390 lines
18 KiB
YAML
390 lines
18 KiB
YAML
$schema: "http://json-schema.org/draft-06/schema#"
|
|
|
|
title: compute v1 ForwardingRule export schema
|
|
description: A gcloud export/import command YAML validation schema.
|
|
type: object
|
|
additionalProperties: false
|
|
properties:
|
|
COMMENT:
|
|
type: object
|
|
description: User specified info ignored by gcloud import.
|
|
additionalProperties: false
|
|
properties:
|
|
template-id:
|
|
type: string
|
|
region:
|
|
type: string
|
|
description:
|
|
type: string
|
|
date:
|
|
type: string
|
|
version:
|
|
type: string
|
|
UNKNOWN:
|
|
type: array
|
|
description: Unknown API fields that cannot be imported.
|
|
items:
|
|
type: string
|
|
IPAddress:
|
|
description: |-
|
|
IP address for which this forwarding rule accepts traffic. When a client
|
|
sends traffic to this IP address, the forwarding rule directs the traffic
|
|
to the referenced target or backendService. While creating a forwarding
|
|
rule, specifying an IPAddress is required under the following
|
|
type: string
|
|
IPProtocol:
|
|
description: |-
|
|
The IP protocol to which this rule applies. For protocol forwarding, valid
|
|
options are TCP, UDP, ESP, AH, SCTP, ICMP and L3_DEFAULT. The valid IP
|
|
protocols are different for different load balancing products as described
|
|
in [Load balancing features](https://cloud.google.com/load-
|
|
balancing/docs/features#protocol
|
|
s_from_the_load_balancer_to_the_backends).
|
|
type: string
|
|
enum:
|
|
- AH
|
|
- ESP
|
|
- ICMP
|
|
- L3_DEFAULT
|
|
- SCTP
|
|
- TCP
|
|
- UDP
|
|
allPorts:
|
|
description: |-
|
|
The ports, portRange, and allPorts fields are mutually exclusive. Only
|
|
packets addressed to ports in the specified range will be forwarded to the
|
|
backends configured with this forwarding rule. The allPorts field has the
|
|
following limitations: - It requires that the forwarding rule IPProtocol
|
|
be TCP, UDP, SCTP, or L3_DEFAULT. - It's applicable only to the following
|
|
products: internal passthrough Network Load Balancers, backend service-
|
|
based external passthrough Network Load Balancers, and internal and
|
|
external protocol forwarding. - Set this field to true to allow packets
|
|
addressed to any port or packets lacking destination port information (for
|
|
example, UDP fragments after the first fragment) to be forwarded to the
|
|
backends configured with this forwarding rule. The L3_DEFAULT protocol
|
|
requires allPorts be set to true.
|
|
type: boolean
|
|
allowGlobalAccess:
|
|
description: |-
|
|
If set to true, clients can access the internal passthrough Network Load
|
|
Balancers, the regional internal Application Load Balancer, and the
|
|
regional internal proxy Network Load Balancer from all regions. If false,
|
|
only allows access from the local region the load balancer is located at.
|
|
Note that for INTERNAL_MANAGED forwarding rules, this field cannot be
|
|
changed after the forwarding rule is created.
|
|
type: boolean
|
|
allowPscGlobalAccess:
|
|
description: |-
|
|
This is used in PSC consumer ForwardingRule to control whether the PSC
|
|
endpoint can be accessed from another region.
|
|
type: boolean
|
|
backendService:
|
|
description: |-
|
|
Identifies the backend service to which the forwarding rule sends traffic.
|
|
Required for internal and external passthrough Network Load Balancers;
|
|
must be omitted for all other load balancer types.
|
|
type: string
|
|
baseForwardingRule:
|
|
description: |-
|
|
[Output Only] The URL for the corresponding base forwarding rule. By base
|
|
forwarding rule, we mean the forwarding rule that has the same IP address,
|
|
protocol, and port settings with the current forwarding rule, but without
|
|
sourceIPRanges specified. Always empty if the current forwarding rule does
|
|
not have sourceIPRanges specified.
|
|
type: string
|
|
creationTimestamp:
|
|
description: '[Output Only] Creation timestamp in RFC3339 text format.'
|
|
type: string
|
|
description:
|
|
description: |-
|
|
An optional description of this resource. Provide this property when you
|
|
create the resource.
|
|
type: string
|
|
externalManagedBackendBucketMigrationState:
|
|
description: |-
|
|
Specifies the canary migration state for the backend buckets attached to
|
|
this forwarding rule. Possible values are PREPARE, TEST_BY_PERCENTAGE, and
|
|
TEST_ALL_TRAFFIC. To begin the migration from EXTERNAL to
|
|
EXTERNAL_MANAGED, the state must be changed to PREPARE. The state must be
|
|
changed to TEST_ALL_TRAFFIC before the loadBalancingScheme can be changed
|
|
to EXTERNAL_MANAGED. Optionally, the TEST_BY_PERCENTAGE state can be used
|
|
to migrate traffic to backend buckets attached to this forwarding rule by
|
|
percentage using externalManagedBackendBucketMigrationTestingPercentage.
|
|
Rolling back a migration requires the states to be set in reverse order.
|
|
So changing the scheme from EXTERNAL_MANAGED to EXTERNAL requires the
|
|
state to be set to TEST_ALL_TRAFFIC at the same time. Optionally, the
|
|
TEST_BY_PERCENTAGE state can be used to migrate some traffic back to
|
|
EXTERNAL or PREPARE can be used to migrate all traffic back to EXTERNAL.
|
|
type: string
|
|
enum:
|
|
- PREPARE
|
|
- TEST_ALL_TRAFFIC
|
|
- TEST_BY_PERCENTAGE
|
|
externalManagedBackendBucketMigrationTestingPercentage:
|
|
description: |-
|
|
Determines the fraction of requests to backend buckets that should be
|
|
processed by the global external Application Load Balancer. The value of
|
|
this field must be in the range [0, 100]. This value can only be set if
|
|
the loadBalancingScheme in the BackendService is set to EXTERNAL (when
|
|
using the classic Application Load Balancer) and the migration state is
|
|
TEST_BY_PERCENTAGE.
|
|
type: number
|
|
ipCollection:
|
|
description: |-
|
|
Resource reference of a PublicDelegatedPrefix. The PDP must be a sub-PDP
|
|
in EXTERNAL_IPV6_FORWARDING_RULE_CREATION mode. Use one of the following
|
|
formats to specify a sub-PDP when creating an IPv6 NetLB forwarding rule
|
|
using BYOIP: Full resource URL, as in
|
|
https://www.googleapis.com/compute/v1/projects/project_id/regions/region
|
|
/publicDelegatedPrefixes/sub-pdp-name Partial URL, as in: -
|
|
projects/project_id/regions/region/publicDelegatedPrefixes/sub-pdp-name -
|
|
regions/region/publicDelegatedPrefixes/sub-pdp-name
|
|
type: string
|
|
ipVersion:
|
|
description: |-
|
|
The IP Version that will be used by this forwarding rule. Valid options
|
|
are IPV4 or IPV6.
|
|
type: string
|
|
enum:
|
|
- IPV4
|
|
- IPV6
|
|
- UNSPECIFIED_VERSION
|
|
isMirroringCollector:
|
|
description: |-
|
|
Indicates whether or not this load balancer can be used as a collector for
|
|
packet mirroring. To prevent mirroring loops, instances behind this load
|
|
balancer will not have their traffic mirrored even if a PacketMirroring
|
|
rule applies to them. This can only be set to true for load balancers that
|
|
have their loadBalancingScheme set to INTERNAL.
|
|
type: boolean
|
|
kind:
|
|
description: |-
|
|
[Output Only] Type of the resource. Always compute#forwardingRule for
|
|
forwarding rule resources.
|
|
type: string
|
|
labelFingerprint:
|
|
description: |-
|
|
A fingerprint for the labels being applied to this resource, which is
|
|
essentially a hash of the labels set used for optimistic locking. The
|
|
fingerprint is initially generated by Compute Engine and changes after
|
|
every request to modify or update labels. You must always provide an up-
|
|
to-date fingerprint hash in order to update or change labels, otherwise
|
|
the request will fail with error 412 conditionNotMet. To see the latest
|
|
fingerprint, make a get() request to retrieve a ForwardingRule.
|
|
type: string
|
|
labels:
|
|
description: |-
|
|
Labels for this resource. These can only be added or modified by the
|
|
setLabels method. Each label key/value pair must comply with RFC1035.
|
|
Label values may be empty.
|
|
$ref: LabelsValue.yaml
|
|
loadBalancingScheme:
|
|
description: |-
|
|
Specifies the forwarding rule type. For more information about forwarding
|
|
rules, refer to Forwarding rule concepts.
|
|
type: string
|
|
enum:
|
|
- EXTERNAL
|
|
- EXTERNAL_MANAGED
|
|
- INTERNAL
|
|
- INTERNAL_MANAGED
|
|
- INTERNAL_SELF_MANAGED
|
|
- INVALID
|
|
metadataFilters:
|
|
description: |-
|
|
Opaque filter criteria used by load balancer to restrict routing
|
|
configuration to a limited set of xDS compliant clients. In their xDS
|
|
requests to load balancer, xDS clients present node metadata. When there
|
|
is a match, the relevant configuration is made available to those proxies.
|
|
Otherwise, all the resources (e.g. TargetHttpProxy, UrlMap) referenced by
|
|
the ForwardingRule are not visible to those proxies. For each
|
|
metadataFilter in this list, if its filterMatchCriteria is set to
|
|
MATCH_ANY, at least one of the filterLabels must match the corresponding
|
|
label provided in the metadata. If its filterMatchCriteria is set to
|
|
MATCH_ALL, then all of its filterLabels must match with corresponding
|
|
labels provided in the metadata. If multiple metadataFilters are
|
|
specified, all of them need to be satisfied in order to be considered a
|
|
match. metadataFilters specified here will be applifed before those
|
|
specified in the UrlMap that this ForwardingRule references.
|
|
metadataFilters only applies to Loadbalancers that have their
|
|
loadBalancingScheme set to INTERNAL_SELF_MANAGED.
|
|
type: array
|
|
items:
|
|
$ref: MetadataFilter.yaml
|
|
name:
|
|
description: |-
|
|
Name of the resource; provided by the client when the resource is
|
|
created. The name must be 1-63 characters long, and comply with
|
|
RFC1035. Specifically, the name must be 1-63 characters long and match
|
|
the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the
|
|
first character must be a lowercase letter, and all following
|
|
characters must be a dash, lowercase letter, or digit, except the last
|
|
character, which cannot be a dash. For Private Service Connect
|
|
forwarding rules that forward traffic to Google APIs, the forwarding
|
|
rule name must be a 1-20 characters string with lowercase letters and
|
|
numbers and must start with a letter.
|
|
type: string
|
|
network:
|
|
description: |-
|
|
This field is not used for global external load balancing. For
|
|
internal passthrough Network Load Balancers, this field identifies the
|
|
network that the load balanced IP should belong to for this forwarding
|
|
rule. If the subnetwork is specified, the network of the subnetwork
|
|
will be used. If neither subnetwork nor this field is specified, the
|
|
default network will be used. For Private Service Connect forwarding
|
|
rules that forward traffic to Google APIs, a network must be provided.
|
|
type: string
|
|
networkTier:
|
|
description: |-
|
|
This signifies the networking tier used for configuring this load
|
|
balancer and can only take the following values: PREMIUM, STANDARD.
|
|
For regional ForwardingRule, the valid values are PREMIUM and
|
|
STANDARD. For GlobalForwardingRule, the valid value is PREMIUM. If
|
|
this field is not specified, it is assumed to be PREMIUM. If IPAddress
|
|
is specified, this value must be equal to the networkTier of the
|
|
Address.
|
|
type: string
|
|
enum:
|
|
- FIXED_STANDARD
|
|
- PREMIUM
|
|
- STANDARD
|
|
- STANDARD_OVERRIDES_FIXED_STANDARD
|
|
noAutomateDnsZone:
|
|
description: |-
|
|
This is used in PSC consumer ForwardingRule to control whether it
|
|
should try to auto-generate a DNS zone or not. Non-PSC forwarding
|
|
rules do not use this field. Once set, this field is not mutable.
|
|
type: boolean
|
|
portRange:
|
|
description: |-
|
|
The ports, portRange, and allPorts fields are mutually exclusive. Only
|
|
packets addressed to ports in the specified range will be forwarded to
|
|
the backends configured with this forwarding rule. The portRange field
|
|
has the following limitations: - It requires that the forwarding rule
|
|
IPProtocol be TCP, UDP, or SCTP, and - It's applicable only to the
|
|
following products: external passthrough Network Load Balancers,
|
|
internal and external proxy Network Load Balancers, internal and
|
|
external Application Load Balancers, external protocol forwarding, and
|
|
Classic VPN. - Some products have restrictions on what ports can be
|
|
used. See port specifications for details. For external forwarding
|
|
rules, two or more forwarding rules cannot use the same [IPAddress,
|
|
IPProtocol] pair, and cannot have overlapping portRanges. For internal
|
|
forwarding rules within the same VPC network, two or more forwarding
|
|
rules cannot use the same [IPAddress, IPProtocol] pair, and cannot
|
|
have overlapping portRanges. @pattern: \\d+(?:-\\d+)?
|
|
type: string
|
|
ports:
|
|
description: |-
|
|
The ports, portRange, and allPorts fields are mutually exclusive. Only
|
|
packets addressed to ports in the specified range will be forwarded to
|
|
the backends configured with this forwarding rule. The ports field has
|
|
the following limitations: - It requires that the forwarding rule
|
|
IPProtocol be TCP, UDP, or SCTP, and - It's applicable only to the
|
|
following products: internal passthrough Network Load Balancers,
|
|
backend service-based external passthrough Network Load Balancers, and
|
|
internal protocol forwarding. - You can specify a list of up to five
|
|
ports by number, separated by commas. The ports can be contiguous or
|
|
discontiguous. For external forwarding rules, two or more forwarding
|
|
rules cannot use the same [IPAddress, IPProtocol] pair if they share
|
|
at least one port number. For internal forwarding rules within the
|
|
same VPC network, two or more forwarding rules cannot use the same
|
|
[IPAddress, IPProtocol] pair if they share at least one port number.
|
|
@pattern: \\d+(?:-\\d+)?
|
|
type: array
|
|
items:
|
|
type: string
|
|
pscConnectionId:
|
|
description: |-
|
|
[Output Only] The PSC connection id of the PSC forwarding rule.
|
|
type: integer
|
|
pscConnectionStatus:
|
|
description: A PscConnectionStatusValueValuesEnum attribute.
|
|
type: string
|
|
enum:
|
|
- ACCEPTED
|
|
- CLOSED
|
|
- NEEDS_ATTENTION
|
|
- PENDING
|
|
- REJECTED
|
|
- STATUS_UNSPECIFIED
|
|
region:
|
|
description: |-
|
|
[Output Only] URL of the region where the regional forwarding rule
|
|
resides. This field is not applicable to global forwarding rules.
|
|
You must specify this field as part of the HTTP request URL. It is
|
|
not settable as a field in the request body.
|
|
type: string
|
|
selfLink:
|
|
description: '[Output Only] Server-defined URL for the resource.'
|
|
type: string
|
|
serviceDirectoryRegistrations:
|
|
description: |-
|
|
Service Directory resources to register this forwarding rule with.
|
|
Currently, only supports a single Service Directory resource.
|
|
type: array
|
|
items:
|
|
$ref: ForwardingRuleServiceDirectoryRegistration.yaml
|
|
serviceLabel:
|
|
description: |-
|
|
An optional prefix to the service name for this forwarding
|
|
rule. If specified, the prefix is the first label of the fully
|
|
qualified service name. The label must be 1-63 characters
|
|
long, and comply with RFC1035. Specifically, the label must be
|
|
1-63 characters long and match the regular expression
|
|
`[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character
|
|
must be a lowercase letter, and all following characters must
|
|
be a dash, lowercase letter, or digit, except the last
|
|
character, which cannot be a dash. This field is only used for
|
|
internal load balancing.
|
|
type: string
|
|
serviceName:
|
|
description: |-
|
|
[Output Only] The internal fully qualified service name for
|
|
this forwarding rule. This field is only used for internal
|
|
load balancing.
|
|
type: string
|
|
sourceIpRanges:
|
|
description: |-
|
|
If not empty, this forwarding rule will only forward the
|
|
traffic when the source IP address matches one of the IP
|
|
addresses or CIDR ranges set here. Note that a forwarding rule
|
|
can only have up to 64 source IP ranges, and this field can
|
|
only be used with a regional forwarding rule whose scheme is
|
|
EXTERNAL. Each source_ip_range entry should be either an IP
|
|
address (for example, 1.2.3.4) or a CIDR range (for example,
|
|
1.2.3.0/24).
|
|
type: array
|
|
items:
|
|
type: string
|
|
subnetwork:
|
|
description: |-
|
|
This field identifies the subnetwork that the load
|
|
balanced IP should belong to for this forwarding rule,
|
|
used with internal load balancers and external passthrough
|
|
Network Load Balancers with IPv6. If the network specified
|
|
is in auto subnet mode, this field is optional. However, a
|
|
subnetwork must be specified if the network is in custom
|
|
subnet mode or when creating external forwarding rule with
|
|
IPv6.
|
|
type: string
|
|
target:
|
|
description: |-
|
|
The URL of the target resource to receive the matched
|
|
traffic. For regional forwarding rules, this target must
|
|
be in the same region as the forwarding rule. For global
|
|
forwarding rules, this target must be a global load
|
|
balancing resource. The forwarded traffic must be of a
|
|
type appropriate to the target object. - For load
|
|
balancers, see the "Target" column in [Port
|
|
specifications](https://cloud.google.com/load-
|
|
balancing/docs/forwarding-rule-
|
|
concepts#ip_address_specifications). - For Private Service
|
|
Connect forwarding rules that forward traffic to Google
|
|
APIs, provide the name of a supported Google API bundle: -
|
|
vpc-sc - APIs that support VPC Service Controls. - all-
|
|
apis - All supported Google APIs. - For Private Service
|
|
Connect forwarding rules that forward traffic to managed
|
|
services, the target must be a service attachment. The
|
|
target is not mutable once set as a service attachment.
|
|
type: string
|