRiwCCAh
jqsEu3bZqwUreOhZgRAyEXrq68dtXwTbwdisQmnhpBeBQuX4WWeas9TiycZ13TA1
Z+h518D9OVXjrNs7oE3QNFeTom807IW16YydlrZMLKO8mQg6/BXfSHbLwuQHSIYS
JD+uOfnkr08ORBbLGgBKKpy7ngflIkdSrQPmCYmYlvoy+goMAEVi0K3Y1wVzAF4k
O4v8f7GXkNarsFT1QM82JboVV5uwX+uDmi858WKDHYGv2Ypv6yy93vdV0Xt/IBj3
95/RDisBzcL7Ynpl34AAr5MLm7yCSsPrAmgevX4BOtcVc4rSXj5rcoE=
-----END CERTIFICATE-----
privateKey: |
-----BEGIN RSA PRIVATE KEY-----
MIIEpQIBAAKCAQEA1i7zmSGopddoujVyKjrKVXKK5LktTZdGsq5dFbihwr4Xrp/7
O5Sy4BH4n80bnmJUlLXRoOGrViMBCrGyBPgBfblE85Kv7esx8RQAFoFWev4Vuveo
6nGV98lPiwrhzy0jdK7qg+mcoJ2A1XIg5mMMXutNcTXzjmEZZunRkcerk8Rg2bX7
vM7GjSNFMU7oE6dseXCgeukm4HZSCb3Nh2+eGu6jrG/QiH/q6ytsVHSVI+LnlBCD
MY52Nrvw3O9UoHwVZ/shXzfTBzXXE1j1xFApRBcXfzAd3Rp+4VWr18r8tzU+LVoQ
YGAaYXxFLnQxXo+TJlaueiThENlLWkPiJrHLnQIDAQABAoIBAQDMo/WZlQBG3Cay
64fV83AI7jTozkkLvoMNC+3iaBMeN3P3I+HuDmhOEL2lKVq/HKJFp+bPuW50EWPY
bOlzN+Zs0kygEMJJJxQDjCF9XzxarVPj3OcmgTpRkqWOaupPgYhD3zAws080YuiK
h84Jcg+KzXWjunGn0vxrSPI0QDueJR2i03tEDBAtMZ0pvAsJ0gmXRdzGOc2uRzDm
fbS3y/JIufClO28OzjJ5AJkbc9XgRDeCDOFY2D375bCg2boPYmP7Iw0HVU3RQhcr
t+US27VQBRJF4cQ2CCyr0ZbdaPn41v+/A/qxF6ZPguyy+KoyQjCqK8iFArRQ48hJ
cR2pFx4hAoGBAP2uXIJAdAemrOunv2CWlUHI2iHj/kJ1AXRMpiT+eF0US9E6tipE
mL63HkUhiAs2nJnPi3RDxP+kAO2Z3anqjm1KCeGj+IYYZMavnkC8EVybv9lDwORy
e2O1bfRc/tGa341KmvXLbp8oVMIYIvKz2cZmHGJ4V4DTq8dTvmqoE4/VAoGBANgk
KWY5MJToZJJ5bV0mc2stmGt/IAZZPlKjVmKOjDyzqHRLAhsmbMyUhhgZtyj0dzSW
ILEeaEJknYRrOB48D6IqkB8VnFJyHUG8l+Za41adqRQNid0S5n50/+eYbjZpYCrA
SGmC2dhPZvRD6tOyEEJF5PZMvqxDcNRilc627HipAoGBAKzqrSQbyvtsIXKAZXLx
McwlnIp9XlLubo9Xr+iHjIPl0chMvN8S4wscxwVYVeNO1nABiI03pJCcugU7XFz2
BR952EJ2AnFlL0w/aR+3Eh6OC7eM927Amlrc0JZAzXESoE8vC3F/uWfDlgK3cRr+
fPM/pxl37i1iGzVDYAhTiQIBAoGAPW25nmXumsOZoc+E945wCywAP7z3mxZOEip9
6LDexnnBDJws0w6OqW4k1kCov6kLIBTy4aPkucniwrm+T0l+n/Y807jOntfz3LT+
7ucx6XIRlbNrVTuD6rjR6j52RFyaikvvyJz50PJwLkgHO3dGC6/VrPKO1mKsdJA4
R3HRr1ECgYEAobNQbQSLrSWZ1cozJbmNgRqqvxDNSEDi8LpXukOAw4pz1km7o3ob
hCy1ksfFzsp5glYqwZd/Bahk64u3mII+rKoYwYLrH2l2aFDmMbdTfQUycpQZyi3+
VtGS1PFoKx9fSFDNHhR5ZhfasQcuKHYfeFfO2/DoOxQkNCI1y4I2huo=
-----END RSA PRIVATE KEY-----
Global Forwarding Rule With Target Tcp Proxy
# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeForwardingRule
metadata:
labels:
label-one: "value-one"
name: computeforwardingrule-sample-global-with-target-tcp-proxy
spec:
description: "A global forwarding rule"
target:
targetTCPProxyRef:
name: computeforwardingrule-dep-global-with-target-tcp-proxy
portRange: "110"
ipProtocol: "TCP"
ipVersion: "IPV4"
location: global
---
apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeBackendService
metadata:
name: computeforwardingrule-dep-global-with-target-tcp-proxy
spec:
healthChecks:
- healthCheckRef:
name: computeforwardingrule-dep-global-with-target-tcp-proxy
protocol: TCP
location: global
---
apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeHealthCheck
metadata:
name: computeforwardingrule-dep-global-with-target-tcp-proxy
spec:
checkIntervalSec: 10
tcpHealthCheck:
port: 110
location: global
---
apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeTargetTCPProxy
metadata:
name: computeforwardingrule-dep-global-with-target-tcp-proxy
spec:
backendServiceRef:
name: computeforwardingrule-dep-global-with-target-tcp-proxy
Global Forwarding Rule With Target gRPC Proxy
# Copyright 2021 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeForwardingRule
metadata:
labels:
label-one: "value-one"
name: computeforwardingrule-sample-global-with-grpc-proxy
spec:
description: "A global forwarding rule"
target:
targetGRPCProxyRef:
name: computeforwardingrule-dep-global-with-grpc-proxy
loadBalancingScheme: INTERNAL_SELF_MANAGED
ipAddress:
ip: "0.0.0.0"
portRange: "80"
ipProtocol: "TCP"
location: global
---
apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeBackendService
metadata:
name: computeforwardingrule-dep-global-with-grpc-proxy
spec:
location: global
loadBalancingScheme: INTERNAL_SELF_MANAGED
protocol: GRPC
---
apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeTargetGRPCProxy
metadata:
name: computeforwardingrule-dep-global-with-grpc-proxy
spec:
description: A target gRPC proxy intended for load balancing gRPC traffic, referenced by global forwarding rules. References a URL map which specifies how traffic routes to gRPC backend services.
urlMapRef:
name: computeforwardingrule-dep-global-with-grpc-proxy
validateForProxyless: true
---
apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeURLMap
metadata:
name: computeforwardingrule-dep-global-with-grpc-proxy
spec:
location: global
defaultService:
backendServiceRef:
name: computeforwardingrule-dep-global-with-grpc-proxy
Global Internal Forwarding Rule With Target Http Proxy
# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeForwardingRule
metadata:
name: computeforwardingrule-sample-global-internal-http-proxy
spec:
target:
targetHTTPProxyRef:
name: computeforwardingrule-dep-global-internal-http-proxy
ipAddress:
addressRef:
name: computeforwardingrule-dep-global-internal-http-proxy
ipProtocol: "TCP"
loadBalancingScheme: INTERNAL_MANAGED
location: global
networkRef:
name: computeforwardingrule-dep-global-internal-http-proxy
subnetworkRef:
name: computeforwardingrule-dep-global-internal-http-proxy
portRange: '80-80'
allowGlobalAccess: true
---
apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeAddress
metadata:
name: computeforwardingrule-dep-global-internal-http-proxy
spec:
addressType: INTERNAL
location: us-central1
ipVersion: IPV4
purpose: SHARED_LOADBALANCER_VIP
subnetworkRef:
name: computeforwardingrule-dep-global-internal-http-proxy
---
apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeBackendService
metadata:
name: computeforwardingrule-dep-global-internal-http-proxy
spec:
healthChecks:
- healthCheckRef:
name: computeforwardingrule-dep-global-internal-http-proxy
loadBalancingScheme: INTERNAL_MANAGED
location: global
protocol: HTTP
backend:
- balancingMode: UTILIZATION
group:
instanceGroupRef:
name: computeforwardingrule-dep-global-internal-http-proxy
---
apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeHealthCheck
metadata:
name: computeforwardingrule-dep-global-internal-http-proxy
spec:
httpHealthCheck:
port: 80
location: global
---
apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeInstanceGroup
metadata:
name: computeforwardingrule-dep-global-internal-http-proxy
spec:
zone: us-central1-a
networkRef:
name: computeforwardingrule-dep-global-internal-http-proxy
---
apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeNetwork
metadata:
name: computeforwardingrule-dep-global-internal-http-proxy
spec:
routingMode: REGIONAL
autoCreateSubnetworks: false
---
apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeSubnetwork
metadata:
name: computeforwardingrule-dep-global-internal-http-proxy
spec:
ipCidrRange: 10.2.0.0/28
region: us-central1
networkRef:
name: computeforwardingrule-dep-global-internal-http-proxy
---
apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeSubnetwork
metadata:
name: computeforwardingrule-dep-global-internal-http-proxy-proxy
spec:
ipCidrRange: 10.3.0.0/26
region: us-central1
purpose: GLOBAL_MANAGED_PROXY
role: ACTIVE
networkRef:
name: computeforwardingrule-dep-global-internal-http-proxy
---
apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeTargetHTTPProxy
metadata:
name: computeforwardingrule-dep-global-internal-http-proxy
spec:
urlMapRef:
name: computeforwardingrule-dep-global-internal-http-proxy
location: global
---
apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeURLMap
metadata:
name: computeforwardingrule-dep-global-internal-http-proxy
spec:
defaultService:
backendServiceRef:
name: computeforwardingrule-dep-global-internal-http-proxy
location: global
Regional Forwarding Rule
# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeForwardingRule
metadata:
labels:
label-one: "value-one"
name: computeforwardingrule-sample-regional
spec:
description: "A regional forwarding rule"
target:
targetVPNGatewayRef:
name: computeforwardingrule-dep-regional
ipProtocol: "ESP"
location: us-central1
ipAddress:
addressRef:
name: computeforwardingrule-dep-regional
---
apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeAddress
metadata:
name: computeforwardingrule-dep-regional
labels:
label-one: "value-one"
spec:
location: us-central1
---
apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeNetwork
metadata:
name: computeforwardingrule-dep-regional
spec:
routingMode: REGIONAL
autoCreateSubnetworks: false
---
apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeTargetVPNGateway
metadata:
name: computeforwardingrule-dep-regional
spec:
description: a regional target vpn gateway
region: us-central1
networkRef:
name: computeforwardingrule-dep-regional
Regional Forwarding Rule Vpc Psc
# Copyright 2024 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeForwardingRule
metadata:
name: computeforwardingrule-dep-psc
spec:
location: "us-central1"
networkRef:
name: computeforwardingrule-dep-psc-producer
subnetworkRef:
name: computeforwardingrule-dep1-psc-producer
description: "A test forwarding rule with internal load balancing scheme"
loadBalancingScheme: "INTERNAL"
backendServiceRef:
name: computeforwardingrule-dep-psc
allPorts: true
---
apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeForwardingRule
metadata:
name: computeforwardingrule-sample-psc
spec:
description: "A VPC private service connect forwarding rule"
target:
serviceAttachmentRef:
name: computeforwardingrule-dep-psc
# the Forwarding Rule should be regional and should be in the same region with the Service Attachment
location: us-central1
networkRef:
name: computeforwardingrule-dep-psc-consumer
# PSC forwarding rule requires loadBalancingScheme to be set to empty
loadBalancingScheme: ""
allowPscGlobalAccess: true
ipAddress:
addressRef:
# Replace ${PROJECT_ID?} with your project ID
# PSC forwarding rule requires address's self_link instead of address
external: "https://www.googleapis.com/compute/v1/projects/${PROJECT_ID?}/regions/us-central1/addresses/computeforwardingrule-dep-psc"
---
apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeAddress
metadata:
name: computeforwardingrule-dep-psc
spec:
location: us-central1
subnetworkRef:
name: computeforwardingrule-dep-psc-consumer
addressType: "INTERNAL"
---
apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeBackendService
metadata:
name: computeforwardingrule-dep-psc
spec:
location: us-central1
---
apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeNetwork
metadata:
name: computeforwardingrule-dep-psc-consumer
spec:
description: Consumer network
autoCreateSubnetworks: false
---
apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeNetwork
metadata:
name: computeforwardingrule-dep-psc-producer
spec:
description: Producer network
autoCreateSubnetworks: false
---
apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeServiceAttachment
metadata:
name: computeforwardingrule-dep-psc
spec:
projectRef:
# Replace ${PROJECT_ID?} with your project ID
external: "projects/${PROJECT_ID?}"
location: us-central1
description: "A dep service attachment"
targetServiceRef:
name: computeforwardingrule-dep-psc
connectionPreference: "ACCEPT_AUTOMATIC"
natSubnets:
- name: "computeforwardingrule-dep2-psc-producer"
enableProxyProtocol: false
---
apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeSubnetwork
metadata:
name: computeforwardingrule-dep-psc-consumer
spec:
region: us-central1
ipCidrRange: "10.0.0.0/16"
networkRef:
name: computeforwardingrule-dep-psc-consumer
---
apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeSubnetwork
metadata:
name: computeforwardingrule-dep1-psc-producer
spec:
region: us-central1
ipCidrRange: "10.0.0.0/16"
networkRef:
name: computeforwardingrule-dep-psc-producer
---
apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeSubnetwork
metadata:
name: computeforwardingrule-dep2-psc-producer
spec:
region: us-central1
ipCidrRange: "10.1.0.0/16"
networkRef:
name: computeforwardingrule-dep-psc-producer
purpose: "PRIVATE_SERVICE_CONNECT"