ComputeForwardingRule

Property Value
Google Cloud Service Name Compute Engine
Google Cloud Service Documentation /compute/docs/
Google Cloud REST Resource Name
v1.forwardingRules
v1.globalForwardingRules
Google Cloud REST Resource Documentation
/compute/docs/reference/rest/v1/forwardingRules
/compute/docs/reference/rest/v1/globalForwardingRules
Config Connector Resource Short Names gcpcomputeforwardingrule
gcpcomputeforwardingrules
computeforwardingrule
Config Connector Service Name compute.googleapis.com
Config Connector Resource Fully Qualified Name computeforwardingrules.compute.cnrm.cloud.google.com
Can Be Referenced by IAMPolicy/IAMPolicyMember No

ComputeForwardingRule can manage both global and regional forwarding rules. To manage a global ComputeForwardingRule use a value of global in the spec.location field. To manage a regional ComputeForwardingRule, use a region name in the spec.location field.

Custom Resource Definition Properties

Annotations

Fields
cnrm.cloud.google.com/project-id

Spec

Schema

  allPorts: boolean
  allowGlobalAccess: boolean
  backendServiceRef:
    external: string
    name: string
    namespace: string
  description: string
  ipAddress:
    addressRef:
      external: string
      name: string
      namespace: string
    ip: string
  ipProtocol: string
  ipVersion: string
  isMirroringCollector: boolean
  loadBalancingScheme: string
  location: string
  metadataFilters:
  - filterLabels:
    - name: string
      value: string
    filterMatchCriteria: string
  networkRef:
    external: string
    name: string
    namespace: string
  networkTier: string
  portRange: string
  ports:
  - string
  resourceID: string
  serviceLabel: string
  subnetworkRef:
    external: string
    name: string
    namespace: string
  target:
    targetGRPCProxyRef:
      external: string
      name: string
      namespace: string
    targetHTTPProxyRef:
      external: string
      name: string
      namespace: string
    targetHTTPSProxyRef:
      external: string
      name: string
      namespace: string
    targetSSLProxyRef:
      external: string
      name: string
      namespace: string
    targetTCPProxyRef:
      external: string
      name: string
      namespace: string
    targetVPNGatewayRef:
      external: string
      name: string
      namespace: string
Fields

allPorts

Optional

boolean

Immutable. For internal TCP/UDP load balancing (i.e. load balancing scheme is INTERNAL and protocol is TCP/UDP), set this to true to allow packets addressed to any ports to be forwarded to the backends configured with this forwarding rule. Used with backend service. Cannot be set if port or portRange are set.

allowGlobalAccess

Optional

boolean

If true, clients can access ILB from all regions. Otherwise only allows from the local region the ILB is located at.

backendServiceRef

Optional

object

A ComputeBackendService to receive the matched traffic. This is used only for internal load balancing.

backendServiceRef.external

Optional

string

The selfLink of a ComputeBackendService.

backendServiceRef.name

Optional

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

backendServiceRef.namespace

Optional

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

description

Optional

string

Immutable. An optional description of this resource. Provide this property when you create the resource.

ipAddress

Optional

object

The IP address that this forwarding rule is serving on behalf of. Addresses are restricted based on the forwarding rule's load balancing scheme (EXTERNAL or INTERNAL) and scope (global or regional). When the load balancing scheme is EXTERNAL, for global forwarding rules, the address must be a global IP, and for regional forwarding rules, the address must live in the same region as the forwarding rule. If this field is empty, an ephemeral IPv4 address from the same scope (global or regional) will be assigned. A regional forwarding rule supports IPv4 only. A global forwarding rule supports either IPv4 or IPv6. When the load balancing scheme is INTERNAL, this can only be an RFC 1918 IP address belonging to the network/subnet configured for the forwarding rule. By default, if this field is empty, an ephemeral internal IP address will be automatically allocated from the IP range of the subnet or network configured for this forwarding rule.

ipAddress.addressRef

Optional

object

ipAddress.addressRef.external

Optional

string

The address of a ComputeAddress.

ipAddress.addressRef.name

Optional

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

ipAddress.addressRef.namespace

Optional

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

ipAddress.ip

Optional

string

ipProtocol

Optional

string

Immutable. The IP protocol to which this rule applies. When the load balancing scheme is INTERNAL, only TCP and UDP are valid. Possible values: ["TCP", "UDP", "ESP", "AH", "SCTP", "ICMP"]

ipVersion

Optional

string

Immutable. The IP Version that will be used by this global forwarding rule. Possible values: ["IPV4", "IPV6"]

isMirroringCollector

Optional

boolean

Immutable. Indicates whether or not this load balancer can be used as a collector for packet mirroring. To prevent mirroring loops, instances behind this load balancer will not have their traffic mirrored even if a PacketMirroring rule applies to them. This can only be set to true for load balancers that have their loadBalancingScheme set to INTERNAL.

loadBalancingScheme

Optional

string

Immutable. This signifies what the ForwardingRule will be used for and can be EXTERNAL, INTERNAL, or INTERNAL_MANAGED. EXTERNAL is used for Classic Cloud VPN gateways, protocol forwarding to VMs from an external IP address, and HTTP(S), SSL Proxy, TCP Proxy, and Network TCP/UDP load balancers. INTERNAL is used for protocol forwarding to VMs from an internal IP address, and internal TCP/UDP load balancers. INTERNAL_MANAGED is used for internal HTTP(S) load balancers. Default value: "EXTERNAL" Possible values: ["EXTERNAL", "INTERNAL", "INTERNAL_MANAGED"]

location

Required

string

Location represents the geographical location of the ComputeForwardingRule. Specify a region name or "global" for global resources. Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)

metadataFilters

Optional

list (object)

Immutable. Opaque filter criteria used by Loadbalancer to restrict routing configuration to a limited set xDS compliant clients. In their xDS requests to Loadbalancer, xDS clients present node metadata. If a match takes place, the relevant routing configuration is made available to those proxies. For each metadataFilter in this list, if its filterMatchCriteria is set to MATCH_ANY, at least one of the filterLabels must match the corresponding label provided in the metadata. If its filterMatchCriteria is set to MATCH_ALL, then all of its filterLabels must match with corresponding labels in the provided metadata. metadataFilters specified here can be overridden by those specified in the UrlMap that this ForwardingRule references. metadataFilters only applies to Loadbalancers that have their loadBalancingScheme set to INTERNAL_SELF_MANAGED.

metadataFilters.[]

Optional

object

metadataFilters.[].filterLabels

Required*

list (object)

Immutable. The list of label value pairs that must match labels in the provided metadata based on filterMatchCriteria This list must not be empty and can have at the most 64 entries.

metadataFilters.[].filterLabels.[]

Required*

object

metadataFilters.[].filterLabels.[].name

Required*

string

Immutable. Name of the metadata label. The length must be between 1 and 1024 characters, inclusive.

metadataFilters.[].filterLabels.[].value

Required*

string

Immutable. The value that the label must match. The value has a maximum length of 1024 characters.

metadataFilters.[].filterMatchCriteria

Required*

string

Immutable. Specifies how individual filterLabel matches within the list of filterLabels contribute towards the overall metadataFilter match. MATCH_ANY - At least one of the filterLabels must have a matching label in the provided metadata. MATCH_ALL - All filterLabels must have matching labels in the provided metadata. Possible values: ["MATCH_ANY", "MATCH_ALL"]

networkRef

Optional

object

This field is not used for external load balancing. For internal load balancing, this field identifies the network that the load balanced IP should belong to for this forwarding rule. If this field is not specified, the default network will be used.

networkRef.external

Optional

string

The selfLink of a ComputeNetwork.

networkRef.name

Optional

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

networkRef.namespace

Optional

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

networkTier

Optional

string

Immutable. The networking tier used for configuring this address. If this field is not specified, it is assumed to be PREMIUM. Possible values: ["PREMIUM", "STANDARD"]

portRange

Optional

string

Immutable. This field is used along with the target field for TargetHttpProxy, TargetHttpsProxy, TargetSslProxy, TargetTcpProxy, TargetVpnGateway, TargetPool, TargetInstance. Applicable only when IPProtocol is TCP, UDP, or SCTP, only packets addressed to ports in the specified range will be forwarded to target. Forwarding rules with the same [IPAddress, IPProtocol] pair must have disjoint port ranges. Some types of forwarding target have constraints on the acceptable ports: * TargetHttpProxy: 80, 8080 * TargetHttpsProxy: 443 * TargetTcpProxy: 25, 43, 110, 143, 195, 443, 465, 587, 700, 993, 995, 1883, 5222 * TargetSslProxy: 25, 43, 110, 143, 195, 443, 465, 587, 700, 993, 995, 1883, 5222 * TargetVpnGateway: 500, 4500

ports

Optional

list (string)

Immutable. This field is used along with the backend_service field for internal load balancing. When the load balancing scheme is INTERNAL, a single port or a comma separated list of ports can be configured. Only packets addressed to these ports will be forwarded to the backends configured with this forwarding rule. You may specify a maximum of up to 5 ports.

ports.[]

Optional

string

resourceID

Optional

string

Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.

serviceLabel

Optional

string

Immutable. An optional prefix to the service name for this Forwarding Rule. If specified, will be the first label of the fully qualified service name. The label must be 1-63 characters long, and comply with RFC1035. Specifically, the label must be 1-63 characters long and match the regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. This field is only used for INTERNAL load balancing.

subnetworkRef

Optional

object

The subnetwork that the load balanced IP should belong to for this forwarding rule. This field is only used for internal load balancing. If the network specified is in auto subnet mode, this field is optional. However, if the network is in custom subnet mode, a subnetwork must be specified.

subnetworkRef.external

Optional

string

The name of a ComputeSubnetwork.

subnetworkRef.name

Optional

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

subnetworkRef.namespace

Optional

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

target

Optional

object

The target resource to receive the matched traffic. The forwarded traffic must be of a type appropriate to the target object. For INTERNAL_SELF_MANAGED load balancing, only HTTP and HTTPS targets are valid.

target.targetGRPCProxyRef

Optional

object

target.targetGRPCProxyRef.external

Optional

string

The selfLink of a ComputeTargetGRPCProxy.

target.targetGRPCProxyRef.name

Optional

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

target.targetGRPCProxyRef.namespace

Optional

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

target.targetHTTPProxyRef

Optional

object

target.targetHTTPProxyRef.external

Optional

string

The selfLink of a ComputeTargetHTTPProxy.

target.targetHTTPProxyRef.name

Optional

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

target.targetHTTPProxyRef.namespace

Optional

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

target.targetHTTPSProxyRef

Optional

object

target.targetHTTPSProxyRef.external

Optional

string

The selfLink of a ComputeTargetHTTPSProxy.

target.targetHTTPSProxyRef.name

Optional

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

target.targetHTTPSProxyRef.namespace

Optional

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

target.targetSSLProxyRef

Optional

object

target.targetSSLProxyRef.external

Optional

string

The selfLink of a ComputeTargetSSLProxy.

target.targetSSLProxyRef.name

Optional

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

target.targetSSLProxyRef.namespace

Optional

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

target.targetTCPProxyRef

Optional

object

target.targetTCPProxyRef.external

Optional

string

The selfLink of a ComputeTargetTCPProxy.

target.targetTCPProxyRef.name

Optional

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

target.targetTCPProxyRef.namespace

Optional

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

target.targetVPNGatewayRef

Optional

object

target.targetVPNGatewayRef.external

Optional

string

The selfLink of a ComputeTargetVPNGateway.

target.targetVPNGatewayRef.name

Optional

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

target.targetVPNGatewayRef.namespace

Optional

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

* Field is required when parent field is specified

Status

Schema

  conditions:
  - lastTransitionTime: string
    message: string
    reason: string
    status: string
    type: string
  creationTimestamp: string
  labelFingerprint: string
  observedGeneration: integer
  selfLink: string
  serviceName: string
Fields
conditions

list (object)

Conditions represent the latest available observation of the resource's current state.

conditions.[]

object

conditions.[].lastTransitionTime

string

Last time the condition transitioned from one status to another.

conditions.[].message

string

Human-readable message indicating details about last transition.

conditions.[].reason

string

Unique, one-word, CamelCase reason for the condition's last transition.

conditions.[].status

string

Status is the status of the condition. Can be True, False, Unknown.

conditions.[].type

string

Type is the type of the condition.

creationTimestamp

string

Creation timestamp in RFC3339 text format.

labelFingerprint

string

The fingerprint used for optimistic locking of this resource. Used internally during updates.

observedGeneration

integer

ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.

selfLink

string

serviceName

string

The internal fully qualified service name for this Forwarding Rule. This field is only used for INTERNAL load balancing.

Sample YAML(s)

Global Forwarding Rule With Target Http Proxy

  # Copyright 2020 Google LLC
  #
  # Licensed under the Apache License, Version 2.0 (the "License");
  # you may not use this file except in compliance with the License.
  # You may obtain a copy of the License at
  #
  #     http://www.apache.org/licenses/LICENSE-2.0
  #
  # Unless required by applicable law or agreed to in writing, software
  # distributed under the License is distributed on an "AS IS" BASIS,
  # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  # See the License for the specific language governing permissions and
  # limitations under the License.
  
  apiVersion: compute.cnrm.cloud.google.com/v1beta1
  kind: ComputeForwardingRule
  metadata:
    labels:
      label-one: "value-one"
    name: computeforwardingrule-sample-global-with-target-http-proxy
  spec:
    description: "A global forwarding rule"
    target:
      targetHTTPProxyRef:
        name: computeforwardingrule-dep-global-with-target-http-proxy
    portRange: "80"
    ipProtocol: "TCP"
    ipVersion: "IPV4"
    location: global
  ---
  apiVersion: compute.cnrm.cloud.google.com/v1beta1
  kind: ComputeBackendService
  metadata:
    name: computeforwardingrule-dep-global-with-target-http-proxy
  spec:
    healthChecks:
      - healthCheckRef:
          name: computeforwardingrule-dep-global-with-target-http-proxy
    location: global
  ---
  apiVersion: compute.cnrm.cloud.google.com/v1beta1
  kind: ComputeHealthCheck
  metadata:
    name: computeforwardingrule-dep-global-with-target-http-proxy
  spec:
    checkIntervalSec: 10
    httpHealthCheck:
      port: 80
    location: global
  ---
  apiVersion: compute.cnrm.cloud.google.com/v1beta1
  kind: ComputeTargetHTTPProxy
  metadata:
    name: computeforwardingrule-dep-global-with-target-http-proxy
  spec:
    urlMapRef:
      name: computeforwardingrule-dep-global-with-target-http-proxy
    location: global
  ---
  apiVersion: compute.cnrm.cloud.google.com/v1beta1
  kind: ComputeURLMap
  metadata:
    name: computeforwardingrule-dep-global-with-target-http-proxy
  spec:
    defaultService:
      backendServiceRef:
        name: computeforwardingrule-dep-global-with-target-http-proxy
    location: global

Global Forwarding Rule With Target Ssl Proxy

  # Copyright 2020 Google LLC
  #
  # Licensed under the Apache License, Version 2.0 (the "License");
  # you may not use this file except in compliance with the License.
  # You may obtain a copy of the License at
  #
  #     http://www.apache.org/licenses/LICENSE-2.0
  #
  # Unless required by applicable law or agreed to in writing, software
  # distributed under the License is distributed on an "AS IS" BASIS,
  # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  # See the License for the specific language governing permissions and
  # limitations under the License.
  
  apiVersion: compute.cnrm.cloud.google.com/v1beta1
  kind: ComputeForwardingRule
  metadata:
    labels:
      label-one: "value-one"
    name: computeforwardingrule-sample-global-with-target-ssl-proxy
  spec:
    description: "A global forwarding rule"
    target:
      targetSSLProxyRef:
        name: computeforwardingrule-dep-global-with-target-ssl-proxy
    portRange: "995"
    ipProtocol: "TCP"
    ipVersion: "IPV4"
    location: global
  ---
  apiVersion: compute.cnrm.cloud.google.com/v1beta1
  kind: ComputeBackendService
  metadata:
    name: computeforwardingrule-dep-global-with-target-ssl-proxy
  spec:
    healthChecks:
      - healthCheckRef:
          name: computeforwardingrule-dep-global-with-target-ssl-proxy
    protocol: TCP
    location: global
  ---
  apiVersion: compute.cnrm.cloud.google.com/v1beta1
  kind: ComputeHealthCheck
  metadata:
    name: computeforwardingrule-dep-global-with-target-ssl-proxy
  spec:
    checkIntervalSec: 10
    sslHealthCheck:
      port: 995
    location: global
  ---
  apiVersion: compute.cnrm.cloud.google.com/v1beta1
  kind: ComputeSSLCertificate
  metadata:
    name: computeforwardingrule-dep-global-with-target-ssl-proxy
  spec:
    location: global
    description: example compute SSL certificate
    certificate:
      valueFrom:
        secretKeyRef:
          name: computeforwardingrule-dep-global-with-target-ssl-proxy
          key: certificate
    privateKey:
      valueFrom:
        secretKeyRef:
          name: computeforwardingrule-dep-global-with-target-ssl-proxy
          key: privateKey
  ---
  apiVersion: compute.cnrm.cloud.google.com/v1beta1
  kind: ComputeTargetSSLProxy
  metadata:
    name: computeforwardingrule-dep-global-with-target-ssl-proxy
  spec:
    backendServiceRef:
      name: computeforwardingrule-dep-global-with-target-ssl-proxy
    sslCertificates:
      - name: computeforwardingrule-dep-global-with-target-ssl-proxy
  ---
  apiVersion: v1
  kind: Secret
  metadata:
    name: computeforwardingrule-dep-global-with-target-ssl-proxy
  stringData:
    certificate: |
      -----BEGIN CERTIFICATE-----
      MIIDJTCCAg0CFHdD3ZGYMCmF3O4PvMwsP5i8d/V0MA0GCSqGSIb3DQEBCwUAME8x
      CzAJBgNVBAYTAlVTMQswCQYDVQQIDAJXQTEhMB8GA1UECgwYSW50ZXJuZXQgV2lk
      Z2l0cyBQdHkgTHRkMRAwDgYDVQQDDAdFeGFtcGxlMB4XDTE5MDkyOTIyMjgyOVoX
      DTIwMDkyODIyMjgyOVowTzELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAldBMSEwHwYD
      VQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxEDAOBgNVBAMMB0V4YW1wbGUw
      ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDWLvOZIail12i6NXIqOspV
      corkuS1Nl0ayrl0VuKHCvheun/s7lLLgEfifzRueYlSUtdGg4atWIwEKsbIE+AF9
      uUTzkq/t6zHxFAAWgVZ6/hW696jqcZX3yU+LCuHPLSN0ruqD6ZygnYDVciDmYwxe
      601xNfOOYRlm6dGRx6uTxGDZtfu8zsaNI0UxTugTp2x5cKB66SbgdlIJvc2Hb54a
      7qOsb9CIf+rrK2xUdJUj4ueUEIMxjnY2u/Dc71SgfBVn+yFfN9MHNdcTWPXEUClE
      Fxd/MB3dGn7hVavXyvy3NT4tWhBgYBphfEUudDFej5MmVq56JOEQ2UtaQ+Imscud
      AgMBAAEwDQYJKoZIhvcNAQELBQADggEBAMYTQyjVlo6TCYoyK6akjPX7vRiwCCAh
      jqsEu3bZqwUreOhZgRAyEXrq68dtXwTbwdisQmnhpBeBQuX4WWeas9TiycZ13TA1
      Z+h518D9OVXjrNs7oE3QNFeTom807IW16YydlrZMLKO8mQg6/BXfSHbLwuQHSIYS
      JD+uOfnkr08ORBbLGgBKKpy7ngflIkdSrQPmCYmYlvoy+goMAEVi0K3Y1wVzAF4k
      O4v8f7GXkNarsFT1QM82JboVV5uwX+uDmi858WKDHYGv2Ypv6yy93vdV0Xt/IBj3
      95/RDisBzcL7Ynpl34AAr5MLm7yCSsPrAmgevX4BOtcVc4rSXj5rcoE=
      -----END CERTIFICATE-----
    privateKey: |
      -----BEGIN RSA PRIVATE KEY-----
      MIIEpQIBAAKCAQEA1i7zmSGopddoujVyKjrKVXKK5LktTZdGsq5dFbihwr4Xrp/7
      O5Sy4BH4n80bnmJUlLXRoOGrViMBCrGyBPgBfblE85Kv7esx8RQAFoFWev4Vuveo
      6nGV98lPiwrhzy0jdK7qg+mcoJ2A1XIg5mMMXutNcTXzjmEZZunRkcerk8Rg2bX7
      vM7GjSNFMU7oE6dseXCgeukm4HZSCb3Nh2+eGu6jrG/QiH/q6ytsVHSVI+LnlBCD
      MY52Nrvw3O9UoHwVZ/shXzfTBzXXE1j1xFApRBcXfzAd3Rp+4VWr18r8tzU+LVoQ
      YGAaYXxFLnQxXo+TJlaueiThENlLWkPiJrHLnQIDAQABAoIBAQDMo/WZlQBG3Cay
      64fV83AI7jTozkkLvoMNC+3iaBMeN3P3I+HuDmhOEL2lKVq/HKJFp+bPuW50EWPY
      bOlzN+Zs0kygEMJJJxQDjCF9XzxarVPj3OcmgTpRkqWOaupPgYhD3zAws080YuiK
      h84Jcg+KzXWjunGn0vxrSPI0QDueJR2i03tEDBAtMZ0pvAsJ0gmXRdzGOc2uRzDm
      fbS3y/JIufClO28OzjJ5AJkbc9XgRDeCDOFY2D375bCg2boPYmP7Iw0HVU3RQhcr
      t+US27VQBRJF4cQ2CCyr0ZbdaPn41v+/A/qxF6ZPguyy+KoyQjCqK8iFArRQ48hJ
      cR2pFx4hAoGBAP2uXIJAdAemrOunv2CWlUHI2iHj/kJ1AXRMpiT+eF0US9E6tipE
      mL63HkUhiAs2nJnPi3RDxP+kAO2Z3anqjm1KCeGj+IYYZMavnkC8EVybv9lDwORy
      e2O1bfRc/tGa341KmvXLbp8oVMIYIvKz2cZmHGJ4V4DTq8dTvmqoE4/VAoGBANgk
      KWY5MJToZJJ5bV0mc2stmGt/IAZZPlKjVmKOjDyzqHRLAhsmbMyUhhgZtyj0dzSW
      ILEeaEJknYRrOB48D6IqkB8VnFJyHUG8l+Za41adqRQNid0S5n50/+eYbjZpYCrA
      SGmC2dhPZvRD6tOyEEJF5PZMvqxDcNRilc627HipAoGBAKzqrSQbyvtsIXKAZXLx
      McwlnIp9XlLubo9Xr+iHjIPl0chMvN8S4wscxwVYVeNO1nABiI03pJCcugU7XFz2
      BR952EJ2AnFlL0w/aR+3Eh6OC7eM927Amlrc0JZAzXESoE8vC3F/uWfDlgK3cRr+
      fPM/pxl37i1iGzVDYAhTiQIBAoGAPW25nmXumsOZoc+E945wCywAP7z3mxZOEip9
      6LDexnnBDJws0w6OqW4k1kCov6kLIBTy4aPkucniwrm+T0l+n/Y807jOntfz3LT+
      7ucx6XIRlbNrVTuD6rjR6j52RFyaikvvyJz50PJwLkgHO3dGC6/VrPKO1mKsdJA4
      R3HRr1ECgYEAobNQbQSLrSWZ1cozJbmNgRqqvxDNSEDi8LpXukOAw4pz1km7o3ob
      hCy1ksfFzsp5glYqwZd/Bahk64u3mII+rKoYwYLrH2l2aFDmMbdTfQUycpQZyi3+
      VtGS1PFoKx9fSFDNHhR5ZhfasQcuKHYfeFfO2/DoOxQkNCI1y4I2huo=
      -----END RSA PRIVATE KEY-----

Global Forwarding Rule With Target Tcp Proxy

  # Copyright 2020 Google LLC
  #
  # Licensed under the Apache License, Version 2.0 (the "License");
  # you may not use this file except in compliance with the License.
  # You may obtain a copy of the License at
  #
  #     http://www.apache.org/licenses/LICENSE-2.0
  #
  # Unless required by applicable law or agreed to in writing, software
  # distributed under the License is distributed on an "AS IS" BASIS,
  # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  # See the License for the specific language governing permissions and
  # limitations under the License.
  
  apiVersion: compute.cnrm.cloud.google.com/v1beta1
  kind: ComputeForwardingRule
  metadata:
    labels:
      label-one: "value-one"
    name: computeforwardingrule-sample-global-with-target-tcp-proxy
  spec:
    description: "A global forwarding rule"
    target:
      targetTCPProxyRef:
        name: computeforwardingrule-dep-global-with-target-tcp-proxy
    portRange: "110"
    ipProtocol: "TCP"
    ipVersion: "IPV4"
    location: global
  ---
  apiVersion: compute.cnrm.cloud.google.com/v1beta1
  kind: ComputeBackendService
  metadata:
    name: computeforwardingrule-dep-global-with-target-tcp-proxy
  spec:
    healthChecks:
      - healthCheckRef:
          name: computeforwardingrule-dep-global-with-target-tcp-proxy
    protocol: TCP
    location: global
  ---
  apiVersion: compute.cnrm.cloud.google.com/v1beta1
  kind: ComputeHealthCheck
  metadata:
    name: computeforwardingrule-dep-global-with-target-tcp-proxy
  spec:
    checkIntervalSec: 10
    tcpHealthCheck:
      port: 110
    location: global
  ---
  apiVersion: compute.cnrm.cloud.google.com/v1beta1
  kind: ComputeTargetTCPProxy
  metadata:
    name: computeforwardingrule-dep-global-with-target-tcp-proxy
  spec:
    backendServiceRef:
      name: computeforwardingrule-dep-global-with-target-tcp-proxy

Global Forwarding Rule With Target gRPC Proxy

  # Copyright 2021 Google LLC
  #
  # Licensed under the Apache License, Version 2.0 (the "License");
  # you may not use this file except in compliance with the License.
  # You may obtain a copy of the License at
  #
  #     http://www.apache.org/licenses/LICENSE-2.0
  #
  # Unless required by applicable law or agreed to in writing, software
  # distributed under the License is distributed on an "AS IS" BASIS,
  # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  # See the License for the specific language governing permissions and
  # limitations under the License.
  
  apiVersion: compute.cnrm.cloud.google.com/v1beta1
  kind: ComputeForwardingRule
  metadata:
    labels:
      label-one: "value-one"
    name: computeforwardingrule-sample-global-with-grpc-proxy
  spec:
    description: "A global forwarding rule"
    target:
      targetGRPCProxyRef:
        name: computeforwardingrule-dep-global-with-grpc-proxy
    loadBalancingScheme: INTERNAL_SELF_MANAGED
    ipAddress:
      ip: "0.0.0.0"
    portRange: "80"
    ipProtocol: "TCP"
    location: global
  ---
  apiVersion: compute.cnrm.cloud.google.com/v1beta1
  kind: ComputeBackendService
  metadata:
    name: computeforwardingrule-dep-global-with-grpc-proxy
  spec:
    location: global
    loadBalancingScheme: INTERNAL_SELF_MANAGED
    protocol: GRPC
  ---
  apiVersion: compute.cnrm.cloud.google.com/v1beta1
  kind: ComputeTargetGRPCProxy
  metadata:
    name: computeforwardingrule-dep-global-with-grpc-proxy
  spec:
    description: A target gRPC proxy intended for load balancing gRPC traffic, referenced by global forwarding rules. References a URL map which specifies how traffic routes to gRPC backend services.
    urlMapRef:
      name: computeforwardingrule-dep-global-with-grpc-proxy
    validateForProxyless: true
  ---
  apiVersion: compute.cnrm.cloud.google.com/v1beta1
  kind: ComputeURLMap
  metadata:
    name: computeforwardingrule-dep-global-with-grpc-proxy
  spec:
    location: global
    defaultService:
      backendServiceRef:
        name: computeforwardingrule-dep-global-with-grpc-proxy

Regional Forwarding Rule

  # Copyright 2020 Google LLC
  #
  # Licensed under the Apache License, Version 2.0 (the "License");
  # you may not use this file except in compliance with the License.
  # You may obtain a copy of the License at
  #
  #     http://www.apache.org/licenses/LICENSE-2.0
  #
  # Unless required by applicable law or agreed to in writing, software
  # distributed under the License is distributed on an "AS IS" BASIS,
  # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  # See the License for the specific language governing permissions and
  # limitations under the License.
  
  apiVersion: compute.cnrm.cloud.google.com/v1beta1
  kind: ComputeForwardingRule
  metadata:
    labels:
      label-one: "value-one"
    name: computeforwardingrule-sample-regional
  spec:
    description: "A regional forwarding rule"
    target:
      targetVPNGatewayRef:
        name: computeforwardingrule-dep-regional
    ipProtocol: "ESP"
    location: us-central1
    ipAddress:
      addressRef:
        name: computeforwardingrule-dep-regional
  ---
  apiVersion: compute.cnrm.cloud.google.com/v1beta1
  kind: ComputeAddress
  metadata:
    name: computeforwardingrule-dep-regional
    labels:
      label-one: "value-one"
  spec:
    location: us-central1
  ---
  apiVersion: compute.cnrm.cloud.google.com/v1beta1
  kind: ComputeNetwork
  metadata:
    name: computeforwardingrule-dep-regional
  spec:
    routingMode: REGIONAL
    autoCreateSubnetworks: false
  ---
  apiVersion: compute.cnrm.cloud.google.com/v1beta1
  kind: ComputeTargetVPNGateway
  metadata:
    name: computeforwardingrule-dep-regional
  spec:
    description: a regional target vpn gateway
    region: us-central1
    networkRef:
      name: computeforwardingrule-dep-regional