pulumi-gcp 7.12.0a1709102105__py3-none-any.whl → 7.12.0a1709133800__py3-none-any.whl
Sign up to get free protection for your applications and to get access to all the features.
- pulumi_gcp/accessapproval/get_folder_service_account.py +2 -2
- pulumi_gcp/accessapproval/get_organization_service_account.py +2 -2
- pulumi_gcp/accessapproval/get_project_service_account.py +2 -2
- pulumi_gcp/accesscontextmanager/access_level.py +10 -8
- pulumi_gcp/accesscontextmanager/access_level_condition.py +2 -0
- pulumi_gcp/accesscontextmanager/access_levels.py +16 -16
- pulumi_gcp/accesscontextmanager/access_policy.py +12 -6
- pulumi_gcp/accesscontextmanager/access_policy_iam_binding.py +10 -2
- pulumi_gcp/accesscontextmanager/access_policy_iam_member.py +10 -2
- pulumi_gcp/accesscontextmanager/access_policy_iam_policy.py +10 -2
- pulumi_gcp/accesscontextmanager/authorized_orgs_desc.py +8 -6
- pulumi_gcp/accesscontextmanager/gcp_user_access_binding.py +80 -0
- pulumi_gcp/accesscontextmanager/get_access_policy_iam_policy.py +2 -2
- pulumi_gcp/accesscontextmanager/service_perimeter.py +34 -24
- pulumi_gcp/accesscontextmanager/service_perimeter_resource.py +6 -4
- pulumi_gcp/accesscontextmanager/service_perimeters.py +14 -12
- pulumi_gcp/activedirectory/domain_trust.py +6 -6
- pulumi_gcp/activedirectory/peering.py +20 -22
- pulumi_gcp/alloydb/backup.py +62 -66
- pulumi_gcp/alloydb/cluster.py +78 -82
- pulumi_gcp/alloydb/instance.py +70 -74
- pulumi_gcp/alloydb/user.py +44 -48
- pulumi_gcp/apigateway/api.py +2 -4
- pulumi_gcp/apigateway/api_config.py +86 -14
- pulumi_gcp/apigateway/api_config_iam_binding.py +18 -24
- pulumi_gcp/apigateway/api_config_iam_member.py +18 -24
- pulumi_gcp/apigateway/api_config_iam_policy.py +18 -24
- pulumi_gcp/apigateway/api_iam_binding.py +18 -24
- pulumi_gcp/apigateway/api_iam_member.py +18 -24
- pulumi_gcp/apigateway/api_iam_policy.py +18 -24
- pulumi_gcp/apigateway/gateway.py +16 -22
- pulumi_gcp/apigateway/gateway_iam_binding.py +24 -30
- pulumi_gcp/apigateway/gateway_iam_member.py +24 -30
- pulumi_gcp/apigateway/gateway_iam_policy.py +24 -30
- pulumi_gcp/apigee/addons_config.py +22 -26
- pulumi_gcp/apigee/endpoint_attachment.py +14 -14
- pulumi_gcp/apigee/env_group.py +16 -14
- pulumi_gcp/apigee/env_group_attachment.py +0 -100
- pulumi_gcp/apigee/environment.py +14 -12
- pulumi_gcp/apigee/environment_iam_binding.py +12 -12
- pulumi_gcp/apigee/environment_iam_member.py +12 -12
- pulumi_gcp/apigee/environment_iam_policy.py +12 -12
- pulumi_gcp/apigee/get_environment_iam_policy.py +4 -4
- pulumi_gcp/apigee/instance.py +84 -76
- pulumi_gcp/apigee/instance_attachment.py +0 -100
- pulumi_gcp/apigee/keystores_aliases_self_signed_cert.py +40 -40
- pulumi_gcp/apigee/nat_address.py +42 -36
- pulumi_gcp/apigee/organization.py +62 -58
- pulumi_gcp/apigee/sync_authorization.py +16 -12
- pulumi_gcp/apigee/target_server.py +34 -36
- pulumi_gcp/appengine/application.py +8 -2
- pulumi_gcp/appengine/application_url_dispatch_rules.py +12 -6
- pulumi_gcp/appengine/domain_mapping.py +2 -2
- pulumi_gcp/appengine/engine_split_traffic.py +12 -6
- pulumi_gcp/appengine/firewall_rule.py +6 -2
- pulumi_gcp/appengine/flexible_app_version.py +20 -12
- pulumi_gcp/appengine/service_network_settings.py +14 -8
- pulumi_gcp/appengine/standard_app_version.py +18 -12
- pulumi_gcp/artifactregistry/get_repository_iam_policy.py +6 -6
- pulumi_gcp/artifactregistry/repository.py +78 -82
- pulumi_gcp/artifactregistry/repository_iam_binding.py +18 -18
- pulumi_gcp/artifactregistry/repository_iam_member.py +18 -18
- pulumi_gcp/artifactregistry/repository_iam_policy.py +18 -18
- pulumi_gcp/artifactregistry/vpcsc_config.py +2 -4
- pulumi_gcp/assuredworkloads/workload.py +16 -18
- pulumi_gcp/backupdisasterrecovery/management_server.py +20 -24
- pulumi_gcp/beyondcorp/app_connection.py +44 -30
- pulumi_gcp/beyondcorp/app_connector.py +22 -16
- pulumi_gcp/beyondcorp/app_gateway.py +20 -16
- pulumi_gcp/biglake/catalog.py +6 -2
- pulumi_gcp/biglake/database.py +14 -4
- pulumi_gcp/biglake/table.py +20 -6
- pulumi_gcp/bigquery/app_profile.py +8 -0
- pulumi_gcp/bigquery/capacity_commitment.py +4 -4
- pulumi_gcp/bigquery/connection.py +72 -54
- pulumi_gcp/bigquery/connection_iam_binding.py +18 -18
- pulumi_gcp/bigquery/connection_iam_member.py +18 -18
- pulumi_gcp/bigquery/connection_iam_policy.py +18 -18
- pulumi_gcp/bigquery/data_transfer_config.py +8 -12
- pulumi_gcp/bigquery/dataset.py +20 -14
- pulumi_gcp/bigquery/dataset_access.py +16 -16
- pulumi_gcp/bigquery/dataset_iam_binding.py +4 -4
- pulumi_gcp/bigquery/dataset_iam_member.py +4 -4
- pulumi_gcp/bigquery/dataset_iam_policy.py +4 -4
- pulumi_gcp/bigquery/get_connection_iam_policy.py +6 -6
- pulumi_gcp/bigquery/get_dataset_iam_policy.py +2 -2
- pulumi_gcp/bigquery/get_default_service_account.py +4 -4
- pulumi_gcp/bigquery/get_table_iam_policy.py +6 -6
- pulumi_gcp/bigquery/iam_binding.py +36 -36
- pulumi_gcp/bigquery/iam_member.py +36 -36
- pulumi_gcp/bigquery/iam_policy.py +36 -36
- pulumi_gcp/bigquery/job.py +326 -20
- pulumi_gcp/bigquery/reservation.py +14 -12
- pulumi_gcp/bigquery/reservation_assignment.py +2 -0
- pulumi_gcp/bigquery/routine.py +22 -22
- pulumi_gcp/bigquery/table.py +8 -8
- pulumi_gcp/bigqueryanalyticshub/data_exchange.py +6 -6
- pulumi_gcp/bigqueryanalyticshub/data_exchange_iam_binding.py +18 -18
- pulumi_gcp/bigqueryanalyticshub/data_exchange_iam_member.py +18 -18
- pulumi_gcp/bigqueryanalyticshub/data_exchange_iam_policy.py +18 -18
- pulumi_gcp/bigqueryanalyticshub/get_data_exchange_iam_policy.py +6 -6
- pulumi_gcp/bigqueryanalyticshub/get_listing_iam_policy.py +8 -8
- pulumi_gcp/bigqueryanalyticshub/listing.py +16 -16
- pulumi_gcp/bigqueryanalyticshub/listing_iam_binding.py +24 -24
- pulumi_gcp/bigqueryanalyticshub/listing_iam_member.py +24 -24
- pulumi_gcp/bigqueryanalyticshub/listing_iam_policy.py +24 -24
- pulumi_gcp/bigquerydatapolicy/data_policy.py +4 -4
- pulumi_gcp/bigquerydatapolicy/data_policy_iam_binding.py +18 -18
- pulumi_gcp/bigquerydatapolicy/data_policy_iam_member.py +18 -18
- pulumi_gcp/bigquerydatapolicy/data_policy_iam_policy.py +18 -18
- pulumi_gcp/bigquerydatapolicy/get_iam_policy.py +6 -6
- pulumi_gcp/bigtable/gc_policy.py +0 -208
- pulumi_gcp/bigtable/get_instance_iam_policy.py +2 -2
- pulumi_gcp/bigtable/get_table_iam_policy.py +4 -4
- pulumi_gcp/bigtable/instance.py +14 -10
- pulumi_gcp/bigtable/instance_iam_binding.py +8 -8
- pulumi_gcp/bigtable/instance_iam_member.py +8 -8
- pulumi_gcp/bigtable/instance_iam_policy.py +8 -8
- pulumi_gcp/bigtable/table.py +18 -12
- pulumi_gcp/bigtable/table_iam_binding.py +8 -8
- pulumi_gcp/bigtable/table_iam_member.py +8 -8
- pulumi_gcp/bigtable/table_iam_policy.py +8 -8
- pulumi_gcp/billing/account_iam_binding.py +8 -8
- pulumi_gcp/billing/account_iam_member.py +8 -8
- pulumi_gcp/billing/account_iam_policy.py +8 -8
- pulumi_gcp/billing/budget.py +2 -2
- pulumi_gcp/binaryauthorization/attestor.py +74 -52
- pulumi_gcp/binaryauthorization/attestor_iam_binding.py +12 -12
- pulumi_gcp/binaryauthorization/attestor_iam_member.py +12 -12
- pulumi_gcp/binaryauthorization/attestor_iam_policy.py +12 -12
- pulumi_gcp/binaryauthorization/get_attestor_iam_policy.py +4 -4
- pulumi_gcp/binaryauthorization/policy.py +48 -32
- pulumi_gcp/blockchainnodeengine/blockchain_nodes.py +38 -38
- pulumi_gcp/certificateauthority/authority.py +34 -42
- pulumi_gcp/certificateauthority/ca_pool.py +274 -6
- pulumi_gcp/certificateauthority/ca_pool_iam_binding.py +12 -12
- pulumi_gcp/certificateauthority/ca_pool_iam_member.py +12 -12
- pulumi_gcp/certificateauthority/ca_pool_iam_policy.py +12 -12
- pulumi_gcp/certificateauthority/certificate.py +264 -44
- pulumi_gcp/certificateauthority/certificate_template.py +168 -0
- pulumi_gcp/certificateauthority/certificate_template_iam_binding.py +12 -12
- pulumi_gcp/certificateauthority/certificate_template_iam_member.py +12 -12
- pulumi_gcp/certificateauthority/certificate_template_iam_policy.py +12 -12
- pulumi_gcp/certificateauthority/get_ca_pool_iam_policy.py +2 -2
- pulumi_gcp/certificateauthority/get_certificate_template_iam_policy.py +2 -2
- pulumi_gcp/certificatemanager/certificate.py +114 -84
- pulumi_gcp/certificatemanager/certificate_issuance_config.py +34 -32
- pulumi_gcp/certificatemanager/certificate_map.py +2 -0
- pulumi_gcp/certificatemanager/certificate_map_entry.py +12 -2
- pulumi_gcp/certificatemanager/dns_authorization.py +2 -0
- pulumi_gcp/certificatemanager/trust_config.py +8 -4
- pulumi_gcp/cloudasset/folder_feed.py +82 -0
- pulumi_gcp/cloudasset/organization_feed.py +74 -0
- pulumi_gcp/cloudasset/project_feed.py +70 -0
- pulumi_gcp/cloudbuild/bitbucket_server_config.py +98 -14
- pulumi_gcp/cloudbuild/get_trigger.py +2 -2
- pulumi_gcp/cloudbuild/trigger.py +650 -122
- pulumi_gcp/cloudbuild/worker_pool.py +20 -16
- pulumi_gcp/cloudbuildv2/connection.py +20 -18
- pulumi_gcp/cloudbuildv2/connection_iam_binding.py +18 -12
- pulumi_gcp/cloudbuildv2/connection_iam_member.py +18 -12
- pulumi_gcp/cloudbuildv2/connection_iam_policy.py +18 -12
- pulumi_gcp/cloudbuildv2/get_connection_iam_policy.py +6 -6
- pulumi_gcp/cloudbuildv2/repository.py +18 -14
- pulumi_gcp/clouddeploy/automation.py +16 -16
- pulumi_gcp/clouddeploy/custom_target_type.py +38 -32
- pulumi_gcp/clouddeploy/delivery_pipeline.py +40 -38
- pulumi_gcp/clouddeploy/get_delivery_pipeline_iam_policy.py +6 -6
- pulumi_gcp/clouddeploy/target.py +26 -24
- pulumi_gcp/clouddomains/registration.py +74 -74
- pulumi_gcp/cloudfunctions/function.py +20 -4
- pulumi_gcp/cloudfunctions/function_iam_binding.py +18 -18
- pulumi_gcp/cloudfunctions/function_iam_member.py +18 -18
- pulumi_gcp/cloudfunctions/function_iam_policy.py +18 -18
- pulumi_gcp/cloudfunctions/get_function_iam_policy.py +6 -6
- pulumi_gcp/cloudfunctionsv2/function.py +776 -42
- pulumi_gcp/cloudfunctionsv2/function_iam_binding.py +18 -18
- pulumi_gcp/cloudfunctionsv2/function_iam_member.py +18 -18
- pulumi_gcp/cloudfunctionsv2/function_iam_policy.py +18 -18
- pulumi_gcp/cloudfunctionsv2/get_function.py +4 -4
- pulumi_gcp/cloudfunctionsv2/get_function_iam_policy.py +6 -6
- pulumi_gcp/cloudidentity/group.py +8 -8
- pulumi_gcp/cloudidentity/group_membership.py +4 -4
- pulumi_gcp/cloudids/endpoint.py +12 -10
- pulumi_gcp/cloudrun/domain_mapping.py +10 -6
- pulumi_gcp/cloudrun/get_service.py +4 -4
- pulumi_gcp/cloudrun/get_service_iam_policy.py +6 -6
- pulumi_gcp/cloudrun/iam_binding.py +18 -18
- pulumi_gcp/cloudrun/iam_member.py +18 -18
- pulumi_gcp/cloudrun/iam_policy.py +18 -18
- pulumi_gcp/cloudrun/service.py +28 -14
- pulumi_gcp/cloudrunv2/get_job.py +4 -4
- pulumi_gcp/cloudrunv2/get_job_iam_policy.py +6 -6
- pulumi_gcp/cloudrunv2/get_service.py +4 -4
- pulumi_gcp/cloudrunv2/get_service_iam_policy.py +6 -6
- pulumi_gcp/cloudrunv2/job.py +56 -46
- pulumi_gcp/cloudrunv2/job_iam_binding.py +18 -12
- pulumi_gcp/cloudrunv2/job_iam_member.py +18 -12
- pulumi_gcp/cloudrunv2/job_iam_policy.py +18 -12
- pulumi_gcp/cloudrunv2/service.py +94 -68
- pulumi_gcp/cloudrunv2/service_iam_binding.py +18 -12
- pulumi_gcp/cloudrunv2/service_iam_member.py +18 -12
- pulumi_gcp/cloudrunv2/service_iam_policy.py +18 -12
- pulumi_gcp/cloudscheduler/job.py +168 -26
- pulumi_gcp/cloudtasks/get_queue_iam_policy.py +6 -6
- pulumi_gcp/cloudtasks/queue.py +18 -12
- pulumi_gcp/cloudtasks/queue_iam_binding.py +18 -12
- pulumi_gcp/cloudtasks/queue_iam_member.py +18 -12
- pulumi_gcp/cloudtasks/queue_iam_policy.py +18 -12
- pulumi_gcp/composer/get_environment.py +22 -0
- pulumi_gcp/composer/get_image_versions.py +2 -0
- pulumi_gcp/compute/address.py +32 -18
- pulumi_gcp/compute/attached_disk.py +8 -6
- pulumi_gcp/compute/autoscaler.py +34 -28
- pulumi_gcp/compute/backend_bucket.py +42 -16
- pulumi_gcp/compute/backend_bucket_signed_url_key.py +16 -8
- pulumi_gcp/compute/backend_service.py +350 -34
- pulumi_gcp/compute/backend_service_signed_url_key.py +98 -0
- pulumi_gcp/compute/disk.py +26 -18
- pulumi_gcp/compute/disk_async_replication.py +4 -0
- pulumi_gcp/compute/disk_iam_binding.py +18 -12
- pulumi_gcp/compute/disk_iam_member.py +18 -12
- pulumi_gcp/compute/disk_iam_policy.py +18 -12
- pulumi_gcp/compute/disk_resource_policy_attachment.py +12 -6
- pulumi_gcp/compute/external_vpn_gateway.py +40 -16
- pulumi_gcp/compute/firewall.py +16 -12
- pulumi_gcp/compute/firewall_policy.py +4 -4
- pulumi_gcp/compute/firewall_policy_association.py +10 -8
- pulumi_gcp/compute/firewall_policy_rule.py +4 -2
- pulumi_gcp/compute/forwarding_rule.py +1840 -22
- pulumi_gcp/compute/get_address.py +6 -2
- pulumi_gcp/compute/get_addresses.py +6 -2
- pulumi_gcp/compute/get_backend_service.py +32 -0
- pulumi_gcp/compute/get_disk.py +0 -2
- pulumi_gcp/compute/get_disk_iam_policy.py +6 -6
- pulumi_gcp/compute/get_global_address.py +6 -2
- pulumi_gcp/compute/get_image.py +0 -2
- pulumi_gcp/compute/get_image_iam_policy.py +4 -4
- pulumi_gcp/compute/get_instance_iam_policy.py +6 -6
- pulumi_gcp/compute/get_instance_serial_port.py +10 -8
- pulumi_gcp/compute/get_instance_template.py +0 -22
- pulumi_gcp/compute/get_lbip_ranges.py +4 -2
- pulumi_gcp/compute/get_machine_types.py +100 -0
- pulumi_gcp/compute/get_netblock_ip_ranges.py +4 -2
- pulumi_gcp/compute/get_network_peering.py +16 -4
- pulumi_gcp/compute/get_node_types.py +4 -2
- pulumi_gcp/compute/get_region_disk_iam_policy.py +6 -6
- pulumi_gcp/compute/get_region_instance_template.py +4 -0
- pulumi_gcp/compute/get_regions.py +2 -0
- pulumi_gcp/compute/get_snapshot.py +4 -0
- pulumi_gcp/compute/get_snapshot_iam_policy.py +4 -4
- pulumi_gcp/compute/get_subnetwork_iam_policy.py +6 -6
- pulumi_gcp/compute/global_address.py +12 -10
- pulumi_gcp/compute/global_forwarding_rule.py +1574 -56
- pulumi_gcp/compute/global_network_endpoint.py +2 -0
- pulumi_gcp/compute/global_network_endpoint_group.py +8 -4
- pulumi_gcp/compute/ha_vpn_gateway.py +38 -10
- pulumi_gcp/compute/health_check.py +114 -90
- pulumi_gcp/compute/http_health_check.py +6 -4
- pulumi_gcp/compute/https_health_check.py +6 -4
- pulumi_gcp/compute/image.py +22 -14
- pulumi_gcp/compute/image_iam_binding.py +24 -24
- pulumi_gcp/compute/image_iam_member.py +24 -24
- pulumi_gcp/compute/image_iam_policy.py +24 -24
- pulumi_gcp/compute/instance.py +16 -14
- pulumi_gcp/compute/instance_from_machine_image.py +4 -4
- pulumi_gcp/compute/instance_from_template.py +10 -6
- pulumi_gcp/compute/instance_group.py +108 -6
- pulumi_gcp/compute/instance_group_manager.py +16 -12
- pulumi_gcp/compute/instance_group_membership.py +6 -4
- pulumi_gcp/compute/instance_group_named_port.py +22 -10
- pulumi_gcp/compute/instance_iam_binding.py +36 -36
- pulumi_gcp/compute/instance_iam_member.py +36 -36
- pulumi_gcp/compute/instance_iam_policy.py +36 -36
- pulumi_gcp/compute/instance_settings.py +4 -6
- pulumi_gcp/compute/instance_template.py +150 -12
- pulumi_gcp/compute/interconnect_attachment.py +28 -10
- pulumi_gcp/compute/machine_image.py +30 -24
- pulumi_gcp/compute/machine_image_iam_binding.py +36 -48
- pulumi_gcp/compute/machine_image_iam_member.py +36 -48
- pulumi_gcp/compute/machine_image_iam_policy.py +36 -48
- pulumi_gcp/compute/managed_ssl_certificate.py +212 -0
- pulumi_gcp/compute/manged_ssl_certificate.py +212 -0
- pulumi_gcp/compute/network.py +18 -14
- pulumi_gcp/compute/network_attachment.py +60 -52
- pulumi_gcp/compute/network_edge_security_service.py +4 -4
- pulumi_gcp/compute/network_endpoint.py +32 -22
- pulumi_gcp/compute/network_endpoint_group.py +20 -10
- pulumi_gcp/compute/network_endpoint_list.py +44 -32
- pulumi_gcp/compute/network_firewall_policy.py +6 -2
- pulumi_gcp/compute/network_firewall_policy_association.py +8 -4
- pulumi_gcp/compute/network_firewall_policy_rule.py +14 -10
- pulumi_gcp/compute/network_peering.py +16 -4
- pulumi_gcp/compute/network_peering_routes_config.py +38 -18
- pulumi_gcp/compute/node_group.py +28 -10
- pulumi_gcp/compute/node_template.py +12 -8
- pulumi_gcp/compute/organization_security_policy.py +2 -4
- pulumi_gcp/compute/organization_security_policy_association.py +22 -28
- pulumi_gcp/compute/organization_security_policy_rule.py +10 -14
- pulumi_gcp/compute/packet_mirroring.py +128 -0
- pulumi_gcp/compute/per_instance_config.py +16 -8
- pulumi_gcp/compute/project_metadata.py +6 -8
- pulumi_gcp/compute/public_advertised_prefix.py +2 -0
- pulumi_gcp/compute/public_delegated_prefix.py +4 -0
- pulumi_gcp/compute/region_autoscaler.py +14 -8
- pulumi_gcp/compute/region_backend_service.py +462 -2
- pulumi_gcp/compute/region_commitment.py +20 -16
- pulumi_gcp/compute/region_disk.py +20 -8
- pulumi_gcp/compute/region_disk_iam_binding.py +18 -12
- pulumi_gcp/compute/region_disk_iam_member.py +18 -12
- pulumi_gcp/compute/region_disk_iam_policy.py +18 -12
- pulumi_gcp/compute/region_disk_resource_policy_attachment.py +16 -6
- pulumi_gcp/compute/region_health_check.py +114 -90
- pulumi_gcp/compute/region_instance_group_manager.py +14 -8
- pulumi_gcp/compute/region_network_endpoint.py +16 -4
- pulumi_gcp/compute/region_network_endpoint_group.py +166 -32
- pulumi_gcp/compute/region_network_firewall_policy.py +6 -2
- pulumi_gcp/compute/region_network_firewall_policy_association.py +8 -4
- pulumi_gcp/compute/region_network_firewall_policy_rule.py +14 -10
- pulumi_gcp/compute/region_per_instance_config.py +12 -4
- pulumi_gcp/compute/region_security_policy.py +12 -12
- pulumi_gcp/compute/region_security_policy_rule.py +38 -48
- pulumi_gcp/compute/region_ssl_certificate.py +138 -32
- pulumi_gcp/compute/region_target_http_proxy.py +88 -4
- pulumi_gcp/compute/region_target_https_proxy.py +96 -0
- pulumi_gcp/compute/region_target_tcp_proxy.py +52 -0
- pulumi_gcp/compute/region_url_map.py +1038 -0
- pulumi_gcp/compute/reservation.py +10 -8
- pulumi_gcp/compute/resource_policy.py +60 -48
- pulumi_gcp/compute/route.py +206 -4
- pulumi_gcp/compute/router.py +18 -6
- pulumi_gcp/compute/router_interface.py +6 -4
- pulumi_gcp/compute/router_nat.py +82 -42
- pulumi_gcp/compute/router_peer.py +72 -42
- pulumi_gcp/compute/security_policy.py +120 -108
- pulumi_gcp/compute/security_scan_config.py +4 -6
- pulumi_gcp/compute/service_attachment.py +376 -0
- pulumi_gcp/compute/snapshot.py +8 -0
- pulumi_gcp/compute/snapshot_iam_binding.py +12 -6
- pulumi_gcp/compute/snapshot_iam_member.py +12 -6
- pulumi_gcp/compute/snapshot_iam_policy.py +12 -6
- pulumi_gcp/compute/ssl_certificate.py +118 -30
- pulumi_gcp/compute/ssl_policy.py +20 -12
- pulumi_gcp/compute/subnetwork.py +58 -30
- pulumi_gcp/compute/subnetwork_iam_binding.py +36 -36
- pulumi_gcp/compute/subnetwork_iam_member.py +36 -36
- pulumi_gcp/compute/subnetwork_iam_policy.py +36 -36
- pulumi_gcp/compute/target_grpc_proxy.py +176 -0
- pulumi_gcp/compute/target_http_proxy.py +166 -10
- pulumi_gcp/compute/target_https_proxy.py +336 -14
- pulumi_gcp/compute/target_instance.py +22 -16
- pulumi_gcp/compute/target_pool.py +40 -0
- pulumi_gcp/compute/target_ssl_proxy.py +54 -0
- pulumi_gcp/compute/target_tcp_proxy.py +44 -0
- pulumi_gcp/compute/url_map.py +1146 -0
- pulumi_gcp/compute/vpn_gateway.py +28 -24
- pulumi_gcp/compute/vpn_tunnel.py +40 -36
- pulumi_gcp/container/_inputs.py +0 -188
- pulumi_gcp/container/attached_cluster.py +124 -0
- pulumi_gcp/container/aws_cluster.py +46 -42
- pulumi_gcp/container/aws_node_pool.py +34 -26
- pulumi_gcp/container/azure_client.py +6 -4
- pulumi_gcp/container/azure_cluster.py +30 -26
- pulumi_gcp/container/azure_node_pool.py +12 -6
- pulumi_gcp/container/cluster.py +62 -6
- pulumi_gcp/container/get_attached_versions.py +2 -2
- pulumi_gcp/container/get_aws_versions.py +2 -2
- pulumi_gcp/container/get_azure_versions.py +2 -2
- pulumi_gcp/container/get_engine_versions.py +2 -0
- pulumi_gcp/container/node_pool.py +68 -2
- pulumi_gcp/container/outputs.py +0 -188
- pulumi_gcp/container/registry.py +4 -4
- pulumi_gcp/containeranalysis/get_note_iam_policy.py +4 -4
- pulumi_gcp/containeranalysis/note.py +32 -26
- pulumi_gcp/containeranalysis/note_iam_binding.py +12 -12
- pulumi_gcp/containeranalysis/note_iam_member.py +12 -12
- pulumi_gcp/containeranalysis/note_iam_policy.py +12 -12
- pulumi_gcp/databasemigrationservice/connection_profile.py +40 -46
- pulumi_gcp/databasemigrationservice/private_connection.py +6 -6
- pulumi_gcp/datacatalog/entry.py +12 -12
- pulumi_gcp/datacatalog/entry_group.py +8 -8
- pulumi_gcp/datacatalog/entry_group_iam_binding.py +6 -6
- pulumi_gcp/datacatalog/entry_group_iam_member.py +6 -6
- pulumi_gcp/datacatalog/entry_group_iam_policy.py +6 -6
- pulumi_gcp/datacatalog/get_entry_group_iam_policy.py +2 -2
- pulumi_gcp/datacatalog/get_policy_tag_iam_policy.py +2 -2
- pulumi_gcp/datacatalog/get_tag_template_iam_policy.py +2 -2
- pulumi_gcp/datacatalog/get_taxonomy_iam_policy.py +2 -2
- pulumi_gcp/datacatalog/policy_tag.py +14 -16
- pulumi_gcp/datacatalog/policy_tag_iam_binding.py +6 -6
- pulumi_gcp/datacatalog/policy_tag_iam_member.py +6 -6
- pulumi_gcp/datacatalog/policy_tag_iam_policy.py +6 -6
- pulumi_gcp/datacatalog/tag.py +22 -22
- pulumi_gcp/datacatalog/tag_template.py +16 -16
- pulumi_gcp/datacatalog/tag_template_iam_binding.py +6 -6
- pulumi_gcp/datacatalog/tag_template_iam_member.py +6 -6
- pulumi_gcp/datacatalog/tag_template_iam_policy.py +6 -6
- pulumi_gcp/datacatalog/taxonomy.py +6 -6
- pulumi_gcp/datacatalog/taxonomy_iam_binding.py +6 -6
- pulumi_gcp/datacatalog/taxonomy_iam_member.py +6 -6
- pulumi_gcp/datacatalog/taxonomy_iam_policy.py +6 -6
- pulumi_gcp/dataflow/flex_template_job.py +18 -18
- pulumi_gcp/dataflow/job.py +34 -26
- pulumi_gcp/dataflow/pipeline.py +4 -2
- pulumi_gcp/dataform/repository.py +28 -36
- pulumi_gcp/dataform/repository_release_config.py +16 -20
- pulumi_gcp/dataform/repository_workflow_config.py +26 -32
- pulumi_gcp/datafusion/get_instance_iam_policy.py +6 -6
- pulumi_gcp/datafusion/instance.py +60 -40
- pulumi_gcp/dataloss/prevention_deidentify_template.py +206 -10
- pulumi_gcp/dataloss/prevention_inspect_template.py +270 -42
- pulumi_gcp/dataloss/prevention_job_trigger.py +368 -192
- pulumi_gcp/dataloss/prevention_stored_info_type.py +24 -20
- pulumi_gcp/dataplex/asset.py +16 -10
- pulumi_gcp/dataplex/asset_iam_binding.py +30 -30
- pulumi_gcp/dataplex/asset_iam_member.py +30 -30
- pulumi_gcp/dataplex/asset_iam_policy.py +30 -30
- pulumi_gcp/dataplex/datascan.py +90 -92
- pulumi_gcp/dataplex/datascan_iam_binding.py +18 -18
- pulumi_gcp/dataplex/datascan_iam_member.py +18 -18
- pulumi_gcp/dataplex/datascan_iam_policy.py +18 -18
- pulumi_gcp/dataplex/get_asset_iam_policy.py +10 -10
- pulumi_gcp/dataplex/get_datascan_iam_policy.py +6 -6
- pulumi_gcp/dataplex/get_lake_iam_policy.py +6 -6
- pulumi_gcp/dataplex/get_task_iam_policy.py +8 -8
- pulumi_gcp/dataplex/get_zone_iam_policy.py +8 -8
- pulumi_gcp/dataplex/lake.py +8 -6
- pulumi_gcp/dataplex/lake_iam_binding.py +18 -18
- pulumi_gcp/dataplex/lake_iam_member.py +18 -18
- pulumi_gcp/dataplex/lake_iam_policy.py +18 -18
- pulumi_gcp/dataplex/task_iam_binding.py +24 -24
- pulumi_gcp/dataplex/task_iam_member.py +24 -24
- pulumi_gcp/dataplex/task_iam_policy.py +24 -24
- pulumi_gcp/dataplex/zone.py +4 -0
- pulumi_gcp/dataplex/zone_iam_binding.py +24 -24
- pulumi_gcp/dataplex/zone_iam_member.py +24 -24
- pulumi_gcp/dataplex/zone_iam_policy.py +24 -24
- pulumi_gcp/dataproc/autoscaling_policy.py +2 -0
- pulumi_gcp/dataproc/autoscaling_policy_iam_binding.py +18 -18
- pulumi_gcp/dataproc/autoscaling_policy_iam_member.py +18 -18
- pulumi_gcp/dataproc/autoscaling_policy_iam_policy.py +18 -18
- pulumi_gcp/dataproc/cluster.py +18 -10
- pulumi_gcp/dataproc/cluster_iam_binding.py +8 -8
- pulumi_gcp/dataproc/cluster_iam_member.py +8 -8
- pulumi_gcp/dataproc/cluster_iam_policy.py +8 -8
- pulumi_gcp/dataproc/get_autoscaling_policy_iam_policy.py +6 -6
- pulumi_gcp/dataproc/get_cluster_iam_policy.py +2 -2
- pulumi_gcp/dataproc/get_job_iam_policy.py +2 -2
- pulumi_gcp/dataproc/get_metastore_service.py +4 -4
- pulumi_gcp/dataproc/get_metastore_service_iam_policy.py +6 -6
- pulumi_gcp/dataproc/job.py +6 -2
- pulumi_gcp/dataproc/job_iam_binding.py +8 -8
- pulumi_gcp/dataproc/job_iam_member.py +8 -8
- pulumi_gcp/dataproc/job_iam_policy.py +8 -8
- pulumi_gcp/dataproc/metastore_federation.py +16 -24
- pulumi_gcp/dataproc/metastore_service.py +64 -56
- pulumi_gcp/dataproc/metastore_service_iam_binding.py +18 -18
- pulumi_gcp/dataproc/metastore_service_iam_member.py +18 -18
- pulumi_gcp/dataproc/metastore_service_iam_policy.py +18 -18
- pulumi_gcp/dataproc/workflow_template.py +58 -56
- pulumi_gcp/datastore/data_store_index.py +4 -4
- pulumi_gcp/datastream/connection_profile.py +52 -36
- pulumi_gcp/datastream/private_connection.py +4 -4
- pulumi_gcp/datastream/stream.py +52 -30
- pulumi_gcp/deploymentmanager/deployment.py +6 -2
- pulumi_gcp/diagflow/agent.py +20 -20
- pulumi_gcp/diagflow/cx_agent.py +4 -2
- pulumi_gcp/diagflow/cx_entity_type.py +2 -2
- pulumi_gcp/diagflow/cx_environment.py +2 -2
- pulumi_gcp/diagflow/cx_flow.py +6 -4
- pulumi_gcp/diagflow/cx_intent.py +2 -2
- pulumi_gcp/diagflow/cx_page.py +6 -6
- pulumi_gcp/diagflow/cx_security_settings.py +6 -4
- pulumi_gcp/diagflow/cx_test_case.py +6 -6
- pulumi_gcp/diagflow/cx_version.py +2 -2
- pulumi_gcp/diagflow/cx_webhook.py +2 -2
- pulumi_gcp/diagflow/entity_type.py +6 -8
- pulumi_gcp/diagflow/fulfillment.py +6 -8
- pulumi_gcp/diagflow/intent.py +32 -30
- pulumi_gcp/discoveryengine/chat_engine.py +4 -4
- pulumi_gcp/discoveryengine/data_store.py +8 -8
- pulumi_gcp/discoveryengine/search_engine.py +8 -8
- pulumi_gcp/dns/dns_managed_zone_iam_binding.py +12 -12
- pulumi_gcp/dns/dns_managed_zone_iam_member.py +12 -12
- pulumi_gcp/dns/dns_managed_zone_iam_policy.py +12 -12
- pulumi_gcp/dns/get_keys.py +2 -0
- pulumi_gcp/dns/get_managed_zone_iam_policy.py +4 -4
- pulumi_gcp/dns/managed_zone.py +82 -38
- pulumi_gcp/dns/policy.py +14 -4
- pulumi_gcp/dns/record_set.py +76 -44
- pulumi_gcp/dns/response_policy.py +16 -4
- pulumi_gcp/dns/response_policy_rule.py +12 -4
- pulumi_gcp/edgecontainer/cluster.py +54 -48
- pulumi_gcp/edgecontainer/node_pool.py +34 -16
- pulumi_gcp/edgecontainer/vpn_connection.py +12 -8
- pulumi_gcp/edgenetwork/network.py +2 -2
- pulumi_gcp/edgenetwork/subnet.py +8 -8
- pulumi_gcp/endpoints/get_service_iam_policy.py +2 -2
- pulumi_gcp/endpoints/service.py +12 -12
- pulumi_gcp/endpoints/service_iam_binding.py +6 -6
- pulumi_gcp/endpoints/service_iam_member.py +6 -6
- pulumi_gcp/endpoints/service_iam_policy.py +6 -6
- pulumi_gcp/essentialcontacts/document_ai_processor.py +2 -2
- pulumi_gcp/essentialcontacts/document_ai_processor_default_version.py +8 -8
- pulumi_gcp/essentialcontacts/document_ai_warehouse_document_schema.py +18 -18
- pulumi_gcp/eventarc/channel.py +10 -10
- pulumi_gcp/eventarc/google_channel_config.py +8 -8
- pulumi_gcp/eventarc/trigger.py +6 -2
- pulumi_gcp/filestore/backup.py +4 -0
- pulumi_gcp/filestore/instance.py +44 -30
- pulumi_gcp/filestore/snapshot.py +8 -0
- pulumi_gcp/firebase/_inputs.py +0 -6
- pulumi_gcp/firebase/android_app.py +8 -12
- pulumi_gcp/firebase/app_check_debug_token.py +38 -0
- pulumi_gcp/firebase/app_check_service_config.py +6 -12
- pulumi_gcp/firebase/apple_app.py +8 -12
- pulumi_gcp/firebase/database_instance.py +26 -36
- pulumi_gcp/firebase/extensions_instance.py +8 -10
- pulumi_gcp/firebase/hosting_channel.py +14 -22
- pulumi_gcp/firebase/hosting_custom_domain.py +40 -54
- pulumi_gcp/firebase/hosting_release.py +48 -66
- pulumi_gcp/firebase/hosting_site.py +6 -12
- pulumi_gcp/firebase/hosting_version.py +66 -86
- pulumi_gcp/firebase/outputs.py +0 -6
- pulumi_gcp/firebase/project.py +10 -10
- pulumi_gcp/firebase/storage_bucket.py +10 -12
- pulumi_gcp/firebase/web_app.py +46 -40
- pulumi_gcp/firebaserules/release.py +20 -24
- pulumi_gcp/firebaserules/ruleset.py +10 -10
- pulumi_gcp/firestore/backup_schedule.py +4 -0
- pulumi_gcp/firestore/database.py +40 -32
- pulumi_gcp/firestore/document.py +132 -0
- pulumi_gcp/firestore/field.py +2 -0
- pulumi_gcp/firestore/index.py +94 -10
- pulumi_gcp/folder/access_approval_settings.py +26 -18
- pulumi_gcp/folder/get_iam_policy.py +2 -2
- pulumi_gcp/folder/iam_audit_config.py +42 -42
- pulumi_gcp/folder/iam_member.py +42 -42
- pulumi_gcp/folder/iam_policy.py +42 -42
- pulumi_gcp/folder/organization_policy.py +22 -22
- pulumi_gcp/gkebackup/backup_plan.py +28 -4
- pulumi_gcp/gkebackup/backup_plan_iam_binding.py +18 -12
- pulumi_gcp/gkebackup/backup_plan_iam_member.py +18 -12
- pulumi_gcp/gkebackup/backup_plan_iam_policy.py +18 -12
- pulumi_gcp/gkebackup/get_backup_plan_iam_policy.py +6 -6
- pulumi_gcp/gkebackup/get_restore_plan_iam_policy.py +6 -6
- pulumi_gcp/gkebackup/restore_plan.py +48 -12
- pulumi_gcp/gkebackup/restore_plan_iam_binding.py +48 -12
- pulumi_gcp/gkebackup/restore_plan_iam_member.py +48 -12
- pulumi_gcp/gkebackup/restore_plan_iam_policy.py +48 -12
- pulumi_gcp/gkehub/feature.py +200 -38
- pulumi_gcp/gkehub/feature_iam_binding.py +18 -12
- pulumi_gcp/gkehub/feature_iam_member.py +18 -12
- pulumi_gcp/gkehub/feature_iam_policy.py +18 -12
- pulumi_gcp/gkehub/feature_membership.py +54 -22
- pulumi_gcp/gkehub/fleet.py +4 -4
- pulumi_gcp/gkehub/get_feature_iam_policy.py +6 -6
- pulumi_gcp/gkehub/get_membership_iam_policy.py +6 -6
- pulumi_gcp/gkehub/get_scope_iam_policy.py +4 -4
- pulumi_gcp/gkehub/membership.py +24 -18
- pulumi_gcp/gkehub/membership_iam_binding.py +18 -18
- pulumi_gcp/gkehub/membership_iam_member.py +18 -18
- pulumi_gcp/gkehub/membership_iam_policy.py +18 -18
- pulumi_gcp/gkehub/scope.py +6 -6
- pulumi_gcp/gkehub/scope_iam_binding.py +12 -12
- pulumi_gcp/gkehub/scope_iam_member.py +12 -12
- pulumi_gcp/gkehub/scope_iam_policy.py +12 -12
- pulumi_gcp/gkeonprem/bare_metal_admin_cluster.py +126 -122
- pulumi_gcp/gkeonprem/bare_metal_cluster.py +242 -236
- pulumi_gcp/gkeonprem/bare_metal_node_pool.py +8 -0
- pulumi_gcp/gkeonprem/v_mware_cluster.py +242 -236
- pulumi_gcp/gkeonprem/v_mware_node_pool.py +4 -180
- pulumi_gcp/healthcare/consent_store.py +32 -10
- pulumi_gcp/healthcare/consent_store_iam_binding.py +12 -12
- pulumi_gcp/healthcare/consent_store_iam_member.py +12 -12
- pulumi_gcp/healthcare/consent_store_iam_policy.py +12 -12
- pulumi_gcp/healthcare/dataset.py +2 -0
- pulumi_gcp/healthcare/dataset_iam_binding.py +8 -8
- pulumi_gcp/healthcare/dataset_iam_member.py +8 -8
- pulumi_gcp/healthcare/dataset_iam_policy.py +8 -8
- pulumi_gcp/healthcare/dicom_store.py +30 -26
- pulumi_gcp/healthcare/dicom_store_iam_binding.py +14 -14
- pulumi_gcp/healthcare/dicom_store_iam_member.py +14 -14
- pulumi_gcp/healthcare/dicom_store_iam_policy.py +14 -14
- pulumi_gcp/healthcare/fhir_store.py +44 -24
- pulumi_gcp/healthcare/fhir_store_iam_binding.py +14 -14
- pulumi_gcp/healthcare/fhir_store_iam_member.py +14 -14
- pulumi_gcp/healthcare/fhir_store_iam_policy.py +14 -14
- pulumi_gcp/healthcare/get_consent_store_iam_policy.py +4 -4
- pulumi_gcp/healthcare/get_dataset_iam_policy.py +2 -2
- pulumi_gcp/healthcare/get_dicom_store_iam_policy.py +2 -2
- pulumi_gcp/healthcare/get_fhir_store_iam_policy.py +2 -2
- pulumi_gcp/healthcare/get_hl7_v2_store_iam_policy.py +2 -2
- pulumi_gcp/healthcare/hl7_store.py +30 -20
- pulumi_gcp/healthcare/hl7_store_iam_binding.py +14 -14
- pulumi_gcp/healthcare/hl7_store_iam_member.py +14 -14
- pulumi_gcp/healthcare/hl7_store_iam_policy.py +14 -14
- pulumi_gcp/iam/_inputs.py +0 -18
- pulumi_gcp/iam/access_boundary_policy.py +100 -0
- pulumi_gcp/iam/deny_policy.py +92 -0
- pulumi_gcp/iam/outputs.py +0 -18
- pulumi_gcp/iam/workforce_pool.py +20 -20
- pulumi_gcp/iam/workforce_pool_provider.py +0 -21
- pulumi_gcp/iam/workload_identity_pool.py +6 -6
- pulumi_gcp/iam/workload_identity_pool_provider.py +8 -46
- pulumi_gcp/iap/app_engine_service_iam_binding.py +56 -56
- pulumi_gcp/iap/app_engine_service_iam_member.py +56 -56
- pulumi_gcp/iap/app_engine_service_iam_policy.py +56 -56
- pulumi_gcp/iap/app_engine_version_iam_binding.py +68 -68
- pulumi_gcp/iap/app_engine_version_iam_member.py +68 -68
- pulumi_gcp/iap/app_engine_version_iam_policy.py +68 -68
- pulumi_gcp/iap/brand.py +12 -6
- pulumi_gcp/iap/client.py +14 -8
- pulumi_gcp/iap/get_app_engine_service_iam_policy.py +6 -6
- pulumi_gcp/iap/get_app_engine_version_iam_policy.py +8 -8
- pulumi_gcp/iap/get_client.py +2 -2
- pulumi_gcp/iap/get_tunnel_iam_policy.py +2 -2
- pulumi_gcp/iap/get_tunnel_instance_iam_policy.py +6 -6
- pulumi_gcp/iap/get_web_backend_service_iam_policy.py +4 -4
- pulumi_gcp/iap/get_web_iam_policy.py +2 -2
- pulumi_gcp/iap/get_web_region_backend_service_iam_policy.py +6 -6
- pulumi_gcp/iap/get_web_type_app_engine_iam_policy.py +4 -4
- pulumi_gcp/iap/get_web_type_compute_iam_policy.py +2 -2
- pulumi_gcp/iap/tunnel_iam_binding.py +12 -12
- pulumi_gcp/iap/tunnel_iam_member.py +12 -12
- pulumi_gcp/iap/tunnel_iam_policy.py +12 -12
- pulumi_gcp/iap/tunnel_instance_iam_binding.py +36 -36
- pulumi_gcp/iap/tunnel_instance_iam_member.py +36 -36
- pulumi_gcp/iap/tunnel_instance_iam_policy.py +36 -36
- pulumi_gcp/iap/web_backend_service_iam_binding.py +24 -24
- pulumi_gcp/iap/web_backend_service_iam_member.py +24 -24
- pulumi_gcp/iap/web_backend_service_iam_policy.py +24 -24
- pulumi_gcp/iap/web_iam_binding.py +12 -12
- pulumi_gcp/iap/web_iam_member.py +12 -12
- pulumi_gcp/iap/web_iam_policy.py +12 -12
- pulumi_gcp/iap/web_region_backend_service_iam_binding.py +36 -36
- pulumi_gcp/iap/web_region_backend_service_iam_member.py +36 -36
- pulumi_gcp/iap/web_region_backend_service_iam_policy.py +36 -36
- pulumi_gcp/iap/web_type_app_enging_iam_binding.py +24 -24
- pulumi_gcp/iap/web_type_app_enging_iam_member.py +24 -24
- pulumi_gcp/iap/web_type_app_enging_iam_policy.py +24 -24
- pulumi_gcp/iap/web_type_compute_iam_binding.py +12 -12
- pulumi_gcp/iap/web_type_compute_iam_member.py +12 -12
- pulumi_gcp/iap/web_type_compute_iam_policy.py +12 -12
- pulumi_gcp/identityplatform/config.py +12 -8
- pulumi_gcp/identityplatform/default_supported_idp_config.py +8 -8
- pulumi_gcp/identityplatform/inbound_saml_config.py +8 -4
- pulumi_gcp/identityplatform/oauth_idp_config.py +10 -8
- pulumi_gcp/identityplatform/tenant.py +4 -4
- pulumi_gcp/identityplatform/tenant_default_supported_idp_config.py +2 -2
- pulumi_gcp/identityplatform/tenant_inbound_saml_config.py +8 -4
- pulumi_gcp/identityplatform/tenant_oauth_idp_config.py +4 -2
- pulumi_gcp/integrationconnectors/connection.py +16 -14
- pulumi_gcp/integrationconnectors/endpoint_attachment.py +8 -6
- pulumi_gcp/kms/crypto_key.py +16 -4
- pulumi_gcp/kms/crypto_key_iam_binding.py +32 -26
- pulumi_gcp/kms/crypto_key_iam_member.py +32 -26
- pulumi_gcp/kms/crypto_key_iam_policy.py +32 -26
- pulumi_gcp/kms/crypto_key_version.py +8 -2
- pulumi_gcp/kms/get_crypto_key_iam_policy.py +2 -2
- pulumi_gcp/kms/get_kms_crypto_key_version.py +2 -2
- pulumi_gcp/kms/get_kms_key_ring.py +4 -4
- pulumi_gcp/kms/key_ring.py +6 -2
- pulumi_gcp/kms/key_ring_iam_binding.py +52 -44
- pulumi_gcp/kms/key_ring_iam_member.py +52 -44
- pulumi_gcp/kms/key_ring_iam_policy.py +52 -44
- pulumi_gcp/kms/secret_ciphertext.py +20 -12
- pulumi_gcp/logging/billing_account_exclusion.py +2 -0
- pulumi_gcp/logging/billing_account_sink.py +8 -2
- pulumi_gcp/logging/folder_exclusion.py +2 -0
- pulumi_gcp/logging/folder_settings.py +12 -14
- pulumi_gcp/logging/folder_sink.py +8 -2
- pulumi_gcp/logging/linked_dataset.py +22 -24
- pulumi_gcp/logging/log_view.py +8 -6
- pulumi_gcp/logging/metric.py +78 -68
- pulumi_gcp/logging/organization_exclusion.py +6 -4
- pulumi_gcp/logging/organization_settings.py +10 -12
- pulumi_gcp/logging/organization_sink.py +8 -2
- pulumi_gcp/logging/project_bucket_config.py +178 -0
- pulumi_gcp/logging/project_exclusion.py +2 -0
- pulumi_gcp/looker/instance.py +76 -70
- pulumi_gcp/memcache/instance.py +10 -6
- pulumi_gcp/migrationcenter/group.py +6 -6
- pulumi_gcp/ml/engine_model.py +8 -4
- pulumi_gcp/monitoring/alert_policy.py +58 -58
- pulumi_gcp/monitoring/custom_service.py +2 -2
- pulumi_gcp/monitoring/dashboard.py +0 -4
- pulumi_gcp/monitoring/generic_service.py +18 -18
- pulumi_gcp/monitoring/get_app_engine_service.py +10 -2
- pulumi_gcp/monitoring/get_cluster_istio_service.py +10 -8
- pulumi_gcp/monitoring/get_istio_canonical_service.py +6 -4
- pulumi_gcp/monitoring/get_mesh_istio_service.py +6 -4
- pulumi_gcp/monitoring/get_notification_channel.py +2 -2
- pulumi_gcp/monitoring/metric_descriptor.py +34 -34
- pulumi_gcp/monitoring/monitored_project.py +14 -4
- pulumi_gcp/monitoring/notification_channel.py +8 -8
- pulumi_gcp/monitoring/slo.py +238 -4
- pulumi_gcp/monitoring/uptime_check_config.py +106 -102
- pulumi_gcp/netapp/active_directory.py +4 -2
- pulumi_gcp/netapp/backup_policy.py +12 -10
- pulumi_gcp/netapp/backup_vault.py +4 -2
- pulumi_gcp/netapp/kmsconfig.py +14 -6
- pulumi_gcp/netapp/storage_pool.py +12 -8
- pulumi_gcp/netapp/volume.py +12 -8
- pulumi_gcp/netapp/volume_snapshot.py +16 -12
- pulumi_gcp/networkconnectivity/hub.py +6 -4
- pulumi_gcp/networkconnectivity/policy_based_route.py +18 -6
- pulumi_gcp/networkconnectivity/service_connection_policy.py +12 -4
- pulumi_gcp/networkconnectivity/spoke.py +28 -8
- pulumi_gcp/networkmanagement/connectivity_test.py +36 -22
- pulumi_gcp/networksecurity/address_group.py +32 -26
- pulumi_gcp/networksecurity/authorization_policy.py +8 -8
- pulumi_gcp/networksecurity/client_tls_policy.py +8 -8
- pulumi_gcp/networksecurity/firewall_endpoint.py +4 -4
- pulumi_gcp/networksecurity/gateway_security_policy.py +38 -54
- pulumi_gcp/networksecurity/gateway_security_policy_rule.py +20 -12
- pulumi_gcp/networksecurity/security_profile.py +8 -8
- pulumi_gcp/networksecurity/security_profile_group.py +10 -10
- pulumi_gcp/networksecurity/server_tls_policy.py +30 -28
- pulumi_gcp/networksecurity/tls_inspection_policy.py +28 -44
- pulumi_gcp/networksecurity/url_list.py +6 -2
- pulumi_gcp/networkservices/edge_cache_keyset.py +4 -0
- pulumi_gcp/networkservices/edge_cache_origin.py +12 -4
- pulumi_gcp/networkservices/edge_cache_service.py +270 -16
- pulumi_gcp/networkservices/endpoint_policy.py +8 -8
- pulumi_gcp/networkservices/gateway.py +96 -60
- pulumi_gcp/networkservices/grpc_route.py +12 -12
- pulumi_gcp/networkservices/http_route.py +26 -26
- pulumi_gcp/networkservices/mesh.py +8 -8
- pulumi_gcp/networkservices/service_binding.py +16 -20
- pulumi_gcp/networkservices/tcp_route.py +298 -0
- pulumi_gcp/networkservices/tls_route.py +214 -0
- pulumi_gcp/notebooks/environment.py +6 -4
- pulumi_gcp/notebooks/get_instance_iam_policy.py +6 -6
- pulumi_gcp/notebooks/get_runtime_iam_policy.py +6 -6
- pulumi_gcp/notebooks/instance.py +38 -28
- pulumi_gcp/notebooks/instance_iam_binding.py +18 -18
- pulumi_gcp/notebooks/instance_iam_member.py +18 -18
- pulumi_gcp/notebooks/instance_iam_policy.py +18 -18
- pulumi_gcp/notebooks/runtime.py +74 -64
- pulumi_gcp/notebooks/runtime_iam_binding.py +18 -18
- pulumi_gcp/notebooks/runtime_iam_member.py +18 -18
- pulumi_gcp/notebooks/runtime_iam_policy.py +18 -18
- pulumi_gcp/organizations/access_approval_settings.py +34 -26
- pulumi_gcp/organizations/get_billing_account.py +6 -2
- pulumi_gcp/organizations/get_folders.py +2 -2
- pulumi_gcp/organizations/get_iam_policy.py +0 -62
- pulumi_gcp/organizations/iam_audit_config.py +8 -8
- pulumi_gcp/organizations/iam_binding.py +4 -4
- pulumi_gcp/organizations/iam_custom_role.py +8 -8
- pulumi_gcp/organizations/iam_member.py +42 -42
- pulumi_gcp/organizations/iam_policy.py +42 -42
- pulumi_gcp/organizations/policy.py +26 -26
- pulumi_gcp/organizations/project.py +16 -4
- pulumi_gcp/orgpolicy/custom_constraint.py +14 -8
- pulumi_gcp/orgpolicy/policy.py +24 -60
- pulumi_gcp/osconfig/guest_policies.py +16 -22
- pulumi_gcp/osconfig/os_policy_assignment.py +42 -40
- pulumi_gcp/osconfig/patch_deployment.py +122 -120
- pulumi_gcp/oslogin/ssh_public_key.py +4 -2
- pulumi_gcp/projects/access_approval_settings.py +24 -22
- pulumi_gcp/projects/api_key.py +50 -10
- pulumi_gcp/projects/default_service_accounts.py +10 -10
- pulumi_gcp/projects/iam_audit_config.py +46 -46
- pulumi_gcp/projects/iam_binding.py +46 -46
- pulumi_gcp/projects/iam_custom_role.py +6 -6
- pulumi_gcp/projects/iam_member.py +46 -46
- pulumi_gcp/projects/iam_policy.py +46 -46
- pulumi_gcp/projects/organization_policy.py +26 -26
- pulumi_gcp/projects/service.py +4 -4
- pulumi_gcp/projects/service_identity.py +6 -8
- pulumi_gcp/projects/usage_export_bucket.py +16 -4
- pulumi_gcp/pubsub/get_schema_iam_policy.py +4 -4
- pulumi_gcp/pubsub/get_subscription_iam_policy.py +2 -2
- pulumi_gcp/pubsub/get_topic_iam_policy.py +4 -4
- pulumi_gcp/pubsub/lite_reservation.py +2 -0
- pulumi_gcp/pubsub/lite_subscription.py +10 -6
- pulumi_gcp/pubsub/lite_topic.py +10 -6
- pulumi_gcp/pubsub/schema.py +22 -18
- pulumi_gcp/pubsub/schema_iam_binding.py +12 -12
- pulumi_gcp/pubsub/schema_iam_member.py +12 -12
- pulumi_gcp/pubsub/schema_iam_policy.py +12 -12
- pulumi_gcp/pubsub/subscription.py +90 -96
- pulumi_gcp/pubsub/subscription_iam_binding.py +8 -8
- pulumi_gcp/pubsub/subscription_iam_member.py +8 -8
- pulumi_gcp/pubsub/subscription_iam_policy.py +8 -8
- pulumi_gcp/pubsub/topic.py +46 -24
- pulumi_gcp/pubsub/topic_iam_binding.py +12 -12
- pulumi_gcp/pubsub/topic_iam_member.py +12 -12
- pulumi_gcp/pubsub/topic_iam_policy.py +12 -12
- pulumi_gcp/recaptcha/enterprise_key.py +54 -54
- pulumi_gcp/redis/cluster.py +32 -24
- pulumi_gcp/redis/instance.py +132 -14
- pulumi_gcp/resourcemanager/lien.py +12 -8
- pulumi_gcp/runtimeconfig/config.py +6 -2
- pulumi_gcp/runtimeconfig/get_variable.py +4 -4
- pulumi_gcp/runtimeconfig/variable.py +20 -8
- pulumi_gcp/secretmanager/get_secret_iam_policy.py +4 -4
- pulumi_gcp/secretmanager/secret.py +16 -18
- pulumi_gcp/secretmanager/secret_iam_binding.py +12 -12
- pulumi_gcp/secretmanager/secret_iam_member.py +12 -12
- pulumi_gcp/secretmanager/secret_iam_policy.py +12 -12
- pulumi_gcp/secretmanager/secret_version.py +4 -4
- pulumi_gcp/securesourcemanager/get_instance_iam_policy.py +6 -6
- pulumi_gcp/securesourcemanager/instance.py +144 -14
- pulumi_gcp/securitycenter/get_source_iam_policy.py +2 -2
- pulumi_gcp/securitycenter/instance_iam_binding.py +60 -40
- pulumi_gcp/securitycenter/instance_iam_member.py +60 -40
- pulumi_gcp/securitycenter/instance_iam_policy.py +60 -40
- pulumi_gcp/securitycenter/mute_config.py +6 -6
- pulumi_gcp/securitycenter/notification_config.py +4 -4
- pulumi_gcp/securitycenter/organization_custom_module.py +40 -40
- pulumi_gcp/securitycenter/project_custom_module.py +36 -36
- pulumi_gcp/securitycenter/source.py +6 -6
- pulumi_gcp/securitycenter/source_iam_binding.py +6 -6
- pulumi_gcp/securitycenter/source_iam_member.py +6 -6
- pulumi_gcp/securitycenter/source_iam_policy.py +6 -6
- pulumi_gcp/securityposture/posture.py +46 -46
- pulumi_gcp/serviceaccount/account.py +2 -2
- pulumi_gcp/serviceaccount/get_account.py +34 -0
- pulumi_gcp/serviceaccount/get_account_access_token.py +8 -10
- pulumi_gcp/serviceaccount/get_account_key.py +4 -4
- pulumi_gcp/serviceaccount/get_iam_policy.py +2 -2
- pulumi_gcp/serviceaccount/key.py +46 -2
- pulumi_gcp/servicedirectory/endpoint.py +28 -40
- pulumi_gcp/servicedirectory/namespace.py +2 -4
- pulumi_gcp/servicedirectory/namespace_iam_binding.py +14 -12
- pulumi_gcp/servicedirectory/namespace_iam_member.py +14 -12
- pulumi_gcp/servicedirectory/namespace_iam_policy.py +14 -12
- pulumi_gcp/servicedirectory/service.py +10 -14
- pulumi_gcp/servicedirectory/service_iam_binding.py +14 -12
- pulumi_gcp/servicedirectory/service_iam_member.py +14 -12
- pulumi_gcp/servicedirectory/service_iam_policy.py +14 -12
- pulumi_gcp/servicenetworking/connection.py +8 -6
- pulumi_gcp/servicenetworking/peered_dns_domain.py +6 -4
- pulumi_gcp/serviceusage/consumer_quota_override.py +126 -0
- pulumi_gcp/sourcerepo/get_repository_iam_policy.py +4 -4
- pulumi_gcp/sourcerepo/repository.py +20 -16
- pulumi_gcp/sourcerepo/repository_iam_binding.py +12 -12
- pulumi_gcp/sourcerepo/repository_iam_member.py +12 -12
- pulumi_gcp/sourcerepo/repository_iam_policy.py +12 -12
- pulumi_gcp/spanner/database.py +2 -0
- pulumi_gcp/spanner/database_iam_binding.py +12 -12
- pulumi_gcp/spanner/database_iam_member.py +12 -12
- pulumi_gcp/spanner/database_iam_policy.py +12 -12
- pulumi_gcp/spanner/get_database_iam_policy.py +6 -6
- pulumi_gcp/spanner/get_instance_iam_policy.py +4 -4
- pulumi_gcp/spanner/instance.py +16 -16
- pulumi_gcp/spanner/instance_iam_binding.py +8 -8
- pulumi_gcp/spanner/instance_iam_member.py +8 -8
- pulumi_gcp/spanner/instance_iam_policy.py +8 -8
- pulumi_gcp/sql/database.py +14 -4
- pulumi_gcp/sql/database_instance.py +76 -26
- pulumi_gcp/sql/get_backup_run.py +2 -2
- pulumi_gcp/sql/get_ca_certs.py +32 -0
- pulumi_gcp/sql/get_database.py +2 -2
- pulumi_gcp/sql/get_databases.py +2 -2
- pulumi_gcp/sql/source_representation_instance.py +20 -16
- pulumi_gcp/sql/ssl_cert.py +6 -4
- pulumi_gcp/sql/user.py +154 -0
- pulumi_gcp/storage/bucket.py +44 -38
- pulumi_gcp/storage/bucket_access_control.py +8 -4
- pulumi_gcp/storage/bucket_acl.py +6 -2
- pulumi_gcp/storage/bucket_iam_binding.py +12 -12
- pulumi_gcp/storage/bucket_iam_member.py +12 -12
- pulumi_gcp/storage/bucket_iam_policy.py +12 -12
- pulumi_gcp/storage/bucket_object.py +14 -12
- pulumi_gcp/storage/default_object_access_control.py +8 -4
- pulumi_gcp/storage/default_object_acl.py +6 -2
- pulumi_gcp/storage/get_bucket_iam_policy.py +2 -2
- pulumi_gcp/storage/get_bucket_object.py +4 -4
- pulumi_gcp/storage/get_object_signed_url.py +6 -4
- pulumi_gcp/storage/get_project_service_account.py +6 -6
- pulumi_gcp/storage/hmac_key.py +2 -2
- pulumi_gcp/storage/insights_report_config.py +14 -14
- pulumi_gcp/storage/notification.py +20 -18
- pulumi_gcp/storage/object_access_control.py +10 -4
- pulumi_gcp/storage/object_acl.py +8 -2
- pulumi_gcp/storage/transfer_agent_pool.py +6 -6
- pulumi_gcp/storage/transfer_job.py +30 -38
- pulumi_gcp/tags/get_tag_key_iam_policy.py +2 -2
- pulumi_gcp/tags/get_tag_value_iam_policy.py +2 -2
- pulumi_gcp/tags/location_tag_binding.py +44 -32
- pulumi_gcp/tags/tag_binding.py +16 -10
- pulumi_gcp/tags/tag_key.py +4 -4
- pulumi_gcp/tags/tag_key_iam_binding.py +6 -6
- pulumi_gcp/tags/tag_key_iam_member.py +6 -6
- pulumi_gcp/tags/tag_key_iam_policy.py +6 -6
- pulumi_gcp/tags/tag_value.py +8 -8
- pulumi_gcp/tags/tag_value_iam_binding.py +6 -6
- pulumi_gcp/tags/tag_value_iam_member.py +6 -6
- pulumi_gcp/tags/tag_value_iam_policy.py +6 -6
- pulumi_gcp/tpu/get_tensorflow_versions.py +2 -0
- pulumi_gcp/tpu/get_v2_accelerator_types.py +10 -8
- pulumi_gcp/tpu/get_v2_runtime_versions.py +2 -0
- pulumi_gcp/tpu/node.py +12 -6
- pulumi_gcp/tpu/v2_vm.py +134 -2
- pulumi_gcp/vertex/ai_dataset.py +6 -6
- pulumi_gcp/vertex/ai_endpoint.py +28 -26
- pulumi_gcp/vertex/ai_feature_group.py +8 -6
- pulumi_gcp/vertex/ai_feature_group_feature.py +12 -8
- pulumi_gcp/vertex/ai_feature_online_store.py +26 -24
- pulumi_gcp/vertex/ai_feature_online_store_featureview.py +36 -28
- pulumi_gcp/vertex/ai_feature_store.py +30 -26
- pulumi_gcp/vertex/ai_feature_store_entity_type.py +12 -8
- pulumi_gcp/vertex/ai_feature_store_entity_type_feature.py +18 -12
- pulumi_gcp/vertex/ai_index.py +8 -0
- pulumi_gcp/vertex/ai_index_endpoint.py +36 -36
- pulumi_gcp/vertex/ai_metadata_store.py +2 -0
- pulumi_gcp/vertex/ai_tensorboard.py +12 -14
- pulumi_gcp/vmwareengine/cluster.py +12 -0
- pulumi_gcp/vmwareengine/external_access_rule.py +16 -0
- pulumi_gcp/vmwareengine/external_address.py +10 -4
- pulumi_gcp/vmwareengine/get_network.py +4 -4
- pulumi_gcp/vmwareengine/get_network_policy.py +4 -4
- pulumi_gcp/vmwareengine/get_private_cloud.py +4 -4
- pulumi_gcp/vmwareengine/network.py +56 -4
- pulumi_gcp/vmwareengine/network_peering.py +12 -2
- pulumi_gcp/vmwareengine/network_policy.py +8 -0
- pulumi_gcp/vmwareengine/private_cloud.py +8 -0
- pulumi_gcp/vmwareengine/subnet.py +6 -0
- pulumi_gcp/vpcaccess/connector.py +16 -6
- pulumi_gcp/vpcaccess/get_connector.py +2 -0
- pulumi_gcp/workbench/get_instance_iam_policy.py +6 -6
- pulumi_gcp/workbench/instance.py +42 -26
- pulumi_gcp/workflows/workflow.py +98 -0
- pulumi_gcp/workstations/workstation.py +26 -30
- pulumi_gcp/workstations/workstation_cluster.py +48 -48
- pulumi_gcp/workstations/workstation_config.py +182 -194
- {pulumi_gcp-7.12.0a1709102105.dist-info → pulumi_gcp-7.12.0a1709133800.dist-info}/METADATA +1 -1
- pulumi_gcp-7.12.0a1709133800.dist-info/RECORD +1489 -0
- pulumi_gcp-7.12.0a1709102105.dist-info/RECORD +0 -1489
- {pulumi_gcp-7.12.0a1709102105.dist-info → pulumi_gcp-7.12.0a1709133800.dist-info}/WHEEL +0 -0
- {pulumi_gcp-7.12.0a1709102105.dist-info → pulumi_gcp-7.12.0a1709133800.dist-info}/top_level.txt +0 -0
@@ -1185,18 +1185,519 @@ class GlobalForwardingRule(pulumi.CustomResource):
|
|
1185
1185
|
https://cloud.google.com/compute/docs/load-balancing/http/
|
1186
1186
|
|
1187
1187
|
## Example Usage
|
1188
|
+
### External Ssl Proxy Lb Mig Backend
|
1189
|
+
|
1190
|
+
```python
|
1191
|
+
import pulumi
|
1192
|
+
import pulumi_gcp as gcp
|
1193
|
+
import pulumi_tls as tls
|
1194
|
+
|
1195
|
+
# External SSL proxy load balancer with managed instance group backend
|
1196
|
+
# VPC
|
1197
|
+
default = gcp.compute.Network("default",
|
1198
|
+
name="ssl-proxy-xlb-network",
|
1199
|
+
auto_create_subnetworks=False)
|
1200
|
+
# backend subnet
|
1201
|
+
default_subnetwork = gcp.compute.Subnetwork("default",
|
1202
|
+
name="ssl-proxy-xlb-subnet",
|
1203
|
+
ip_cidr_range="10.0.1.0/24",
|
1204
|
+
region="us-central1",
|
1205
|
+
network=default.id)
|
1206
|
+
# reserved IP address
|
1207
|
+
default_global_address = gcp.compute.GlobalAddress("default", name="ssl-proxy-xlb-ip")
|
1208
|
+
# Self-signed regional SSL certificate for testing
|
1209
|
+
default_private_key = tls.PrivateKey("default",
|
1210
|
+
algorithm="RSA",
|
1211
|
+
rsa_bits=2048)
|
1212
|
+
default_self_signed_cert = tls.SelfSignedCert("default",
|
1213
|
+
key_algorithm=default_private_key.algorithm,
|
1214
|
+
private_key_pem=default_private_key.private_key_pem,
|
1215
|
+
validity_period_hours=12,
|
1216
|
+
early_renewal_hours=3,
|
1217
|
+
allowed_uses=[
|
1218
|
+
"key_encipherment",
|
1219
|
+
"digital_signature",
|
1220
|
+
"server_auth",
|
1221
|
+
],
|
1222
|
+
dns_names=["example.com"],
|
1223
|
+
subject=tls.SelfSignedCertSubjectArgs(
|
1224
|
+
common_name="example.com",
|
1225
|
+
organization="ACME Examples, Inc",
|
1226
|
+
))
|
1227
|
+
default_ssl_certificate = gcp.compute.SSLCertificate("default",
|
1228
|
+
name="default-cert",
|
1229
|
+
private_key=default_private_key.private_key_pem,
|
1230
|
+
certificate=default_self_signed_cert.cert_pem)
|
1231
|
+
default_health_check = gcp.compute.HealthCheck("default",
|
1232
|
+
name="ssl-proxy-health-check",
|
1233
|
+
timeout_sec=1,
|
1234
|
+
check_interval_sec=1,
|
1235
|
+
tcp_health_check=gcp.compute.HealthCheckTcpHealthCheckArgs(
|
1236
|
+
port=443,
|
1237
|
+
))
|
1238
|
+
# instance template
|
1239
|
+
default_instance_template = gcp.compute.InstanceTemplate("default",
|
1240
|
+
network_interfaces=[gcp.compute.InstanceTemplateNetworkInterfaceArgs(
|
1241
|
+
access_configs=[gcp.compute.InstanceTemplateNetworkInterfaceAccessConfigArgs()],
|
1242
|
+
network=default.id,
|
1243
|
+
subnetwork=default_subnetwork.id,
|
1244
|
+
)],
|
1245
|
+
name="ssl-proxy-xlb-mig-template",
|
1246
|
+
machine_type="e2-small",
|
1247
|
+
tags=["allow-health-check"],
|
1248
|
+
disks=[gcp.compute.InstanceTemplateDiskArgs(
|
1249
|
+
source_image="debian-cloud/debian-10",
|
1250
|
+
auto_delete=True,
|
1251
|
+
boot=True,
|
1252
|
+
)],
|
1253
|
+
metadata={
|
1254
|
+
"startup-script": \"\"\"#! /bin/bash
|
1255
|
+
set -euo pipefail
|
1256
|
+
export DEBIAN_FRONTEND=noninteractive
|
1257
|
+
sudo apt-get update
|
1258
|
+
sudo apt-get install -y apache2 jq
|
1259
|
+
sudo a2ensite default-ssl
|
1260
|
+
sudo a2enmod ssl
|
1261
|
+
sudo service apache2 restart
|
1262
|
+
NAME=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/hostname")
|
1263
|
+
IP=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/0/ip")
|
1264
|
+
METADATA=$(curl -f -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/attributes/?recursive=True" | jq 'del(.["startup-script"])')
|
1265
|
+
cat <<EOF > /var/www/html/index.html
|
1266
|
+
<h1>SSL Load Balancer</h1>
|
1267
|
+
<pre>
|
1268
|
+
Name: $NAME
|
1269
|
+
IP: $IP
|
1270
|
+
Metadata: $METADATA
|
1271
|
+
</pre>
|
1272
|
+
EOF
|
1273
|
+
\"\"\",
|
1274
|
+
})
|
1275
|
+
# MIG
|
1276
|
+
default_instance_group_manager = gcp.compute.InstanceGroupManager("default",
|
1277
|
+
name="ssl-proxy-xlb-mig1",
|
1278
|
+
zone="us-central1-c",
|
1279
|
+
named_ports=[gcp.compute.InstanceGroupManagerNamedPortArgs(
|
1280
|
+
name="tcp",
|
1281
|
+
port=443,
|
1282
|
+
)],
|
1283
|
+
versions=[gcp.compute.InstanceGroupManagerVersionArgs(
|
1284
|
+
instance_template=default_instance_template.id,
|
1285
|
+
name="primary",
|
1286
|
+
)],
|
1287
|
+
base_instance_name="vm",
|
1288
|
+
target_size=2)
|
1289
|
+
# backend service
|
1290
|
+
default_backend_service = gcp.compute.BackendService("default",
|
1291
|
+
name="ssl-proxy-xlb-backend-service",
|
1292
|
+
protocol="SSL",
|
1293
|
+
port_name="tcp",
|
1294
|
+
load_balancing_scheme="EXTERNAL",
|
1295
|
+
timeout_sec=10,
|
1296
|
+
health_checks=default_health_check.id,
|
1297
|
+
backends=[gcp.compute.BackendServiceBackendArgs(
|
1298
|
+
group=default_instance_group_manager.instance_group,
|
1299
|
+
balancing_mode="UTILIZATION",
|
1300
|
+
max_utilization=1,
|
1301
|
+
capacity_scaler=1,
|
1302
|
+
)])
|
1303
|
+
default_target_ssl_proxy = gcp.compute.TargetSSLProxy("default",
|
1304
|
+
name="test-proxy",
|
1305
|
+
backend_service=default_backend_service.id,
|
1306
|
+
ssl_certificates=[default_ssl_certificate.id])
|
1307
|
+
# forwarding rule
|
1308
|
+
default_global_forwarding_rule = gcp.compute.GlobalForwardingRule("default",
|
1309
|
+
name="ssl-proxy-xlb-forwarding-rule",
|
1310
|
+
ip_protocol="TCP",
|
1311
|
+
load_balancing_scheme="EXTERNAL",
|
1312
|
+
port_range="443",
|
1313
|
+
target=default_target_ssl_proxy.id,
|
1314
|
+
ip_address=default_global_address.id)
|
1315
|
+
# allow access from health check ranges
|
1316
|
+
default_firewall = gcp.compute.Firewall("default",
|
1317
|
+
name="ssl-proxy-xlb-fw-allow-hc",
|
1318
|
+
direction="INGRESS",
|
1319
|
+
network=default.id,
|
1320
|
+
source_ranges=[
|
1321
|
+
"130.211.0.0/22",
|
1322
|
+
"35.191.0.0/16",
|
1323
|
+
],
|
1324
|
+
allows=[gcp.compute.FirewallAllowArgs(
|
1325
|
+
protocol="tcp",
|
1326
|
+
)],
|
1327
|
+
target_tags=["allow-health-check"])
|
1328
|
+
```
|
1329
|
+
### External Tcp Proxy Lb Mig Backend
|
1330
|
+
|
1331
|
+
```python
|
1332
|
+
import pulumi
|
1333
|
+
import pulumi_gcp as gcp
|
1334
|
+
|
1335
|
+
# External TCP proxy load balancer with managed instance group backend
|
1336
|
+
# VPC
|
1337
|
+
default = gcp.compute.Network("default",
|
1338
|
+
name="tcp-proxy-xlb-network",
|
1339
|
+
auto_create_subnetworks=False)
|
1340
|
+
# backend subnet
|
1341
|
+
default_subnetwork = gcp.compute.Subnetwork("default",
|
1342
|
+
name="tcp-proxy-xlb-subnet",
|
1343
|
+
ip_cidr_range="10.0.1.0/24",
|
1344
|
+
region="us-central1",
|
1345
|
+
network=default.id)
|
1346
|
+
# reserved IP address
|
1347
|
+
default_global_address = gcp.compute.GlobalAddress("default", name="tcp-proxy-xlb-ip")
|
1348
|
+
default_health_check = gcp.compute.HealthCheck("default",
|
1349
|
+
name="tcp-proxy-health-check",
|
1350
|
+
timeout_sec=1,
|
1351
|
+
check_interval_sec=1,
|
1352
|
+
tcp_health_check=gcp.compute.HealthCheckTcpHealthCheckArgs(
|
1353
|
+
port=80,
|
1354
|
+
))
|
1355
|
+
# instance template
|
1356
|
+
default_instance_template = gcp.compute.InstanceTemplate("default",
|
1357
|
+
network_interfaces=[gcp.compute.InstanceTemplateNetworkInterfaceArgs(
|
1358
|
+
access_configs=[gcp.compute.InstanceTemplateNetworkInterfaceAccessConfigArgs()],
|
1359
|
+
network=default.id,
|
1360
|
+
subnetwork=default_subnetwork.id,
|
1361
|
+
)],
|
1362
|
+
name="tcp-proxy-xlb-mig-template",
|
1363
|
+
machine_type="e2-small",
|
1364
|
+
tags=["allow-health-check"],
|
1365
|
+
disks=[gcp.compute.InstanceTemplateDiskArgs(
|
1366
|
+
source_image="debian-cloud/debian-10",
|
1367
|
+
auto_delete=True,
|
1368
|
+
boot=True,
|
1369
|
+
)],
|
1370
|
+
metadata={
|
1371
|
+
"startup-script": \"\"\"#! /bin/bash
|
1372
|
+
set -euo pipefail
|
1373
|
+
export DEBIAN_FRONTEND=noninteractive
|
1374
|
+
apt-get update
|
1375
|
+
apt-get install -y nginx-light jq
|
1376
|
+
NAME=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/hostname")
|
1377
|
+
IP=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/0/ip")
|
1378
|
+
METADATA=$(curl -f -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/attributes/?recursive=True" | jq 'del(.["startup-script"])')
|
1379
|
+
cat <<EOF > /var/www/html/index.html
|
1380
|
+
<pre>
|
1381
|
+
Name: $NAME
|
1382
|
+
IP: $IP
|
1383
|
+
Metadata: $METADATA
|
1384
|
+
</pre>
|
1385
|
+
EOF
|
1386
|
+
\"\"\",
|
1387
|
+
})
|
1388
|
+
# MIG
|
1389
|
+
default_instance_group_manager = gcp.compute.InstanceGroupManager("default",
|
1390
|
+
name="tcp-proxy-xlb-mig1",
|
1391
|
+
zone="us-central1-c",
|
1392
|
+
named_ports=[gcp.compute.InstanceGroupManagerNamedPortArgs(
|
1393
|
+
name="tcp",
|
1394
|
+
port=80,
|
1395
|
+
)],
|
1396
|
+
versions=[gcp.compute.InstanceGroupManagerVersionArgs(
|
1397
|
+
instance_template=default_instance_template.id,
|
1398
|
+
name="primary",
|
1399
|
+
)],
|
1400
|
+
base_instance_name="vm",
|
1401
|
+
target_size=2)
|
1402
|
+
# backend service
|
1403
|
+
default_backend_service = gcp.compute.BackendService("default",
|
1404
|
+
name="tcp-proxy-xlb-backend-service",
|
1405
|
+
protocol="TCP",
|
1406
|
+
port_name="tcp",
|
1407
|
+
load_balancing_scheme="EXTERNAL",
|
1408
|
+
timeout_sec=10,
|
1409
|
+
health_checks=default_health_check.id,
|
1410
|
+
backends=[gcp.compute.BackendServiceBackendArgs(
|
1411
|
+
group=default_instance_group_manager.instance_group,
|
1412
|
+
balancing_mode="UTILIZATION",
|
1413
|
+
max_utilization=1,
|
1414
|
+
capacity_scaler=1,
|
1415
|
+
)])
|
1416
|
+
default_target_tcp_proxy = gcp.compute.TargetTCPProxy("default",
|
1417
|
+
name="test-proxy-health-check",
|
1418
|
+
backend_service=default_backend_service.id)
|
1419
|
+
# forwarding rule
|
1420
|
+
default_global_forwarding_rule = gcp.compute.GlobalForwardingRule("default",
|
1421
|
+
name="tcp-proxy-xlb-forwarding-rule",
|
1422
|
+
ip_protocol="TCP",
|
1423
|
+
load_balancing_scheme="EXTERNAL",
|
1424
|
+
port_range="110",
|
1425
|
+
target=default_target_tcp_proxy.id,
|
1426
|
+
ip_address=default_global_address.id)
|
1427
|
+
# allow access from health check ranges
|
1428
|
+
default_firewall = gcp.compute.Firewall("default",
|
1429
|
+
name="tcp-proxy-xlb-fw-allow-hc",
|
1430
|
+
direction="INGRESS",
|
1431
|
+
network=default.id,
|
1432
|
+
source_ranges=[
|
1433
|
+
"130.211.0.0/22",
|
1434
|
+
"35.191.0.0/16",
|
1435
|
+
],
|
1436
|
+
allows=[gcp.compute.FirewallAllowArgs(
|
1437
|
+
protocol="tcp",
|
1438
|
+
)],
|
1439
|
+
target_tags=["allow-health-check"])
|
1440
|
+
```
|
1441
|
+
### External Http Lb Mig Backend Custom Header
|
1442
|
+
|
1443
|
+
```python
|
1444
|
+
import pulumi
|
1445
|
+
import pulumi_gcp as gcp
|
1446
|
+
|
1447
|
+
# External HTTP load balancer with a CDN-enabled managed instance group backend
|
1448
|
+
# and custom request and response headers
|
1449
|
+
# VPC
|
1450
|
+
default = gcp.compute.Network("default",
|
1451
|
+
name="l7-xlb-network",
|
1452
|
+
auto_create_subnetworks=False)
|
1453
|
+
# backend subnet
|
1454
|
+
default_subnetwork = gcp.compute.Subnetwork("default",
|
1455
|
+
name="l7-xlb-subnet",
|
1456
|
+
ip_cidr_range="10.0.1.0/24",
|
1457
|
+
region="us-central1",
|
1458
|
+
network=default.id)
|
1459
|
+
# reserved IP address
|
1460
|
+
default_global_address = gcp.compute.GlobalAddress("default", name="l7-xlb-static-ip")
|
1461
|
+
# health check
|
1462
|
+
default_health_check = gcp.compute.HealthCheck("default",
|
1463
|
+
name="l7-xlb-hc",
|
1464
|
+
http_health_check=gcp.compute.HealthCheckHttpHealthCheckArgs(
|
1465
|
+
port_specification="USE_SERVING_PORT",
|
1466
|
+
))
|
1467
|
+
# instance template
|
1468
|
+
default_instance_template = gcp.compute.InstanceTemplate("default",
|
1469
|
+
network_interfaces=[gcp.compute.InstanceTemplateNetworkInterfaceArgs(
|
1470
|
+
access_configs=[gcp.compute.InstanceTemplateNetworkInterfaceAccessConfigArgs()],
|
1471
|
+
network=default.id,
|
1472
|
+
subnetwork=default_subnetwork.id,
|
1473
|
+
)],
|
1474
|
+
name="l7-xlb-mig-template",
|
1475
|
+
machine_type="e2-small",
|
1476
|
+
tags=["allow-health-check"],
|
1477
|
+
disks=[gcp.compute.InstanceTemplateDiskArgs(
|
1478
|
+
source_image="debian-cloud/debian-10",
|
1479
|
+
auto_delete=True,
|
1480
|
+
boot=True,
|
1481
|
+
)],
|
1482
|
+
metadata={
|
1483
|
+
"startup-script": \"\"\"#! /bin/bash
|
1484
|
+
set -euo pipefail
|
1485
|
+
|
1486
|
+
export DEBIAN_FRONTEND=noninteractive
|
1487
|
+
apt-get update
|
1488
|
+
apt-get install -y nginx-light jq
|
1489
|
+
|
1490
|
+
NAME=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/hostname")
|
1491
|
+
IP=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/0/ip")
|
1492
|
+
METADATA=$(curl -f -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/attributes/?recursive=True" | jq 'del(.["startup-script"])')
|
1493
|
+
|
1494
|
+
cat <<EOF > /var/www/html/index.html
|
1495
|
+
<pre>
|
1496
|
+
Name: $NAME
|
1497
|
+
IP: $IP
|
1498
|
+
Metadata: $METADATA
|
1499
|
+
</pre>
|
1500
|
+
EOF
|
1501
|
+
\"\"\",
|
1502
|
+
})
|
1503
|
+
# MIG
|
1504
|
+
default_instance_group_manager = gcp.compute.InstanceGroupManager("default",
|
1505
|
+
name="l7-xlb-mig1",
|
1506
|
+
zone="us-central1-c",
|
1507
|
+
named_ports=[gcp.compute.InstanceGroupManagerNamedPortArgs(
|
1508
|
+
name="http",
|
1509
|
+
port=8080,
|
1510
|
+
)],
|
1511
|
+
versions=[gcp.compute.InstanceGroupManagerVersionArgs(
|
1512
|
+
instance_template=default_instance_template.id,
|
1513
|
+
name="primary",
|
1514
|
+
)],
|
1515
|
+
base_instance_name="vm",
|
1516
|
+
target_size=2)
|
1517
|
+
# backend service with custom request and response headers
|
1518
|
+
default_backend_service = gcp.compute.BackendService("default",
|
1519
|
+
name="l7-xlb-backend-service",
|
1520
|
+
protocol="HTTP",
|
1521
|
+
port_name="my-port",
|
1522
|
+
load_balancing_scheme="EXTERNAL",
|
1523
|
+
timeout_sec=10,
|
1524
|
+
enable_cdn=True,
|
1525
|
+
custom_request_headers=["X-Client-Geo-Location: {client_region_subdivision}, {client_city}"],
|
1526
|
+
custom_response_headers=["X-Cache-Hit: {cdn_cache_status}"],
|
1527
|
+
health_checks=default_health_check.id,
|
1528
|
+
backends=[gcp.compute.BackendServiceBackendArgs(
|
1529
|
+
group=default_instance_group_manager.instance_group,
|
1530
|
+
balancing_mode="UTILIZATION",
|
1531
|
+
capacity_scaler=1,
|
1532
|
+
)])
|
1533
|
+
# url map
|
1534
|
+
default_url_map = gcp.compute.URLMap("default",
|
1535
|
+
name="l7-xlb-url-map",
|
1536
|
+
default_service=default_backend_service.id)
|
1537
|
+
# http proxy
|
1538
|
+
default_target_http_proxy = gcp.compute.TargetHttpProxy("default",
|
1539
|
+
name="l7-xlb-target-http-proxy",
|
1540
|
+
url_map=default_url_map.id)
|
1541
|
+
# forwarding rule
|
1542
|
+
default_global_forwarding_rule = gcp.compute.GlobalForwardingRule("default",
|
1543
|
+
name="l7-xlb-forwarding-rule",
|
1544
|
+
ip_protocol="TCP",
|
1545
|
+
load_balancing_scheme="EXTERNAL",
|
1546
|
+
port_range="80",
|
1547
|
+
target=default_target_http_proxy.id,
|
1548
|
+
ip_address=default_global_address.id)
|
1549
|
+
# allow access from health check ranges
|
1550
|
+
default_firewall = gcp.compute.Firewall("default",
|
1551
|
+
name="l7-xlb-fw-allow-hc",
|
1552
|
+
direction="INGRESS",
|
1553
|
+
network=default.id,
|
1554
|
+
source_ranges=[
|
1555
|
+
"130.211.0.0/22",
|
1556
|
+
"35.191.0.0/16",
|
1557
|
+
],
|
1558
|
+
allows=[gcp.compute.FirewallAllowArgs(
|
1559
|
+
protocol="tcp",
|
1560
|
+
)],
|
1561
|
+
target_tags=["allow-health-check"])
|
1562
|
+
```
|
1563
|
+
### Global Forwarding Rule Http
|
1564
|
+
|
1565
|
+
```python
|
1566
|
+
import pulumi
|
1567
|
+
import pulumi_gcp as gcp
|
1568
|
+
|
1569
|
+
default_http_health_check = gcp.compute.HttpHealthCheck("default",
|
1570
|
+
name="check-backend",
|
1571
|
+
request_path="/",
|
1572
|
+
check_interval_sec=1,
|
1573
|
+
timeout_sec=1)
|
1574
|
+
default_backend_service = gcp.compute.BackendService("default",
|
1575
|
+
name="backend",
|
1576
|
+
port_name="http",
|
1577
|
+
protocol="HTTP",
|
1578
|
+
timeout_sec=10,
|
1579
|
+
health_checks=default_http_health_check.id)
|
1580
|
+
default_url_map = gcp.compute.URLMap("default",
|
1581
|
+
name="url-map-target-proxy",
|
1582
|
+
description="a description",
|
1583
|
+
default_service=default_backend_service.id,
|
1584
|
+
host_rules=[gcp.compute.URLMapHostRuleArgs(
|
1585
|
+
hosts=["mysite.com"],
|
1586
|
+
path_matcher="allpaths",
|
1587
|
+
)],
|
1588
|
+
path_matchers=[gcp.compute.URLMapPathMatcherArgs(
|
1589
|
+
name="allpaths",
|
1590
|
+
default_service=default_backend_service.id,
|
1591
|
+
path_rules=[gcp.compute.URLMapPathMatcherPathRuleArgs(
|
1592
|
+
paths=["/*"],
|
1593
|
+
service=default_backend_service.id,
|
1594
|
+
)],
|
1595
|
+
)])
|
1596
|
+
default_target_http_proxy = gcp.compute.TargetHttpProxy("default",
|
1597
|
+
name="target-proxy",
|
1598
|
+
description="a description",
|
1599
|
+
url_map=default_url_map.id)
|
1600
|
+
default = gcp.compute.GlobalForwardingRule("default",
|
1601
|
+
name="global-rule",
|
1602
|
+
target=default_target_http_proxy.id,
|
1603
|
+
port_range="80")
|
1604
|
+
```
|
1605
|
+
### Global Forwarding Rule Internal
|
1606
|
+
|
1607
|
+
```python
|
1608
|
+
import pulumi
|
1609
|
+
import pulumi_gcp as gcp
|
1610
|
+
|
1611
|
+
debian_image = gcp.compute.get_image(family="debian-11",
|
1612
|
+
project="debian-cloud")
|
1613
|
+
instance_template = gcp.compute.InstanceTemplate("instance_template",
|
1614
|
+
name="template-backend",
|
1615
|
+
machine_type="e2-medium",
|
1616
|
+
network_interfaces=[gcp.compute.InstanceTemplateNetworkInterfaceArgs(
|
1617
|
+
network="default",
|
1618
|
+
)],
|
1619
|
+
disks=[gcp.compute.InstanceTemplateDiskArgs(
|
1620
|
+
source_image=debian_image.self_link,
|
1621
|
+
auto_delete=True,
|
1622
|
+
boot=True,
|
1623
|
+
)])
|
1624
|
+
igm = gcp.compute.InstanceGroupManager("igm",
|
1625
|
+
name="igm-internal",
|
1626
|
+
versions=[gcp.compute.InstanceGroupManagerVersionArgs(
|
1627
|
+
instance_template=instance_template.id,
|
1628
|
+
name="primary",
|
1629
|
+
)],
|
1630
|
+
base_instance_name="internal-glb",
|
1631
|
+
zone="us-central1-f",
|
1632
|
+
target_size=1)
|
1633
|
+
default_health_check = gcp.compute.HealthCheck("default",
|
1634
|
+
name="check-backend",
|
1635
|
+
check_interval_sec=1,
|
1636
|
+
timeout_sec=1,
|
1637
|
+
tcp_health_check=gcp.compute.HealthCheckTcpHealthCheckArgs(
|
1638
|
+
port=80,
|
1639
|
+
))
|
1640
|
+
default_backend_service = gcp.compute.BackendService("default",
|
1641
|
+
name="backend",
|
1642
|
+
port_name="http",
|
1643
|
+
protocol="HTTP",
|
1644
|
+
timeout_sec=10,
|
1645
|
+
load_balancing_scheme="INTERNAL_SELF_MANAGED",
|
1646
|
+
backends=[gcp.compute.BackendServiceBackendArgs(
|
1647
|
+
group=igm.instance_group,
|
1648
|
+
balancing_mode="RATE",
|
1649
|
+
capacity_scaler=0.4,
|
1650
|
+
max_rate_per_instance=50,
|
1651
|
+
)],
|
1652
|
+
health_checks=default_health_check.id)
|
1653
|
+
default_url_map = gcp.compute.URLMap("default",
|
1654
|
+
name="url-map-target-proxy",
|
1655
|
+
description="a description",
|
1656
|
+
default_service=default_backend_service.id,
|
1657
|
+
host_rules=[gcp.compute.URLMapHostRuleArgs(
|
1658
|
+
hosts=["mysite.com"],
|
1659
|
+
path_matcher="allpaths",
|
1660
|
+
)],
|
1661
|
+
path_matchers=[gcp.compute.URLMapPathMatcherArgs(
|
1662
|
+
name="allpaths",
|
1663
|
+
default_service=default_backend_service.id,
|
1664
|
+
path_rules=[gcp.compute.URLMapPathMatcherPathRuleArgs(
|
1665
|
+
paths=["/*"],
|
1666
|
+
service=default_backend_service.id,
|
1667
|
+
)],
|
1668
|
+
)])
|
1669
|
+
default_target_http_proxy = gcp.compute.TargetHttpProxy("default",
|
1670
|
+
name="target-proxy",
|
1671
|
+
description="a description",
|
1672
|
+
url_map=default_url_map.id)
|
1673
|
+
default = gcp.compute.GlobalForwardingRule("default",
|
1674
|
+
name="global-rule",
|
1675
|
+
target=default_target_http_proxy.id,
|
1676
|
+
port_range="80",
|
1677
|
+
load_balancing_scheme="INTERNAL_SELF_MANAGED",
|
1678
|
+
ip_address="0.0.0.0",
|
1679
|
+
metadata_filters=[gcp.compute.GlobalForwardingRuleMetadataFilterArgs(
|
1680
|
+
filter_match_criteria="MATCH_ANY",
|
1681
|
+
filter_labels=[gcp.compute.GlobalForwardingRuleMetadataFilterFilterLabelArgs(
|
1682
|
+
name="PLANET",
|
1683
|
+
value="MARS",
|
1684
|
+
)],
|
1685
|
+
)])
|
1686
|
+
```
|
1188
1687
|
### Global Forwarding Rule External Managed
|
1189
1688
|
|
1190
1689
|
```python
|
1191
1690
|
import pulumi
|
1192
1691
|
import pulumi_gcp as gcp
|
1193
1692
|
|
1194
|
-
default_backend_service = gcp.compute.BackendService("
|
1693
|
+
default_backend_service = gcp.compute.BackendService("default",
|
1694
|
+
name="backend",
|
1195
1695
|
port_name="http",
|
1196
1696
|
protocol="HTTP",
|
1197
1697
|
timeout_sec=10,
|
1198
1698
|
load_balancing_scheme="EXTERNAL_MANAGED")
|
1199
|
-
default_url_map = gcp.compute.URLMap("
|
1699
|
+
default_url_map = gcp.compute.URLMap("default",
|
1700
|
+
name="url-map-target-proxy",
|
1200
1701
|
description="a description",
|
1201
1702
|
default_service=default_backend_service.id,
|
1202
1703
|
host_rules=[gcp.compute.URLMapHostRuleArgs(
|
@@ -1211,14 +1712,272 @@ class GlobalForwardingRule(pulumi.CustomResource):
|
|
1211
1712
|
service=default_backend_service.id,
|
1212
1713
|
)],
|
1213
1714
|
)])
|
1214
|
-
default_target_http_proxy = gcp.compute.TargetHttpProxy("
|
1715
|
+
default_target_http_proxy = gcp.compute.TargetHttpProxy("default",
|
1716
|
+
name="target-proxy",
|
1215
1717
|
description="a description",
|
1216
1718
|
url_map=default_url_map.id)
|
1217
|
-
|
1719
|
+
default = gcp.compute.GlobalForwardingRule("default",
|
1720
|
+
name="global-rule",
|
1218
1721
|
target=default_target_http_proxy.id,
|
1219
1722
|
port_range="80",
|
1220
1723
|
load_balancing_scheme="EXTERNAL_MANAGED")
|
1221
1724
|
```
|
1725
|
+
### Global Forwarding Rule Hybrid
|
1726
|
+
|
1727
|
+
```python
|
1728
|
+
import pulumi
|
1729
|
+
import pulumi_gcp as gcp
|
1730
|
+
|
1731
|
+
config = pulumi.Config()
|
1732
|
+
subnetwork_cidr = config.get("subnetworkCidr")
|
1733
|
+
if subnetwork_cidr is None:
|
1734
|
+
subnetwork_cidr = "10.0.0.0/24"
|
1735
|
+
default = gcp.compute.Network("default", name="my-network")
|
1736
|
+
internal = gcp.compute.Network("internal",
|
1737
|
+
name="my-internal-network",
|
1738
|
+
auto_create_subnetworks=False)
|
1739
|
+
internal_subnetwork = gcp.compute.Subnetwork("internal",
|
1740
|
+
name="my-subnetwork",
|
1741
|
+
network=internal.id,
|
1742
|
+
ip_cidr_range=subnetwork_cidr,
|
1743
|
+
region="us-central1",
|
1744
|
+
private_ip_google_access=True)
|
1745
|
+
# Zonal NEG with GCE_VM_IP_PORT
|
1746
|
+
default_network_endpoint_group = gcp.compute.NetworkEndpointGroup("default",
|
1747
|
+
name="default-neg",
|
1748
|
+
network=default.id,
|
1749
|
+
default_port=90,
|
1750
|
+
zone="us-central1-a",
|
1751
|
+
network_endpoint_type="GCE_VM_IP_PORT")
|
1752
|
+
# Zonal NEG with GCE_VM_IP
|
1753
|
+
internal_network_endpoint_group = gcp.compute.NetworkEndpointGroup("internal",
|
1754
|
+
name="internal-neg",
|
1755
|
+
network=internal.id,
|
1756
|
+
subnetwork=internal_subnetwork.id,
|
1757
|
+
zone="us-central1-a",
|
1758
|
+
network_endpoint_type="GCE_VM_IP")
|
1759
|
+
# Hybrid connectivity NEG
|
1760
|
+
hybrid = gcp.compute.NetworkEndpointGroup("hybrid",
|
1761
|
+
name="hybrid-neg",
|
1762
|
+
network=default.id,
|
1763
|
+
default_port=90,
|
1764
|
+
zone="us-central1-a",
|
1765
|
+
network_endpoint_type="NON_GCP_PRIVATE_IP_PORT")
|
1766
|
+
hybrid_endpoint = gcp.compute.NetworkEndpoint("hybrid-endpoint",
|
1767
|
+
network_endpoint_group=hybrid.name,
|
1768
|
+
port=hybrid.default_port,
|
1769
|
+
ip_address="127.0.0.1")
|
1770
|
+
default_health_check = gcp.compute.HealthCheck("default",
|
1771
|
+
name="health-check",
|
1772
|
+
timeout_sec=1,
|
1773
|
+
check_interval_sec=1,
|
1774
|
+
tcp_health_check=gcp.compute.HealthCheckTcpHealthCheckArgs(
|
1775
|
+
port=80,
|
1776
|
+
))
|
1777
|
+
# Backend service for Zonal NEG
|
1778
|
+
default_backend_service = gcp.compute.BackendService("default",
|
1779
|
+
name="backend-default",
|
1780
|
+
port_name="http",
|
1781
|
+
protocol="HTTP",
|
1782
|
+
timeout_sec=10,
|
1783
|
+
backends=[gcp.compute.BackendServiceBackendArgs(
|
1784
|
+
group=default_network_endpoint_group.id,
|
1785
|
+
balancing_mode="RATE",
|
1786
|
+
max_rate_per_endpoint=10,
|
1787
|
+
)],
|
1788
|
+
health_checks=default_health_check.id)
|
1789
|
+
# Backgend service for Hybrid NEG
|
1790
|
+
hybrid_backend_service = gcp.compute.BackendService("hybrid",
|
1791
|
+
name="backend-hybrid",
|
1792
|
+
port_name="http",
|
1793
|
+
protocol="HTTP",
|
1794
|
+
timeout_sec=10,
|
1795
|
+
backends=[gcp.compute.BackendServiceBackendArgs(
|
1796
|
+
group=hybrid.id,
|
1797
|
+
balancing_mode="RATE",
|
1798
|
+
max_rate_per_endpoint=10,
|
1799
|
+
)],
|
1800
|
+
health_checks=default_health_check.id)
|
1801
|
+
default_url_map = gcp.compute.URLMap("default",
|
1802
|
+
name="url-map-target-proxy",
|
1803
|
+
description="a description",
|
1804
|
+
default_service=default_backend_service.id,
|
1805
|
+
host_rules=[gcp.compute.URLMapHostRuleArgs(
|
1806
|
+
hosts=["mysite.com"],
|
1807
|
+
path_matcher="allpaths",
|
1808
|
+
)],
|
1809
|
+
path_matchers=[gcp.compute.URLMapPathMatcherArgs(
|
1810
|
+
name="allpaths",
|
1811
|
+
default_service=default_backend_service.id,
|
1812
|
+
path_rules=[
|
1813
|
+
gcp.compute.URLMapPathMatcherPathRuleArgs(
|
1814
|
+
paths=["/*"],
|
1815
|
+
service=default_backend_service.id,
|
1816
|
+
),
|
1817
|
+
gcp.compute.URLMapPathMatcherPathRuleArgs(
|
1818
|
+
paths=["/hybrid"],
|
1819
|
+
service=hybrid_backend_service.id,
|
1820
|
+
),
|
1821
|
+
],
|
1822
|
+
)])
|
1823
|
+
default_target_http_proxy = gcp.compute.TargetHttpProxy("default",
|
1824
|
+
name="target-proxy",
|
1825
|
+
description="a description",
|
1826
|
+
url_map=default_url_map.id)
|
1827
|
+
default_global_forwarding_rule = gcp.compute.GlobalForwardingRule("default",
|
1828
|
+
name="global-rule",
|
1829
|
+
target=default_target_http_proxy.id,
|
1830
|
+
port_range="80")
|
1831
|
+
```
|
1832
|
+
### Global Internal Http Lb With Mig Backend
|
1833
|
+
|
1834
|
+
```python
|
1835
|
+
import pulumi
|
1836
|
+
import pulumi_gcp as gcp
|
1837
|
+
|
1838
|
+
# Global Internal HTTP load balancer with a managed instance group backend
|
1839
|
+
# VPC network
|
1840
|
+
gilb_network = gcp.compute.Network("gilb_network",
|
1841
|
+
name="l7-gilb-network",
|
1842
|
+
auto_create_subnetworks=False)
|
1843
|
+
# proxy-only subnet
|
1844
|
+
proxy_subnet = gcp.compute.Subnetwork("proxy_subnet",
|
1845
|
+
name="l7-gilb-proxy-subnet",
|
1846
|
+
ip_cidr_range="10.0.0.0/24",
|
1847
|
+
region="europe-west1",
|
1848
|
+
purpose="GLOBAL_MANAGED_PROXY",
|
1849
|
+
role="ACTIVE",
|
1850
|
+
network=gilb_network.id)
|
1851
|
+
# backend subnet
|
1852
|
+
gilb_subnet = gcp.compute.Subnetwork("gilb_subnet",
|
1853
|
+
name="l7-gilb-subnet",
|
1854
|
+
ip_cidr_range="10.0.1.0/24",
|
1855
|
+
region="europe-west1",
|
1856
|
+
network=gilb_network.id)
|
1857
|
+
# health check
|
1858
|
+
default_health_check = gcp.compute.HealthCheck("default",
|
1859
|
+
name="l7-gilb-hc",
|
1860
|
+
http_health_check=gcp.compute.HealthCheckHttpHealthCheckArgs(
|
1861
|
+
port_specification="USE_SERVING_PORT",
|
1862
|
+
))
|
1863
|
+
# instance template
|
1864
|
+
instance_template = gcp.compute.InstanceTemplate("instance_template",
|
1865
|
+
network_interfaces=[gcp.compute.InstanceTemplateNetworkInterfaceArgs(
|
1866
|
+
access_configs=[gcp.compute.InstanceTemplateNetworkInterfaceAccessConfigArgs()],
|
1867
|
+
network=gilb_network.id,
|
1868
|
+
subnetwork=gilb_subnet.id,
|
1869
|
+
)],
|
1870
|
+
name="l7-gilb-mig-template",
|
1871
|
+
machine_type="e2-small",
|
1872
|
+
tags=["http-server"],
|
1873
|
+
disks=[gcp.compute.InstanceTemplateDiskArgs(
|
1874
|
+
source_image="debian-cloud/debian-10",
|
1875
|
+
auto_delete=True,
|
1876
|
+
boot=True,
|
1877
|
+
)],
|
1878
|
+
metadata={
|
1879
|
+
"startup-script": \"\"\"#! /bin/bash
|
1880
|
+
set -euo pipefail
|
1881
|
+
|
1882
|
+
export DEBIAN_FRONTEND=noninteractive
|
1883
|
+
apt-get update
|
1884
|
+
apt-get install -y nginx-light jq
|
1885
|
+
|
1886
|
+
NAME=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/hostname")
|
1887
|
+
IP=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/0/ip")
|
1888
|
+
METADATA=$(curl -f -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/attributes/?recursive=True" | jq 'del(.["startup-script"])')
|
1889
|
+
|
1890
|
+
cat <<EOF > /var/www/html/index.html
|
1891
|
+
<pre>
|
1892
|
+
Name: $NAME
|
1893
|
+
IP: $IP
|
1894
|
+
Metadata: $METADATA
|
1895
|
+
</pre>
|
1896
|
+
EOF
|
1897
|
+
\"\"\",
|
1898
|
+
})
|
1899
|
+
# MIG
|
1900
|
+
mig = gcp.compute.InstanceGroupManager("mig",
|
1901
|
+
name="l7-gilb-mig1",
|
1902
|
+
zone="europe-west1-b",
|
1903
|
+
versions=[gcp.compute.InstanceGroupManagerVersionArgs(
|
1904
|
+
instance_template=instance_template.id,
|
1905
|
+
name="primary",
|
1906
|
+
)],
|
1907
|
+
base_instance_name="vm",
|
1908
|
+
target_size=2)
|
1909
|
+
# backend service
|
1910
|
+
default_backend_service = gcp.compute.BackendService("default",
|
1911
|
+
name="l7-gilb-backend-subnet",
|
1912
|
+
protocol="HTTP",
|
1913
|
+
load_balancing_scheme="INTERNAL_MANAGED",
|
1914
|
+
timeout_sec=10,
|
1915
|
+
health_checks=default_health_check.id,
|
1916
|
+
backends=[gcp.compute.BackendServiceBackendArgs(
|
1917
|
+
group=mig.instance_group,
|
1918
|
+
balancing_mode="UTILIZATION",
|
1919
|
+
capacity_scaler=1,
|
1920
|
+
)])
|
1921
|
+
# URL map
|
1922
|
+
default_url_map = gcp.compute.URLMap("default",
|
1923
|
+
name="l7-gilb-url-map",
|
1924
|
+
default_service=default_backend_service.id)
|
1925
|
+
# HTTP target proxy
|
1926
|
+
default = gcp.compute.TargetHttpProxy("default",
|
1927
|
+
name="l7-gilb-target-http-proxy",
|
1928
|
+
url_map=default_url_map.id)
|
1929
|
+
# forwarding rule
|
1930
|
+
google_compute_forwarding_rule = gcp.compute.GlobalForwardingRule("google_compute_forwarding_rule",
|
1931
|
+
name="l7-gilb-forwarding-rule",
|
1932
|
+
ip_protocol="TCP",
|
1933
|
+
load_balancing_scheme="INTERNAL_MANAGED",
|
1934
|
+
port_range="80",
|
1935
|
+
target=default.id,
|
1936
|
+
network=gilb_network.id,
|
1937
|
+
subnetwork=gilb_subnet.id)
|
1938
|
+
# allow all access from IAP and health check ranges
|
1939
|
+
fw_iap = gcp.compute.Firewall("fw-iap",
|
1940
|
+
name="l7-gilb-fw-allow-iap-hc",
|
1941
|
+
direction="INGRESS",
|
1942
|
+
network=gilb_network.id,
|
1943
|
+
source_ranges=[
|
1944
|
+
"130.211.0.0/22",
|
1945
|
+
"35.191.0.0/16",
|
1946
|
+
"35.235.240.0/20",
|
1947
|
+
],
|
1948
|
+
allows=[gcp.compute.FirewallAllowArgs(
|
1949
|
+
protocol="tcp",
|
1950
|
+
)])
|
1951
|
+
# allow http from proxy subnet to backends
|
1952
|
+
fw_gilb_to_backends = gcp.compute.Firewall("fw-gilb-to-backends",
|
1953
|
+
name="l7-gilb-fw-allow-gilb-to-backends",
|
1954
|
+
direction="INGRESS",
|
1955
|
+
network=gilb_network.id,
|
1956
|
+
source_ranges=["10.0.0.0/24"],
|
1957
|
+
target_tags=["http-server"],
|
1958
|
+
allows=[gcp.compute.FirewallAllowArgs(
|
1959
|
+
protocol="tcp",
|
1960
|
+
ports=[
|
1961
|
+
"80",
|
1962
|
+
"443",
|
1963
|
+
"8080",
|
1964
|
+
],
|
1965
|
+
)])
|
1966
|
+
# test instance
|
1967
|
+
vm_test = gcp.compute.Instance("vm-test",
|
1968
|
+
name="l7-gilb-test-vm",
|
1969
|
+
zone="europe-west1-b",
|
1970
|
+
machine_type="e2-small",
|
1971
|
+
network_interfaces=[gcp.compute.InstanceNetworkInterfaceArgs(
|
1972
|
+
network=gilb_network.id,
|
1973
|
+
subnetwork=gilb_subnet.id,
|
1974
|
+
)],
|
1975
|
+
boot_disk=gcp.compute.InstanceBootDiskArgs(
|
1976
|
+
initialize_params=gcp.compute.InstanceBootDiskInitializeParamsArgs(
|
1977
|
+
image="debian-cloud/debian-10",
|
1978
|
+
),
|
1979
|
+
))
|
1980
|
+
```
|
1222
1981
|
### Private Service Connect Google Apis
|
1223
1982
|
|
1224
1983
|
```python
|
@@ -1227,33 +1986,33 @@ class GlobalForwardingRule(pulumi.CustomResource):
|
|
1227
1986
|
|
1228
1987
|
network = gcp.compute.Network("network",
|
1229
1988
|
project="my-project-name",
|
1230
|
-
|
1231
|
-
|
1232
|
-
vpc_subnetwork = gcp.compute.Subnetwork("
|
1989
|
+
name="my-network",
|
1990
|
+
auto_create_subnetworks=False)
|
1991
|
+
vpc_subnetwork = gcp.compute.Subnetwork("vpc_subnetwork",
|
1233
1992
|
project=network.project,
|
1993
|
+
name="my-subnetwork",
|
1234
1994
|
ip_cidr_range="10.2.0.0/16",
|
1235
1995
|
region="us-central1",
|
1236
1996
|
network=network.id,
|
1237
|
-
private_ip_google_access=True
|
1238
|
-
|
1239
|
-
default_global_address = gcp.compute.GlobalAddress("defaultGlobalAddress",
|
1997
|
+
private_ip_google_access=True)
|
1998
|
+
default = gcp.compute.GlobalAddress("default",
|
1240
1999
|
project=network.project,
|
2000
|
+
name="global-psconnect-ip",
|
1241
2001
|
address_type="INTERNAL",
|
1242
2002
|
purpose="PRIVATE_SERVICE_CONNECT",
|
1243
2003
|
network=network.id,
|
1244
|
-
address="100.100.100.106"
|
1245
|
-
|
1246
|
-
default_global_forwarding_rule = gcp.compute.GlobalForwardingRule("defaultGlobalForwardingRule",
|
2004
|
+
address="100.100.100.106")
|
2005
|
+
default_global_forwarding_rule = gcp.compute.GlobalForwardingRule("default",
|
1247
2006
|
project=network.project,
|
2007
|
+
name="globalrule",
|
1248
2008
|
target="all-apis",
|
1249
2009
|
network=network.id,
|
1250
|
-
ip_address=
|
2010
|
+
ip_address=default.id,
|
1251
2011
|
load_balancing_scheme="",
|
1252
2012
|
service_directory_registrations=gcp.compute.GlobalForwardingRuleServiceDirectoryRegistrationsArgs(
|
1253
2013
|
namespace="sd-namespace",
|
1254
2014
|
service_directory_region="europe-west3",
|
1255
|
-
)
|
1256
|
-
opts=pulumi.ResourceOptions(provider=google_beta))
|
2015
|
+
))
|
1257
2016
|
```
|
1258
2017
|
### Private Service Connect Google Apis No Automate Dns
|
1259
2018
|
|
@@ -1263,30 +2022,30 @@ class GlobalForwardingRule(pulumi.CustomResource):
|
|
1263
2022
|
|
1264
2023
|
network = gcp.compute.Network("network",
|
1265
2024
|
project="my-project-name",
|
1266
|
-
|
1267
|
-
|
1268
|
-
vpc_subnetwork = gcp.compute.Subnetwork("
|
2025
|
+
name="my-network",
|
2026
|
+
auto_create_subnetworks=False)
|
2027
|
+
vpc_subnetwork = gcp.compute.Subnetwork("vpc_subnetwork",
|
1269
2028
|
project=network.project,
|
2029
|
+
name="my-subnetwork",
|
1270
2030
|
ip_cidr_range="10.2.0.0/16",
|
1271
2031
|
region="us-central1",
|
1272
2032
|
network=network.id,
|
1273
|
-
private_ip_google_access=True
|
1274
|
-
|
1275
|
-
default_global_address = gcp.compute.GlobalAddress("defaultGlobalAddress",
|
2033
|
+
private_ip_google_access=True)
|
2034
|
+
default = gcp.compute.GlobalAddress("default",
|
1276
2035
|
project=network.project,
|
2036
|
+
name="global-psconnect-ip",
|
1277
2037
|
address_type="INTERNAL",
|
1278
2038
|
purpose="PRIVATE_SERVICE_CONNECT",
|
1279
2039
|
network=network.id,
|
1280
|
-
address="100.100.100.106"
|
1281
|
-
|
1282
|
-
default_global_forwarding_rule = gcp.compute.GlobalForwardingRule("defaultGlobalForwardingRule",
|
2040
|
+
address="100.100.100.106")
|
2041
|
+
default_global_forwarding_rule = gcp.compute.GlobalForwardingRule("default",
|
1283
2042
|
project=network.project,
|
2043
|
+
name="globalrule",
|
1284
2044
|
target="all-apis",
|
1285
2045
|
network=network.id,
|
1286
|
-
ip_address=
|
2046
|
+
ip_address=default.id,
|
1287
2047
|
load_balancing_scheme="",
|
1288
|
-
no_automate_dns_zone=False
|
1289
|
-
opts=pulumi.ResourceOptions(provider=google_beta))
|
2048
|
+
no_automate_dns_zone=False)
|
1290
2049
|
```
|
1291
2050
|
|
1292
2051
|
## Import
|
@@ -1465,18 +2224,519 @@ class GlobalForwardingRule(pulumi.CustomResource):
|
|
1465
2224
|
https://cloud.google.com/compute/docs/load-balancing/http/
|
1466
2225
|
|
1467
2226
|
## Example Usage
|
2227
|
+
### External Ssl Proxy Lb Mig Backend
|
2228
|
+
|
2229
|
+
```python
|
2230
|
+
import pulumi
|
2231
|
+
import pulumi_gcp as gcp
|
2232
|
+
import pulumi_tls as tls
|
2233
|
+
|
2234
|
+
# External SSL proxy load balancer with managed instance group backend
|
2235
|
+
# VPC
|
2236
|
+
default = gcp.compute.Network("default",
|
2237
|
+
name="ssl-proxy-xlb-network",
|
2238
|
+
auto_create_subnetworks=False)
|
2239
|
+
# backend subnet
|
2240
|
+
default_subnetwork = gcp.compute.Subnetwork("default",
|
2241
|
+
name="ssl-proxy-xlb-subnet",
|
2242
|
+
ip_cidr_range="10.0.1.0/24",
|
2243
|
+
region="us-central1",
|
2244
|
+
network=default.id)
|
2245
|
+
# reserved IP address
|
2246
|
+
default_global_address = gcp.compute.GlobalAddress("default", name="ssl-proxy-xlb-ip")
|
2247
|
+
# Self-signed regional SSL certificate for testing
|
2248
|
+
default_private_key = tls.PrivateKey("default",
|
2249
|
+
algorithm="RSA",
|
2250
|
+
rsa_bits=2048)
|
2251
|
+
default_self_signed_cert = tls.SelfSignedCert("default",
|
2252
|
+
key_algorithm=default_private_key.algorithm,
|
2253
|
+
private_key_pem=default_private_key.private_key_pem,
|
2254
|
+
validity_period_hours=12,
|
2255
|
+
early_renewal_hours=3,
|
2256
|
+
allowed_uses=[
|
2257
|
+
"key_encipherment",
|
2258
|
+
"digital_signature",
|
2259
|
+
"server_auth",
|
2260
|
+
],
|
2261
|
+
dns_names=["example.com"],
|
2262
|
+
subject=tls.SelfSignedCertSubjectArgs(
|
2263
|
+
common_name="example.com",
|
2264
|
+
organization="ACME Examples, Inc",
|
2265
|
+
))
|
2266
|
+
default_ssl_certificate = gcp.compute.SSLCertificate("default",
|
2267
|
+
name="default-cert",
|
2268
|
+
private_key=default_private_key.private_key_pem,
|
2269
|
+
certificate=default_self_signed_cert.cert_pem)
|
2270
|
+
default_health_check = gcp.compute.HealthCheck("default",
|
2271
|
+
name="ssl-proxy-health-check",
|
2272
|
+
timeout_sec=1,
|
2273
|
+
check_interval_sec=1,
|
2274
|
+
tcp_health_check=gcp.compute.HealthCheckTcpHealthCheckArgs(
|
2275
|
+
port=443,
|
2276
|
+
))
|
2277
|
+
# instance template
|
2278
|
+
default_instance_template = gcp.compute.InstanceTemplate("default",
|
2279
|
+
network_interfaces=[gcp.compute.InstanceTemplateNetworkInterfaceArgs(
|
2280
|
+
access_configs=[gcp.compute.InstanceTemplateNetworkInterfaceAccessConfigArgs()],
|
2281
|
+
network=default.id,
|
2282
|
+
subnetwork=default_subnetwork.id,
|
2283
|
+
)],
|
2284
|
+
name="ssl-proxy-xlb-mig-template",
|
2285
|
+
machine_type="e2-small",
|
2286
|
+
tags=["allow-health-check"],
|
2287
|
+
disks=[gcp.compute.InstanceTemplateDiskArgs(
|
2288
|
+
source_image="debian-cloud/debian-10",
|
2289
|
+
auto_delete=True,
|
2290
|
+
boot=True,
|
2291
|
+
)],
|
2292
|
+
metadata={
|
2293
|
+
"startup-script": \"\"\"#! /bin/bash
|
2294
|
+
set -euo pipefail
|
2295
|
+
export DEBIAN_FRONTEND=noninteractive
|
2296
|
+
sudo apt-get update
|
2297
|
+
sudo apt-get install -y apache2 jq
|
2298
|
+
sudo a2ensite default-ssl
|
2299
|
+
sudo a2enmod ssl
|
2300
|
+
sudo service apache2 restart
|
2301
|
+
NAME=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/hostname")
|
2302
|
+
IP=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/0/ip")
|
2303
|
+
METADATA=$(curl -f -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/attributes/?recursive=True" | jq 'del(.["startup-script"])')
|
2304
|
+
cat <<EOF > /var/www/html/index.html
|
2305
|
+
<h1>SSL Load Balancer</h1>
|
2306
|
+
<pre>
|
2307
|
+
Name: $NAME
|
2308
|
+
IP: $IP
|
2309
|
+
Metadata: $METADATA
|
2310
|
+
</pre>
|
2311
|
+
EOF
|
2312
|
+
\"\"\",
|
2313
|
+
})
|
2314
|
+
# MIG
|
2315
|
+
default_instance_group_manager = gcp.compute.InstanceGroupManager("default",
|
2316
|
+
name="ssl-proxy-xlb-mig1",
|
2317
|
+
zone="us-central1-c",
|
2318
|
+
named_ports=[gcp.compute.InstanceGroupManagerNamedPortArgs(
|
2319
|
+
name="tcp",
|
2320
|
+
port=443,
|
2321
|
+
)],
|
2322
|
+
versions=[gcp.compute.InstanceGroupManagerVersionArgs(
|
2323
|
+
instance_template=default_instance_template.id,
|
2324
|
+
name="primary",
|
2325
|
+
)],
|
2326
|
+
base_instance_name="vm",
|
2327
|
+
target_size=2)
|
2328
|
+
# backend service
|
2329
|
+
default_backend_service = gcp.compute.BackendService("default",
|
2330
|
+
name="ssl-proxy-xlb-backend-service",
|
2331
|
+
protocol="SSL",
|
2332
|
+
port_name="tcp",
|
2333
|
+
load_balancing_scheme="EXTERNAL",
|
2334
|
+
timeout_sec=10,
|
2335
|
+
health_checks=default_health_check.id,
|
2336
|
+
backends=[gcp.compute.BackendServiceBackendArgs(
|
2337
|
+
group=default_instance_group_manager.instance_group,
|
2338
|
+
balancing_mode="UTILIZATION",
|
2339
|
+
max_utilization=1,
|
2340
|
+
capacity_scaler=1,
|
2341
|
+
)])
|
2342
|
+
default_target_ssl_proxy = gcp.compute.TargetSSLProxy("default",
|
2343
|
+
name="test-proxy",
|
2344
|
+
backend_service=default_backend_service.id,
|
2345
|
+
ssl_certificates=[default_ssl_certificate.id])
|
2346
|
+
# forwarding rule
|
2347
|
+
default_global_forwarding_rule = gcp.compute.GlobalForwardingRule("default",
|
2348
|
+
name="ssl-proxy-xlb-forwarding-rule",
|
2349
|
+
ip_protocol="TCP",
|
2350
|
+
load_balancing_scheme="EXTERNAL",
|
2351
|
+
port_range="443",
|
2352
|
+
target=default_target_ssl_proxy.id,
|
2353
|
+
ip_address=default_global_address.id)
|
2354
|
+
# allow access from health check ranges
|
2355
|
+
default_firewall = gcp.compute.Firewall("default",
|
2356
|
+
name="ssl-proxy-xlb-fw-allow-hc",
|
2357
|
+
direction="INGRESS",
|
2358
|
+
network=default.id,
|
2359
|
+
source_ranges=[
|
2360
|
+
"130.211.0.0/22",
|
2361
|
+
"35.191.0.0/16",
|
2362
|
+
],
|
2363
|
+
allows=[gcp.compute.FirewallAllowArgs(
|
2364
|
+
protocol="tcp",
|
2365
|
+
)],
|
2366
|
+
target_tags=["allow-health-check"])
|
2367
|
+
```
|
2368
|
+
### External Tcp Proxy Lb Mig Backend
|
2369
|
+
|
2370
|
+
```python
|
2371
|
+
import pulumi
|
2372
|
+
import pulumi_gcp as gcp
|
2373
|
+
|
2374
|
+
# External TCP proxy load balancer with managed instance group backend
|
2375
|
+
# VPC
|
2376
|
+
default = gcp.compute.Network("default",
|
2377
|
+
name="tcp-proxy-xlb-network",
|
2378
|
+
auto_create_subnetworks=False)
|
2379
|
+
# backend subnet
|
2380
|
+
default_subnetwork = gcp.compute.Subnetwork("default",
|
2381
|
+
name="tcp-proxy-xlb-subnet",
|
2382
|
+
ip_cidr_range="10.0.1.0/24",
|
2383
|
+
region="us-central1",
|
2384
|
+
network=default.id)
|
2385
|
+
# reserved IP address
|
2386
|
+
default_global_address = gcp.compute.GlobalAddress("default", name="tcp-proxy-xlb-ip")
|
2387
|
+
default_health_check = gcp.compute.HealthCheck("default",
|
2388
|
+
name="tcp-proxy-health-check",
|
2389
|
+
timeout_sec=1,
|
2390
|
+
check_interval_sec=1,
|
2391
|
+
tcp_health_check=gcp.compute.HealthCheckTcpHealthCheckArgs(
|
2392
|
+
port=80,
|
2393
|
+
))
|
2394
|
+
# instance template
|
2395
|
+
default_instance_template = gcp.compute.InstanceTemplate("default",
|
2396
|
+
network_interfaces=[gcp.compute.InstanceTemplateNetworkInterfaceArgs(
|
2397
|
+
access_configs=[gcp.compute.InstanceTemplateNetworkInterfaceAccessConfigArgs()],
|
2398
|
+
network=default.id,
|
2399
|
+
subnetwork=default_subnetwork.id,
|
2400
|
+
)],
|
2401
|
+
name="tcp-proxy-xlb-mig-template",
|
2402
|
+
machine_type="e2-small",
|
2403
|
+
tags=["allow-health-check"],
|
2404
|
+
disks=[gcp.compute.InstanceTemplateDiskArgs(
|
2405
|
+
source_image="debian-cloud/debian-10",
|
2406
|
+
auto_delete=True,
|
2407
|
+
boot=True,
|
2408
|
+
)],
|
2409
|
+
metadata={
|
2410
|
+
"startup-script": \"\"\"#! /bin/bash
|
2411
|
+
set -euo pipefail
|
2412
|
+
export DEBIAN_FRONTEND=noninteractive
|
2413
|
+
apt-get update
|
2414
|
+
apt-get install -y nginx-light jq
|
2415
|
+
NAME=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/hostname")
|
2416
|
+
IP=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/0/ip")
|
2417
|
+
METADATA=$(curl -f -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/attributes/?recursive=True" | jq 'del(.["startup-script"])')
|
2418
|
+
cat <<EOF > /var/www/html/index.html
|
2419
|
+
<pre>
|
2420
|
+
Name: $NAME
|
2421
|
+
IP: $IP
|
2422
|
+
Metadata: $METADATA
|
2423
|
+
</pre>
|
2424
|
+
EOF
|
2425
|
+
\"\"\",
|
2426
|
+
})
|
2427
|
+
# MIG
|
2428
|
+
default_instance_group_manager = gcp.compute.InstanceGroupManager("default",
|
2429
|
+
name="tcp-proxy-xlb-mig1",
|
2430
|
+
zone="us-central1-c",
|
2431
|
+
named_ports=[gcp.compute.InstanceGroupManagerNamedPortArgs(
|
2432
|
+
name="tcp",
|
2433
|
+
port=80,
|
2434
|
+
)],
|
2435
|
+
versions=[gcp.compute.InstanceGroupManagerVersionArgs(
|
2436
|
+
instance_template=default_instance_template.id,
|
2437
|
+
name="primary",
|
2438
|
+
)],
|
2439
|
+
base_instance_name="vm",
|
2440
|
+
target_size=2)
|
2441
|
+
# backend service
|
2442
|
+
default_backend_service = gcp.compute.BackendService("default",
|
2443
|
+
name="tcp-proxy-xlb-backend-service",
|
2444
|
+
protocol="TCP",
|
2445
|
+
port_name="tcp",
|
2446
|
+
load_balancing_scheme="EXTERNAL",
|
2447
|
+
timeout_sec=10,
|
2448
|
+
health_checks=default_health_check.id,
|
2449
|
+
backends=[gcp.compute.BackendServiceBackendArgs(
|
2450
|
+
group=default_instance_group_manager.instance_group,
|
2451
|
+
balancing_mode="UTILIZATION",
|
2452
|
+
max_utilization=1,
|
2453
|
+
capacity_scaler=1,
|
2454
|
+
)])
|
2455
|
+
default_target_tcp_proxy = gcp.compute.TargetTCPProxy("default",
|
2456
|
+
name="test-proxy-health-check",
|
2457
|
+
backend_service=default_backend_service.id)
|
2458
|
+
# forwarding rule
|
2459
|
+
default_global_forwarding_rule = gcp.compute.GlobalForwardingRule("default",
|
2460
|
+
name="tcp-proxy-xlb-forwarding-rule",
|
2461
|
+
ip_protocol="TCP",
|
2462
|
+
load_balancing_scheme="EXTERNAL",
|
2463
|
+
port_range="110",
|
2464
|
+
target=default_target_tcp_proxy.id,
|
2465
|
+
ip_address=default_global_address.id)
|
2466
|
+
# allow access from health check ranges
|
2467
|
+
default_firewall = gcp.compute.Firewall("default",
|
2468
|
+
name="tcp-proxy-xlb-fw-allow-hc",
|
2469
|
+
direction="INGRESS",
|
2470
|
+
network=default.id,
|
2471
|
+
source_ranges=[
|
2472
|
+
"130.211.0.0/22",
|
2473
|
+
"35.191.0.0/16",
|
2474
|
+
],
|
2475
|
+
allows=[gcp.compute.FirewallAllowArgs(
|
2476
|
+
protocol="tcp",
|
2477
|
+
)],
|
2478
|
+
target_tags=["allow-health-check"])
|
2479
|
+
```
|
2480
|
+
### External Http Lb Mig Backend Custom Header
|
2481
|
+
|
2482
|
+
```python
|
2483
|
+
import pulumi
|
2484
|
+
import pulumi_gcp as gcp
|
2485
|
+
|
2486
|
+
# External HTTP load balancer with a CDN-enabled managed instance group backend
|
2487
|
+
# and custom request and response headers
|
2488
|
+
# VPC
|
2489
|
+
default = gcp.compute.Network("default",
|
2490
|
+
name="l7-xlb-network",
|
2491
|
+
auto_create_subnetworks=False)
|
2492
|
+
# backend subnet
|
2493
|
+
default_subnetwork = gcp.compute.Subnetwork("default",
|
2494
|
+
name="l7-xlb-subnet",
|
2495
|
+
ip_cidr_range="10.0.1.0/24",
|
2496
|
+
region="us-central1",
|
2497
|
+
network=default.id)
|
2498
|
+
# reserved IP address
|
2499
|
+
default_global_address = gcp.compute.GlobalAddress("default", name="l7-xlb-static-ip")
|
2500
|
+
# health check
|
2501
|
+
default_health_check = gcp.compute.HealthCheck("default",
|
2502
|
+
name="l7-xlb-hc",
|
2503
|
+
http_health_check=gcp.compute.HealthCheckHttpHealthCheckArgs(
|
2504
|
+
port_specification="USE_SERVING_PORT",
|
2505
|
+
))
|
2506
|
+
# instance template
|
2507
|
+
default_instance_template = gcp.compute.InstanceTemplate("default",
|
2508
|
+
network_interfaces=[gcp.compute.InstanceTemplateNetworkInterfaceArgs(
|
2509
|
+
access_configs=[gcp.compute.InstanceTemplateNetworkInterfaceAccessConfigArgs()],
|
2510
|
+
network=default.id,
|
2511
|
+
subnetwork=default_subnetwork.id,
|
2512
|
+
)],
|
2513
|
+
name="l7-xlb-mig-template",
|
2514
|
+
machine_type="e2-small",
|
2515
|
+
tags=["allow-health-check"],
|
2516
|
+
disks=[gcp.compute.InstanceTemplateDiskArgs(
|
2517
|
+
source_image="debian-cloud/debian-10",
|
2518
|
+
auto_delete=True,
|
2519
|
+
boot=True,
|
2520
|
+
)],
|
2521
|
+
metadata={
|
2522
|
+
"startup-script": \"\"\"#! /bin/bash
|
2523
|
+
set -euo pipefail
|
2524
|
+
|
2525
|
+
export DEBIAN_FRONTEND=noninteractive
|
2526
|
+
apt-get update
|
2527
|
+
apt-get install -y nginx-light jq
|
2528
|
+
|
2529
|
+
NAME=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/hostname")
|
2530
|
+
IP=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/0/ip")
|
2531
|
+
METADATA=$(curl -f -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/attributes/?recursive=True" | jq 'del(.["startup-script"])')
|
2532
|
+
|
2533
|
+
cat <<EOF > /var/www/html/index.html
|
2534
|
+
<pre>
|
2535
|
+
Name: $NAME
|
2536
|
+
IP: $IP
|
2537
|
+
Metadata: $METADATA
|
2538
|
+
</pre>
|
2539
|
+
EOF
|
2540
|
+
\"\"\",
|
2541
|
+
})
|
2542
|
+
# MIG
|
2543
|
+
default_instance_group_manager = gcp.compute.InstanceGroupManager("default",
|
2544
|
+
name="l7-xlb-mig1",
|
2545
|
+
zone="us-central1-c",
|
2546
|
+
named_ports=[gcp.compute.InstanceGroupManagerNamedPortArgs(
|
2547
|
+
name="http",
|
2548
|
+
port=8080,
|
2549
|
+
)],
|
2550
|
+
versions=[gcp.compute.InstanceGroupManagerVersionArgs(
|
2551
|
+
instance_template=default_instance_template.id,
|
2552
|
+
name="primary",
|
2553
|
+
)],
|
2554
|
+
base_instance_name="vm",
|
2555
|
+
target_size=2)
|
2556
|
+
# backend service with custom request and response headers
|
2557
|
+
default_backend_service = gcp.compute.BackendService("default",
|
2558
|
+
name="l7-xlb-backend-service",
|
2559
|
+
protocol="HTTP",
|
2560
|
+
port_name="my-port",
|
2561
|
+
load_balancing_scheme="EXTERNAL",
|
2562
|
+
timeout_sec=10,
|
2563
|
+
enable_cdn=True,
|
2564
|
+
custom_request_headers=["X-Client-Geo-Location: {client_region_subdivision}, {client_city}"],
|
2565
|
+
custom_response_headers=["X-Cache-Hit: {cdn_cache_status}"],
|
2566
|
+
health_checks=default_health_check.id,
|
2567
|
+
backends=[gcp.compute.BackendServiceBackendArgs(
|
2568
|
+
group=default_instance_group_manager.instance_group,
|
2569
|
+
balancing_mode="UTILIZATION",
|
2570
|
+
capacity_scaler=1,
|
2571
|
+
)])
|
2572
|
+
# url map
|
2573
|
+
default_url_map = gcp.compute.URLMap("default",
|
2574
|
+
name="l7-xlb-url-map",
|
2575
|
+
default_service=default_backend_service.id)
|
2576
|
+
# http proxy
|
2577
|
+
default_target_http_proxy = gcp.compute.TargetHttpProxy("default",
|
2578
|
+
name="l7-xlb-target-http-proxy",
|
2579
|
+
url_map=default_url_map.id)
|
2580
|
+
# forwarding rule
|
2581
|
+
default_global_forwarding_rule = gcp.compute.GlobalForwardingRule("default",
|
2582
|
+
name="l7-xlb-forwarding-rule",
|
2583
|
+
ip_protocol="TCP",
|
2584
|
+
load_balancing_scheme="EXTERNAL",
|
2585
|
+
port_range="80",
|
2586
|
+
target=default_target_http_proxy.id,
|
2587
|
+
ip_address=default_global_address.id)
|
2588
|
+
# allow access from health check ranges
|
2589
|
+
default_firewall = gcp.compute.Firewall("default",
|
2590
|
+
name="l7-xlb-fw-allow-hc",
|
2591
|
+
direction="INGRESS",
|
2592
|
+
network=default.id,
|
2593
|
+
source_ranges=[
|
2594
|
+
"130.211.0.0/22",
|
2595
|
+
"35.191.0.0/16",
|
2596
|
+
],
|
2597
|
+
allows=[gcp.compute.FirewallAllowArgs(
|
2598
|
+
protocol="tcp",
|
2599
|
+
)],
|
2600
|
+
target_tags=["allow-health-check"])
|
2601
|
+
```
|
2602
|
+
### Global Forwarding Rule Http
|
2603
|
+
|
2604
|
+
```python
|
2605
|
+
import pulumi
|
2606
|
+
import pulumi_gcp as gcp
|
2607
|
+
|
2608
|
+
default_http_health_check = gcp.compute.HttpHealthCheck("default",
|
2609
|
+
name="check-backend",
|
2610
|
+
request_path="/",
|
2611
|
+
check_interval_sec=1,
|
2612
|
+
timeout_sec=1)
|
2613
|
+
default_backend_service = gcp.compute.BackendService("default",
|
2614
|
+
name="backend",
|
2615
|
+
port_name="http",
|
2616
|
+
protocol="HTTP",
|
2617
|
+
timeout_sec=10,
|
2618
|
+
health_checks=default_http_health_check.id)
|
2619
|
+
default_url_map = gcp.compute.URLMap("default",
|
2620
|
+
name="url-map-target-proxy",
|
2621
|
+
description="a description",
|
2622
|
+
default_service=default_backend_service.id,
|
2623
|
+
host_rules=[gcp.compute.URLMapHostRuleArgs(
|
2624
|
+
hosts=["mysite.com"],
|
2625
|
+
path_matcher="allpaths",
|
2626
|
+
)],
|
2627
|
+
path_matchers=[gcp.compute.URLMapPathMatcherArgs(
|
2628
|
+
name="allpaths",
|
2629
|
+
default_service=default_backend_service.id,
|
2630
|
+
path_rules=[gcp.compute.URLMapPathMatcherPathRuleArgs(
|
2631
|
+
paths=["/*"],
|
2632
|
+
service=default_backend_service.id,
|
2633
|
+
)],
|
2634
|
+
)])
|
2635
|
+
default_target_http_proxy = gcp.compute.TargetHttpProxy("default",
|
2636
|
+
name="target-proxy",
|
2637
|
+
description="a description",
|
2638
|
+
url_map=default_url_map.id)
|
2639
|
+
default = gcp.compute.GlobalForwardingRule("default",
|
2640
|
+
name="global-rule",
|
2641
|
+
target=default_target_http_proxy.id,
|
2642
|
+
port_range="80")
|
2643
|
+
```
|
2644
|
+
### Global Forwarding Rule Internal
|
2645
|
+
|
2646
|
+
```python
|
2647
|
+
import pulumi
|
2648
|
+
import pulumi_gcp as gcp
|
2649
|
+
|
2650
|
+
debian_image = gcp.compute.get_image(family="debian-11",
|
2651
|
+
project="debian-cloud")
|
2652
|
+
instance_template = gcp.compute.InstanceTemplate("instance_template",
|
2653
|
+
name="template-backend",
|
2654
|
+
machine_type="e2-medium",
|
2655
|
+
network_interfaces=[gcp.compute.InstanceTemplateNetworkInterfaceArgs(
|
2656
|
+
network="default",
|
2657
|
+
)],
|
2658
|
+
disks=[gcp.compute.InstanceTemplateDiskArgs(
|
2659
|
+
source_image=debian_image.self_link,
|
2660
|
+
auto_delete=True,
|
2661
|
+
boot=True,
|
2662
|
+
)])
|
2663
|
+
igm = gcp.compute.InstanceGroupManager("igm",
|
2664
|
+
name="igm-internal",
|
2665
|
+
versions=[gcp.compute.InstanceGroupManagerVersionArgs(
|
2666
|
+
instance_template=instance_template.id,
|
2667
|
+
name="primary",
|
2668
|
+
)],
|
2669
|
+
base_instance_name="internal-glb",
|
2670
|
+
zone="us-central1-f",
|
2671
|
+
target_size=1)
|
2672
|
+
default_health_check = gcp.compute.HealthCheck("default",
|
2673
|
+
name="check-backend",
|
2674
|
+
check_interval_sec=1,
|
2675
|
+
timeout_sec=1,
|
2676
|
+
tcp_health_check=gcp.compute.HealthCheckTcpHealthCheckArgs(
|
2677
|
+
port=80,
|
2678
|
+
))
|
2679
|
+
default_backend_service = gcp.compute.BackendService("default",
|
2680
|
+
name="backend",
|
2681
|
+
port_name="http",
|
2682
|
+
protocol="HTTP",
|
2683
|
+
timeout_sec=10,
|
2684
|
+
load_balancing_scheme="INTERNAL_SELF_MANAGED",
|
2685
|
+
backends=[gcp.compute.BackendServiceBackendArgs(
|
2686
|
+
group=igm.instance_group,
|
2687
|
+
balancing_mode="RATE",
|
2688
|
+
capacity_scaler=0.4,
|
2689
|
+
max_rate_per_instance=50,
|
2690
|
+
)],
|
2691
|
+
health_checks=default_health_check.id)
|
2692
|
+
default_url_map = gcp.compute.URLMap("default",
|
2693
|
+
name="url-map-target-proxy",
|
2694
|
+
description="a description",
|
2695
|
+
default_service=default_backend_service.id,
|
2696
|
+
host_rules=[gcp.compute.URLMapHostRuleArgs(
|
2697
|
+
hosts=["mysite.com"],
|
2698
|
+
path_matcher="allpaths",
|
2699
|
+
)],
|
2700
|
+
path_matchers=[gcp.compute.URLMapPathMatcherArgs(
|
2701
|
+
name="allpaths",
|
2702
|
+
default_service=default_backend_service.id,
|
2703
|
+
path_rules=[gcp.compute.URLMapPathMatcherPathRuleArgs(
|
2704
|
+
paths=["/*"],
|
2705
|
+
service=default_backend_service.id,
|
2706
|
+
)],
|
2707
|
+
)])
|
2708
|
+
default_target_http_proxy = gcp.compute.TargetHttpProxy("default",
|
2709
|
+
name="target-proxy",
|
2710
|
+
description="a description",
|
2711
|
+
url_map=default_url_map.id)
|
2712
|
+
default = gcp.compute.GlobalForwardingRule("default",
|
2713
|
+
name="global-rule",
|
2714
|
+
target=default_target_http_proxy.id,
|
2715
|
+
port_range="80",
|
2716
|
+
load_balancing_scheme="INTERNAL_SELF_MANAGED",
|
2717
|
+
ip_address="0.0.0.0",
|
2718
|
+
metadata_filters=[gcp.compute.GlobalForwardingRuleMetadataFilterArgs(
|
2719
|
+
filter_match_criteria="MATCH_ANY",
|
2720
|
+
filter_labels=[gcp.compute.GlobalForwardingRuleMetadataFilterFilterLabelArgs(
|
2721
|
+
name="PLANET",
|
2722
|
+
value="MARS",
|
2723
|
+
)],
|
2724
|
+
)])
|
2725
|
+
```
|
1468
2726
|
### Global Forwarding Rule External Managed
|
1469
2727
|
|
1470
2728
|
```python
|
1471
2729
|
import pulumi
|
1472
2730
|
import pulumi_gcp as gcp
|
1473
2731
|
|
1474
|
-
default_backend_service = gcp.compute.BackendService("
|
2732
|
+
default_backend_service = gcp.compute.BackendService("default",
|
2733
|
+
name="backend",
|
1475
2734
|
port_name="http",
|
1476
2735
|
protocol="HTTP",
|
1477
2736
|
timeout_sec=10,
|
1478
2737
|
load_balancing_scheme="EXTERNAL_MANAGED")
|
1479
|
-
default_url_map = gcp.compute.URLMap("
|
2738
|
+
default_url_map = gcp.compute.URLMap("default",
|
2739
|
+
name="url-map-target-proxy",
|
1480
2740
|
description="a description",
|
1481
2741
|
default_service=default_backend_service.id,
|
1482
2742
|
host_rules=[gcp.compute.URLMapHostRuleArgs(
|
@@ -1491,14 +2751,272 @@ class GlobalForwardingRule(pulumi.CustomResource):
|
|
1491
2751
|
service=default_backend_service.id,
|
1492
2752
|
)],
|
1493
2753
|
)])
|
1494
|
-
default_target_http_proxy = gcp.compute.TargetHttpProxy("
|
2754
|
+
default_target_http_proxy = gcp.compute.TargetHttpProxy("default",
|
2755
|
+
name="target-proxy",
|
1495
2756
|
description="a description",
|
1496
2757
|
url_map=default_url_map.id)
|
1497
|
-
|
2758
|
+
default = gcp.compute.GlobalForwardingRule("default",
|
2759
|
+
name="global-rule",
|
1498
2760
|
target=default_target_http_proxy.id,
|
1499
2761
|
port_range="80",
|
1500
2762
|
load_balancing_scheme="EXTERNAL_MANAGED")
|
1501
2763
|
```
|
2764
|
+
### Global Forwarding Rule Hybrid
|
2765
|
+
|
2766
|
+
```python
|
2767
|
+
import pulumi
|
2768
|
+
import pulumi_gcp as gcp
|
2769
|
+
|
2770
|
+
config = pulumi.Config()
|
2771
|
+
subnetwork_cidr = config.get("subnetworkCidr")
|
2772
|
+
if subnetwork_cidr is None:
|
2773
|
+
subnetwork_cidr = "10.0.0.0/24"
|
2774
|
+
default = gcp.compute.Network("default", name="my-network")
|
2775
|
+
internal = gcp.compute.Network("internal",
|
2776
|
+
name="my-internal-network",
|
2777
|
+
auto_create_subnetworks=False)
|
2778
|
+
internal_subnetwork = gcp.compute.Subnetwork("internal",
|
2779
|
+
name="my-subnetwork",
|
2780
|
+
network=internal.id,
|
2781
|
+
ip_cidr_range=subnetwork_cidr,
|
2782
|
+
region="us-central1",
|
2783
|
+
private_ip_google_access=True)
|
2784
|
+
# Zonal NEG with GCE_VM_IP_PORT
|
2785
|
+
default_network_endpoint_group = gcp.compute.NetworkEndpointGroup("default",
|
2786
|
+
name="default-neg",
|
2787
|
+
network=default.id,
|
2788
|
+
default_port=90,
|
2789
|
+
zone="us-central1-a",
|
2790
|
+
network_endpoint_type="GCE_VM_IP_PORT")
|
2791
|
+
# Zonal NEG with GCE_VM_IP
|
2792
|
+
internal_network_endpoint_group = gcp.compute.NetworkEndpointGroup("internal",
|
2793
|
+
name="internal-neg",
|
2794
|
+
network=internal.id,
|
2795
|
+
subnetwork=internal_subnetwork.id,
|
2796
|
+
zone="us-central1-a",
|
2797
|
+
network_endpoint_type="GCE_VM_IP")
|
2798
|
+
# Hybrid connectivity NEG
|
2799
|
+
hybrid = gcp.compute.NetworkEndpointGroup("hybrid",
|
2800
|
+
name="hybrid-neg",
|
2801
|
+
network=default.id,
|
2802
|
+
default_port=90,
|
2803
|
+
zone="us-central1-a",
|
2804
|
+
network_endpoint_type="NON_GCP_PRIVATE_IP_PORT")
|
2805
|
+
hybrid_endpoint = gcp.compute.NetworkEndpoint("hybrid-endpoint",
|
2806
|
+
network_endpoint_group=hybrid.name,
|
2807
|
+
port=hybrid.default_port,
|
2808
|
+
ip_address="127.0.0.1")
|
2809
|
+
default_health_check = gcp.compute.HealthCheck("default",
|
2810
|
+
name="health-check",
|
2811
|
+
timeout_sec=1,
|
2812
|
+
check_interval_sec=1,
|
2813
|
+
tcp_health_check=gcp.compute.HealthCheckTcpHealthCheckArgs(
|
2814
|
+
port=80,
|
2815
|
+
))
|
2816
|
+
# Backend service for Zonal NEG
|
2817
|
+
default_backend_service = gcp.compute.BackendService("default",
|
2818
|
+
name="backend-default",
|
2819
|
+
port_name="http",
|
2820
|
+
protocol="HTTP",
|
2821
|
+
timeout_sec=10,
|
2822
|
+
backends=[gcp.compute.BackendServiceBackendArgs(
|
2823
|
+
group=default_network_endpoint_group.id,
|
2824
|
+
balancing_mode="RATE",
|
2825
|
+
max_rate_per_endpoint=10,
|
2826
|
+
)],
|
2827
|
+
health_checks=default_health_check.id)
|
2828
|
+
# Backgend service for Hybrid NEG
|
2829
|
+
hybrid_backend_service = gcp.compute.BackendService("hybrid",
|
2830
|
+
name="backend-hybrid",
|
2831
|
+
port_name="http",
|
2832
|
+
protocol="HTTP",
|
2833
|
+
timeout_sec=10,
|
2834
|
+
backends=[gcp.compute.BackendServiceBackendArgs(
|
2835
|
+
group=hybrid.id,
|
2836
|
+
balancing_mode="RATE",
|
2837
|
+
max_rate_per_endpoint=10,
|
2838
|
+
)],
|
2839
|
+
health_checks=default_health_check.id)
|
2840
|
+
default_url_map = gcp.compute.URLMap("default",
|
2841
|
+
name="url-map-target-proxy",
|
2842
|
+
description="a description",
|
2843
|
+
default_service=default_backend_service.id,
|
2844
|
+
host_rules=[gcp.compute.URLMapHostRuleArgs(
|
2845
|
+
hosts=["mysite.com"],
|
2846
|
+
path_matcher="allpaths",
|
2847
|
+
)],
|
2848
|
+
path_matchers=[gcp.compute.URLMapPathMatcherArgs(
|
2849
|
+
name="allpaths",
|
2850
|
+
default_service=default_backend_service.id,
|
2851
|
+
path_rules=[
|
2852
|
+
gcp.compute.URLMapPathMatcherPathRuleArgs(
|
2853
|
+
paths=["/*"],
|
2854
|
+
service=default_backend_service.id,
|
2855
|
+
),
|
2856
|
+
gcp.compute.URLMapPathMatcherPathRuleArgs(
|
2857
|
+
paths=["/hybrid"],
|
2858
|
+
service=hybrid_backend_service.id,
|
2859
|
+
),
|
2860
|
+
],
|
2861
|
+
)])
|
2862
|
+
default_target_http_proxy = gcp.compute.TargetHttpProxy("default",
|
2863
|
+
name="target-proxy",
|
2864
|
+
description="a description",
|
2865
|
+
url_map=default_url_map.id)
|
2866
|
+
default_global_forwarding_rule = gcp.compute.GlobalForwardingRule("default",
|
2867
|
+
name="global-rule",
|
2868
|
+
target=default_target_http_proxy.id,
|
2869
|
+
port_range="80")
|
2870
|
+
```
|
2871
|
+
### Global Internal Http Lb With Mig Backend
|
2872
|
+
|
2873
|
+
```python
|
2874
|
+
import pulumi
|
2875
|
+
import pulumi_gcp as gcp
|
2876
|
+
|
2877
|
+
# Global Internal HTTP load balancer with a managed instance group backend
|
2878
|
+
# VPC network
|
2879
|
+
gilb_network = gcp.compute.Network("gilb_network",
|
2880
|
+
name="l7-gilb-network",
|
2881
|
+
auto_create_subnetworks=False)
|
2882
|
+
# proxy-only subnet
|
2883
|
+
proxy_subnet = gcp.compute.Subnetwork("proxy_subnet",
|
2884
|
+
name="l7-gilb-proxy-subnet",
|
2885
|
+
ip_cidr_range="10.0.0.0/24",
|
2886
|
+
region="europe-west1",
|
2887
|
+
purpose="GLOBAL_MANAGED_PROXY",
|
2888
|
+
role="ACTIVE",
|
2889
|
+
network=gilb_network.id)
|
2890
|
+
# backend subnet
|
2891
|
+
gilb_subnet = gcp.compute.Subnetwork("gilb_subnet",
|
2892
|
+
name="l7-gilb-subnet",
|
2893
|
+
ip_cidr_range="10.0.1.0/24",
|
2894
|
+
region="europe-west1",
|
2895
|
+
network=gilb_network.id)
|
2896
|
+
# health check
|
2897
|
+
default_health_check = gcp.compute.HealthCheck("default",
|
2898
|
+
name="l7-gilb-hc",
|
2899
|
+
http_health_check=gcp.compute.HealthCheckHttpHealthCheckArgs(
|
2900
|
+
port_specification="USE_SERVING_PORT",
|
2901
|
+
))
|
2902
|
+
# instance template
|
2903
|
+
instance_template = gcp.compute.InstanceTemplate("instance_template",
|
2904
|
+
network_interfaces=[gcp.compute.InstanceTemplateNetworkInterfaceArgs(
|
2905
|
+
access_configs=[gcp.compute.InstanceTemplateNetworkInterfaceAccessConfigArgs()],
|
2906
|
+
network=gilb_network.id,
|
2907
|
+
subnetwork=gilb_subnet.id,
|
2908
|
+
)],
|
2909
|
+
name="l7-gilb-mig-template",
|
2910
|
+
machine_type="e2-small",
|
2911
|
+
tags=["http-server"],
|
2912
|
+
disks=[gcp.compute.InstanceTemplateDiskArgs(
|
2913
|
+
source_image="debian-cloud/debian-10",
|
2914
|
+
auto_delete=True,
|
2915
|
+
boot=True,
|
2916
|
+
)],
|
2917
|
+
metadata={
|
2918
|
+
"startup-script": \"\"\"#! /bin/bash
|
2919
|
+
set -euo pipefail
|
2920
|
+
|
2921
|
+
export DEBIAN_FRONTEND=noninteractive
|
2922
|
+
apt-get update
|
2923
|
+
apt-get install -y nginx-light jq
|
2924
|
+
|
2925
|
+
NAME=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/hostname")
|
2926
|
+
IP=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/0/ip")
|
2927
|
+
METADATA=$(curl -f -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/attributes/?recursive=True" | jq 'del(.["startup-script"])')
|
2928
|
+
|
2929
|
+
cat <<EOF > /var/www/html/index.html
|
2930
|
+
<pre>
|
2931
|
+
Name: $NAME
|
2932
|
+
IP: $IP
|
2933
|
+
Metadata: $METADATA
|
2934
|
+
</pre>
|
2935
|
+
EOF
|
2936
|
+
\"\"\",
|
2937
|
+
})
|
2938
|
+
# MIG
|
2939
|
+
mig = gcp.compute.InstanceGroupManager("mig",
|
2940
|
+
name="l7-gilb-mig1",
|
2941
|
+
zone="europe-west1-b",
|
2942
|
+
versions=[gcp.compute.InstanceGroupManagerVersionArgs(
|
2943
|
+
instance_template=instance_template.id,
|
2944
|
+
name="primary",
|
2945
|
+
)],
|
2946
|
+
base_instance_name="vm",
|
2947
|
+
target_size=2)
|
2948
|
+
# backend service
|
2949
|
+
default_backend_service = gcp.compute.BackendService("default",
|
2950
|
+
name="l7-gilb-backend-subnet",
|
2951
|
+
protocol="HTTP",
|
2952
|
+
load_balancing_scheme="INTERNAL_MANAGED",
|
2953
|
+
timeout_sec=10,
|
2954
|
+
health_checks=default_health_check.id,
|
2955
|
+
backends=[gcp.compute.BackendServiceBackendArgs(
|
2956
|
+
group=mig.instance_group,
|
2957
|
+
balancing_mode="UTILIZATION",
|
2958
|
+
capacity_scaler=1,
|
2959
|
+
)])
|
2960
|
+
# URL map
|
2961
|
+
default_url_map = gcp.compute.URLMap("default",
|
2962
|
+
name="l7-gilb-url-map",
|
2963
|
+
default_service=default_backend_service.id)
|
2964
|
+
# HTTP target proxy
|
2965
|
+
default = gcp.compute.TargetHttpProxy("default",
|
2966
|
+
name="l7-gilb-target-http-proxy",
|
2967
|
+
url_map=default_url_map.id)
|
2968
|
+
# forwarding rule
|
2969
|
+
google_compute_forwarding_rule = gcp.compute.GlobalForwardingRule("google_compute_forwarding_rule",
|
2970
|
+
name="l7-gilb-forwarding-rule",
|
2971
|
+
ip_protocol="TCP",
|
2972
|
+
load_balancing_scheme="INTERNAL_MANAGED",
|
2973
|
+
port_range="80",
|
2974
|
+
target=default.id,
|
2975
|
+
network=gilb_network.id,
|
2976
|
+
subnetwork=gilb_subnet.id)
|
2977
|
+
# allow all access from IAP and health check ranges
|
2978
|
+
fw_iap = gcp.compute.Firewall("fw-iap",
|
2979
|
+
name="l7-gilb-fw-allow-iap-hc",
|
2980
|
+
direction="INGRESS",
|
2981
|
+
network=gilb_network.id,
|
2982
|
+
source_ranges=[
|
2983
|
+
"130.211.0.0/22",
|
2984
|
+
"35.191.0.0/16",
|
2985
|
+
"35.235.240.0/20",
|
2986
|
+
],
|
2987
|
+
allows=[gcp.compute.FirewallAllowArgs(
|
2988
|
+
protocol="tcp",
|
2989
|
+
)])
|
2990
|
+
# allow http from proxy subnet to backends
|
2991
|
+
fw_gilb_to_backends = gcp.compute.Firewall("fw-gilb-to-backends",
|
2992
|
+
name="l7-gilb-fw-allow-gilb-to-backends",
|
2993
|
+
direction="INGRESS",
|
2994
|
+
network=gilb_network.id,
|
2995
|
+
source_ranges=["10.0.0.0/24"],
|
2996
|
+
target_tags=["http-server"],
|
2997
|
+
allows=[gcp.compute.FirewallAllowArgs(
|
2998
|
+
protocol="tcp",
|
2999
|
+
ports=[
|
3000
|
+
"80",
|
3001
|
+
"443",
|
3002
|
+
"8080",
|
3003
|
+
],
|
3004
|
+
)])
|
3005
|
+
# test instance
|
3006
|
+
vm_test = gcp.compute.Instance("vm-test",
|
3007
|
+
name="l7-gilb-test-vm",
|
3008
|
+
zone="europe-west1-b",
|
3009
|
+
machine_type="e2-small",
|
3010
|
+
network_interfaces=[gcp.compute.InstanceNetworkInterfaceArgs(
|
3011
|
+
network=gilb_network.id,
|
3012
|
+
subnetwork=gilb_subnet.id,
|
3013
|
+
)],
|
3014
|
+
boot_disk=gcp.compute.InstanceBootDiskArgs(
|
3015
|
+
initialize_params=gcp.compute.InstanceBootDiskInitializeParamsArgs(
|
3016
|
+
image="debian-cloud/debian-10",
|
3017
|
+
),
|
3018
|
+
))
|
3019
|
+
```
|
1502
3020
|
### Private Service Connect Google Apis
|
1503
3021
|
|
1504
3022
|
```python
|
@@ -1507,33 +3025,33 @@ class GlobalForwardingRule(pulumi.CustomResource):
|
|
1507
3025
|
|
1508
3026
|
network = gcp.compute.Network("network",
|
1509
3027
|
project="my-project-name",
|
1510
|
-
|
1511
|
-
|
1512
|
-
vpc_subnetwork = gcp.compute.Subnetwork("
|
3028
|
+
name="my-network",
|
3029
|
+
auto_create_subnetworks=False)
|
3030
|
+
vpc_subnetwork = gcp.compute.Subnetwork("vpc_subnetwork",
|
1513
3031
|
project=network.project,
|
3032
|
+
name="my-subnetwork",
|
1514
3033
|
ip_cidr_range="10.2.0.0/16",
|
1515
3034
|
region="us-central1",
|
1516
3035
|
network=network.id,
|
1517
|
-
private_ip_google_access=True
|
1518
|
-
|
1519
|
-
default_global_address = gcp.compute.GlobalAddress("defaultGlobalAddress",
|
3036
|
+
private_ip_google_access=True)
|
3037
|
+
default = gcp.compute.GlobalAddress("default",
|
1520
3038
|
project=network.project,
|
3039
|
+
name="global-psconnect-ip",
|
1521
3040
|
address_type="INTERNAL",
|
1522
3041
|
purpose="PRIVATE_SERVICE_CONNECT",
|
1523
3042
|
network=network.id,
|
1524
|
-
address="100.100.100.106"
|
1525
|
-
|
1526
|
-
default_global_forwarding_rule = gcp.compute.GlobalForwardingRule("defaultGlobalForwardingRule",
|
3043
|
+
address="100.100.100.106")
|
3044
|
+
default_global_forwarding_rule = gcp.compute.GlobalForwardingRule("default",
|
1527
3045
|
project=network.project,
|
3046
|
+
name="globalrule",
|
1528
3047
|
target="all-apis",
|
1529
3048
|
network=network.id,
|
1530
|
-
ip_address=
|
3049
|
+
ip_address=default.id,
|
1531
3050
|
load_balancing_scheme="",
|
1532
3051
|
service_directory_registrations=gcp.compute.GlobalForwardingRuleServiceDirectoryRegistrationsArgs(
|
1533
3052
|
namespace="sd-namespace",
|
1534
3053
|
service_directory_region="europe-west3",
|
1535
|
-
)
|
1536
|
-
opts=pulumi.ResourceOptions(provider=google_beta))
|
3054
|
+
))
|
1537
3055
|
```
|
1538
3056
|
### Private Service Connect Google Apis No Automate Dns
|
1539
3057
|
|
@@ -1543,30 +3061,30 @@ class GlobalForwardingRule(pulumi.CustomResource):
|
|
1543
3061
|
|
1544
3062
|
network = gcp.compute.Network("network",
|
1545
3063
|
project="my-project-name",
|
1546
|
-
|
1547
|
-
|
1548
|
-
vpc_subnetwork = gcp.compute.Subnetwork("
|
3064
|
+
name="my-network",
|
3065
|
+
auto_create_subnetworks=False)
|
3066
|
+
vpc_subnetwork = gcp.compute.Subnetwork("vpc_subnetwork",
|
1549
3067
|
project=network.project,
|
3068
|
+
name="my-subnetwork",
|
1550
3069
|
ip_cidr_range="10.2.0.0/16",
|
1551
3070
|
region="us-central1",
|
1552
3071
|
network=network.id,
|
1553
|
-
private_ip_google_access=True
|
1554
|
-
|
1555
|
-
default_global_address = gcp.compute.GlobalAddress("defaultGlobalAddress",
|
3072
|
+
private_ip_google_access=True)
|
3073
|
+
default = gcp.compute.GlobalAddress("default",
|
1556
3074
|
project=network.project,
|
3075
|
+
name="global-psconnect-ip",
|
1557
3076
|
address_type="INTERNAL",
|
1558
3077
|
purpose="PRIVATE_SERVICE_CONNECT",
|
1559
3078
|
network=network.id,
|
1560
|
-
address="100.100.100.106"
|
1561
|
-
|
1562
|
-
default_global_forwarding_rule = gcp.compute.GlobalForwardingRule("defaultGlobalForwardingRule",
|
3079
|
+
address="100.100.100.106")
|
3080
|
+
default_global_forwarding_rule = gcp.compute.GlobalForwardingRule("default",
|
1563
3081
|
project=network.project,
|
3082
|
+
name="globalrule",
|
1564
3083
|
target="all-apis",
|
1565
3084
|
network=network.id,
|
1566
|
-
ip_address=
|
3085
|
+
ip_address=default.id,
|
1567
3086
|
load_balancing_scheme="",
|
1568
|
-
no_automate_dns_zone=False
|
1569
|
-
opts=pulumi.ResourceOptions(provider=google_beta))
|
3087
|
+
no_automate_dns_zone=False)
|
1570
3088
|
```
|
1571
3089
|
|
1572
3090
|
## Import
|