Skip to main content

types

Address

An endpoint address resource.

One of address

Endpoint address of one of the types: public (external) IPv4 address, internal IPv4 address, public IPv6 address.

  • externalIpv4Address : ExternalIpv4Address

    Public IPv4 endpoint address.

  • internalIpv4Address : InternalIpv4Address

    Internal IPv4 endpoint address.

To enable the use of listeners with internal addresses, contact support.

  • externalIpv6Address : ExternalIpv6Address

    Public IPv6 endpoint address.

AllocationPolicy

A locality settings (allocation policy) resource.

locations : Location

Availability zones and subnets that the application load balancer resides.

AutoScalePolicy

A resource for scaling settings of an application load balancer.

minZoneSize : int64

Lower limit for the number of resource units in each availability zone.

If not specified previously (using other instruments such as management console), the default value is 2. To revert to it, specify it explicitly.

The minimum value is 2.

maxSize : int64

Upper limit for the total number of resource units across all availability zones.

If a positive value is specified, it must be at least min_zone_size multiplied by the size of AllocationPolicy.locations.

If the value is 0, there is no upper limit.

BackendGroup

A backend group resource. For details about the concept, see documentation.

id : string

ID of the backend group. Generated at creation time.

name : string

Name of the backend group. The name is unique within the folder. The string length in characters is 3-63.

description : string

Description of the backend group. The string is 0-256 characters long.

folderId : string

ID of the folder that the backend group belongs to.

labels : string

Backend group labels as key:value pairs. For details about the concept, see documentation. The maximum number of labels is 64.

One of backend

Backends that the backend group consists of.

  • http : HttpBackendGroup

    List of HTTP backends that the backend group consists of.

  • grpc : GrpcBackendGroup

    List of gRPC backends that the backend group consists of.

  • stream : StreamBackendGroup

    List of stream (TCP) backends that the backend group consists of.

createdAt : google.protobuf.Timestamp

Creation timestamp.

BackendTls

A resource for backend TLS settings.

sni : string

Server Name Indication (SNI) string for TLS connections.

validationContext : ValidationContext

Validation context for TLS connections.

ConnectionSessionAffinity

A resource for connection-based session affinity configuration.

sourceIp : bool

Specifies whether an IP address of the client is used to define a connection for session affinity.

CookieSessionAffinity

A resource for cookie-based session affinity configuration.

name : string

Name of the cookie that is used for session affinity.

ttl : google.protobuf.Duration

Maximum age of cookies that are generated for sessions.

If set to 0, session cookies are used, which are stored by clients in temporary memory and are deleted on client restarts.

If not set, the balancer does not generate cookies and only uses incoming ones for establishing session affinity.

DirectResponseAction

A direct response action resource.

status : int64

HTTP status code to use in responses.

body : Payload

Response body.

Endpoint

An endpoint resource.

addresses : Address

Endpoint public (external) and internal addresses.

ports : int64

Endpoint ports.

ExternalIpv4Address

A public (external) IPv4 endpoint address resource.

address : string

IPv4 address.

ExternalIpv6Address

A public (external) IPv4 endpoint address resource.

address : string

IPv6 address.

GrpcBackend

A gRPC backend resource.

name : string

Name of the backend.

backendWeight : google.protobuf.Int64Value

Backend weight. Traffic is distributed between backends of a backend group according to their weights.

Weights must be set either for all backends of a group or for none of them. Setting no weights is the same as setting equal non-zero weights for all backends.

If the weight is non-positive, traffic is not sent to the backend.

loadBalancingConfig : LoadBalancingConfig

Load balancing configuration for the backend.

port : int64

Port used by all targets to receive traffic.

One of backendType

Reference to targets that belong to the backend. For now, targets are referenced via target groups.

  • targetGroups : TargetGroupsBackend

    Target groups that belong to the backend.

healthchecks : HealthCheck

Health checks to perform on targets from target groups. For details about health checking, see documentation.

If no health checks are specified, active health checking is not performed.

tls : BackendTls

Settings for TLS connections between load balancer nodes and backend targets.

If specified, the load balancer establishes HTTPS (HTTP over TLS) connections with targets and compares received certificates with the one specified in BackendTls.validation_context. If not specified, the load balancer establishes unencrypted HTTP connections with targets.

GrpcBackendGroup

A gRPC backend group resource.

backends : GrpcBackend

List of gRPC backends.

One of sessionAffinity

Session affinity configuration for the backend group.

For details about the concept, see documentation.

If session affinity is configured, the backend group should contain exactly one active backend (i.e. with positive GrpcBackend.backend_weight), and its LoadBalancingConfig.load_balancing_mode should be MAGLEV_HASH. If any of these conditions are not met, session affinity will not work.

  • connection : ConnectionSessionAffinity

    Connection-based session affinity configuration.

For now, a connection is defined only by an IP address of the client.

  • header : HeaderSessionAffinity

    HTTP-header-field-based session affinity configuration.

  • cookie : CookieSessionAffinity

    Cookie-based session affinity configuration.

GrpcRoute

A gRPC route configuration resource.

match : GrpcRouteMatch

Condition (predicate) used to select the route.

One of action

Action performed on the request if the route is selected.

  • route : GrpcRouteAction

    Forwards the request to a backend group for processing as configured.

  • statusResponse : GrpcStatusResponseAction

    Instructs the load balancer to respond directly with a specified status.

GrpcRouteAction

A gRPC route action resource.

backendGroupId : string

Backend group to forward requests to.

maxTimeout : google.protobuf.Duration

Overall timeout for an underlying HTTP connection between a load balancer node an a backend from the backend group: the maximum time the connection is kept alive for, regardless of whether data is transferred over it.

If a client specifies a lower timeout in HTTP grpc-timeout header, the max_timeout value is ignored.

If a connection times out, the load balancer responds to the client with an UNAVAILABLE status code.

Default value: 60.

idleTimeout : google.protobuf.Duration

Idle timeout for an underlying HTTP connection between a load balancer node an a backend from the backend group: the maximum time the connection is allowed to be idle, i.e. without any data transferred over it.

Specifying meaningful values for both max_timeout and idle_timeout is useful for implementing server-push mechanisms such as long polling, server-sent events etc.

If a connection times out, the load balancer responds to the client with an UNAVAILABLE status code.

If not specified, no idle timeout is used, and an alive connection may be idle for any duration (see max_timeout).

One of hostRewriteSpecifier

Value rewrite settings for HTTP/1.1 Host headers and HTTP/2 :authority pseudo-headers.

If not specified, the host is not changed.

  • hostRewrite : string

    Host replacement.

  • autoHostRewrite : bool

    Automatically replaces the host with that of the target.

rateLimit : RateLimit

RateLimit is a rate limit configuration applied for route.

GrpcRouteMatch

A gRPC route condition (predicate) resource.

fqmn : StringMatch

Match settings for gRPC service method called in the request.

A match string must be a fully qualified method name, e.g. foo.bar.v1.BazService/Get, or a prefix of such.

If not specified, the route matches all methods.

GrpcStatusResponseAction

A gRPC status response action resource.

Status

gRPC status code supported for use in responses.

  • OK

    OK (0) status code.

  • INVALID_ARGUMENT

    INVALID_ARGUMENT (3) status code.

  • NOT_FOUND

    NOT_FOUND (5) status code.

  • PERMISSION_DENIED

    PERMISSION_DENIED (7) status code.

  • UNAUTHENTICATED

    UNAUTHENTICATED (16) status code.

  • UNIMPLEMENTED

    UNIMPLEMENTED (12) status code.

  • INTERNAL

    INTERNAL (13) status code.

  • UNAVAILABLE

    UNAVAILABLE (14) status code.

status : Status

gRPC status code to use in responses.

HeaderModification

A header modification resource.

name : string

Name of the header.

One of operation

Operation to perform on the header.

  • append : string

    Appends the specified string to the header value.

Variables defined for Envoy proxy are supported.

  • replace : string

    Replaces the value of the header with the specified string.

Variables defined for Envoy proxy are supported.

  • remove : bool

    Removes the header.

  • rename : string
    Replaces the name of the header with the specified string.

    This operation is only supported for ALB Virtual Hosts.

HeaderSessionAffinity

A resource for HTTP-header-field-based session affinity configuration.

headerName : string

Name of the HTTP header field that is used for session affinity.

HealthCheck

A health check resource. For details about the concept, see documentation.

StreamHealthCheck

A resource for TCP stream health check settings.

send : Payload

Message sent to targets during TCP data transfer.

If not specified, no data is sent to the target.

receive : Payload

Data that must be contained in the messages received from targets for a successful health check.

If not specified, no messages are expected from targets, and those that are received are not checked.

HttpHealthCheck

A resource for HTTP health check settings.

host : string

Value for the HTTP/1.1 Host header or the HTTP/2 :authority pseudo-header used in requests to targets.

path : string

HTTP path used in requests to targets: request URI for HTTP/1.1 request line or value for the HTTP/2 :path pseudo-header.

useHttp2 : bool

Enables HTTP/2 usage in health checks.

Default value: false, HTTP/1.1 is used.

GrpcHealthCheck

A resource for gRPC health check settings.

serviceName : string

Name of the gRPC service to be checked.

If not specified, overall health is checked.

For details about the concept, see GRPC Health Checking Protocol.

timeout : google.protobuf.Duration

Health check timeout.

The timeout is the time allowed for the target to respond to a check. If the target doesn't respond in time, the check is considered failed.

interval : google.protobuf.Duration

Base interval between consecutive health checks.

intervalJitterPercent : double
healthyThreshold : int64

Number of consecutive successful health checks required to mark an unhealthy target as healthy.

Both 0 and 1 values amount to one successful check required.

The value is ignored when a load balancer is initialized; a target is marked healthy after one successful check.

Default value: 0.

unhealthyThreshold : int64

Number of consecutive failed health checks required to mark a healthy target as unhealthy.

Both 0 and 1 values amount to one unsuccessful check required.

The value is ignored if a health check is failed due to an HTTP 503 Service Unavailable response from the target (not applicable to TCP stream health checks). The target is immediately marked unhealthy.

Default value: 0.

healthcheckPort : int64

Port used for health checks.

If not specified, the backend port (HttpBackend.port or GrpcBackend.port) is used for health checks.

One of healthcheck

Protocol-specific health check settings.

The protocols of the backend and of its health check may differ, e.g. a gRPC health check may be specified for an HTTP backend.

  • stream : StreamHealthCheck

    TCP stream health check settings.

  • http : HttpHealthCheck

    HTTP health check settings.

  • grpc : GrpcHealthCheck

    gRPC health check settings.

One of transportSettings

Optional transport protocol for health checks. When not set, health checks use the same protocol as the proxied traffic. Use this when health checks' protocol settings differ from their backend, e.g. plaintext health checks for a TLS backend.

  • plaintext : PlaintextTransportSettings
  • tls : SecureTransportSettings

Http2Options

An HTTP/2 options resource.

maxConcurrentStreams : int64

Maximum number of concurrent HTTP/2 streams in a connection.

HttpBackend

An HTTP backend resource.

name : string

Name of the backend.

backendWeight : google.protobuf.Int64Value

Backend weight. Traffic is distributed between backends of a backend group according to their weights.

Weights must be set either for all backends in a group or for none of them. Setting no weights is the same as setting equal non-zero weights for all backends.

If the weight is non-positive, traffic is not sent to the backend.

loadBalancingConfig : LoadBalancingConfig

Load balancing configuration for the backend.

port : int64

Port used by all targets to receive traffic.

  • targetGroups : TargetGroupsBackend
    Target groups that belong to the backend. For details about target groups, see

    documentation.

  • storageBucket : StorageBucketBackend
    Object Storage bucket to use as the backend. For details about buckets, see

    documentation.

If a bucket is used as a backend, the list of bucket objects and the objects themselves must be publicly accessible. For instructions, see documentation.

healthchecks : HealthCheck

Health checks to perform on targets from target groups. For details about health checking, see documentation.

If no health checks are specified, active health checking is not performed.

tls : BackendTls

Settings for TLS connections between load balancer nodes and backend targets.

If specified, the load balancer establishes HTTPS (HTTP over TLS) connections with targets and compares received certificates with the one specified in BackendTls.validation_context. If not specified, the load balancer establishes unencrypted HTTP connections with targets.

useHttp2 : bool

Enables HTTP/2 usage in connections between load balancer nodes and backend targets.

Default value: false, HTTP/1.1 is used.

HttpBackendGroup

An HTTP backend group resource.

backends : HttpBackend

List of HTTP backends.

  • connection : ConnectionSessionAffinity

    Connection-based session affinity configuration.

For now, a connection is defined only by an IP address of the client.

  • header : HeaderSessionAffinity

    HTTP-header-field-based session affinity configuration.

  • cookie : CookieSessionAffinity

    Cookie-based session affinity configuration.

HttpHandler

An HTTP handler resource.

httpRouterId : string

ID of the HTTP router processing requests. For details about the concept, see documentation.

To get the list of all available HTTP routers, make a HttpRouterService.List request.

One of protocolSettings

Protocol settings.

For HTTPS (HTTP over TLS) connections, settings are applied to the protocol negotiated using TLS ALPN extension.

  • http2Options : Http2Options

    HTTP/2 settings.

If specified, incoming HTTP/2 requests are supported by the listener.

  • allowHttp10 : bool

    Enables support for incoming HTTP/1.0 and HTTP/1.1 requests and disables it for HTTP/2 requests.

rewriteRequestId : bool

When unset, will preserve the incoming x-request-id header, otherwise would rewrite it with a new value.

HttpListener

An HTTP listener resource.

handler : HttpHandler

Settings for handling HTTP requests.

Only one of handler and redirects can be specified.

redirects : Redirects

Redirects settings.

Only one of redirects and handler can be specified.

HttpRoute

An HTTP route configuration resource.

match : HttpRouteMatch

Condition (predicate) used to select the route.

  • route : HttpRouteAction

    Forwards the request to a backend group for processing as configured.

  • redirect : RedirectAction

    Redirects the request as configured.

  • directResponse : DirectResponseAction

    Instructs the load balancer to respond directly as configured.

HttpRouteAction

An HTTP route action resource.

backendGroupId : string

Backend group to forward requests to.

Stream (TCP) backend groups are not supported.

timeout : google.protobuf.Duration

Overall timeout for an HTTP connection between a load balancer node an a backend from the backend group: the maximum time the connection is kept alive for, regardless of whether data is transferred over it.

If a connection times out, the load balancer responds to the client with a 504 Gateway Timeout status code.

Default value: 60.

idleTimeout : google.protobuf.Duration

Idle timeout for an HTTP connection between a load balancer node an a backend from the backend group: the maximum time the connection is allowed to be idle, i.e. without any data transferred over it.

Specifying meaningful values for both timeout and idle_timeout is useful for implementing server-push mechanisms such as long polling, server-sent events (EventSource interface) etc.

If a connection times out, the load balancer responds to the client with a 504 Gateway Timeout status code.

If not specified, no idle timeout is used, and an alive connection may be idle for any duration (see timeout).

  • hostRewrite : string

    Host replacement.

  • autoHostRewrite : bool

    Automatically replaces the host with that of the target.

prefixRewrite : string

Replacement for the path prefix matched by StringMatch.

For instance, if StringMatch.prefix_match value is /foo and prefix_rewrite value is /bar, a request with /foobaz path is forwarded with /barbaz path. For StringMatch.exact_match, the whole path is replaced.

If not specified, the path is not changed.

upgradeTypes : string

Supported values for HTTP Upgrade header. E.g. websocket.

rateLimit : RateLimit

RateLimit is a rate limit configuration applied for route.

HttpRouteMatch

An HTTP route condition (predicate) resource.

httpMethod : string

HTTP method specified in the request.

path : StringMatch

Match settings for the path specified in the request.

If not specified, the route matches all paths.

HttpRouter

An HTTP router resource. For details about the concept, see documentation.

id : string

ID of the router. Generated at creation time.

name : string

Name of the router. The name is unique within the folder.

description : string

Description of the router.

folderId : string

ID of the folder that the router belongs to.

labels : string

Router labels as key:value pairs. For details about the concept, see documentation.

virtualHosts : VirtualHost

Virtual hosts that combine routes inside the router. For details about the concept, see documentation.

Only one virtual host with no authority (default match) can be specified.

createdAt : google.protobuf.Timestamp

Creation timestamp.

routeOptions : RouteOptions

InternalIpv4Address

An internal IPv4 endpoint address resource.

address : string

IPv4 address.

subnetId : string

ID of the subnet that the address belongs to.

Listener

A listener resource.

For details about the concept, see documentation.

name : string

Name of the listener. The name is unique within the application load balancer. The string length in characters is 3-63.

endpoints : Endpoint

Endpoints of the listener.

Endpoints are defined by their IP addresses and ports.

One of listener

Listener type and settings.

  • http : HttpListener

    Unencrypted HTTP listener settings.

  • tls : TlsListener

    TLS-encrypted HTTP or TCP stream listener settings.

All handlers within a listener (TlsListener.default_handler and TlsListener.sni_handlers) must be of one type, HttpHandler or StreamHandler. Mixing HTTP and TCP stream traffic in a TLS-encrypted listener is not supported.

  • stream : StreamListener

    Unencrypted stream (TCP) listener settings.

LoadBalancer

An application load balancer resource. For details about the concept, see documentation.

Status

  • STATUS_UNSPECIFIED

  • CREATING

    The application load balancer is being created.

  • STARTING

    The application load balancer is being started.

  • ACTIVE

    The application load balancer is active and sends traffic to the targets.

  • STOPPING

    The application load balancer is being stopped.

  • STOPPED

    The application load balancer is stopped and doesn't send traffic to the targets.

  • DELETING

    The application load balancer is being deleted.

id : string

ID of the application load balancer. Generated at creation time.

name : string

Name of the application load balancer. The name is unique within the folder.

description : string

Description of the application load balancer.

folderId : string

ID of the folder that the application load balancer belongs to.

labels : string

Application load balancer labels as key:value pairs. For details about the concept, see documentation.

status : Status

Status of the application load balancer.

regionId : string

ID of the region that the application load balancer is located at.

networkId : string

ID of the network that the application load balancer belongs to.

listeners : Listener

Listeners that belong to the application load balancer.

For details about the concept, see documentation.

allocationPolicy : AllocationPolicy

Locality settings of the application load balancer.

For details about the concept, see documentation.

logGroupId : string

ID of the log group that stores access logs of the application load balancer.

The logs can be accessed using a Cloud Functions trigger for Cloud Logs.

securityGroupIds : string

ID's of the security groups attributed to the application load balancer.

For details about the concept, see documentation.

createdAt : google.protobuf.Timestamp

Creation timestamp.

autoScalePolicy : AutoScalePolicy

Scaling settings of the application load balancer.

The scaling settings relate to a special internal instance group which facilitates the balancer's work. Instances in this group are called resource units. The group is scaled automatically based on incoming load and within limitations specified in these settings.

For details about the concept, see documentation.

logOptions : LogOptions

Cloud logging settings of the application load balancer.

LoadBalancingConfig

A load balancing configuration resource.

panicThreshold : int64

Threshold for panic mode.

If percentage of healthy backends in the group drops below threshold, panic mode will be activated and traffic will be routed to all backends, regardless of their health check status. This helps to avoid overloading healthy backends. For details about panic mode, see documentation.

If the value is 0, panic mode will never be activated and traffic is routed only to healthy backends at all times.

Default value: 0.

localityAwareRoutingPercent : int64

Percentage of traffic that a load balancer node sends to healthy backends in its availability zone. The rest is divided equally between other zones. For details about zone-aware routing, see documentation.

If there are no healthy backends in an availability zone, all the traffic is divided between other zones.

If strict_locality is true, the specified value is ignored. A load balancer node sends all the traffic within its availability zone, regardless of backends' health.

Default value: 0.

strictLocality : bool

Specifies whether a load balancer node should only send traffic to backends in its availability zone, regardless of their health, and ignore backends in other zones.

If set to true and there are no healthy backends in the zone, the node in this zone will respond to incoming traffic with errors. For details about strict locality, see documentation.

If strict_locality is true, the value specified in locality_aware_routing_percent is ignored.

Default value: false.

mode : LoadBalancingMode

Load balancing mode for the backend.

For details about load balancing modes, see documentation.

Location

An application load balancer location resource.

For details about the concept, see documentation.

zoneId : string

ID of the availability zone where the application load balancer resides.

Each availability zone can only be specified once.

subnetId : string

ID of the subnet that the application load balancer belongs to.

disableTraffic : bool

Disables the load balancer node in the specified availability zone.

Backends in the availability zone are not directly affected by this setting. They still may receive traffic from the load balancer nodes in other availability zones, subject to LoadBalancingConfig.locality_aware_routing_percent and LoadBalancingConfig.strict_locality settings.

LogDiscardRule

LogDiscardRule discards a fraction of logs with certain codes. If neither codes or intervals are provided, rule applies to all logs.

httpCodes : int64

HTTP codes that should be discarded.

httpCodeIntervals : HttpCodeInterval

Groups of HTTP codes like 4xx that should be discarded.

grpcCodes : google.rpc.Code

GRPC codes that should be discarded

discardPercent : google.protobuf.Int64Value

Percent of logs to be discarded: 0 - keep all, 100 or unset - discard all

LogOptions

logGroupId : string

Cloud Logging log group ID to store access logs. If not set then logs will be stored in default log group for the folder where load balancer located.

discardRules : LogDiscardRule

ordered list of rules, first matching rule applies

disable : bool

Do not send logs to Cloud Logging log group.

Payload

A health check payload resource.

One of payload

Payload.

  • text : string

    Payload text.

PlaintextTransportSettings

Transport settings to be used instead of the settings configured per-cluster

Principal

Principal defines an identity for a request.

HeaderMatcher

name : string

Specifies the name of the header in the request.

value : StringMatch

Specifies how the header match will be performed to route the request. In the absence of value a request that has specified header name will match, regardless of the header's value.

One of identifier

  • header : HeaderMatcher

    A header (or pseudo-header such as :path or :method) of the incoming HTTP request.

  • remoteIp : string

    A CIDR block or IP that describes the request remote/origin address, e.g. 192.0.0.0/24 or192.0.0.4 .

  • any : bool

    When any is set, it matches any request.

Principals

Principals define a group of identities for a request.

andPrincipals : Principal

Required. A match occurs when all principals match the request.

RBAC

Role Based Access Control (RBAC) provides router, virtual host, and route access control for the ALB service. Requests are allowed or denied based on the action and whether a matching principal is found. For instance, if the action is ALLOW and a matching principal is found the request should be allowed.

Action

  • ACTION_UNSPECIFIED

  • ALLOW

    Allows the request if and only if there is a principal that matches the request.

  • DENY

    Allows the request if and only if there are no principal that match the request.

action : Action

The action to take if a principal matches. Every action either allows or denies a request.

principals : Principals

Required. A match occurs when at least one matches the request.

RateLimit

RateLimit is a set of settings for global rate limiting.

Limit

Limit is a rate limit value settings.

One of rate

  • perSecond : int64

    PerSecond is a limit value specified with per second time unit.

  • perMinute : int64

    PerMinute is a limit value specified with per minute time unit.

allRequests : Limit

AllRequests is a rate limit configuration applied to all incoming requests.

requestsPerIp : Limit

RequestsPerIp is a rate limit configuration applied separately for each set of requests grouped by client IP address.

RedirectAction

A redirect action resource.

RedirectResponseCode

HTTP status codes supported for use in redirect responses.

  • MOVED_PERMANENTLY

    301 Moved Permanently status code.

  • FOUND

    302 Found status code.

  • SEE_OTHER

    303 See Other status code.

  • TEMPORARY_REDIRECT

    307 Temporary Redirect status code.

  • PERMANENT_REDIRECT

    308 Permanent Redirect status code.

replaceScheme : string

URI scheme replacement.

If http or https scheme is to be replaced and 80 or 443 port is specified in the original URI, the port is also removed.

If not specified, the original scheme and port are used.

replaceHost : string

URI host replacement.

If not specified, the original host is used.

replacePort : int64

URI host replacement.

If not specified, the original host is used.

One of path

URI path replacement.

If not specified, the original path is used.

  • replacePath : string

    Replacement for the whole path.

  • replacePrefix : string

    Replacement for the path prefix matched by StringMatch.

For instance, if StringMatch.prefix_match value is /foo and replace_prefix value is /bar, a request with https://example.com/foobaz URI is redirected to https://example.com/barbaz. For StringMatch.exact_match, the whole path is replaced.

removeQuery : bool

Removes URI query.

responseCode : RedirectResponseCode

HTTP status code to use in redirect responses.

Redirects

A listener redirects resource.

httpToHttps : bool

Redirects all unencrypted HTTP requests to the same URI with scheme changed to https.

The setting has the same effect as a single, catch-all HttpRoute with RedirectAction.replace_scheme set to https.

Route

A route resource. For details about the concept, see documentation.

name : string

Name of the route.

One of route

Route configuration.

  • http : HttpRoute

    HTTP route configuration.

  • grpc : GrpcRoute

    gRPC route configuration.

routeOptions : RouteOptions

RouteOptions

modifyRequestHeaders : HeaderModification

Apply the following modifications to the request headers.

modifyResponseHeaders : HeaderModification

Apply the following modifications to the response headers.

rbac : RBAC
securityProfileId : string

Security profile that will take effect to all requests routed via particular virtual host.

SecureTransportSettings

Transport settings to be used instead of the settings configured per-cluster

sni : string

SNI string for TLS connections.

validationContext : ValidationContext

Validation context for backend TLS connections.

SniMatch

A SNI handler resource.

name : string

Name of the SNI handler.

serverNames : string

Server names that are matched by the SNI handler.

handler : TlsHandler

Settings for handling requests with Server Name Indication (SNI) matching one of server_names values.

StorageBucketBackend

A resource for Object Storage bucket used as a backend. For details about the concept, see documentation.

bucket : string

Name of the bucket.

StreamBackend

A stream (TCP) backend resource.

name : string

Name of the backend.

backendWeight : google.protobuf.Int64Value

Backend weight. Traffic is distributed between backends of a backend group according to their weights.

Weights must be set either for all backends in a group or for none of them. Setting no weights is the same as setting equal non-zero weights for all backends.

If the weight is non-positive, traffic is not sent to the backend.

loadBalancingConfig : LoadBalancingConfig

Load balancing configuration for the backend.

port : int64

Port used by all targets to receive traffic.

  • targetGroups : TargetGroupsBackend
    Target groups that belong to the backend. For details about target groups, see

    documentation.

healthchecks : HealthCheck

Health checks to perform on targets from target groups. For details about health checking, see documentation.

If no health checks are specified, active health checking is not performed.

tls : BackendTls

Settings for TLS connections between load balancer nodes and backend targets.

If specified, the load balancer establishes TLS-encrypted TCP connections with targets and compares received certificates with the one specified in BackendTls.validation_context. If not specified, the load balancer establishes unencrypted TCP connections with targets.

enableProxyProtocol : bool

If set, proxy protocol will be enabled for this backend.

StreamBackendGroup

A stream (TCP) backend group resource.

backends : StreamBackend

List of stream (TCP) backends.

  • connection : ConnectionSessionAffinity

    Connection-based session affinity configuration.

For now, a connection is defined only by an IP address of the client.

StreamHandler

A stream (TCP) handler resource.

backendGroupId : string

ID of the backend group processing requests. For details about the concept, see documentation.

The backend group type, specified via BackendGroup.backend, must be stream.

To get the list of all available backend groups, make a BackendGroupService.List request.

idleTimeout : google.protobuf.Duration

The idle timeout is duration during which no data is transmitted or received on either the upstream or downstream connection. If not configured, the default idle timeout is 1 hour. Setting it to 0 disables the timeout.

StreamListener

A stream (TCP) listener resource.

handler : StreamHandler

Settings for handling stream (TCP) requests.

StringMatch

A string matcher resource.

One of match

Match string for either exact or prefix match.

  • exactMatch : string

    Exact match string.

  • prefixMatch : string

    Prefix match string.

  • regexMatch : string

    Regular expression match string.

Target

A target resource. For details about the concept, see documentation.

One of addressType

Reference to the target. As of now, targets must only be referred to by their IP addresses.

  • ipAddress : string

    IP address of the target.

subnetId : string

ID of the subnet that the target is connected to.

privateIpv4Address : bool

If set, will not require subnet_id to validate the target. Instead, the address should belong to one of the following ranges: 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16 Only one of subnet_id or private_ipv4_address should be set.

TargetGroup

A target group resource. For details about the concept, see documentation.

id : string

ID of the target group. Generated at creation time.

name : string

Name of the target group. The name is unique within the folder.

description : string

Description of the target group.

folderId : string

ID of the folder that the target group belongs to.

labels : string

Target group labels as key:value pairs. For details about the concept, see documentation.

targets : Target

List of targets in the target group.

createdAt : google.protobuf.Timestamp

Creation timestamp.

TargetGroupsBackend

A resource for target groups that belong to the backend.

targetGroupIds : string

List of ID's of target groups that belong to the backend.

To get the ID's of all available target groups, make a TargetGroupService.List request.

TargetState

A target state resource.

Status

Supported target statuses.

  • STATUS_UNSPECIFIED

    Supported target statuses.

  • HEALTHY

    All of the health checks specified in [HttpBackend.healthchecks][37] or [GrpcBackend.healthchecks][38] are passed (the number depends on the [HealthCheck.healthy_threshold][39] setting) and the target is ready to receive traffic.

  • PARTIALLY_HEALTHY

    Some of the health checks specified in [HttpBackend.healthchecks][40] or [GrpcBackend.healthchecks][41] failed (the number depends on the [HealthCheck.unhealthy_threshold][42] setting). The target is ready to receive traffic from the load balancer nodes which, based on their health checks, consider the target healthy.

  • UNHEALTHY

    All of the health checks specified in [HttpBackend.healthchecks][43] or [GrpcBackend.healthchecks][44] failed (the number depends on the [HealthCheck.unhealthy_threshold][45] setting) and the target is not receiving traffic.

  • DRAINING

    Target is being deleted and the application load balancer is no longer sending traffic to this target.

  • TIMEOUT

    Supported target statuses.

HealthcheckStatus

Health of the target.

zoneStatuses : ZoneHealthcheckStatus

Statuses of the target in its availability zones.

ZoneHealthcheckStatus

Health of the target in the availability zone.

zoneId : string

ID of the availability zone.

status : Status

Status of the target in the availability zone.

failedActiveHc : bool

Indicates whether the target has been marked UNHEALTHY due to failing active health checks, which determine target statuses as configured in HttpBackend.healthchecks or GrpcBackend.healthchecks.

Currently the only type of health checks is active, as described above. Passive health checks, which determine the health of a target based on its responses to production requests (HTTP 5xx status codes, connection errors etc.), are not implemented yet.

status : HealthcheckStatus

Health of the target, i.e. its statuses in all availability zones.

target : Target

Target.

TlsHandler

A TLS-encrypted (HTTP or TCP stream) handler resource.

One of handler

Settings for handling requests.

  • httpHandler : HttpHandler

    HTTP handler.

  • streamHandler : StreamHandler

    Stream (TCP) handler.

certificateIds : string

ID's of the TLS server certificates from Certificate Manager.

RSA and ECDSA certificates are supported, and only the first certificate of each type is used.

TlsListener

TLS-encrypted (HTTP or TCP stream) listener resource.

defaultHandler : TlsHandler

Settings for handling requests by default, with Server Name Indication (SNI) not matching any of the sni_handlers.

sniHandlers : SniMatch

Settings for handling requests with Server Name Indication (SNI) matching one of SniMatch.server_names values.

ValidationContext

A TLS validation context resource.

One of trustedCa

TLS certificate issued by a trusted certificate authority (CA).

  • trustedCaId : string
  • trustedCaBytes : string

    X.509 certificate contents in PEM format.

VirtualHost

A virtual host resource. For details about the concept, see documentation.

name : string

Name of the virtual host. The name is unique within the HTTP router.

authority : string

List of domains that are attributed to the virtual host.

The host is selected to process the request received by the load balancer if the domain specified in the HTTP/1.1 Host header or the HTTP/2 :authority pseudo-header matches a domain specified in the host.

A wildcard asterisk character (*) matches 0 or more characters.

If not specified, all domains are attributed to the host, which is the same as specifying a * value. An HTTP router must not contain more than one virtual host to which all domains are attributed.

routes : Route

Routes of the virtual host.

A route contains a set of conditions (predicates) that are used by the load balancer to select the route for the request and an action on the request. For details about the concept, see documentation.

The order of routes matters: the first route whose predicate matches the request is selected. The most specific routes should be at the top of the list, so that they are not overridden. For example, if the first HTTP route is configured, via HttpRoute.match, to match paths prefixed with just /, other routes are never matched.

modifyRequestHeaders : HeaderModification

Deprecated, use route_options.modify_request_headers.

modifyResponseHeaders : HeaderModification

Deprecated, use route_options.modify_response_headers.

routeOptions : RouteOptions
rateLimit : RateLimit

RateLimit is a rate limit configuration applied for a whole virtual host.