File: //snap/google-cloud-cli/396/lib/googlecloudsdk/schemas/compute/v1/ForwardingRule.yaml
$schema: "http://json-schema.org/draft-06/schema#"
title: compute v1 ForwardingRule export schema
description: A gcloud export/import command YAML validation schema.
type: object
additionalProperties: false
properties:
COMMENT:
type: object
description: User specified info ignored by gcloud import.
additionalProperties: false
properties:
template-id:
type: string
region:
type: string
description:
type: string
date:
type: string
version:
type: string
UNKNOWN:
type: array
description: Unknown API fields that cannot be imported.
items:
type: string
IPAddress:
description: |-
IP address for which this forwarding rule accepts traffic. When a client
sends traffic to this IP address, the forwarding rule directs the traffic
to the referenced target or backendService. While creating a forwarding
rule, specifying an IPAddress is required under the following
type: string
IPProtocol:
description: |-
The IP protocol to which this rule applies. For protocol forwarding, valid
options are TCP, UDP, ESP, AH, SCTP, ICMP and L3_DEFAULT. The valid IP
protocols are different for different load balancing products as described
in [Load balancing features](https://cloud.google.com/load-
balancing/docs/features#protocol
s_from_the_load_balancer_to_the_backends).
type: string
enum:
- AH
- ESP
- ICMP
- L3_DEFAULT
- SCTP
- TCP
- UDP
allPorts:
description: |-
The ports, portRange, and allPorts fields are mutually exclusive. Only
packets addressed to ports in the specified range will be forwarded to the
backends configured with this forwarding rule. The allPorts field has the
following limitations: - It requires that the forwarding rule IPProtocol
be TCP, UDP, SCTP, or L3_DEFAULT. - It's applicable only to the following
products: internal passthrough Network Load Balancers, backend service-
based external passthrough Network Load Balancers, and internal and
external protocol forwarding. - Set this field to true to allow packets
addressed to any port or packets lacking destination port information (for
example, UDP fragments after the first fragment) to be forwarded to the
backends configured with this forwarding rule. The L3_DEFAULT protocol
requires allPorts be set to true.
type: boolean
allowGlobalAccess:
description: |-
If set to true, clients can access the internal passthrough Network Load
Balancers, the regional internal Application Load Balancer, and the
regional internal proxy Network Load Balancer from all regions. If false,
only allows access from the local region the load balancer is located at.
Note that for INTERNAL_MANAGED forwarding rules, this field cannot be
changed after the forwarding rule is created.
type: boolean
allowPscGlobalAccess:
description: |-
This is used in PSC consumer ForwardingRule to control whether the PSC
endpoint can be accessed from another region.
type: boolean
backendService:
description: |-
Identifies the backend service to which the forwarding rule sends traffic.
Required for internal and external passthrough Network Load Balancers;
must be omitted for all other load balancer types.
type: string
baseForwardingRule:
description: |-
[Output Only] The URL for the corresponding base forwarding rule. By base
forwarding rule, we mean the forwarding rule that has the same IP address,
protocol, and port settings with the current forwarding rule, but without
sourceIPRanges specified. Always empty if the current forwarding rule does
not have sourceIPRanges specified.
type: string
creationTimestamp:
description: '[Output Only] Creation timestamp in RFC3339 text format.'
type: string
description:
description: |-
An optional description of this resource. Provide this property when you
create the resource.
type: string
externalManagedBackendBucketMigrationState:
description: |-
Specifies the canary migration state for the backend buckets attached to
this forwarding rule. Possible values are PREPARE, TEST_BY_PERCENTAGE, and
TEST_ALL_TRAFFIC. To begin the migration from EXTERNAL to
EXTERNAL_MANAGED, the state must be changed to PREPARE. The state must be
changed to TEST_ALL_TRAFFIC before the loadBalancingScheme can be changed
to EXTERNAL_MANAGED. Optionally, the TEST_BY_PERCENTAGE state can be used
to migrate traffic to backend buckets attached to this forwarding rule by
percentage using externalManagedBackendBucketMigrationTestingPercentage.
Rolling back a migration requires the states to be set in reverse order.
So changing the scheme from EXTERNAL_MANAGED to EXTERNAL requires the
state to be set to TEST_ALL_TRAFFIC at the same time. Optionally, the
TEST_BY_PERCENTAGE state can be used to migrate some traffic back to
EXTERNAL or PREPARE can be used to migrate all traffic back to EXTERNAL.
type: string
enum:
- PREPARE
- TEST_ALL_TRAFFIC
- TEST_BY_PERCENTAGE
externalManagedBackendBucketMigrationTestingPercentage:
description: |-
Determines the fraction of requests to backend buckets that should be
processed by the global external Application Load Balancer. The value of
this field must be in the range [0, 100]. This value can only be set if
the loadBalancingScheme in the BackendService is set to EXTERNAL (when
using the classic Application Load Balancer) and the migration state is
TEST_BY_PERCENTAGE.
type: number
ipCollection:
description: |-
Resource reference of a PublicDelegatedPrefix. The PDP must be a sub-PDP
in EXTERNAL_IPV6_FORWARDING_RULE_CREATION mode. Use one of the following
formats to specify a sub-PDP when creating an IPv6 NetLB forwarding rule
using BYOIP: Full resource URL, as in
https://www.googleapis.com/compute/v1/projects/project_id/regions/region
/publicDelegatedPrefixes/sub-pdp-name Partial URL, as in: -
projects/project_id/regions/region/publicDelegatedPrefixes/sub-pdp-name -
regions/region/publicDelegatedPrefixes/sub-pdp-name
type: string
ipVersion:
description: |-
The IP Version that will be used by this forwarding rule. Valid options
are IPV4 or IPV6.
type: string
enum:
- IPV4
- IPV6
- UNSPECIFIED_VERSION
isMirroringCollector:
description: |-
Indicates whether or not this load balancer can be used as a collector for
packet mirroring. To prevent mirroring loops, instances behind this load
balancer will not have their traffic mirrored even if a PacketMirroring
rule applies to them. This can only be set to true for load balancers that
have their loadBalancingScheme set to INTERNAL.
type: boolean
kind:
description: |-
[Output Only] Type of the resource. Always compute#forwardingRule for
forwarding rule resources.
type: string
labelFingerprint:
description: |-
A fingerprint for the labels being applied to this resource, which is
essentially a hash of the labels set used for optimistic locking. The
fingerprint is initially generated by Compute Engine and changes after
every request to modify or update labels. You must always provide an up-
to-date fingerprint hash in order to update or change labels, otherwise
the request will fail with error 412 conditionNotMet. To see the latest
fingerprint, make a get() request to retrieve a ForwardingRule.
type: string
labels:
description: |-
Labels for this resource. These can only be added or modified by the
setLabels method. Each label key/value pair must comply with RFC1035.
Label values may be empty.
$ref: LabelsValue.yaml
loadBalancingScheme:
description: |-
Specifies the forwarding rule type. For more information about forwarding
rules, refer to Forwarding rule concepts.
type: string
enum:
- EXTERNAL
- EXTERNAL_MANAGED
- INTERNAL
- INTERNAL_MANAGED
- INTERNAL_SELF_MANAGED
- INVALID
metadataFilters:
description: |-
Opaque filter criteria used by load balancer to restrict routing
configuration to a limited set of xDS compliant clients. In their xDS
requests to load balancer, xDS clients present node metadata. When there
is a match, the relevant configuration is made available to those proxies.
Otherwise, all the resources (e.g. TargetHttpProxy, UrlMap) referenced by
the ForwardingRule are not visible to those proxies. For each
metadataFilter in this list, if its filterMatchCriteria is set to
MATCH_ANY, at least one of the filterLabels must match the corresponding
label provided in the metadata. If its filterMatchCriteria is set to
MATCH_ALL, then all of its filterLabels must match with corresponding
labels provided in the metadata. If multiple metadataFilters are
specified, all of them need to be satisfied in order to be considered a
match. metadataFilters specified here will be applifed before those
specified in the UrlMap that this ForwardingRule references.
metadataFilters only applies to Loadbalancers that have their
loadBalancingScheme set to INTERNAL_SELF_MANAGED.
type: array
items:
$ref: MetadataFilter.yaml
name:
description: |-
Name of the resource; provided by the client when the resource is
created. The name must be 1-63 characters long, and comply with
RFC1035. Specifically, the name must be 1-63 characters long and match
the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the
first character must be a lowercase letter, and all following
characters must be a dash, lowercase letter, or digit, except the last
character, which cannot be a dash. For Private Service Connect
forwarding rules that forward traffic to Google APIs, the forwarding
rule name must be a 1-20 characters string with lowercase letters and
numbers and must start with a letter.
type: string
network:
description: |-
This field is not used for global external load balancing. For
internal passthrough Network Load Balancers, this field identifies the
network that the load balanced IP should belong to for this forwarding
rule. If the subnetwork is specified, the network of the subnetwork
will be used. If neither subnetwork nor this field is specified, the
default network will be used. For Private Service Connect forwarding
rules that forward traffic to Google APIs, a network must be provided.
type: string
networkTier:
description: |-
This signifies the networking tier used for configuring this load
balancer and can only take the following values: PREMIUM, STANDARD.
For regional ForwardingRule, the valid values are PREMIUM and
STANDARD. For GlobalForwardingRule, the valid value is PREMIUM. If
this field is not specified, it is assumed to be PREMIUM. If IPAddress
is specified, this value must be equal to the networkTier of the
Address.
type: string
enum:
- FIXED_STANDARD
- PREMIUM
- STANDARD
- STANDARD_OVERRIDES_FIXED_STANDARD
noAutomateDnsZone:
description: |-
This is used in PSC consumer ForwardingRule to control whether it
should try to auto-generate a DNS zone or not. Non-PSC forwarding
rules do not use this field. Once set, this field is not mutable.
type: boolean
portRange:
description: |-
The ports, portRange, and allPorts fields are mutually exclusive. Only
packets addressed to ports in the specified range will be forwarded to
the backends configured with this forwarding rule. The portRange field
has the following limitations: - It requires that the forwarding rule
IPProtocol be TCP, UDP, or SCTP, and - It's applicable only to the
following products: external passthrough Network Load Balancers,
internal and external proxy Network Load Balancers, internal and
external Application Load Balancers, external protocol forwarding, and
Classic VPN. - Some products have restrictions on what ports can be
used. See port specifications for details. For external forwarding
rules, two or more forwarding rules cannot use the same [IPAddress,
IPProtocol] pair, and cannot have overlapping portRanges. For internal
forwarding rules within the same VPC network, two or more forwarding
rules cannot use the same [IPAddress, IPProtocol] pair, and cannot
have overlapping portRanges. @pattern: \\d+(?:-\\d+)?
type: string
ports:
description: |-
The ports, portRange, and allPorts fields are mutually exclusive. Only
packets addressed to ports in the specified range will be forwarded to
the backends configured with this forwarding rule. The ports field has
the following limitations: - It requires that the forwarding rule
IPProtocol be TCP, UDP, or SCTP, and - It's applicable only to the
following products: internal passthrough Network Load Balancers,
backend service-based external passthrough Network Load Balancers, and
internal protocol forwarding. - You can specify a list of up to five
ports by number, separated by commas. The ports can be contiguous or
discontiguous. For external forwarding rules, two or more forwarding
rules cannot use the same [IPAddress, IPProtocol] pair if they share
at least one port number. For internal forwarding rules within the
same VPC network, two or more forwarding rules cannot use the same
[IPAddress, IPProtocol] pair if they share at least one port number.
@pattern: \\d+(?:-\\d+)?
type: array
items:
type: string
pscConnectionId:
description: |-
[Output Only] The PSC connection id of the PSC forwarding rule.
type: integer
pscConnectionStatus:
description: A PscConnectionStatusValueValuesEnum attribute.
type: string
enum:
- ACCEPTED
- CLOSED
- NEEDS_ATTENTION
- PENDING
- REJECTED
- STATUS_UNSPECIFIED
region:
description: |-
[Output Only] URL of the region where the regional forwarding rule
resides. This field is not applicable to global forwarding rules.
You must specify this field as part of the HTTP request URL. It is
not settable as a field in the request body.
type: string
selfLink:
description: '[Output Only] Server-defined URL for the resource.'
type: string
serviceDirectoryRegistrations:
description: |-
Service Directory resources to register this forwarding rule with.
Currently, only supports a single Service Directory resource.
type: array
items:
$ref: ForwardingRuleServiceDirectoryRegistration.yaml
serviceLabel:
description: |-
An optional prefix to the service name for this forwarding
rule. If specified, the prefix is the first label of the fully
qualified service name. The label must be 1-63 characters
long, and comply with RFC1035. Specifically, the label must be
1-63 characters long and match the regular expression
`[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character
must be a lowercase letter, and all following characters must
be a dash, lowercase letter, or digit, except the last
character, which cannot be a dash. This field is only used for
internal load balancing.
type: string
serviceName:
description: |-
[Output Only] The internal fully qualified service name for
this forwarding rule. This field is only used for internal
load balancing.
type: string
sourceIpRanges:
description: |-
If not empty, this forwarding rule will only forward the
traffic when the source IP address matches one of the IP
addresses or CIDR ranges set here. Note that a forwarding rule
can only have up to 64 source IP ranges, and this field can
only be used with a regional forwarding rule whose scheme is
EXTERNAL. Each source_ip_range entry should be either an IP
address (for example, 1.2.3.4) or a CIDR range (for example,
1.2.3.0/24).
type: array
items:
type: string
subnetwork:
description: |-
This field identifies the subnetwork that the load
balanced IP should belong to for this forwarding rule,
used with internal load balancers and external passthrough
Network Load Balancers with IPv6. If the network specified
is in auto subnet mode, this field is optional. However, a
subnetwork must be specified if the network is in custom
subnet mode or when creating external forwarding rule with
IPv6.
type: string
target:
description: |-
The URL of the target resource to receive the matched
traffic. For regional forwarding rules, this target must
be in the same region as the forwarding rule. For global
forwarding rules, this target must be a global load
balancing resource. The forwarded traffic must be of a
type appropriate to the target object. - For load
balancers, see the "Target" column in [Port
specifications](https://cloud.google.com/load-
balancing/docs/forwarding-rule-
concepts#ip_address_specifications). - For Private Service
Connect forwarding rules that forward traffic to Google
APIs, provide the name of a supported Google API bundle: -
vpc-sc - APIs that support VPC Service Controls. - all-
apis - All supported Google APIs. - For Private Service
Connect forwarding rules that forward traffic to managed
services, the target must be a service attachment. The
target is not mutable once set as a service attachment.
type: string