gcloud beta compute network-endpoint-groups create - create a Google Compute Engine network endpoint group

gcloud beta compute network-endpoint-groups createNAME[--default-port=DEFAULT_PORT][--network=NETWORK][--network-endpoint-type=NETWORK_ENDPOINT_TYPE; default="gce-vm-ip-port"][--producer-port=PRODUCER_PORT][--psc-target-service=PSC_TARGET_SERVICE][--subnet=SUBNET][--cloud-function-name=CLOUD_FUNCTION_NAME--cloud-function-url-mask=CLOUD_FUNCTION_URL_MASK    |--cloud-run-service=CLOUD_RUN_SERVICE--cloud-run-tag=CLOUD_RUN_TAG--cloud-run-url-mask=CLOUD_RUN_URL_MASK    |--[no-]app-engine-app--app-engine-service=APP_ENGINE_SERVICE--app-engine-url-mask=APP_ENGINE_URL_MASK--app-engine-version=APP_ENGINE_VERSION    |--serverless-deployment-platform=SERVERLESS_DEPLOYMENT_PLATFORM--serverless-deployment-resource=SERVERLESS_DEPLOYMENT_RESOURCE--serverless-deployment-url-mask=SERVERLESS_DEPLOYMENT_URL_MASK--serverless-deployment-version=SERVERLESS_DEPLOYMENT_VERSION][--global    |--region=REGION    |--zone=ZONE][GCLOUD_WIDE_FLAG …]

NAME

Name of the network endpoint group to operate on.

--default-port=DEFAULT_PORT

The default port to use if the port number is not specified in the networkendpoint.

If this flag isn't specified for a NEG with endpoint typegce-vm-ip-port,gce-vm-ip-portmap ornon-gcp-private-ip-port, then every network endpoint in the networkendpoint group must have a port specified. For a global NEG with endpoint typeinternet-ip-port andinternet-fqdn-port if the defaultport is not specified, the well-known port for your backend protocol is used (80for HTTP, 443 for HTTPS).

This flag is not supported for NEGs with endpoint typeserverless.

This flag is not supported for NEGs with endpoint typeprivate-service-connect.

--network=NETWORK

Name of the network in which the NEG is created.default projectnetwork is used if unspecified.

This is only supported for NEGs with endpoint typegce-vm-ip-port,non-gcp-private-ip-port,gce-vm-ip,private-service-connect,internet-ip-port,internet-fqdn-port, orgce-vm-ip-portmap.

For Private Service Connect NEGs, you can optionally specify --network and--subnet if --psc-target-service points to a published service. If--psc-target-service points to the regional service endpoint of a Google API, donot specify --network or --subnet.

--network-endpoint-type=NETWORK_ENDPOINT_TYPE; default="gce-vm-ip-port"

Determines the spec of endpoints attached to this group.

gce-vm-ip-port

Endpoint IP address must belong to a VM in Compute Engine (either the primary IPor as part of an aliased IP range). The--default-port must bespecified or every network endpoint in the network endpoint group must have aport specified.

internet-ip-port

Endpoint IP address must be a publicly routable address. If specified, thedefault port is used. If unspecified, the well-known port for your backendprotocol is used as the default port (80 for HTTP, 443 for HTTPS).

internet-fqdn-port

Endpoint FQDN must be resolvable to a public IP address via public DNS. Thedefault port is used, if specified. If the default port is not specified, thewell-known port for your backend protocol is used as the default port (80 forHTTP, 443 for HTTPS).

After creating a NEG of this type, you can use thegcloud computenetwork-endpoint-groups update command with the--add-endpoint flag. Example:--add-endpoint="fqdn=backend.example.com,port=443"

non-gcp-private-ip-port

Endpoint IP address must belong to a VM not in Compute Engine and must beroutable using a Cloud Router over VPN or an Interconnect connection. In thiscase, the NEG must be zonal. The--default-port must be specifiedor every network endpoint in the network endpoint group must have a portspecified.

serverless

The network endpoint is handled by specified serverless infrastructure, such asCloud Run, App Engine, or Cloud Function. Default port, network, and subnet arenot effective for serverless endpoints.

private-service-connect

The network endpoint corresponds to a service outside the VPC, accessed viaPrivate Service Connect.

gce-vm-ip

Endpoint must be the IP address of a VM's network interface in Compute Engine.Instance reference is required. The IP address is optional. If unspecified, theprimary NIC address is used. A port must not be specified.

gce-vm-ip-portmap

Endpoint IP address must be a primary IP of a VM's network interface in ComputeEngine. The--default-port must be specified or every networkendpoint in the network endpoint group must have a port specified.

NETWORK_ENDPOINT_TYPE must be one of:gce-vm-ip-port,internet-ip-port,internet-fqdn-port,non-gcp-private-ip-port,serverless,gce-vm-ip,private-service-connect,gce-vm-ip-portmap.

--producer-port=PRODUCER_PORT

The producer port to use when a consumer PSC NEG connects to a producer'sinternal network load balancer. If this flag isn't specified for a NEG withendpoint typeprivate-service-connect, the PSC NEG will connect toport 443 or the first available port in the PSC producer port range, or to port1 if the PSC producer's forwarding rule ports flag is set to all-ports.

This flag is not supported for NEGs with endpoint type other thanprivate-service-connect.

--psc-target-service=PSC_TARGET_SERVICE

PSC target service name to add to the private service connect network endpointgroups (NEG).

--subnet=SUBNET

Name of the subnet to which all network endpoints belong.

If not specified, network endpoints may belong to any subnetwork in the regionwhere the network endpoint group is created.

This is only supported for NEGs with endpoint typegce-vm-ip-port,gce-vm-ip,private-service-connect, orgce-vm-ip-portmap. For Private Service Connect NEGs, you canoptionally specify --network and --subnet if --psc-target-service points to apublished service. If --psc-target-service points to the regional serviceendpoint of a Google API, do not specify --network or --subnet.

The serverless routing configurations are only valid when endpoint type of thenetwork endpoint group isserverless.At most one of these can be specified:

Configuration for a Cloud Function network endpoint group. Cloud Function namemust be provided explicitly or in the URL mask.

--cloud-function-name=CLOUD_FUNCTION_NAME

Cloud Function name to add to the Serverless NEG. The function must be in thesame project and the same region as the Serverless network endpoint groups(NEG).

--cloud-function-url-mask=CLOUD_FUNCTION_URL_MASK

A template to parse function field from a request URL. URL mask allows forrouting to multiple Cloud Functions without having to create multiple networkendpoint groups and backend services.

Configuration for a Cloud Run network endpoint group. Cloud Run service must beprovided explicitly or in the URL mask. Cloud Run tag is optional, and may beprovided explicitly or in the URL mask.

--cloud-run-service=CLOUD_RUN_SERVICE

Cloud Run service name to add to the Serverless network endpoint groups (NEG).The service must be in the same project and the same region as the ServerlessNEG.

--cloud-run-tag=CLOUD_RUN_TAG

Cloud Run tag represents the "named revision" to provide additional fine-grainedtraffic routing configuration.

--cloud-run-url-mask=CLOUD_RUN_URL_MASK

A template to parse service and tag fields from a request URL. URL mask allowsfor routing to multiple Run services without having to create multiple networkendpoint groups and backend services.

Configuration for an App Engine network endpoint group. Both App Engine serviceand version are optional, and may be provided explicitly or in the URL mask. Theapp-engine-app flag is only used for default routing. The AppEngine app must be in the same project as the Serverless network endpoint groups(NEG).

--[no-]app-engine-app

If set, the default routing is used. Use--app-engine-app to enableand--no-app-engine-app to disable.

--app-engine-service=APP_ENGINE_SERVICE

Optional serving service to add to the Serverless NEG.

--app-engine-url-mask=APP_ENGINE_URL_MASK

A template to parse service and version fields from a request URL. URL maskallows for routing to multiple App Engine services without having to createmultiple network endpoint groups and backend services.

--app-engine-version=APP_ENGINE_VERSION

Optional serving version to add to the Serverless NEG.

Configuration for a Serverless network endpoint group. Serverless NEGs supportall serverless backends and are the only way to setup a network endpoint groupfor Cloud API Gateways.

TocreateaserverlessNEGwithaCloudRun,CloudFunctionsorAppEngineendpoint,youcaneitherusethepreviously-listedCloudRun,CloudFunctionsorAppEngine-specificproperties,OR,youcanusethefollowinggenericpropertiesthatarecompatiblewithallserverlessplatforms,includingAPIGateway:serverless-deployment-platform,serverless-deployment-resource,serverless-deployment-url-mask,andserverless-deployment-version.

--serverless-deployment-platform=SERVERLESS_DEPLOYMENT_PLATFORM

The platform of the NEG backend target(s). Possible values:

• API Gateway: apigateway.googleapis.com
• App Engine: appengine.googleapis.com
• Cloud Functions: cloudfunctions.googleapis.com
• Cloud Run: run.googleapis.com

--serverless-deployment-resource=SERVERLESS_DEPLOYMENT_RESOURCE

The user-defined name of the workload/instance. This value must be providedexplicitly or using the --serverless-deployment-url-mask option. The resourceidentified by this value is platform-specific and is as follows:

• API Gateway: The gateway ID
• App Engine: The service name
• Cloud Functions: The function name
• Cloud Run: The service name

--serverless-deployment-url-mask=SERVERLESS_DEPLOYMENT_URL_MASK

A template to parse platform-specific fields from a request URL. URL mask allowsfor routing to multiple resources on the same serverless platform without havingto create multiple network endpoint groups and backend resources. The fieldsparsed by this template are platform-specific and are as follows:

• API Gateway: The 'gateway' ID
• App Engine: The 'service' and 'version'
• Cloud Functions: The 'function' name
• Cloud Run: The 'service' and 'tag'

--serverless-deployment-version=SERVERLESS_DEPLOYMENT_VERSION

The optional resource version. The version identified by this value isplatform-specific and is as follows:

• API Gateway: Unused
• App Engine: The service version
• Cloud Functions: Unused
• Cloud Run: The service tag

At most one of these can be specified:

--global

If set, the network endpoint group is global.

--region=REGION

Region of the network endpoint group to operate on. If not specified, you mightbe prompted to select a region (interactive mode only).

To avoid prompting when this flag is omitted, you can set thecompute/region property:

gcloudconfigsetcompute/regionREGION

A list of regions can be fetched by running:

gcloudcomputeregionslist

To unset the property, run:

gcloudconfigunsetcompute/region

Alternatively, the region can be stored in the environment variableCLOUDSDK_COMPUTE_REGION.

--zone=ZONE

Zone of the network endpoint group to operate on. If not specified and thecompute/zone property isn't set, you mightbe prompted to select a zone (interactive mode only).

To avoid prompting when this flag is omitted, you can set thecompute/zone property:

gcloudconfigsetcompute/zoneZONE

A list of zones can be fetched by running:

gcloudcomputezoneslist

To unset the property, run:

gcloudconfigunsetcompute/zone

Alternatively, the zone can be stored in the environment variableCLOUDSDK_COMPUTE_ZONE.

Run$gcloud help for details.