@pulumi/gcp

import * as pulumi from "@pulumi/pulumi"; import * as inputs from "../types/input"; import * as outputs from "../types/output"; /** * A Backend Service defines a group of virtual machines that will serve * traffic for load balancing. This resource is a global backend service, * appropriate for external load balancing or self-managed internal load balancing. * For managed internal load balancing, use a regional backend service instead. * * Currently self-managed internal load balancing is only available in beta. * * > **Note:** Recreating a `gcp.compute.BackendService` that references other dependent resources like `gcp.compute.URLMap` will give a `resourceInUseByAnotherResource` error, when modifying the number of other dependent resources. * Use `lifecycle.create_before_destroy` on the dependent resources to avoid this type of error as shown in the Dynamic Backends example. * * To get more information about BackendService, see: * * * [API documentation](https://cloud.google.com/compute/docs/reference/v1/backendServices) * * How-to Guides * * [Official Documentation](https://cloud.google.com/compute/docs/load-balancing/http/backend-service) * * > **Warning:** All arguments including the following potentially sensitive * values will be stored in the raw state as plain text: `iap.oauth2_client_secret`, `iap.oauth2_client_secret_sha256`, `security_settings.aws_v4_authentication.access_key`. * * ## Example Usage * * ### Backend Service Basic * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const defaultHttpHealthCheck = new gcp.compute.HttpHealthCheck("default", { * name: "health-check", * requestPath: "/", * checkIntervalSec: 1, * timeoutSec: 1, * }); * const _default = new gcp.compute.BackendService("default", { * name: "backend-service", * healthChecks: defaultHttpHealthCheck.id, * }); * ``` * ### Backend Service External Iap * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const _default = new gcp.compute.BackendService("default", { * name: "tf-test-backend-service-external", * protocol: "HTTP", * loadBalancingScheme: "EXTERNAL", * iap: { * enabled: true, * oauth2ClientId: "abc", * oauth2ClientSecret: "xyz", * }, * }); * ``` * ### Backend Service Cache Simple * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const defaultHttpHealthCheck = new gcp.compute.HttpHealthCheck("default", { * name: "health-check", * requestPath: "/", * checkIntervalSec: 1, * timeoutSec: 1, * }); * const _default = new gcp.compute.BackendService("default", { * name: "backend-service", * healthChecks: defaultHttpHealthCheck.id, * enableCdn: true, * cdnPolicy: { * signedUrlCacheMaxAgeSec: 7200, * }, * }); * ``` * ### Backend Service Cache Include Http Headers * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const _default = new gcp.compute.BackendService("default", { * name: "backend-service", * enableCdn: true, * cdnPolicy: { * cacheMode: "USE_ORIGIN_HEADERS", * cacheKeyPolicy: { * includeHost: true, * includeProtocol: true, * includeQueryString: true, * includeHttpHeaders: ["X-My-Header-Field"], * }, * }, * }); * ``` * ### Backend Service Cache Include Named Cookies * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const _default = new gcp.compute.BackendService("default", { * name: "backend-service", * enableCdn: true, * cdnPolicy: { * cacheMode: "CACHE_ALL_STATIC", * defaultTtl: 3600, * clientTtl: 7200, * maxTtl: 10800, * cacheKeyPolicy: { * includeHost: true, * includeProtocol: true, * includeQueryString: true, * includeNamedCookies: [ * "__next_preview_data", * "__prerender_bypass", * ], * }, * }, * }); * ``` * ### Backend Service Cache * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const defaultHttpHealthCheck = new gcp.compute.HttpHealthCheck("default", { * name: "health-check", * requestPath: "/", * checkIntervalSec: 1, * timeoutSec: 1, * }); * const _default = new gcp.compute.BackendService("default", { * name: "backend-service", * healthChecks: defaultHttpHealthCheck.id, * enableCdn: true, * cdnPolicy: { * cacheMode: "CACHE_ALL_STATIC", * defaultTtl: 3600, * clientTtl: 7200, * maxTtl: 10800, * negativeCaching: true, * signedUrlCacheMaxAgeSec: 7200, * }, * }); * ``` * ### Backend Service Cache Bypass Cache On Request Headers * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const defaultHttpHealthCheck = new gcp.compute.HttpHealthCheck("default", { * name: "health-check", * requestPath: "/", * checkIntervalSec: 1, * timeoutSec: 1, * }); * const _default = new gcp.compute.BackendService("default", { * name: "backend-service", * healthChecks: defaultHttpHealthCheck.id, * enableCdn: true, * cdnPolicy: { * cacheMode: "CACHE_ALL_STATIC", * defaultTtl: 3600, * clientTtl: 7200, * maxTtl: 10800, * negativeCaching: true, * signedUrlCacheMaxAgeSec: 7200, * bypassCacheOnRequestHeaders: [ * { * headerName: "Authorization", * }, * { * headerName: "Proxy-Authorization", * }, * ], * }, * }); * ``` * ### Backend Service Traffic Director Round Robin * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const healthCheck = new gcp.compute.HealthCheck("health_check", { * name: "health-check", * httpHealthCheck: { * port: 80, * }, * }); * const _default = new gcp.compute.BackendService("default", { * name: "backend-service", * healthChecks: healthCheck.id, * loadBalancingScheme: "INTERNAL_SELF_MANAGED", * localityLbPolicy: "ROUND_ROBIN", * }); * ``` * ### Backend Service Traffic Director Ring Hash * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const healthCheck = new gcp.compute.HealthCheck("health_check", { * name: "health-check", * httpHealthCheck: { * port: 80, * }, * }); * const _default = new gcp.compute.BackendService("default", { * name: "backend-service", * healthChecks: healthCheck.id, * loadBalancingScheme: "INTERNAL_SELF_MANAGED", * localityLbPolicy: "RING_HASH", * sessionAffinity: "HTTP_COOKIE", * circuitBreakers: { * maxConnections: 10, * }, * consistentHash: { * httpCookie: { * ttl: { * seconds: 11, * nanos: 1111, * }, * name: "mycookie", * }, * }, * outlierDetection: { * consecutiveErrors: 2, * consecutiveGatewayFailure: 5, * enforcingConsecutiveErrors: 100, * enforcingConsecutiveGatewayFailure: 0, * enforcingSuccessRate: 100, * maxEjectionPercent: 10, * successRateMinimumHosts: 5, * successRateRequestVolume: 100, * successRateStdevFactor: 1900, * }, * }); * ``` * ### Backend Service Stateful Session Affinity * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const healthCheck = new gcp.compute.HealthCheck("health_check", { * name: "health-check", * httpHealthCheck: { * port: 80, * }, * }); * const _default = new gcp.compute.BackendService("default", { * name: "backend-service", * healthChecks: healthCheck.id, * loadBalancingScheme: "EXTERNAL_MANAGED", * localityLbPolicy: "RING_HASH", * sessionAffinity: "STRONG_COOKIE_AFFINITY", * strongSessionAffinityCookie: { * ttl: { * seconds: 11, * nanos: 1111, * }, * name: "mycookie", * }, * }); * ``` * ### Backend Service Network Endpoint * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const externalProxy = new gcp.compute.GlobalNetworkEndpointGroup("external_proxy", { * name: "network-endpoint", * networkEndpointType: "INTERNET_FQDN_PORT", * defaultPort: 443, * }); * const proxy = new gcp.compute.GlobalNetworkEndpoint("proxy", { * globalNetworkEndpointGroup: externalProxy.id, * fqdn: "test.example.com", * port: externalProxy.defaultPort, * }); * const _default = new gcp.compute.BackendService("default", { * name: "backend-service", * enableCdn: true, * timeoutSec: 10, * connectionDrainingTimeoutSec: 10, * customRequestHeaders: [proxy.fqdn.apply(fqdn => `host: ${fqdn}`)], * customResponseHeaders: ["X-Cache-Hit: {cdn_cache_status}"], * backends: [{ * group: externalProxy.id, * }], * }); * ``` * ### Backend Service External Managed * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const defaultHealthCheck = new gcp.compute.HealthCheck("default", { * name: "health-check", * httpHealthCheck: { * port: 80, * }, * }); * const _default = new gcp.compute.BackendService("default", { * name: "backend-service", * healthChecks: defaultHealthCheck.id, * loadBalancingScheme: "EXTERNAL_MANAGED", * protocol: "H2C", * }); * ``` * ### Backend Service Ip Address Selection Policy * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const _default = new gcp.compute.BackendService("default", { * name: "backend-service", * loadBalancingScheme: "EXTERNAL_MANAGED", * ipAddressSelectionPolicy: "IPV6_ONLY", * }); * ``` * ### Backend Service Custom Metrics * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const _default = new gcp.compute.Network("default", {name: "network"}); * // Zonal NEG with GCE_VM_IP_PORT * const defaultNetworkEndpointGroup = new gcp.compute.NetworkEndpointGroup("default", { * name: "network-endpoint", * network: _default.id, * defaultPort: 90, * zone: "us-central1-a", * networkEndpointType: "GCE_VM_IP_PORT", * }); * const defaultHealthCheck = new gcp.compute.HealthCheck("default", { * name: "health-check", * timeoutSec: 1, * checkIntervalSec: 1, * tcpHealthCheck: { * port: 80, * }, * }); * const defaultBackendService = new gcp.compute.BackendService("default", { * name: "backend-service", * healthChecks: defaultHealthCheck.id, * loadBalancingScheme: "EXTERNAL_MANAGED", * localityLbPolicy: "WEIGHTED_ROUND_ROBIN", * customMetrics: [{ * name: "orca.application_utilization", * dryRun: false, * }], * backends: [{ * group: defaultNetworkEndpointGroup.id, * balancingMode: "CUSTOM_METRICS", * customMetrics: [ * { * name: "orca.cpu_utilization", * maxUtilization: 0.9, * dryRun: true, * }, * { * name: "orca.named_metrics.foo", * dryRun: false, * }, * ], * }], * logConfig: { * enable: true, * optionalMode: "CUSTOM", * optionalFields: [ * "orca_load_report", * "tls.protocol", * ], * }, * }); * ``` * ### Backend Service Tls Settings * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const defaultHealthCheck = new gcp.compute.HealthCheck("default", { * name: "health-check", * httpHealthCheck: { * port: 80, * }, * }); * const defaultBackendAuthenticationConfig = new gcp.networksecurity.BackendAuthenticationConfig("default", { * name: "authentication", * wellKnownRoots: "PUBLIC_ROOTS", * }); * const _default = new gcp.compute.BackendService("default", { * name: "backend-service", * healthChecks: defaultHealthCheck.id, * loadBalancingScheme: "EXTERNAL_MANAGED", * protocol: "HTTPS", * tlsSettings: { * sni: "example.com", * subjectAltNames: [ * { * dnsName: "example.com", * }, * { * uniformResourceIdentifier: "https://example.com", * }, * ], * authenticationConfig: pulumi.interpolate`//networksecurity.googleapis.com/${defaultBackendAuthenticationConfig.id}`, * }, * }); * ``` * ### Backend Service Dynamic Forwarding * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const _default = new gcp.compute.BackendService("default", { * name: "backend-service", * loadBalancingScheme: "INTERNAL_MANAGED", * dynamicForwarding: { * ipPortSelection: { * enabled: true, * }, * }, * }); * ``` * * ## Import * * BackendService can be imported using any of these accepted formats: * * * `projects/{{project}}/global/backendServices/{{name}}` * * * `{{project}}/{{name}}` * * * `{{name}}` * * When using the `pulumi import` command, BackendService can be imported using one of the formats above. For example: * * ```sh * $ pulumi import gcp:compute/backendService:BackendService default projects/{{project}}/global/backendServices/{{name}} * ``` * * ```sh * $ pulumi import gcp:compute/backendService:BackendService default {{project}}/{{name}} * ``` * * ```sh * $ pulumi import gcp:compute/backendService:BackendService default {{name}} * ``` */ export declare class BackendService extends pulumi.CustomResource { /** * Get an existing BackendService resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input<pulumi.ID>, state?: BackendServiceState, opts?: pulumi.CustomResourceOptions): BackendService; /** * Returns true if the given object is an instance of BackendService. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is BackendService; /** * Lifetime of cookies in seconds if sessionAffinity is * GENERATED_COOKIE. If set to 0, the cookie is non-persistent and lasts * only until the end of the browser session (or equivalent). The * maximum allowed value for TTL is one day. * When the load balancing scheme is INTERNAL, this field is not used. */ readonly affinityCookieTtlSec: pulumi.Output<number | undefined>; /** * The set of backends that serve this BackendService. * Structure is documented below. */ readonly backends: pulumi.Output<outputs.compute.BackendServiceBackend[] | undefined>; /** * Cloud CDN configuration for this BackendService. * Structure is documented below. */ readonly cdnPolicy: pulumi.Output<outputs.compute.BackendServiceCdnPolicy>; /** * Settings controlling the volume of connections to a backend service. This field * is applicable only when the loadBalancingScheme is set to INTERNAL_SELF_MANAGED. * Structure is documented below. */ readonly circuitBreakers: pulumi.Output<outputs.compute.BackendServiceCircuitBreakers | undefined>; /** * Compress text responses using Brotli or gzip compression, based on the client's Accept-Encoding header. * Possible values are: `AUTOMATIC`, `DISABLED`. */ readonly compressionMode: pulumi.Output<string | undefined>; /** * Time for which instance will be drained (not accept new * connections, but still work to finish started). */ readonly connectionDrainingTimeoutSec: pulumi.Output<number | undefined>; /** * Consistent Hash-based load balancing can be used to provide soft session * affinity based on HTTP headers, cookies or other properties. This load balancing * policy is applicable only for HTTP connections. The affinity to a particular * destination host will be lost when one or more hosts are added/removed from the * destination service. This field specifies parameters that control consistent * hashing. This field only applies if the loadBalancingScheme is set to * INTERNAL_SELF_MANAGED. This field is only applicable when localityLbPolicy is * set to MAGLEV or RING_HASH. * Structure is documented below. */ readonly consistentHash: pulumi.Output<outputs.compute.BackendServiceConsistentHash | undefined>; /** * Creation timestamp in RFC3339 text format. */ readonly creationTimestamp: pulumi.Output<string>; /** * List of custom metrics that are used for the WEIGHTED_ROUND_ROBIN locality_lb_policy. * Structure is documented below. */ readonly customMetrics: pulumi.Output<outputs.compute.BackendServiceCustomMetric[] | undefined>; /** * Headers that the HTTP/S load balancer should add to proxied * requests. */ readonly customRequestHeaders: pulumi.Output<string[] | undefined>; /** * Headers that the HTTP/S load balancer should add to proxied * responses. */ readonly customResponseHeaders: pulumi.Output<string[] | undefined>; /** * An optional description of this resource. */ readonly description: pulumi.Output<string | undefined>; /** * Dynamic forwarding configuration. This field is used to configure the backend service with dynamic forwarding * feature which together with Service Extension allows customized and complex routing logic. * Structure is documented below. */ readonly dynamicForwarding: pulumi.Output<outputs.compute.BackendServiceDynamicForwarding | undefined>; /** * The resource URL for the edge security policy associated with this backend service. */ readonly edgeSecurityPolicy: pulumi.Output<string | undefined>; /** * If true, enable Cloud CDN for this BackendService. */ readonly enableCdn: pulumi.Output<boolean | undefined>; /** * Specifies the canary migration state. Possible values are PREPARE, TEST_BY_PERCENTAGE, and * TEST_ALL_TRAFFIC. * To begin the migration from EXTERNAL to EXTERNAL_MANAGED, the state must be changed to * PREPARE. The state must be changed to TEST_ALL_TRAFFIC before the loadBalancingScheme can be * changed to EXTERNAL_MANAGED. Optionally, the TEST_BY_PERCENTAGE state can be used to migrate * traffic by percentage using externalManagedMigrationTestingPercentage. * Rolling back a migration requires the states to be set in reverse order. So changing the * scheme from EXTERNAL_MANAGED to EXTERNAL requires the state to be set to TEST_ALL_TRAFFIC at * the same time. Optionally, the TEST_BY_PERCENTAGE state can be used to migrate some traffic * back to EXTERNAL or PREPARE can be used to migrate all traffic back to EXTERNAL. * Possible values are: `PREPARE`, `TEST_BY_PERCENTAGE`, `TEST_ALL_TRAFFIC`. */ readonly externalManagedMigrationState: pulumi.Output<string | undefined>; /** * Determines the fraction of requests that should be processed by the Global external * Application Load Balancer. * The value of this field must be in the range [0, 100]. * Session affinity options will slightly affect this routing behavior, for more details, * see: Session Affinity. * This value can only be set if the loadBalancingScheme in the backend service is set to * EXTERNAL (when using the Classic ALB) and the migration state is TEST_BY_PERCENTAGE. */ readonly externalManagedMigrationTestingPercentage: pulumi.Output<number | undefined>; /** * Fingerprint of this resource. A hash of the contents stored in this * object. This field is used in optimistic locking. */ readonly fingerprint: pulumi.Output<string>; /** * The unique identifier for the resource. This identifier is defined by the server. */ readonly generatedId: pulumi.Output<number>; /** * The set of URLs to the HttpHealthCheck or HttpsHealthCheck resource * for health checking this BackendService. Currently at most one health * check can be specified. * A health check must be specified unless the backend service uses an internet * or serverless NEG as a backend. * For internal load balancing, a URL to a HealthCheck resource must be specified instead. */ readonly healthChecks: pulumi.Output<string | undefined>; /** * Settings for enabling Cloud Identity Aware Proxy. * If OAuth client is not set, the Google-managed OAuth client is used. * Structure is documented below. */ readonly iap: pulumi.Output<outputs.compute.BackendServiceIap>; /** * Specifies preference of traffic to the backend (from the proxy and from the client for proxyless gRPC). * Possible values are: `IPV4_ONLY`, `PREFER_IPV6`, `IPV6_ONLY`. */ readonly ipAddressSelectionPolicy: pulumi.Output<string | undefined>; /** * Indicates whether the backend service will be used with internal or * external load balancing. A backend service created for one type of * load balancing cannot be used with the other. For more information, refer to * [Choosing a load balancer](https://cloud.google.com/load-balancing/docs/backend-service). * Default value is `EXTERNAL`. * Possible values are: `EXTERNAL`, `INTERNAL_SELF_MANAGED`, `INTERNAL_MANAGED`, `EXTERNAL_MANAGED`. */ readonly loadBalancingScheme: pulumi.Output<string | undefined>; /** * A list of locality load balancing policies to be used in order of * preference. Either the policy or the customPolicy field should be set. * Overrides any value set in the localityLbPolicy field. * localityLbPolicies is only supported when the BackendService is referenced * by a URL Map that is referenced by a target gRPC proxy that has the * validateForProxyless field set to true. * Structure is documented below. */ readonly localityLbPolicies: pulumi.Output<outputs.compute.BackendServiceLocalityLbPolicy[] | undefined>; /** * The load balancing algorithm used within the scope of the locality. * The possible values are: * * `ROUND_ROBIN`: This is a simple policy in which each healthy backend * is selected in round robin order. * * `LEAST_REQUEST`: An O(1) algorithm which selects two random healthy * hosts and picks the host which has fewer active requests. * * `RING_HASH`: The ring/modulo hash load balancer implements consistent * hashing to backends. The algorithm has the property that the * addition/removal of a host from a set of N hosts only affects * 1/N of the requests. * * `RANDOM`: The load balancer selects a random healthy host. * * `ORIGINAL_DESTINATION`: Backend host is selected based on the client * connection metadata, i.e., connections are opened * to the same address as the destination address of * the incoming connection before the connection * was redirected to the load balancer. * * `MAGLEV`: used as a drop in replacement for the ring hash load balancer. * Maglev is not as stable as ring hash but has faster table lookup * build times and host selection times. For more information about * Maglev, refer to https://ai.google/research/pubs/pub44824 * * `WEIGHTED_MAGLEV`: Per-instance weighted Load Balancing via health check * reported weights. Only applicable to loadBalancingScheme * EXTERNAL. If set, the Backend Service must * configure a non legacy HTTP-based Health Check, and * health check replies are expected to contain * non-standard HTTP response header field * X-Load-Balancing-Endpoint-Weight to specify the * per-instance weights. If set, Load Balancing is weight * based on the per-instance weights reported in the last * processed health check replies, as long as every * instance either reported a valid weight or had * UNAVAILABLE_WEIGHT. Otherwise, Load Balancing remains * equal-weight. * * `WEIGHTED_ROUND_ROBIN`: Per-endpoint weighted round-robin Load Balancing using weights computed * from Backend reported Custom Metrics. If set, the Backend Service * responses are expected to contain non-standard HTTP response header field * X-Endpoint-Load-Metrics. The reported metrics * to use for computing the weights are specified via the * backends[].customMetrics fields. * localityLbPolicy is applicable to either: * * A regional backend service with the serviceProtocol set to HTTP, HTTPS, HTTP2 or H2C, * and loadBalancingScheme set to INTERNAL_MANAGED. * * A global backend service with the loadBalancingScheme set to INTERNAL_SELF_MANAGED. * * A regional backend service with loadBalancingScheme set to EXTERNAL (External Network * Load Balancing). Only MAGLEV and WEIGHTED_MAGLEV values are possible for External * Network Load Balancing. The default is MAGLEV. * If sessionAffinity is not NONE, and localityLbPolicy is not set to MAGLEV, WEIGHTED_MAGLEV, * or RING_HASH, session affinity settings will not take effect. * Only ROUND_ROBIN and RING_HASH are supported when the backend service is referenced * by a URL map that is bound to target gRPC proxy that has validateForProxyless * field set to true. * Possible values are: `ROUND_ROBIN`, `LEAST_REQUEST`, `RING_HASH`, `RANDOM`, `ORIGINAL_DESTINATION`, `MAGLEV`, `WEIGHTED_MAGLEV`, `WEIGHTED_ROUND_ROBIN`. */ readonly localityLbPolicy: pulumi.Output<string | undefined>; /** * This field denotes the logging options for the load balancer traffic served by this backend service. * If logging is enabled, logs will be exported to Stackdriver. * Structure is documented below. */ readonly logConfig: pulumi.Output<outputs.compute.BackendServiceLogConfig>; /** * Specifies the default maximum duration (timeout) for streams to this service. Duration is computed from the * beginning of the stream until the response has been completely processed, including all retries. A stream that * does not complete in this duration is closed. * If not specified, there will be no timeout limit, i.e. the maximum duration is infinite. * This value can be overridden in the PathMatcher configuration of the UrlMap that references this backend service. * This field is only allowed when the loadBalancingScheme of the backend service is INTERNAL_SELF_MANAGED. * Structure is documented below. */ readonly maxStreamDuration: pulumi.Output<outputs.compute.BackendServiceMaxStreamDuration | undefined>; /** * Name of the resource. Provided by the client when the resource is * created. The name must be 1-63 characters long, and comply with * RFC1035. Specifically, the name must be 1-63 characters long and match * the regular expression `a-z?` which means the * first character must be a lowercase letter, and all following * characters must be a dash, lowercase letter, or digit, except the last * character, which cannot be a dash. */ readonly name: pulumi.Output<string>; /** * Configures traffic steering properties of internal passthrough Network Load Balancers. * Structure is documented below. */ readonly networkPassThroughLbTrafficPolicy: pulumi.Output<outputs.compute.BackendServiceNetworkPassThroughLbTrafficPolicy | undefined>; /** * Settings controlling eviction of unhealthy hosts from the load balancing pool. * Applicable backend service types can be a global backend service with the * loadBalancingScheme set to INTERNAL_SELF_MANAGED or EXTERNAL_MANAGED. * Structure is documented below. */ readonly outlierDetection: pulumi.Output<outputs.compute.BackendServiceOutlierDetection | undefined>; /** * Additional params passed with the request, but not persisted as part of resource payload * Structure is documented below. */ readonly params: pulumi.Output<outputs.compute.BackendServiceParams | undefined>; /** * Name of backend port. The same name should appear in the instance * groups referenced by this service. Required when the load balancing * scheme is EXTERNAL. */ readonly portName: pulumi.Output<string>; /** * The ID of the project in which the resource belongs. * If it is not provided, the provider project is used. */ readonly project: pulumi.Output<string>; /** * The protocol this BackendService uses to communicate with backends. * The default is HTTP. Possible values are HTTP, HTTPS, HTTP2, H2C, TCP, SSL, UDP * or GRPC. Refer to the documentation for the load balancers or for Traffic Director * for more information. Must be set to GRPC when the backend service is referenced * by a URL map that is bound to target gRPC proxy. * Possible values are: `HTTP`, `HTTPS`, `HTTP2`, `TCP`, `SSL`, `UDP`, `GRPC`, `UNSPECIFIED`, `H2C`. */ readonly protocol: pulumi.Output<string>; /** * The security policy associated with this backend service. */ readonly securityPolicy: pulumi.Output<string | undefined>; /** * The security settings that apply to this backend service. This field is applicable to either * a regional backend service with the serviceProtocol set to HTTP, HTTPS, HTTP2 or H2C, and * loadBalancingScheme set to INTERNAL_MANAGED; or a global backend service with the * loadBalancingScheme set to INTERNAL_SELF_MANAGED. * Structure is documented below. */ readonly securitySettings: pulumi.Output<outputs.compute.BackendServiceSecuritySettings | undefined>; /** * The URI of the created resource. */ readonly selfLink: pulumi.Output<string>; /** * URL to networkservices.ServiceLbPolicy resource. * Can only be set if load balancing scheme is EXTERNAL, EXTERNAL_MANAGED, INTERNAL_MANAGED or INTERNAL_SELF_MANAGED and the scope is global. */ readonly serviceLbPolicy: pulumi.Output<string | undefined>; /** * Type of session affinity to use. The default is NONE. Session affinity is * not applicable if the protocol is UDP. * Possible values are: `NONE`, `CLIENT_IP`, `CLIENT_IP_PORT_PROTO`, `CLIENT_IP_PROTO`, `GENERATED_COOKIE`, `HEADER_FIELD`, `HTTP_COOKIE`, `STRONG_COOKIE_AFFINITY`. */ readonly sessionAffinity: pulumi.Output<string>; /** * Describes the HTTP cookie used for stateful session affinity. This field is applicable and required if the sessionAffinity is set to STRONG_COOKIE_AFFINITY. * Structure is documented below. */ readonly strongSessionAffinityCookie: pulumi.Output<outputs.compute.BackendServiceStrongSessionAffinityCookie | undefined>; /** * The backend service timeout has a different meaning depending on the type of load balancer. * For more information see, [Backend service settings](https://cloud.google.com/compute/docs/reference/rest/v1/backendServices). * The default is 30 seconds. * The full range of timeout values allowed goes from 1 through 2,147,483,647 seconds. */ readonly timeoutSec: pulumi.Output<number>; /** * Configuration for Backend Authenticated TLS and mTLS. May only be specified when the backend protocol is SSL, HTTPS or HTTP2. * Structure is documented below. */ readonly tlsSettings: pulumi.Output<outputs.compute.BackendServiceTlsSettings | undefined>; /** * Create a BackendService resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args?: BackendServiceArgs, opts?: pulumi.CustomResourceOptions); } /** * Input properties used for looking up and filtering BackendService resources. */ export interface BackendServiceState { /** * Lifetime of cookies in seconds if sessionAffinity is * GENERATED_COOKIE. If set to 0, the cookie is non-persistent and lasts * only until the end of the browser session (or equivalent). The * maximum allowed value for TTL is one day. * When the load balancing scheme is INTERNAL, this field is not used. */ affinityCookieTtlSec?: pulumi.Input<number>; /** * The set of backends that serve this BackendService. * Structure is documented below. */ backends?: pulumi.Input<pulumi.Input<inputs.compute.BackendServiceBackend>[]>; /** * Cloud CDN configuration for this BackendService. * Structure is documented below. */ cdnPolicy?: pulumi.Input<inputs.compute.BackendServiceCdnPolicy>; /** * Settings controlling the volume of connections to a backend service. This field * is applicable only when the loadBalancingScheme is set to INTERNAL_SELF_MANAGED. * Structure is documented below. */ circuitBreakers?: pulumi.Input<inputs.compute.BackendServiceCircuitBreakers>; /** * Compress text responses using Brotli or gzip compression, based on the client's Accept-Encoding header. * Possible values are: `AUTOMATIC`, `DISABLED`. */ compressionMode?: pulumi.Input<string>; /** * Time for which instance will be drained (not accept new * connections, but still work to finish started). */ connectionDrainingTimeoutSec?: pulumi.Input<number>; /** * Consistent Hash-based load balancing can be used to provide soft session * affinity based on HTTP headers, cookies or other properties. This load balancing * policy is applicable only for HTTP connections. The affinity to a particular * destination host will be lost when one or more hosts are added/removed from the * destination service. This field specifies parameters that control consistent * hashing. This field only applies if the loadBalancingScheme is set to * INTERNAL_SELF_MANAGED. This field is only applicable when localityLbPolicy is * set to MAGLEV or RING_HASH. * Structure is documented below. */ consistentHash?: pulumi.Input<inputs.compute.BackendServiceConsistentHash>; /** * Creation timestamp in RFC3339 text format. */ creationTimestamp?: pulumi.Input<string>; /** * List of custom metrics that are used for the WEIGHTED_ROUND_ROBIN locality_lb_policy. * Structure is documented below. */ customMetrics?: pulumi.Input<pulumi.Input<inputs.compute.BackendServiceCustomMetric>[]>; /** * Headers that the HTTP/S load balancer should add to proxied * requests. */ customRequestHeaders?: pulumi.Input<pulumi.Input<string>[]>; /** * Headers that the HTTP/S load balancer should add to proxied * responses. */ customResponseHeaders?: pulumi.Input<pulumi.Input<string>[]>; /** * An optional description of this resource. */ description?: pulumi.Input<string>; /** * Dynamic forwarding configuration. This field is used to configure the backend service with dynamic forwarding * feature which together with Service Extension allows customized and complex routing logic. * Structure is documented below. */ dynamicForwarding?: pulumi.Input<inputs.compute.BackendServiceDynamicForwarding>; /** * The resource URL for the edge security policy associated with this backend service. */ edgeSecurityPolicy?: pulumi.Input<string>; /** * If true, enable Cloud CDN for this BackendService. */ enableCdn?: pulumi.Input<boolean>; /** * Specifies the canary migration state. Possible values are PREPARE, TEST_BY_PERCENTAGE, and * TEST_ALL_TRAFFIC. * To begin the migration from EXTERNAL to EXTERNAL_MANAGED, the state must be changed to * PREPARE. The state must be changed to TEST_ALL_TRAFFIC before the loadBalancingScheme can be * changed to EXTERNAL_MANAGED. Optionally, the TEST_BY_PERCENTAGE state can be used to migrate * traffic by percentage using externalManagedMigrationTestingPercentage. * Rolling back a migration requires the states to be set in reverse order. So changing the * scheme from EXTERNAL_MANAGED to EXTERNAL requires the state to be set to TEST_ALL_TRAFFIC at * the same time. Optionally, the TEST_BY_PERCENTAGE state can be used to migrate some traffic * back to EXTERNAL or PREPARE can be used to migrate all traffic back to EXTERNAL. * Possible values are: `PREPARE`, `TEST_BY_PERCENTAGE`, `TEST_ALL_TRAFFIC`. */ externalManagedMigrationState?: pulumi.Input<string>; /** * Determines the fraction of requests that should be processed by the Global external * Application Load Balancer. * The value of this field must be in the range [0, 100]. * Session affinity options will slightly affect this routing behavior, for more details, * see: Session Affinity. * This value can only be set if the loadBalancingScheme in the backend service is set to * EXTERNAL (when using the Classic ALB) and the migration state is TEST_BY_PERCENTAGE. */ externalManagedMigrationTestingPercentage?: pulumi.Input<number>; /** * Fingerprint of this resource. A hash of the contents stored in this * object. This field is used in optimistic locking. */ fingerprint?: pulumi.Input<string>; /** * The unique identifier for the resource. This identifier is defined by the server. */ generatedId?: pulumi.Input<number>; /** * The set of URLs to the HttpHealthCheck or HttpsHealthCheck resource * for health checking this BackendService. Currently at most one health * check can be specified. * A health check must be specified unless the backend service uses an internet * or serverless NEG as a backend. * For internal load balancing, a URL to a HealthCheck resource must be specified instead. */ healthChecks?: pulumi.Input<string>; /** * Settings for enabling Cloud Identity Aware Proxy. * If OAuth client is not set, the Google-managed OAuth client is used. * Structure is documented below. */ iap?: pulumi.Input<inputs.compute.BackendServiceIap>; /** * Specifies preference of traffic to the backend (from the proxy and from the client for proxyless gRPC). * Possible values are: `IPV4_ONLY`, `PREFER_IPV6`, `IPV6_ONLY`. */ ipAddressSelectionPolicy?: pulumi.Input<string>; /** * Indicates whether the backend service will be used with internal or * external load balancing. A backend service created for one type of * load balancing cannot be used with the other. For more information, refer to * [Choosing a load balancer](https://cloud.google.com/load-balancing/docs/backend-service). * Default value is `EXTERNAL`. * Possible values are: `EXTERNAL`, `INTERNAL_SELF_MANAGED`, `INTERNAL_MANAGED`, `EXTERNAL_MANAGED`. */ loadBalancingScheme?: pulumi.Input<string>; /** * A list of locality load balancing policies to be used in order of * preference. Either the policy or the customPolicy field should be set. * Overrides any value set in the localityLbPolicy field. * localityLbPolicies is only supported when the BackendService is referenced * by a URL Map that is referenced by a target gRPC proxy that has the * validateForProxyless field set to true. * Structure is documented below. */ localityLbPolicies?: pulumi.Input<pulumi.Input<inputs.compute.BackendServiceLocalityLbPolicy>[]>; /** * The load balancing algorithm used within the scope of the locality. * The possible values are: * * `ROUND_ROBIN`: This is a simple policy in which each healthy backend * is selected in round robin order. * * `LEAST_REQUEST`: An O(1) algorithm which selects two random healthy * hosts and picks the host which has fewer active requests. * * `RING_HASH`: The ring/modulo hash load balancer implements consistent * hashing to backends. The algorithm has the property that the * addition/removal of a host from a set of N hosts only affects * 1/N of the requests. * * `RANDOM`: The load balancer selects a random healthy host. * * `ORIGINAL_DESTINATION`: Backend host is selected based on the client * connection metadata, i.e., connections are opened * to the same address as the destination address of * the incoming connection before the connection * was redirected to the load balancer. * * `MAGLEV`: used as a drop in replacement for the ring hash load balancer. * Maglev is not as stable as ring hash but has faster table lookup * build times and host selection times. For more information about * Maglev, refer to https://ai.google/research/pubs/pub44824 * * `WEIGHTED_MAGLEV`: Per-instance weighted Load Balancing via health check * reported weights. Only applicable to loadBalancingScheme * EXTERNAL. If set, the Backend Service must * configure a non legacy HTTP-based Health Check, and * health check replies are expected to contain * non-standard HTTP response header field * X-Load-Balancing-Endpoint-Weight to specify the * per-instance weights. If set, Load Balancing is weight * based on the per-instance weights reported in the last * processed health check replies, as long as every * instance either reported a valid weight or had * UNAVAILABLE_WEIGHT. Otherwise, Load Balancing remains * equal-weight. * * `WEIGHTED_ROUND_ROBIN`: Per-endpoint weighted round-robin Load Balancing using weights computed * from Backend reported Custom Metrics. If set, the Backend Service * responses are expected to contain non-standard HTTP response header field * X-Endpoint-Load-Metrics. The reported metrics * to use for computing the weights are specified via the * backends[].customMetrics fields. * localityLbPolicy is applicable to either: * * A regional backend service with the serviceProtocol set to HTTP, HTTPS, HTTP2 or H2C, * and loadBalancingScheme set to INTERNAL_MANAGED. * * A global backend service with the loadBalancingScheme set to INTERNAL_SELF_MANAGED. * * A regional backend service with loadBalancingScheme set to EXTERNAL (External Network * Load Balancing). Only MAGLEV and WEIGHTED_MAGLEV values are possible for External * Network Load Balancing. The default is MAGLEV. * If sessionAffinity is not NONE, and localityLbPolicy is not set to MAGLEV, WEIGHTED_MAGLEV, * or RING_HASH, session affinity settings will not take effect. * Only ROUND_ROBIN and RING_HASH are supported when the backend service is referenced * by a URL map that is bound to target gRPC proxy that has validateForProxyless * field set to true. * Possible values are: `ROUND_ROBIN`, `LEAST_REQUEST`, `RING_HASH`, `RANDOM`, `ORIGINAL_DESTINATION`, `MAGLEV`, `WEIGHTED_MAGLEV`, `WEIGHTED_ROUND_ROBIN`. */ localityLbPolicy?: pulumi.Input<string>; /** * This field denotes the logging options for the load balancer traffic served by this backend service. * If logging is enabled, logs will be exported to Stackdriver. * Structure is documented below. */ logConfig?: pulumi.Input<inputs.compute.BackendServiceLogConfig>; /** * Specifies the default maximum duration (timeout) for streams to this service. Duration is computed from the * beginning of the stream until the response has been completely processed, including all retries. A stream that * does not complete in this duration is closed. * If not specified, there will be no timeout limit, i.e. the maximum duration is infinite. * This value can be overridden in the PathMatcher configuration of the UrlMap that references this backend service. * This field is only allowed when the loadBalancingScheme of the backend service is INTERNAL_SELF_MANAGED. * Structure is documented below. */ maxStreamDuration?: pulumi.Input<inputs.compute.BackendServiceMaxStreamDuration>; /** * Name of the resource. Provided by the client when the resource is * created. The name must be 1-63 characters long, and comply with * RFC1035. Specifically, the name must be 1-63 characters long and match * the regular expression `a-z?` which means the * first character must be a lowercase letter, and all following * characters must be a dash, lowercase letter, or digit, except the last * character, which cannot be a dash. */ name?: pulumi.Input<string>; /** * Configures traffic steering properties of internal passthrough Network Load Balancers. * Structure is documented below. */ networkPassThroughLbTrafficPolicy?: pulumi.Input<inputs.compute.BackendServiceNetworkPassThroughLbTrafficPolicy>; /** * Settings controlling eviction of unhealthy hosts from the load balancing pool. * Applicable backend service types can be a global backend service with the * loadBalancingScheme set to INTERNAL_SELF_MANAGED or EXTERNAL_MANAGED. * Structure is documented below. */ outlierDetection?: pulumi.Input<inputs.compute.BackendServiceOutlierDetection>; /** * Additional params passed with the request, but not persisted as part of resource payload * Structure is documented below. */ params?: pulumi.Input<inputs.compute.BackendServiceParams>; /** * Name of backend port. The same name should appear in the instance * groups referenced by this service. Required when the load balancing * scheme is EXTERNAL. */ portName?: pulumi.Input<string>; /** * The ID of the project in which the resource belongs. * If it is not provided, the provider project is used. */ project?: pulumi.Input<string>; /** * The protocol this BackendService uses to communicate with backends. * The default is HTTP. Possible values are HTTP, HTTPS, HTTP2, H2C, TCP, SSL, UDP * or GRPC. Refer to the documentation for the load balancers or for Traffic Director * for more information. Must be set to GRPC when the backend service is referenced * by a URL map that is bound to target gRPC proxy. * Possible values are: `HTTP`, `HTTPS`, `HTTP2`, `TCP`, `SSL`, `UDP`, `GRPC`, `UNSPECIFIED`, `H2C`. */ protocol?: pulumi.Input<string>; /** * The security policy associated with this backend service. */ securityPolicy?: pulumi.Input<string>; /** * The security settings that apply to this backend service. This field is applicable to either * a regional backend service with the serviceProtocol set to HTTP, HTTPS, HTTP2 or H2C, and * loadBalancingScheme set to INTERNAL_MANAGED; or a global backend service with the * loadBalancingScheme set to INTERNAL_SELF_MANAGED. * Structure is documented below. */ securitySettings?: pulumi.Input<inputs.compute.BackendServiceSecuritySettings>; /** * The URI of the created resource. */ selfLink?: pulumi.Input<string>; /** * URL to networkservices.ServiceLbPolicy resource. * Can only be set if load balancing scheme is EXTERNAL, EXTERNAL_MANAGED, INTERNAL_MANAGED or INTERNAL_SELF_MANAGED and the scope is global. */ serviceLbPolicy?: pulumi.Input<string>; /** * Type of session affinity to use. The default is NONE. Session affinity is * not applicable if the protocol is UDP. * Possible values are: `NONE`, `CLIENT_IP`, `CLIENT_IP_PORT_PROTO`, `CLIENT_IP_PROTO`, `GENERATED_COOKIE`, `HEADER_FIELD`, `HTTP_COOKIE`, `STRONG_COOKIE_AFFINITY`. */ sessionAffinity?: pulumi.Input<string>; /** * Describes the HTTP cookie used for stateful session affinity. This field is applicable and required if the sessionAffinity is set to STRONG_COOKIE_AFFINITY. * Structure is documented below. */ strongSessionAffinityCookie?: pulumi.Input<inputs.compute.BackendServiceStrongSessionAffinityCookie>; /** * The backend service timeout has a different meaning depending on the type of load balancer. * For more information see, [Backend service settings](https://cloud.google.com/compute/docs/reference/rest/v1/backendServices). * The default is 30 seco