.TH "GCLOUD_COMPUTE_NETWORK\-ENDPOINT\-GROUPS_CREATE" 1



.SH "NAME"
.HP
gcloud compute network\-endpoint\-groups create \- create a Compute Engine network endpoint group



.SH "SYNOPSIS"
.HP
\f5gcloud compute network\-endpoint\-groups create\fR \fINAME\fR [\fB\-\-default\-port\fR=\fIDEFAULT_PORT\fR] [\fB\-\-network\fR=\fINETWORK\fR] [\fB\-\-network\-endpoint\-type\fR=\fINETWORK_ENDPOINT_TYPE\fR;\ default="gce\-vm\-ip\-port"] [\fB\-\-producer\-port\fR=\fIPRODUCER_PORT\fR] [\fB\-\-psc\-target\-service\fR=\fIPSC_TARGET_SERVICE\fR] [\fB\-\-subnet\fR=\fISUBNET\fR] [\fB\-\-cloud\-function\-name\fR=\fICLOUD_FUNCTION_NAME\fR\ \fB\-\-cloud\-function\-url\-mask\fR=\fICLOUD_FUNCTION_URL_MASK\fR\ |\ \fB\-\-cloud\-run\-service\fR=\fICLOUD_RUN_SERVICE\fR\ \fB\-\-cloud\-run\-tag\fR=\fICLOUD_RUN_TAG\fR\ \fB\-\-cloud\-run\-url\-mask\fR=\fICLOUD_RUN_URL_MASK\fR\ |\ \fB\-\-[no\-]app\-engine\-app\fR\ \fB\-\-app\-engine\-service\fR=\fIAPP_ENGINE_SERVICE\fR\ \fB\-\-app\-engine\-url\-mask\fR=\fIAPP_ENGINE_URL_MASK\fR\ \fB\-\-app\-engine\-version\fR=\fIAPP_ENGINE_VERSION\fR] [\fB\-\-global\fR\ |\ \fB\-\-region\fR=\fIREGION\fR\ |\ \fB\-\-zone\fR=\fIZONE\fR] [\fIGCLOUD_WIDE_FLAG\ ...\fR]



.SH "DESCRIPTION"

Create a Compute Engine network endpoint group.



.SH "EXAMPLES"

To create a network endpoint group:

.RS 2m
$ gcloud compute network\-endpoint\-groups create my\-neg \e
    \-\-zone=us\-central1\-a \-\-network=my\-network \-\-subnet=my\-subnetwork
.RE



.SH "POSITIONAL ARGUMENTS"

.RS 2m
.TP 2m
\fINAME\fR

Name of the network endpoint group to operate on.


.RE
.sp

.SH "FLAGS"

.RS 2m
.TP 2m
\fB\-\-default\-port\fR=\fIDEFAULT_PORT\fR

The default port to use if the port number is not specified in the network
endpoint.

If this flag isn't specified for a NEG with endpoint type
\f5gce\-vm\-ip\-port\fR, \f5gce\-vm\-ip\-portmap\fR or
\f5non\-gcp\-private\-ip\-port\fR, then every network endpoint in the network
endpoint group must have a port specified. For a global NEG with endpoint type
\f5internet\-ip\-port\fR and \f5internet\-fqdn\-port\fR if the default port is
not specified, the well\-known port for your backend protocol is used (80 for
HTTP, 443 for HTTPS).

This flag is not supported for NEGs with endpoint type \f5serverless\fR.

This flag is not supported for NEGs with endpoint type
\f5private\-service\-connect\fR.

.TP 2m
\fB\-\-network\fR=\fINETWORK\fR

Name of the network in which the NEG is created. \f5default\fR project network
is used if unspecified.

This is only supported for NEGs with endpoint type \f5gce\-vm\-ip\-port\fR,
\f5non\-gcp\-private\-ip\-port\fR, \f5gce\-vm\-ip\fR,
\f5private\-service\-connect\fR, \f5internet\-ip\-port\fR,
\f5internet\-fqdn\-port\fR, or \f5gce\-vm\-ip\-portmap\fR.

For Private Service Connect NEGs, you can optionally specify \-\-network and
\-\-subnet if \-\-psc\-target\-service points to a published service. If
\-\-psc\-target\-service points to the regional service endpoint of a Google
API, do not specify \-\-network or \-\-subnet.

.TP 2m
\fB\-\-network\-endpoint\-type\fR=\fINETWORK_ENDPOINT_TYPE\fR; default="gce\-vm\-ip\-port"

Determines the spec of endpoints attached to this group.

.RS 2m
.TP 2m
\fBgce\-vm\-ip\-port\fR
Endpoint IP address must belong to a VM in Compute Engine (either the primary IP
or as part of an aliased IP range). The \f5\-\-default\-port\fR must be
specified or every network endpoint in the network endpoint group must have a
port specified.

.TP 2m
\fBinternet\-ip\-port\fR
Endpoint IP address must be a publicly routable address. If specified, the
default port is used. If unspecified, the well\-known port for your backend
protocol is used as the default port (80 for HTTP, 443 for HTTPS).

.TP 2m
\fBinternet\-fqdn\-port\fR
Endpoint FQDN must be resolvable to a public IP address via public DNS. The
default port is used, if specified. If the default port is not specified, the
well\-known port for your backend protocol is used as the default port (80 for
HTTP, 443 for HTTPS).

After creating a NEG of this type, you can use the \f5gcloud compute
network\-endpoint\-groups update\fR command with the \f5\-\-add\-endpoint\fR
flag. Example: \f5\-\-add\-endpoint="fqdn=backend.example.com,port=443"\fR

.TP 2m
\fBnon\-gcp\-private\-ip\-port\fR
Endpoint IP address must belong to a VM not in Compute Engine and must be
routable using a Cloud Router over VPN or an Interconnect connection. In this
case, the NEG must be zonal. The \f5\-\-default\-port\fR must be specified or
every network endpoint in the network endpoint group must have a port specified.

.TP 2m
\fBserverless\fR
The network endpoint is handled by specified serverless infrastructure, such as
Cloud Run, App Engine, or Cloud Function. Default port, network, and subnet are
not effective for serverless endpoints.

.TP 2m
\fBprivate\-service\-connect\fR
The network endpoint corresponds to a service outside the VPC, accessed via
Private Service Connect.

.TP 2m
\fBgce\-vm\-ip\fR
Endpoint must be the IP address of a VM's network interface in Compute Engine.
Instance reference is required. The IP address is optional. If unspecified, the
primary NIC address is used. A port must not be specified.

.TP 2m
\fBgce\-vm\-ip\-portmap\fR
Endpoint IP address must be a primary IP of a VM's network interface in Compute
Engine. The \f5\-\-default\-port\fR must be specified or every network endpoint
in the network endpoint group must have a port specified.

\fINETWORK_ENDPOINT_TYPE\fR must be one of: \fBgce\-vm\-ip\-port\fR,
\fBinternet\-ip\-port\fR, \fBinternet\-fqdn\-port\fR,
\fBnon\-gcp\-private\-ip\-port\fR, \fBserverless\fR, \fBgce\-vm\-ip\fR,
\fBprivate\-service\-connect\fR, \fBgce\-vm\-ip\-portmap\fR.

.RE
.sp
.TP 2m
\fB\-\-producer\-port\fR=\fIPRODUCER_PORT\fR

The producer port to use when a consumer PSC NEG connects to a producer's
internal network load balancer. If this flag isn't specified for a NEG with
endpoint type \f5private\-service\-connect\fR, the PSC NEG will connect to port
443 or the first available port in the PSC producer port range, or to port 1 if
the PSC producer's forwarding rule ports flag is set to all\-ports.

This flag is not supported for NEGs with endpoint type other than
\f5private\-service\-connect\fR.

.TP 2m
\fB\-\-psc\-target\-service\fR=\fIPSC_TARGET_SERVICE\fR

PSC target service name to add to the private service connect network endpoint
groups (NEG).

.TP 2m
\fB\-\-subnet\fR=\fISUBNET\fR

Name of the subnet to which all network endpoints belong.

If not specified, network endpoints may belong to any subnetwork in the region
where the network endpoint group is created.

This is only supported for NEGs with endpoint type \f5gce\-vm\-ip\-port\fR,
\f5gce\-vm\-ip\fR, \f5private\-service\-connect\fR, or
\f5gce\-vm\-ip\-portmap\fR. For Private Service Connect NEGs, you can optionally
specify \-\-network and \-\-subnet if \-\-psc\-target\-service points to a
published service. If \-\-psc\-target\-service points to the regional service
endpoint of a Google API, do not specify \-\-network or \-\-subnet.

.TP 2m

The serverless routing configurations are only valid when endpoint type of the
network endpoint group is \f5serverless\fR.


At most one of these can be specified:


.RS 2m
.TP 2m

Configuration for a Cloud Function network endpoint group. Cloud Function name
must be provided explicitly or in the URL mask.



.RS 2m
.TP 2m
\fB\-\-cloud\-function\-name\fR=\fICLOUD_FUNCTION_NAME\fR

Cloud Function name to add to the Serverless NEG. The function must be in the
same project and the same region as the Serverless network endpoint groups
(NEG).

.TP 2m
\fB\-\-cloud\-function\-url\-mask\fR=\fICLOUD_FUNCTION_URL_MASK\fR

A template to parse function field from a request URL. URL mask allows for
routing to multiple Cloud Functions without having to create multiple network
endpoint groups and backend services.

.RE
.sp
.TP 2m

Configuration for a Cloud Run network endpoint group. Cloud Run service must be
provided explicitly or in the URL mask. Cloud Run tag is optional, and may be
provided explicitly or in the URL mask.



.RS 2m
.TP 2m
\fB\-\-cloud\-run\-service\fR=\fICLOUD_RUN_SERVICE\fR

Cloud Run service name to add to the Serverless network endpoint groups (NEG).
The service must be in the same project and the same region as the Serverless
NEG.

.TP 2m
\fB\-\-cloud\-run\-tag\fR=\fICLOUD_RUN_TAG\fR

Cloud Run tag represents the "named revision" to provide additional
fine\-grained traffic routing configuration.

.TP 2m
\fB\-\-cloud\-run\-url\-mask\fR=\fICLOUD_RUN_URL_MASK\fR

A template to parse service and tag fields from a request URL. URL mask allows
for routing to multiple Run services without having to create multiple network
endpoint groups and backend services.

.RE
.sp
.TP 2m

Configuration for an App Engine network endpoint group. Both App Engine service
and version are optional, and may be provided explicitly or in the URL mask. The
\f5app\-engine\-app\fR flag is only used for default routing. The App Engine app
must be in the same project as the Serverless network endpoint groups (NEG).



.RS 2m
.TP 2m
\fB\-\-[no\-]app\-engine\-app\fR

If set, the default routing is used. Use \fB\-\-app\-engine\-app\fR to enable
and \fB\-\-no\-app\-engine\-app\fR to disable.

.TP 2m
\fB\-\-app\-engine\-service\fR=\fIAPP_ENGINE_SERVICE\fR

Optional serving service to add to the Serverless NEG.

.TP 2m
\fB\-\-app\-engine\-url\-mask\fR=\fIAPP_ENGINE_URL_MASK\fR

A template to parse service and version fields from a request URL. URL mask
allows for routing to multiple App Engine services without having to create
multiple network endpoint groups and backend services.

.TP 2m
\fB\-\-app\-engine\-version\fR=\fIAPP_ENGINE_VERSION\fR

Optional serving version to add to the Serverless NEG.

.RE
.RE
.sp
.TP 2m

At most one of these can be specified:


.RS 2m
.TP 2m
\fB\-\-global\fR

If set, the network endpoint group is global.

.TP 2m
\fB\-\-region\fR=\fIREGION\fR

Region of the network endpoint group to operate on. If not specified, you might
be prompted to select a region (interactive mode only).

To avoid prompting when this flag is omitted, you can set the
\f5\fIcompute/region\fR\fR property:

.RS 2m
$ gcloud config set compute/region REGION
.RE

A list of regions can be fetched by running:

.RS 2m
$ gcloud compute regions list
.RE

To unset the property, run:

.RS 2m
$ gcloud config unset compute/region
.RE

Alternatively, the region can be stored in the environment variable
\f5\fICLOUDSDK_COMPUTE_REGION\fR\fR.

.TP 2m
\fB\-\-zone\fR=\fIZONE\fR

Zone of the network endpoint group to operate on. If not specified and the
\f5\fIcompute/zone\fR\fR property isn't set, you might be prompted to select a
zone (interactive mode only).

To avoid prompting when this flag is omitted, you can set the
\f5\fIcompute/zone\fR\fR property:

.RS 2m
$ gcloud config set compute/zone ZONE
.RE

A list of zones can be fetched by running:

.RS 2m
$ gcloud compute zones list
.RE

To unset the property, run:

.RS 2m
$ gcloud config unset compute/zone
.RE

Alternatively, the zone can be stored in the environment variable
\f5\fICLOUDSDK_COMPUTE_ZONE\fR\fR.


.RE
.RE
.sp

.SH "GCLOUD WIDE FLAGS"

These flags are available to all commands: \-\-access\-token\-file, \-\-account,
\-\-billing\-project, \-\-configuration, \-\-flags\-file, \-\-flatten,
\-\-format, \-\-help, \-\-impersonate\-service\-account, \-\-log\-http,
\-\-project, \-\-quiet, \-\-trace\-token, \-\-user\-output\-enabled,
\-\-verbosity.

Run \fB$ gcloud help\fR for details.



.SH "NOTES"

These variants are also available:

.RS 2m
$ gcloud alpha compute network\-endpoint\-groups create
.RE

.RS 2m
$ gcloud beta compute network\-endpoint\-groups create
.RE