Create a mirroring deployment group to represent the producer services across different zones within a project.
This page explains how to configure the mirroring deployment groups by using the Google Cloud CLI.
Before you begin
- You must enable the Network Security API in your project.
- Install the gcloud CLI if you want to run the
gcloudcommand-line examples in this guide.
Roles
To get the permissions that you need to create, view, or delete mirroring deployment groups, ask your administrator to grant you the necessary Identity and Access Management (IAM) roles on your project. For more information about granting roles, see Manage access to projects, folders, and organizations.
To check the progress of the operations listed on this page,
make sure that your user role has the following
Mirroring Deployment Admin role
(roles/networksecurity.mirroringDeploymentAdmin) permissions:
networksecurity.mirroringDeployments.createnetworksecurity.mirroringDeployments.deletenetworksecurity.mirroringDeployments.getnetworksecurity.mirroringDeployments.list
Create a mirroring deployment group
The mirroring deployment group is a collection of mirroring deployments. You create a mirroring deployment group across different locations within a project. The deployment group references the network in which all deployments are created.
When you create a mirroring deployment group, you can specify the name of the mirroring deployment group as a string or as a unique URL identifier. The unique URL for a project-scoped mirroring deployment group can be constructed in the following format:
projects/PROJECT_ID /locations/global/mirroringDeploymentGroups/DEPLOYMENT_GROUP_ID
Replace the following:
PROJECT_ID: ID of the project.DEPLOYMENT_GROUP_ID: ID of the mirroring deployment group.
If you use a unique URL identifier for the mirroring deployment group name, the project and location of the mirroring deployment group is already included in the URL identifier. However, if you use only the mirroring deployment group name, you must specify the project and location separately. For more information about unique URL identifiers, see mirroring deployment group specifications.
Permissions required for this task
To perform this task, you must have been granted the following permissions or one of the following IAM roles on your project.
Permissions
networksecurity.mirroringDeploymentGroups.create
Roles
networksecurity.mirroringDeploymentAdmin
To create a mirroring deployment group, use the
gcloud beta network-security mirroring-deployment-groups create command:
gcloud beta network-security mirroring-deployment-groups \
create DEPLOYMENT_GROUP \
--location global \
--project PROJECT \
--network NETWORK \
--no-async
Replace the following:
DEPLOYMENT_GROUP: the name of the mirroring deployment group; you can specify the name as a string or as a unique URL identifier.PROJECT: the project name of the mirroring deployment group.NETWORK: the name of your network.
View a mirroring deployment group
You can view the details of a specific mirroring deployment group in a project.
Permissions required for this task
To perform this task, you must have been granted the following permissions or one of the following IAM roles on your project.
Permissions
networksecurity.mirroringDeploymentGroups.get
Roles
networksecurity.mirroringDeploymentAdminnetworksecurity.mirroringDeploymentViewer
To view details of a mirroring deployment group, use the
gcloud beta network-security mirroring-deployment-groups describe command:
gcloud beta network-security mirroring-deployment-groups \
describe DEPLOYMENT_GROUP \
--project PROJECT \
--location global
Replace the following:
DEPLOYMENT_GROUP: the name of the mirroring deployment group.PROJECT: the project name of the mirroring deployment group.
List mirroring deployments
You can list all the mirroring deployment groups in your project.
Permissions required for this task
To perform this task, you must have been granted the following permissions or one of the following IAM roles on your organization.
Permissions
networksecurity.mirroringDeploymentGroups.list
Roles
networksecurity.mirroringDeploymentAdminnetworksecurity.mirroringDeploymentViewer
To list mirroring deployment groups, use the
gcloud beta network-security mirroring-deployment-groups list command:
gcloud beta network-security mirroring-deployment-groups list \
--project PROJECT
Replace PROJECTwith the name of the project where
the mirroring deployment groups is created.
Delete a mirroring deployment group
You can delete a mirroring deployment by specifying its name, location, and project. However, if a mirroring deployment group is referenced by a mirroring deployment then it cannot be deleted.
Permissions required for this task
To perform this task, you must have been granted the following permissions or one of the following IAM roles on your organization.
Permissions
networksecurity.mirroringDeploymentGroups.delete
Roles
-
networksecurity.mirroringDeploymentAdmin
To delete a mirroring deployment group, use the
gcloud beta network-security mirroring-deployment-groups delete command:
gcloud beta network-security mirroring-deployment-groups \
delete DEPLOYMENT_GROUP \
--location global \
--projects PROJECT \
--no-async
Replace the following:
DEPLOYMENT_GROUP: the name of the mirroring deployment group that you want to delete.PROJECT: the project name of the mirroring deployment group.