ComputePacketMirroring

Property Value
Google Cloud Service Name Compute Engine
Google Cloud Service Documentation /compute/docs/
Google Cloud REST Resource Name beta.packetMirrorings
Google Cloud REST Resource Documentation /compute/docs/reference/rest/beta/packetMirrorings
Config Connector Resource Short Names gcpcomputepacketmirroring
gcpcomputepacketmirrorings
computepacketmirroring
Config Connector Service Name compute.googleapis.com
Config Connector Resource Fully Qualified Name computepacketmirrorings.compute.cnrm.cloud.google.com
Can Be Referenced by IAMPolicy/IAMPolicyMember No

Custom Resource Definition Properties

Spec

Schema

  collectorIlb:
    urlRef:
      external: string
      name: string
      namespace: string
  description: string
  enable: string
  filter:
    cidrRanges:
    - string
    direction: string
    ipProtocols:
    - string
  location: string
  mirroredResources:
    instances:
    - canonicalUrl: string
      urlRef:
        external: string
        name: string
        namespace: string
    subnetworks:
    - canonicalUrl: string
      urlRef:
        external: string
        name: string
        namespace: string
    tags:
    - string
  network:
    urlRef:
      external: string
      name: string
      namespace: string
  priority: integer
  projectRef:
    external: string
    name: string
    namespace: string
  resourceID: string
Fields

collectorIlb

Required

object

The Forwarding Rule resource of type `loadBalancingScheme=INTERNAL` that will be used as collector for mirrored traffic. The specified forwarding rule must have `isMirroringCollector` set to true.

collectorIlb.urlRef

Required

object

collectorIlb.urlRef.external

Optional

string

Resource URL to the forwarding rule representing the ILB configured as destination of the mirrored traffic. Allowed value: The `selfLink` field of a `ComputeForwardingRule` resource.

collectorIlb.urlRef.name

Optional

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

collectorIlb.urlRef.namespace

Optional

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

description

Optional

string

An optional description of this resource. Provide this property when you create the resource.

enable

Optional

string

Indicates whether or not this packet mirroring takes effect. If set to FALSE, this packet mirroring policy will not be enforced on the network. The default is TRUE.

filter

Optional

object

Filter for mirrored traffic. If unspecified, all traffic is mirrored.

filter.cidrRanges

Optional

list (string)

IP CIDR ranges that apply as filter on the source (ingress) or destination (egress) IP in the IP header. Only IPv4 is supported. If no ranges are specified, all traffic that matches the specified IPProtocols is mirrored. If neither cidrRanges nor IPProtocols is specified, all traffic is mirrored.

filter.cidrRanges[]

Optional

string

filter.direction

Optional

string

Direction of traffic to mirror, either INGRESS, EGRESS, or BOTH. The default is BOTH.

filter.ipProtocols

Optional

list (string)

Protocols that apply as filter on mirrored traffic. If no protocols are specified, all traffic that matches the specified CIDR ranges is mirrored. If neither cidrRanges nor IPProtocols is specified, all traffic is mirrored.

filter.ipProtocols[]

Optional

string

location

Required

string

Immutable. The location for the resource

mirroredResources

Required

object

PacketMirroring mirroredResourceInfos. MirroredResourceInfo specifies a set of mirrored VM instances, subnetworks and/or tags for which traffic from/to all VM instances will be mirrored.

mirroredResources.instances

Optional

list (object)

A set of virtual machine instances that are being mirrored. They must live in zones contained in the same region as this packetMirroring. Note that this config will apply only to those network interfaces of the Instances that belong to the network specified in this packetMirroring. You may specify a maximum of 50 Instances.

mirroredResources.instances[]

Optional

object

mirroredResources.instances[].canonicalUrl

Optional

string

Immutable. Output only. Unique identifier for the instance; defined by the server.

mirroredResources.instances[].urlRef

Optional

object

mirroredResources.instances[].urlRef.external

Optional

string

Resource URL to the virtual machine instance which is being mirrored. Allowed value: The `selfLink` field of a `ComputeInstance` resource.

mirroredResources.instances[].urlRef.name

Optional

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

mirroredResources.instances[].urlRef.namespace

Optional

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

mirroredResources.subnetworks

Optional

list (object)

Immutable. A set of subnetworks for which traffic from/to all VM instances will be mirrored. They must live in the same region as this packetMirroring. You may specify a maximum of 5 subnetworks.

mirroredResources.subnetworks[]

Optional

object

mirroredResources.subnetworks[].canonicalUrl

Optional

string

Immutable. Output only. Unique identifier for the subnetwork; defined by the server.

mirroredResources.subnetworks[].urlRef

Optional

object

Immutable.

mirroredResources.subnetworks[].urlRef.external

Optional

string

Resource URL to the subnetwork for which traffic from/to all VM instances will be mirrored. Allowed value: The `selfLink` field of a `ComputeSubnetwork` resource.

mirroredResources.subnetworks[].urlRef.name

Optional

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

mirroredResources.subnetworks[].urlRef.namespace

Optional

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

mirroredResources.tags

Optional

list (string)

A set of mirrored tags. Traffic from/to all VM instances that have one or more of these tags will be mirrored.

mirroredResources.tags[]

Optional

string

network

Required

object

Immutable. Specifies the mirrored VPC network. Only packets in this network will be mirrored. All mirrored VMs should have a NIC in the given network. All mirrored subnetworks should belong to the given network.

network.urlRef

Required

object

Immutable.

network.urlRef.external

Optional

string

URL of the network resource. Allowed value: The `selfLink` field of a `ComputeNetwork` resource.

network.urlRef.name

Optional

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

network.urlRef.namespace

Optional

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

priority

Optional

integer

The priority of applying this configuration. Priority is used to break ties in cases where there is more than one matching rule. In the case of two rules that apply for a given Instance, the one with the lowest-numbered priority value wins. Default value is 1000. Valid range is 0 through 65535.

projectRef

Required

object

Immutable. The Project that this resource belongs to.

projectRef.external

Optional

string

The project for the resource Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`).

projectRef.name

Optional

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

projectRef.namespace

Optional

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

resourceID

Optional

string

Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.

Status

Schema

  collectorIlb:
    canonicalUrl: string
  conditions:
  - lastTransitionTime: string
    message: string
    reason: string
    status: string
    type: string
  id: integer
  network:
    canonicalUrl: string
  observedGeneration: integer
  region: string
  selfLink: string
Fields
collectorIlb

object

collectorIlb.canonicalUrl

string

Output only. Unique identifier for the forwarding rule; defined by the server.

conditions

list (object)

Conditions represent the latest available observation of the resource's current state.

conditions[]

object

conditions[].lastTransitionTime

string

Last time the condition transitioned from one status to another.

conditions[].message

string

Human-readable message indicating details about last transition.

conditions[].reason

string

Unique, one-word, CamelCase reason for the condition's last transition.

conditions[].status

string

Status is the status of the condition. Can be True, False, Unknown.

conditions[].type

string

Type is the type of the condition.

id

integer

Output only. The unique identifier for the resource. This identifier is defined by the server.

network

object

network.canonicalUrl

string

Output only. Unique identifier for the network; defined by the server.

observedGeneration

integer

ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.

region

string

URI of the region where the packetMirroring resides.

selfLink

string

Server-defined URL for the resource.

Sample YAML(s)

Typical Use Case

  # Copyright 2021 Google LLC
  #
  # Licensed under the Apache License, Version 2.0 (the "License");
  # you may not use this file except in compliance with the License.
  # You may obtain a copy of the License at
  #
  #     http://www.apache.org/licenses/LICENSE-2.0
  #
  # Unless required by applicable law or agreed to in writing, software
  # distributed under the License is distributed on an "AS IS" BASIS,
  # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  # See the License for the specific language governing permissions and
  # limitations under the License.
  
  apiVersion: compute.cnrm.cloud.google.com/v1beta1
  kind: ComputePacketMirroring
  metadata:
    name: computepacketmirroring-sample
  spec:
    projectRef:
      # Replace "${PROJECT_ID?}" with your project id
      external: "projects/${PROJECT_ID?}"
    location: "us-west2"
    description: "A sample packet mirroring"
    network:
      urlRef:
        name: computepacketmirroring-dep
    priority: 1000
    collectorIlb:
      urlRef:
        name: computepacketmirroring-dep
    mirroredResources:
      subnetworks:
      - urlRef:
          name: computepacketmirroring-dep
      instances:
      - urlRef:
          name: computepacketmirroring-dep
      tags:
      - "tag-one"
    filter:
      cidrRanges:
      - "192.168.0.0/23"
      ipProtocols:
      - "tcp"
      direction: "BOTH"
    enable: "TRUE"
  ---
  apiVersion: compute.cnrm.cloud.google.com/v1beta1
  kind: ComputeBackendService
  metadata:
    name: computepacketmirroring-dep
  spec:
    location: "us-west2"
    loadBalancingScheme: "INTERNAL"
  ---
  apiVersion: compute.cnrm.cloud.google.com/v1beta1
  kind: ComputeForwardingRule
  metadata:
    name: computepacketmirroring-dep
  spec:
    location: "us-west2"
    networkRef:
      name: computepacketmirroring-dep
    subnetworkRef:
      name: computepacketmirroring-dep
    description: "A test mirror collector forwarding rule with internal load balancing scheme"
    loadBalancingScheme: "INTERNAL"
    backendServiceRef:
      name: computepacketmirroring-dep
    networkTier: "PREMIUM"
    allPorts: true
    isMirroringCollector: true
  ---
  apiVersion: compute.cnrm.cloud.google.com/v1beta1
  kind: ComputeInstance
  metadata:
    annotations:
      cnrm.cloud.google.com/allow-stopping-for-update: "true"
    name: computepacketmirroring-dep
  spec:
    zone: "us-west2-a"
    machineType: "zones/us-west2-a/machineTypes/e2-medium"
    bootDisk:
      autoDelete: true
      initializeParams:
        sourceImageRef:
          external: projects/debian-cloud/global/images/debian-10-buster-v20210817
    networkInterface:
    - networkRef:
        name: computepacketmirroring-dep
      subnetworkRef:
        name: computepacketmirroring-dep
  ---
  apiVersion: compute.cnrm.cloud.google.com/v1beta1
  kind: ComputeNetwork
  metadata:
    name: computepacketmirroring-dep
  spec:
    autoCreateSubnetworks: false
  ---
  apiVersion: compute.cnrm.cloud.google.com/v1beta1
  kind: ComputeSubnetwork
  metadata:
    name: computepacketmirroring-dep
  spec:
    networkRef:
      name: computepacketmirroring-dep
    ipCidrRange: "10.168.0.0/20"
    region: us-west2