@pulumi/gcp

import * as pulumi from "@pulumi/pulumi"; import * as inputs from "../types/input"; import * as outputs from "../types/output"; /** * A Region Backend Service defines a regionally-scoped group of virtual * machines that will serve traffic for load balancing. * * > **Note:** Recreating a `gcp.compute.RegionBackendService` that references other dependent resources like `gcp.compute.InstanceGroup` will give a `resourceInUseByAnotherResource` error, when decreasing the number of other dependent resources. * Use `lifecycle.create_before_destroy` on the dependent resources to avoid this type of error as shown in the Dynamic Backend Count example. * * To get more information about RegionBackendService, see: * * * [API documentation](https://cloud.google.com/compute/docs/reference/latest/regionBackendServices) * * How-to Guides * * [Internal TCP/UDP Load Balancing](https://cloud.google.com/compute/docs/load-balancing/internal/) * * ## Example Usage * * ### Region Backend Service Basic * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const defaultHealthCheck = new gcp.compute.HealthCheck("default", { * name: "rbs-health-check", * checkIntervalSec: 1, * timeoutSec: 1, * tcpHealthCheck: { * port: 80, * }, * }); * const _default = new gcp.compute.RegionBackendService("default", { * name: "region-service", * region: "us-central1", * healthChecks: defaultHealthCheck.id, * connectionDrainingTimeoutSec: 10, * sessionAffinity: "CLIENT_IP", * }); * ``` * ### Region Backend Service External Iap * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const _default = new gcp.compute.RegionBackendService("default", { * name: "tf-test-region-service-external", * region: "us-central1", * protocol: "HTTP", * loadBalancingScheme: "EXTERNAL", * iap: { * enabled: true, * oauth2ClientId: "abc", * oauth2ClientSecret: "xyz", * }, * }); * ``` * ### Region Backend Service Ilb Round Robin * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const healthCheck = new gcp.compute.HealthCheck("health_check", { * name: "rbs-health-check", * httpHealthCheck: { * port: 80, * }, * }); * const _default = new gcp.compute.RegionBackendService("default", { * region: "us-central1", * name: "region-service", * healthChecks: healthCheck.id, * protocol: "HTTP", * loadBalancingScheme: "INTERNAL_MANAGED", * localityLbPolicy: "ROUND_ROBIN", * }); * ``` * ### Region Backend Service External * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const healthCheck = new gcp.compute.RegionHealthCheck("health_check", { * name: "rbs-health-check", * region: "us-central1", * tcpHealthCheck: { * port: 80, * }, * }); * const _default = new gcp.compute.RegionBackendService("default", { * region: "us-central1", * name: "region-service", * healthChecks: healthCheck.id, * protocol: "TCP", * loadBalancingScheme: "EXTERNAL", * }); * ``` * ### Region Backend Service External Weighted * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const healthCheck = new gcp.compute.RegionHealthCheck("health_check", { * name: "rbs-health-check", * region: "us-central1", * httpHealthCheck: { * port: 80, * }, * }); * const _default = new gcp.compute.RegionBackendService("default", { * region: "us-central1", * name: "region-service", * healthChecks: healthCheck.id, * protocol: "TCP", * loadBalancingScheme: "EXTERNAL", * localityLbPolicy: "WEIGHTED_MAGLEV", * }); * ``` * ### Region Backend Service Ilb Ring Hash * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const healthCheck = new gcp.compute.HealthCheck("health_check", { * name: "rbs-health-check", * httpHealthCheck: { * port: 80, * }, * }); * const _default = new gcp.compute.RegionBackendService("default", { * region: "us-central1", * name: "region-service", * healthChecks: healthCheck.id, * loadBalancingScheme: "INTERNAL_MANAGED", * localityLbPolicy: "RING_HASH", * sessionAffinity: "HTTP_COOKIE", * protocol: "HTTP", * circuitBreakers: { * maxConnections: 10, * }, * consistentHash: { * httpCookie: { * ttl: { * seconds: 11, * nanos: 1111, * }, * name: "mycookie", * }, * }, * outlierDetection: { * consecutiveErrors: 2, * }, * }); * ``` * ### Region Backend Service Ilb Stateful Session Affinity * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const healthCheck = new gcp.compute.HealthCheck("health_check", { * name: "rbs-health-check", * httpHealthCheck: { * port: 80, * }, * }); * const _default = new gcp.compute.RegionBackendService("default", { * region: "us-central1", * name: "region-service", * healthChecks: healthCheck.id, * loadBalancingScheme: "INTERNAL_MANAGED", * localityLbPolicy: "RING_HASH", * sessionAffinity: "STRONG_COOKIE_AFFINITY", * protocol: "HTTP", * strongSessionAffinityCookie: { * ttl: { * seconds: 11, * nanos: 1111, * }, * name: "mycookie", * }, * }); * ``` * ### Region Backend Service Balancing Mode * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const debianImage = gcp.compute.getImage({ * family: "debian-11", * project: "debian-cloud", * }); * const defaultNetwork = new gcp.compute.Network("default", { * name: "rbs-net", * autoCreateSubnetworks: false, * routingMode: "REGIONAL", * }); * const defaultSubnetwork = new gcp.compute.Subnetwork("default", { * name: "rbs-net-default", * ipCidrRange: "10.1.2.0/24", * region: "us-central1", * network: defaultNetwork.id, * }); * const instanceTemplate = new gcp.compute.InstanceTemplate("instance_template", { * name: "template-region-service", * machineType: "e2-medium", * networkInterfaces: [{ * network: defaultNetwork.id, * subnetwork: defaultSubnetwork.id, * }], * disks: [{ * sourceImage: debianImage.then(debianImage => debianImage.selfLink), * autoDelete: true, * boot: true, * }], * tags: [ * "allow-ssh", * "load-balanced-backend", * ], * }); * const rigm = new gcp.compute.RegionInstanceGroupManager("rigm", { * region: "us-central1", * name: "rbs-rigm", * versions: [{ * instanceTemplate: instanceTemplate.id, * name: "primary", * }], * baseInstanceName: "internal-glb", * targetSize: 1, * }); * const defaultRegionHealthCheck = new gcp.compute.RegionHealthCheck("default", { * region: "us-central1", * name: "rbs-health-check", * httpHealthCheck: { * portSpecification: "USE_SERVING_PORT", * }, * }); * const _default = new gcp.compute.RegionBackendService("default", { * loadBalancingScheme: "INTERNAL_MANAGED", * backends: [{ * group: rigm.instanceGroup, * balancingMode: "UTILIZATION", * capacityScaler: 1, * }], * region: "us-central1", * name: "region-service", * protocol: "H2C", * timeoutSec: 10, * healthChecks: defaultRegionHealthCheck.id, * }); * ``` * ### Region Backend Service Connection Tracking * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const healthCheck = new gcp.compute.RegionHealthCheck("health_check", { * name: "rbs-health-check", * region: "us-central1", * tcpHealthCheck: { * port: 22, * }, * }); * const _default = new gcp.compute.RegionBackendService("default", { * name: "region-service", * region: "us-central1", * healthChecks: healthCheck.id, * connectionDrainingTimeoutSec: 10, * sessionAffinity: "CLIENT_IP", * protocol: "TCP", * loadBalancingScheme: "EXTERNAL", * connectionTrackingPolicy: { * trackingMode: "PER_SESSION", * connectionPersistenceOnUnhealthyBackends: "NEVER_PERSIST", * idleTimeoutSec: 60, * enableStrongAffinity: false, * }, * }); * ``` * ### Region Backend Service Ip Address Selection Policy * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const healthCheck = new gcp.compute.RegionHealthCheck("health_check", { * name: "rbs-health-check", * region: "us-central1", * tcpHealthCheck: { * port: 80, * }, * }); * const _default = new gcp.compute.RegionBackendService("default", { * name: "region-service", * region: "us-central1", * healthChecks: healthCheck.id, * loadBalancingScheme: "EXTERNAL_MANAGED", * protocol: "HTTP", * ipAddressSelectionPolicy: "IPV6_ONLY", * }); * ``` * ### Region Backend Service Ilb Custom Metrics * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const _default = new gcp.compute.Network("default", {name: "network"}); * // Zonal NEG with GCE_VM_IP_PORT * const defaultNetworkEndpointGroup = new gcp.compute.NetworkEndpointGroup("default", { * name: "network-endpoint", * network: _default.id, * defaultPort: 90, * zone: "us-central1-a", * networkEndpointType: "GCE_VM_IP_PORT", * }); * const healthCheck = new gcp.compute.HealthCheck("health_check", { * name: "rbs-health-check", * httpHealthCheck: { * port: 80, * }, * }); * const defaultRegionBackendService = new gcp.compute.RegionBackendService("default", { * region: "us-central1", * name: "region-service", * healthChecks: healthCheck.id, * loadBalancingScheme: "INTERNAL_MANAGED", * localityLbPolicy: "WEIGHTED_ROUND_ROBIN", * customMetrics: [{ * name: "orca.application_utilization", * dryRun: false, * }], * backends: [{ * group: defaultNetworkEndpointGroup.id, * balancingMode: "CUSTOM_METRICS", * customMetrics: [ * { * name: "orca.cpu_utilization", * maxUtilization: 0.9, * dryRun: true, * }, * { * name: "orca.named_metrics.foo", * dryRun: false, * }, * ], * }], * }); * ``` * ### Region Backend Service Dynamic Forwarding * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const _default = new gcp.compute.RegionBackendService("default", { * name: "region-service", * region: "us-central1", * loadBalancingScheme: "EXTERNAL_MANAGED", * dynamicForwarding: { * ipPortSelection: { * enabled: true, * }, * }, * }); * ``` * ### Region Backend Service Dynamic Forwarding Forward Proxy Cloud Run * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const _default = new gcp.compute.RegionBackendService("default", { * name: "region-service", * region: "us-central1", * loadBalancingScheme: "INTERNAL_SELF_MANAGED", * protocol: "HTTP2", * dynamicForwarding: { * forwardProxy: { * enabled: true, * proxyMode: "CLOUD_RUN", * }, * }, * }); * ``` * ### Region Backend Service Dynamic Forwarding Forward Proxy Direct Forwarding * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const _default = new gcp.compute.RegionBackendService("default", { * name: "region-service", * region: "us-central1", * loadBalancingScheme: "INTERNAL_SELF_MANAGED", * protocol: "HTTP2", * dynamicForwarding: { * forwardProxy: { * enabled: true, * proxyMode: "DIRECT_FORWARDING", * }, * }, * }); * ``` * ### Region Backend Service Ha Policy * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const _default = new gcp.compute.Network("default", {name: "rbs-net"}); * const defaultRegionBackendService = new gcp.compute.RegionBackendService("default", { * region: "us-central1", * name: "region-service", * protocol: "UDP", * loadBalancingScheme: "EXTERNAL", * network: _default.id, * haPolicy: { * fastIpMove: "GARP_RA", * }, * connectionDrainingTimeoutSec: 0, * }); * ``` * ### Region Backend Service Ha Policy Manual Leader * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const _default = new gcp.compute.Network("default", { * name: "rbs-net", * autoCreateSubnetworks: false, * }); * const defaultSubnetwork = new gcp.compute.Subnetwork("default", { * name: "rbs-subnet", * ipCidrRange: "10.1.2.0/24", * region: "us-central1", * network: _default.id, * }); * const myImage = gcp.compute.getImage({ * family: "debian-12", * project: "debian-cloud", * }); * const endpoint_instance = new gcp.compute.Instance("endpoint-instance", { * networkInterfaces: [{ * accessConfigs: [{}], * subnetwork: defaultSubnetwork.id, * }], * name: "rbs-instance", * machineType: "e2-medium", * bootDisk: { * initializeParams: { * image: myImage.then(myImage => myImage.selfLink), * }, * }, * }); * const neg = new gcp.compute.NetworkEndpointGroup("neg", { * name: "rbs-neg", * networkEndpointType: "GCE_VM_IP", * network: _default.id, * subnetwork: defaultSubnetwork.id, * zone: "us-central1-a", * }); * const endpoint = new gcp.compute.NetworkEndpoint("endpoint", { * networkEndpointGroup: neg.name, * instance: endpoint_instance.name, * ipAddress: endpoint_instance.networkInterfaces.apply(networkInterfaces => networkInterfaces[0].networkIp), * }); * const defaultRegionBackendService = new gcp.compute.RegionBackendService("default", { * region: "us-central1", * name: "region-service", * protocol: "UDP", * loadBalancingScheme: "EXTERNAL", * network: _default.id, * backends: [{ * group: neg.selfLink, * balancingMode: "CONNECTION", * }], * haPolicy: { * fastIpMove: "GARP_RA", * leader: { * backendGroup: neg.selfLink, * networkEndpoint: { * instance: endpoint_instance.name, * }, * }, * }, * connectionDrainingTimeoutSec: 0, * }); * ``` * ### Region Backend Service Tls Settings * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const defaultRegionHealthCheck = new gcp.compute.RegionHealthCheck("default", { * name: "health-check", * region: "europe-north1", * httpHealthCheck: { * port: 80, * }, * }); * const defaultBackendAuthenticationConfig = new gcp.networksecurity.BackendAuthenticationConfig("default", { * name: "authentication", * location: "europe-north1", * wellKnownRoots: "PUBLIC_ROOTS", * }); * const _default = new gcp.compute.RegionBackendService("default", { * region: "europe-north1", * name: "region-service", * healthChecks: defaultRegionHealthCheck.id, * loadBalancingScheme: "EXTERNAL_MANAGED", * protocol: "HTTPS", * tlsSettings: { * sni: "example.com", * subjectAltNames: [ * { * dnsName: "example.com", * }, * { * uniformResourceIdentifier: "https://example.com", * }, * ], * authenticationConfig: pulumi.interpolate`//networksecurity.googleapis.com/${defaultBackendAuthenticationConfig.id}`, * }, * }); * ``` * * ## Import * * RegionBackendService can be imported using any of these accepted formats: * * * `projects/{{project}}/regions/{{region}}/backendServices/{{name}}` * * `{{project}}/{{region}}/{{name}}` * * `{{region}}/{{name}}` * * `{{name}}` * * When using the `pulumi import` command, RegionBackendService can be imported using one of the formats above. For example: * * ```sh * $ pulumi import gcp:compute/regionBackendService:RegionBackendService default projects/{{project}}/regions/{{region}}/backendServices/{{name}} * $ pulumi import gcp:compute/regionBackendService:RegionBackendService default {{project}}/{{region}}/{{name}} * $ pulumi import gcp:compute/regionBackendService:RegionBackendService default {{region}}/{{name}} * $ pulumi import gcp:compute/regionBackendService:RegionBackendService default {{name}} * ``` */ export declare class RegionBackendService extends pulumi.CustomResource { /** * Get an existing RegionBackendService resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input<pulumi.ID>, state?: RegionBackendServiceState, opts?: pulumi.CustomResourceOptions): RegionBackendService; /** * Returns true if the given object is an instance of RegionBackendService. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is RegionBackendService; /** * Lifetime of cookies in seconds if sessionAffinity is * GENERATED_COOKIE. If set to 0, the cookie is non-persistent and lasts * only until the end of the browser session (or equivalent). The * maximum allowed value for TTL is one day. * When the load balancing scheme is INTERNAL, this field is not used. */ readonly affinityCookieTtlSec: pulumi.Output<number | undefined>; /** * The set of backends that serve this RegionBackendService. * Structure is documented below. */ readonly backends: pulumi.Output<outputs.compute.RegionBackendServiceBackend[] | undefined>; /** * Cloud CDN configuration for this BackendService. * Structure is documented below. */ readonly cdnPolicy: pulumi.Output<outputs.compute.RegionBackendServiceCdnPolicy>; /** * Settings controlling the volume of connections to a backend service. This field * is applicable only when the `loadBalancingScheme` is set to INTERNAL_MANAGED * and the `protocol` is set to HTTP, HTTPS, HTTP2 or H2C. * Structure is documented below. */ readonly circuitBreakers: pulumi.Output<outputs.compute.RegionBackendServiceCircuitBreakers | undefined>; /** * Time for which instance will be drained (not accept new * connections, but still work to finish started). */ readonly connectionDrainingTimeoutSec: pulumi.Output<number | undefined>; /** * Connection Tracking configuration for this BackendService. * This is available only for Layer 4 Internal Load Balancing and * Network Load Balancing. * Structure is documented below. */ readonly connectionTrackingPolicy: pulumi.Output<outputs.compute.RegionBackendServiceConnectionTrackingPolicy | undefined>; /** * Consistent Hash-based load balancing can be used to provide soft session * affinity based on HTTP headers, cookies or other properties. This load balancing * policy is applicable only for HTTP connections. The affinity to a particular * destination host will be lost when one or more hosts are added/removed from the * destination service. This field specifies parameters that control consistent * hashing. * This field only applies when all of the following are true - */ readonly consistentHash: pulumi.Output<outputs.compute.RegionBackendServiceConsistentHash | undefined>; /** * Creation timestamp in RFC3339 text format. */ readonly creationTimestamp: pulumi.Output<string>; /** * List of custom metrics that are used for the WEIGHTED_ROUND_ROBIN locality_lb_policy. * Structure is documented below. */ readonly customMetrics: pulumi.Output<outputs.compute.RegionBackendServiceCustomMetric[] | undefined>; /** * Whether Terraform will be prevented from destroying the resource. Defaults to DELETE. * When a 'terraform destroy' or 'pulumi up' would delete the resource, * the command will fail if this field is set to "PREVENT" in Terraform state. * When set to "ABANDON", the command will remove the resource from Terraform * management without updating or deleting the resource in the API. * When set to "DELETE", deleting the resource is allowed. */ readonly deletionPolicy: pulumi.Output<string>; /** * An optional description of this resource. */ readonly description: pulumi.Output<string | undefined>; /** * (Optional, Beta) * Dynamic forwarding configuration. This field is used to configure the backend service with dynamic forwarding * feature which together with Service Extension allows customized and complex routing logic. * Structure is documented below. */ readonly dynamicForwarding: pulumi.Output<outputs.compute.RegionBackendServiceDynamicForwarding | undefined>; /** * If true, enable Cloud CDN for this RegionBackendService. */ readonly enableCdn: pulumi.Output<boolean | undefined>; /** * Policy for failovers. * Structure is documented below. */ readonly failoverPolicy: pulumi.Output<outputs.compute.RegionBackendServiceFailoverPolicy | undefined>; /** * Fingerprint of this resource. A hash of the contents stored in this * object. This field is used in optimistic locking. */ readonly fingerprint: pulumi.Output<string>; /** * The unique identifier for the resource. This identifier is defined by the server. */ readonly generatedId: pulumi.Output<number>; /** * Configures self-managed High Availability (HA) for External and Internal Protocol Forwarding. * The backends of this regional backend service must only specify zonal network endpoint groups * (NEGs) of type GCE_VM_IP. Note that haPolicy is not for load balancing, and therefore cannot * be specified with sessionAffinity, connectionTrackingPolicy, and failoverPolicy. haPolicy * requires customers to be responsible for tracking backend endpoint health and electing a * leader among the healthy endpoints. Therefore, haPolicy cannot be specified with healthChecks. * haPolicy can only be specified for External Passthrough Network Load Balancers and Internal * Passthrough Network Load Balancers. * Structure is documented below. */ readonly haPolicy: pulumi.Output<outputs.compute.RegionBackendServiceHaPolicy | undefined>; /** * The set of URLs to HealthCheck resources for health checking * this RegionBackendService. Currently at most one health * check can be specified. * A health check must be specified unless the backend service uses an internet * or serverless NEG as a backend. */ readonly healthChecks: pulumi.Output<string | undefined>; /** * Settings for enabling Cloud Identity Aware Proxy. * If OAuth client is not set, Google-managed OAuth client is used. * Structure is documented below. */ readonly iap: pulumi.Output<outputs.compute.RegionBackendServiceIap>; /** * Specifies preference of traffic to the backend (from the proxy and from the client for proxyless gRPC). * Possible values are: `IPV4_ONLY`, `PREFER_IPV6`, `IPV6_ONLY`. */ readonly ipAddressSelectionPolicy: pulumi.Output<string | undefined>; /** * Indicates what kind of load balancing this regional backend service * will be used for. A backend service created for one type of load * balancing cannot be used with the other(s). For more information, refer to * [Choosing a load balancer](https://cloud.google.com/load-balancing/docs/backend-service). * Default value is `INTERNAL`. * Possible values are: `EXTERNAL`, `EXTERNAL_MANAGED`, `INTERNAL`, `INTERNAL_MANAGED`, `INTERNAL_SELF_MANAGED`. */ readonly loadBalancingScheme: pulumi.Output<string | undefined>; /** * The load balancing algorithm used within the scope of the locality. * The possible values are: * * `ROUND_ROBIN`: This is a simple policy in which each healthy backend * is selected in round robin order. * * `LEAST_REQUEST`: An O(1) algorithm which selects two random healthy * hosts and picks the host which has fewer active requests. * * `RING_HASH`: The ring/modulo hash load balancer implements consistent * hashing to backends. The algorithm has the property that the * addition/removal of a host from a set of N hosts only affects * 1/N of the requests. * * `RANDOM`: The load balancer selects a random healthy host. * * `ORIGINAL_DESTINATION`: Backend host is selected based on the client * connection metadata, i.e., connections are opened * to the same address as the destination address of * the incoming connection before the connection * was redirected to the load balancer. * * `MAGLEV`: used as a drop in replacement for the ring hash load balancer. * Maglev is not as stable as ring hash but has faster table lookup * build times and host selection times. For more information about * Maglev, refer to https://ai.google/research/pubs/pub44824 * * `WEIGHTED_MAGLEV`: Per-instance weighted Load Balancing via health check * reported weights. Only applicable to loadBalancingScheme * EXTERNAL. If set, the Backend Service must * configure a non legacy HTTP-based Health Check, and * health check replies are expected to contain * non-standard HTTP response header field * X-Load-Balancing-Endpoint-Weight to specify the * per-instance weights. If set, Load Balancing is weight * based on the per-instance weights reported in the last * processed health check replies, as long as every * instance either reported a valid weight or had * UNAVAILABLE_WEIGHT. Otherwise, Load Balancing remains * equal-weight. * * `WEIGHTED_ROUND_ROBIN`: Per-endpoint weighted round-robin Load Balancing using weights computed * from Backend reported Custom Metrics. If set, the Backend Service * responses are expected to contain non-standard HTTP response header field * X-Endpoint-Load-Metrics. The reported metrics * to use for computing the weights are specified via the * backends[].customMetrics fields. * localityLbPolicy is applicable to either: * * A regional backend service with the serviceProtocol set to HTTP, HTTPS, HTTP2 or H2C, * and loadBalancingScheme set to INTERNAL_MANAGED. * * A global backend service with the loadBalancingScheme set to INTERNAL_SELF_MANAGED. * * A regional backend service with loadBalancingScheme set to EXTERNAL (External Network * Load Balancing). Only MAGLEV and WEIGHTED_MAGLEV values are possible for External * Network Load Balancing. The default is MAGLEV. * If sessionAffinity is not NONE, and localityLbPolicy is not set to MAGLEV, WEIGHTED_MAGLEV, * or RING_HASH, session affinity settings will not take effect. * Only ROUND_ROBIN and RING_HASH are supported when the backend service is referenced * by a URL map that is bound to target gRPC proxy that has validateForProxyless * field set to true. * Possible values are: `ROUND_ROBIN`, `LEAST_REQUEST`, `RING_HASH`, `RANDOM`, `ORIGINAL_DESTINATION`, `MAGLEV`, `WEIGHTED_MAGLEV`, `WEIGHTED_ROUND_ROBIN`. */ readonly localityLbPolicy: pulumi.Output<string | undefined>; /** * This field denotes the logging options for the load balancer traffic served by this backend service. * If logging is enabled, logs will be exported to Stackdriver. * Structure is documented below. */ readonly logConfig: pulumi.Output<outputs.compute.RegionBackendServiceLogConfig>; /** * Name of the resource. Provided by the client when the resource is * created. The name must be 1-63 characters long, and comply with * RFC1035. Specifically, the name must be 1-63 characters long and match * the regular expression `a-z?` which means the * first character must be a lowercase letter, and all following * characters must be a dash, lowercase letter, or digit, except the last * character, which cannot be a dash. */ readonly name: pulumi.Output<string>; /** * The URL of the network to which this backend service belongs. * This field must be set for Internal Passthrough Network Load Balancers when the haPolicy is enabled, and for External Passthrough Network Load Balancers when the haPolicy fastIpMove is enabled. * This field can only be specified when the load balancing scheme is set to INTERNAL, or when the load balancing scheme is set to EXTERNAL and haPolicy fastIpMove is enabled. * Changes to this field force recreation of the resource. */ readonly network: pulumi.Output<string | undefined>; /** * Configures traffic steering properties of internal passthrough Network Load Balancers. * Structure is documented below. */ readonly networkPassThroughLbTrafficPolicy: pulumi.Output<outputs.compute.RegionBackendServiceNetworkPassThroughLbTrafficPolicy | undefined>; /** * Settings controlling eviction of unhealthy hosts from the load balancing pool. * This field is applicable only when the `loadBalancingScheme` is set * to INTERNAL_MANAGED and the `protocol` is set to HTTP, HTTPS, HTTP2 or H2C. * Structure is documented below. */ readonly outlierDetection: pulumi.Output<outputs.compute.RegionBackendServiceOutlierDetection | undefined>; /** * Additional params passed with the request, but not persisted as part of resource payload * Structure is documented below. */ readonly params: pulumi.Output<outputs.compute.RegionBackendServiceParams | undefined>; /** * A named port on a backend instance group representing the port for * communication to the backend VMs in that group. Required when the * loadBalancingScheme is EXTERNAL, EXTERNAL_MANAGED, INTERNAL_MANAGED, or INTERNAL_SELF_MANAGED * and the backends are instance groups. The named port must be defined on each * backend instance group. This parameter has no meaning if the backends are NEGs. API sets a * default of "http" if not given. * Must be omitted when the loadBalancingScheme is INTERNAL (Internal TCP/UDP Load Balancing). */ readonly portName: pulumi.Output<string>; /** * The ID of the project in which the resource belongs. * If it is not provided, the provider project is used. */ readonly project: pulumi.Output<string>; /** * The protocol this BackendService uses to communicate with backends. * The default is HTTP. Possible values are HTTP, HTTPS, HTTP2, H2C, TCP, SSL, UDP * or GRPC. Refer to the documentation for the load balancers or for Traffic Director * for more information. * Possible values are: `HTTP`, `HTTPS`, `HTTP2`, `TCP`, `SSL`, `UDP`, `GRPC`, `UNSPECIFIED`, `H2C`. */ readonly protocol: pulumi.Output<string>; /** * The Region in which the created backend service should reside. * If it is not provided, the provider region is used. */ readonly region: pulumi.Output<string>; /** * The security policy associated with this backend service. */ readonly securityPolicy: pulumi.Output<string | undefined>; /** * The URI of the created resource. */ readonly selfLink: pulumi.Output<string>; /** * Type of session affinity to use. The default is NONE. Session affinity is * not applicable if the protocol is UDP. * Possible values are: `NONE`, `CLIENT_IP`, `CLIENT_IP_PORT_PROTO`, `CLIENT_IP_PROTO`, `GENERATED_COOKIE`, `HEADER_FIELD`, `HTTP_COOKIE`, `CLIENT_IP_NO_DESTINATION`, `STRONG_COOKIE_AFFINITY`. */ readonly sessionAffinity: pulumi.Output<string>; /** * Describes the HTTP cookie used for stateful session affinity. This field is applicable and required if the sessionAffinity is set to STRONG_COOKIE_AFFINITY. * Structure is documented below. */ readonly strongSessionAffinityCookie: pulumi.Output<outputs.compute.RegionBackendServiceStrongSessionAffinityCookie | undefined>; /** * (Optional, Beta) * Subsetting configuration for this BackendService. Currently this is applicable only for Internal TCP/UDP load balancing and Internal HTTP(S) load balancing. * Structure is documented below. */ readonly subsetting: pulumi.Output<outputs.compute.RegionBackendServiceSubsetting | undefined>; /** * The backend service timeout has a different meaning depending on the type of load balancer. * For more information see, [Backend service settings](https://cloud.google.com/compute/docs/reference/rest/v1/backendServices). * The default is 30 seconds. * The full range of timeout values allowed goes from 1 through 2,147,483,647 seconds. */ readonly timeoutSec: pulumi.Output<number>; /** * Configuration for Backend Authenticated TLS and mTLS. May only be specified when the backend protocol is SSL, HTTPS or HTTP2. * Structure is documented below. */ readonly tlsSettings: pulumi.Output<outputs.compute.RegionBackendServiceTlsSettings | undefined>; /** * Create a RegionBackendService resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args?: RegionBackendServiceArgs, opts?: pulumi.CustomResourceOptions); } /** * Input properties used for looking up and filtering RegionBackendService resources. */ export interface RegionBackendServiceState { /** * Lifetime of cookies in seconds if sessionAffinity is * GENERATED_COOKIE. If set to 0, the cookie is non-persistent and lasts * only until the end of the browser session (or equivalent). The * maximum allowed value for TTL is one day. * When the load balancing scheme is INTERNAL, this field is not used. */ affinityCookieTtlSec?: pulumi.Input<number | undefined>; /** * The set of backends that serve this RegionBackendService. * Structure is documented below. */ backends?: pulumi.Input<pulumi.Input<inputs.compute.RegionBackendServiceBackend>[] | undefined>; /** * Cloud CDN configuration for this BackendService. * Structure is documented below. */ cdnPolicy?: pulumi.Input<inputs.compute.RegionBackendServiceCdnPolicy | undefined>; /** * Settings controlling the volume of connections to a backend service. This field * is applicable only when the `loadBalancingScheme` is set to INTERNAL_MANAGED * and the `protocol` is set to HTTP, HTTPS, HTTP2 or H2C. * Structure is documented below. */ circuitBreakers?: pulumi.Input<inputs.compute.RegionBackendServiceCircuitBreakers | undefined>; /** * Time for which instance will be drained (not accept new * connections, but still work to finish started). */ connectionDrainingTimeoutSec?: pulumi.Input<number | undefined>; /** * Connection Tracking configuration for this BackendService. * This is available only for Layer 4 Internal Load Balancing and * Network Load Balancing. * Structure is documented below. */ connectionTrackingPolicy?: pulumi.Input<inputs.compute.RegionBackendServiceConnectionTrackingPolicy | undefined>; /** * Consistent Hash-based load balancing can be used to provide soft session * affinity based on HTTP headers, cookies or other properties. This load balancing * policy is applicable only for HTTP connections. The affinity to a particular * destination host will be lost when one or more hosts are added/removed from the * destination service. This field specifies parameters that control consistent * hashing. * This field only applies when all of the following are true - */ consistentHash?: pulumi.Input<inputs.compute.RegionBackendServiceConsistentHash | undefined>; /** * Creation timestamp in RFC3339 text format. */ creationTimestamp?: pulumi.Input<string | undefined>; /** * List of custom metrics that are used for the WEIGHTED_ROUND_ROBIN locality_lb_policy. * Structure is documented below. */ customMetrics?: pulumi.Input<pulumi.Input<inputs.compute.RegionBackendServiceCustomMetric>[] | undefined>; /** * Whether Terraform will be prevented from destroying the resource. Defaults to DELETE. * When a 'terraform destroy' or 'pulumi up' would delete the resource, * the command will fail if this field is set to "PREVENT" in Terraform state. * When set to "ABANDON", the command will remove the resource from Terraform * management without updating or deleting the resource in the API. * When set to "DELETE", deleting the resource is allowed. */ deletionPolicy?: pulumi.Input<string | undefined>; /** * An optional description of this resource. */ description?: pulumi.Input<string | undefined>; /** * (Optional, Beta) * Dynamic forwarding configuration. This field is used to configure the backend service with dynamic forwarding * feature which together with Service Extension allows customized and complex routing logic. * Structure is documented below. */ dynamicForwarding?: pulumi.Input<inputs.compute.RegionBackendServiceDynamicForwarding | undefined>; /** * If true, enable Cloud CDN for this RegionBackendService. */ enableCdn?: pulumi.Input<boolean | undefined>; /** * Policy for failovers. * Structure is documented below. */ failoverPolicy?: pulumi.Input<inputs.compute.RegionBackendServiceFailoverPolicy | undefined>; /** * Fingerprint of this resource. A hash of the contents stored in this * object. This field is used in optimistic locking. */ fingerprint?: pulumi.Input<string | undefined>; /** * The unique identifier for the resource. This identifier is defined by the server. */ generatedId?: pulumi.Input<number | undefined>; /** * Configures self-managed High Availability (HA) for External and Internal Protocol Forwarding. * The backends of this regional backend service must only specify zonal network endpoint groups * (NEGs) of type GCE_VM_IP. Note that haPolicy is not for load balancing, and therefore cannot * be specified with sessionAffinity, connectionTrackingPolicy, and failoverPolicy. haPolicy * requires customers to be responsible for tracking backend endpoint health and electing a * leader among the healthy endpoints. Therefore, haPolicy cannot be specified with healthChecks. * haPolicy can only be specified for External Passthrough Network Load Balancers and Internal * Passthrough Network Load Balancers. * Structure is documented below. */ haPolicy?: pulumi.Input<inputs.compute.RegionBackendServiceHaPolicy | undefined>; /** * The set of URLs to HealthCheck resources for health checking * this RegionBackendService. Currently at most one health * check can be specified. * A health check must be specified unless the backend service uses an internet * or serverless NEG as a backend. */ healthChecks?: pulumi.Input<string | undefined>; /** * Settings for enabling Cloud Identity Aware Proxy. * If OAuth client is not set, Google-managed OAuth client is used. * Structure is documented below. */ iap?: pulumi.Input<inputs.compute.RegionBackendServiceIap | undefined>; /** * Specifies preference of traffic to the backend (from the proxy and from the client for proxyless gRPC). * Possible values are: `IPV4_ONLY`, `PREFER_IPV6`, `IPV6_ONLY`. */ ipAddressSelectionPolicy?: pulumi.Input<string | undefined>; /** * Indicates what kind of load balancing this regional backend service * will be used for. A backend service created for one type of load * balancing cannot be used with the other(s). For more information, refer to * [Choosing a load balancer](https://cloud.google.com/load-balancing/docs/backend-service). * Default value is `INTERNAL`. * Possible values are: `EXTERNAL`, `EXTERNAL_MANAGED`, `INTERNAL`, `INTERNAL_MANAGED`, `INTERNAL_SELF_MANAGED`. */ loadBalancingScheme?: pulumi.Input<string | undefined>; /** * The load balancing algorithm used within the scope of the locality. * The possible values are: * * `ROUND_ROBIN`: This is a simple policy in which each healthy backend * is selected in round robin order. * * `LEAST_REQUEST`: An O(1) algorithm which selects two random healthy * hosts and picks the host which has fewer active requests. * * `RING_HASH`: The ring/modulo hash load balancer implements consistent * hashing to backends. The algorithm has the property that the * addition/removal of a host from a set of N hosts only affects * 1/N of the requests. * * `RANDOM`: The load balancer selects a random healthy host. * * `ORIGINAL_DESTINATION`: Backend host is selected based on the client * connection metadata, i.e., connections are opened * to the same address as the destination address of * the incoming connection before the connection * was redirected to the load balancer. * * `MAGLEV`: used as a drop in replacement for the ring hash load balancer. * Maglev is not as stable as ring hash but has faster table lookup * build times and host selection times. For more information about * Maglev, refer to https://ai.google/research/pubs/pub44824 * * `WEIGHTED_MAGLEV`: Per-instance weighted Load Balancing via health check * reported weights. Only applicable to loadBalancingScheme * EXTERNAL. If set, the Backend Service must * configure a non legacy HTTP-based Health Check, and * health check replies are expected to contain * non-standard HTTP response header field * X-Load-Balancing-Endpoint-Weight to specify the * per-instance weights. If set, Load Balancing is weight * based on the per-instance weights reported in the last * processed health check replies, as long as every * instance either reported a valid weight or had * UNAVAILABLE_WEIGHT. Otherwise, Load Balancing remains * equal-weight. * * `WEIGHTED_ROUND_ROBIN`: Per-endpoint weighted round-robin Load Balancing using weights computed * from Backend reported Custom Metrics. If set, the Backend Service * responses are expected to contain non-standard HTTP response header field * X-Endpoint-Load-Metrics. The reported metrics * to use for computing the weights are specified via the * backends[].customMetrics fields. * localityLbPolicy is applicable to either: * * A regional backend service with the serviceProtocol set to HTTP, HTTPS, HTTP2 or H2C, * and loadBalancingScheme set to INTERNAL_MANAGED. * * A global backend service with the loadBalancingScheme set to INTERNAL_SELF_MANAGED. * * A regional backend service with loadBalancingScheme set to EXTERNAL (External Network * Load Balancing). Only MAGLEV and WEIGHTED_MAGLEV values are possible for External * Network Load Balancing. The default is MAGLEV. * If sessionAffinity is not NONE, and localityLbPolicy is not set to MAGLEV, WEIGHTED_MAGLEV, * or RING_HASH, session affinity settings will not take effect. * Only ROUND_ROBIN and RING_HASH are supported when the backend service is referenced * by a URL map that is bound to target gRPC proxy that has validateForProxyless * field set to true. * Possible values are: `ROUND_ROBIN`, `LEAST_REQUEST`, `RING_HASH`, `RANDOM`, `ORIGINAL_DESTINATION`, `MAGLEV`, `WEIGHTED_MAGLEV`, `WEIGHTED_ROUND_ROBIN`. */ localityLbPolicy?: pulumi.Input<string | undefined>; /** * This field denotes the logging options for the load balancer traffic served by this backend service. * If logging is enabled, logs will be exported to Stackdriver. * Structure is documented below. */ logConfig?: pulumi.Input<inputs.compute.RegionBackendServiceLogConfig | undefined>; /** * Name of the resource. Provided by the client when the resource is * created. The name must be 1-63 characters long, and comply with * RFC1035. Specifically, the name must be 1-63 characters long and match * the regular expression `a-z?` which means the * first character must be a lowercase letter, and all following * characters must be a dash, lowercase letter, or digit, except the last * character, which cannot be a dash. */ name?: pulumi.Input<string | undefined>; /** * The URL of the network to which this backend service belongs. * This field must be set for Internal Passthrough Network Load Balancers when the haPolicy is enabled, and for External Passthrough Network Load Balancers when the haPolicy fastIpMove is enabled. * This field can only be specified when the load balancing scheme is set to INTERNAL, or when the load balancing scheme is set to EXTERNAL and haPolicy fastIpMove is enabled. * Changes to this field force recreation of the resource. */ network?: pulumi.Input<string | undefined>; /** * Configures traffic steering properties of internal passthrough Network Load Balancers. * Structure is documented below. */ networkPassThroughLbTrafficPolicy?: pulumi.Input<inputs.compute.RegionBackendServiceNetworkPassThroughLbTrafficPolicy | undefined>; /** * Settings controlling eviction of unhealthy hosts from the load balancing pool. * This field is applicable only when the `loadBalancingScheme` is set * to INTERNAL_MANAGED and the `protocol` is set to HTTP, HTTPS, HTTP2 or H2C. * Structure is documented below. */ outlierDetection?: pulumi.Input<inputs.compute.RegionBackendServiceOutlierDetection | undefined>; /** * Additional params passed with the request, but not persisted as part of resource payload * Structure is documented below. */ params?: pulumi.Input<inputs.compute.RegionBackendServiceParams | undefined>; /** * A named port on a backend instance group representing the port for * communication to the backend VMs in that group. Required when the * loadBalancingScheme is EXTERNAL, EXTERNAL_MANAGED, INTERNAL_MANAGED, or INTERNAL_SELF_MANAGED * and the backends are instance groups. The named port must be defined on each * backend instance group. This parameter has no meaning if the backends are NEGs. API sets a * default of "http" if not given. * Must be omitted when the loadBalancingScheme is INTERNAL (Internal TCP/UDP Load Balancing). */ portName?: pulumi.Input<string | undefined>; /** * The ID of the project in which the resource belongs. * If it is not provided, the provider project is used. */ project?: pulumi.Input<string | undefined>; /** * The protocol this BackendService uses to communicate with backends. * The default is HTTP. Possible values are HTTP, HTTPS, HTTP2, H2C, TCP, SSL, UDP * or GRPC. Refer to the documentation for the load balancers or for Traffic Director * for more information. * Possible values are: `HTTP`, `HTTPS`, `HTTP2`, `TCP`, `SSL`, `UDP`, `GRPC`, `UNSPECIFIED`, `H2C`. */ protocol?: pulumi.Input<string | undefined>; /** * The Region in which the created backend service should reside. * If it is not provided, the provider region is used. */ region?: pulumi.Input<string | undefined>; /** * The security policy associated with this backend service. */ securityPolicy?: pulumi.Input<string | undefined>; /** * The URI of the created resource. */ selfLink?: pulumi.Input<string | undefined>; /** * Type of session affinity to use. The default is NONE. Session affinity is * not applicable if the protocol is UDP. * Possible values are: `NONE`, `CLIENT_IP`, `CLIENT_IP_PORT_PROTO`, `CLIENT_IP_PROTO`, `GENERATED_COOKIE`, `HEADER_FIELD`, `HTTP_COOKIE`, `CLIENT_IP_NO_DESTINATION`, `STRONG_COOKIE_AFFINITY`. */