gcloud beyondcorp security-gateways applications create
- NAME
- gcloud beyondcorp security-gateways applications create - create applications
- SYNOPSIS
gcloud beyondcorp security-gateways applications create(APPLICATION:--location=LOCATION--security-gateway=SECURITY_GATEWAY)[--async][--display-name=DISPLAY_NAME][--endpoint-matchers=[hostname=HOSTNAME],[ports=PORTS]][--request-id=REQUEST_ID][--schema=SCHEMA][--upstreams=[egressPolicy=EGRESSPOLICY],[external=EXTERNAL],[network=NETWORK],[proxyProtocol=PROXYPROTOCOL]][GCLOUD_WIDE_FLAG …]
- DESCRIPTION
- Create an application
- EXAMPLES
- To create the application, run:
gcloudbeyondcorpsecurity-gatewaysapplicationscreate - POSITIONAL ARGUMENTS
- Application resource - Identifier. Name of the resource. The arguments in thisgroup can be used to specify the attributes of this resource. (NOTE) Someattributes are not given arguments in this group but can be set in other ways.
To set the
projectattribute:- provide the argument
applicationon the command line with a fullyspecified name; - provide the argument
--projecton the command line; - set the property
core/project.
This must be specified.
APPLICATION- ID of the application or fully qualified identifier for the application.
To set the
applicationattribute:- provide the argument
applicationon the command line.
This positional argument must be specified if any of the other arguments in thisgroup are specified.
- provide the argument
--location=LOCATION- The location id of the application resource. We support only global location.
To set the
locationattribute:- provide the argument
applicationon the command line with a fullyspecified name; - provide the argument
--locationon the command line.
- provide the argument
--security-gateway=SECURITY_GATEWAY- The securityGateway id of the application resource.
To set the
security-gatewayattribute:- provide the argument
applicationon the command line with a fullyspecified name; - provide the argument
--security-gatewayon the command line.
- provide the argument
- provide the argument
- Application resource - Identifier. Name of the resource. The arguments in thisgroup can be used to specify the attributes of this resource. (NOTE) Someattributes are not given arguments in this group but can be set in other ways.
- FLAGS
--async- Return immediately, without waiting for the operation in progress to complete.
--display-name=DISPLAY_NAME- An arbitrary user-provided name for the application resource. Cannot exceed 64characters.
--endpoint-matchers=[hostname=HOSTNAME],[ports=PORTS]- An array of conditions to match the application's network endpoint. Each elementin the array is an EndpointMatcher object, which defines a specific combinationof a hostname pattern and one or more ports. The application is consideredmatched if at least one of the EndpointMatcher conditions in this array is met(the conditions are combined using OR logic). Each EndpointMatcher must containa hostname pattern, such as "example.com", and one or more port numbersspecified as a string, such as "443".
Hostname and port number examples: "
.example.com", "443" "example.com" and"22" "example.com" and "22,33".hostname- Hostname of the application.
- The ports of the application.
--endpoint-matchers=hostname=string,ports=[int]--endpoint-matchers=hostname=string,ports=[int]
--endpoint-matchers='[{"hostname": "string", "ports": [int]}]'
--endpoint-matchers=path_to_file.(yaml|json)
- --request-id
=REQUEST_ID - An optional request ID to identify requests. Specify a unique request ID so thatif you must retry your request, the server will know to ignore request if it hasalready been completed. The server will guarantee that for at least 60 minutessince the first request.
- --schema
=SCHEMA - Type of the external application.
SCHEMAmust be one of:- api-gateway
- Service Discovery API endpoint when Service Discovery is enabled in Gateway.
- proxy-gateway
- Proxy which routes traffic to actual applications, like Netscaler Gateway.
- api-gateway
- --upstreams
=[egressPolicy=EGRESSPOLICY],[external=EXTERNAL],[network=NETWORK],[proxyProtocol=PROXYPROTOCOL] - Which upstream resources to forward traffic to.
- egressPolicy
- Routing policy information.
- regions
- List of the regions where the application sends traffic.
- regions
- external
- List of the external endpoints to forward traffic to.
- endpoints
- List of the endpoints to forward traffic to.
- hostname
- Hostname of the endpoint.
- port
- Port of the endpoint.
- hostname
- endpoints
- network
- Network to forward traffic to.
- name
- Network name is of the format:
projects/{project}/global/networks/{network}.
- name
- proxyProtocol
- Enables proxy protocol configuration for the upstream.
- allowedClientHeaders
- List of the allowed client header names.
- clientIp
- Client IP configuration. The client IP address is included if true.
- contextualHeaders
- Configuration for the contextual headers.
- deviceInfo
- The device information configuration.
- outputType
- The output type details for the delegated device.
- outputType
- groupInfo
- Group details.
- outputType
- The output type of the delegated group information.
- outputType
- outputType
- Default output type for all enabled headers.
- userInfo
- User details.
- outputType
- The delegated user's information.
- outputType
- deviceInfo
- gatewayIdentity
- The security gateway identity configuration.
- metadataHeaders
- Custom resource specific headers along with the values. The names should conformto RFC 9110: >Field names can contain alphanumeric characters, hyphens, andperiods, can contain only ASCII-printable characters and tabs, and must startwith a letter.
- KEY
- SetsKEY
value. - VALUE
- SetsVALUE
value.
- KEY
- allowedClientHeaders
--upstreams=egressPolicy={regions=[string]},external={endpoints=[{hostname=string,port=int}]},network={name=string},proxyProtocol={allowedClientHeaders=[string],clientIp=boolean,contextualHeaders={deviceInfo={outputType=string},groupInfo={outputType=string},outputType=string,userInfo={outputType=string}},gatewayIdentity=string,metadataHeaders={string=string}}--upstreams=egressPolicy={regions=[string]},external={endpoints=[{hostname=string,port=int}]},network={name=string},proxyProtocol={allowedClientHeaders=[string],clientIp=boolean,contextualHeaders={deviceInfo={outputType=string},groupInfo={outputType=string},outputType=string,userInfo={outputType=string}},gatewayIdentity=string,metadataHeaders={string=string}}
--upstreams='[{"egressPolicy": {"regions": ["string"]}, "external": {"endpoints": [{"hostname": "string", "port": int}]}, "network": {"name": "string"}, "proxyProtocol": {"allowedClientHeaders": ["string"], "clientIp": boolean, "contextualHeaders": {"deviceInfo": {"outputType": "string"}, "groupInfo": {"outputType": "string"}, "outputType": "string", "userInfo": {"outputType": "string"}}, "gatewayIdentity": "string", "metadataHeaders": {"string": "string"}}}]'
--upstreams=path_to_file.(yaml|json)
- egressPolicy
--access-token-file,--account,--billing-project,--configuration,--flags-file,--flatten,--format,--help,--impersonate-service-account,--log-http,--project,--quiet,--trace-token,--user-output-enabled,--verbosity.Run$gcloud help for details.
beyondcorp/v1 API. The full documentation forthis API can be found at:https://cloud.google.com/gcloudbetabeyondcorpsecurity-gatewaysapplicationscreateExcept as otherwise noted, the content of this page is licensed under theCreative Commons Attribution 4.0 License, and code samples are licensed under theApache 2.0 License. For details, see theGoogle Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2025-12-09 UTC.