Mirroring deployment lets you expose a zonal set of load balanced appliances so that mirroring deployment can be used by the mirroring endpoint groups.
This page explains how to create and manage mirroring deployment using the Google Cloud CLI.
Before you begin
- You must enable the Network Security API in your project.
- Install the gcloud CLI if you want to run the
gcloudcommand-line examples in this guide. - You have a mirroring deployment group.
- You have a forwarding rule to direct network traffic to an internal load balancer. For more information, see Set up producer services.
Roles
To get the permissions that you need to create, view, or delete mirroring deployments, ask your administrator to grant you the necessary Identity and Access Management (IAM) roles on your project. For more information about granting roles, see Manage access to projects, folders, and organizations.
To check the progress of the operations listed on this page,
make sure that your user role has the following
Mirroring Deployment Admin role
(roles/networksecurity.mirroringDeploymentAdmin) permissions:
networksecurity.mirroringDeployments.createnetworksecurity.mirroringDeployments.deletenetworksecurity.mirroringDeployments.getnetworksecurity.mirroringDeployments.list
Create a mirroring deployment
Create a mirroring deployment to represent the producer side within a zone and associate it with the mirroring deployment group.
Permissions required for this task
To perform this task, you must have been granted the following permissions or one of the following IAM roles on your organization.
Permissions
networksecurity.mirroringDeployments.create
Roles
networksecurity.mirroringDeploymentAdmin
To create a mirroring deployment, use the
gcloud beta network-security mirroring-deployments create command:
gcloud beta network-security mirroring-deployments \
create DEPLOYMENT \
--location ZONE \
--forwarding-rule FWD_RULE \
--forwarding-rule-location REGION \
--mirroring-deployment-group DEPLOYMENT_GROUP_ID \
--no-async
Replace the following:
DEPLOYMENT: the name of the mirroring deployment; you can specify the name as a string or as a unique URL identifier.ZONE: the zone of the mirroring deploymentFWD_RULE:the forwarding rule to direct network traffic to a load balanceREGION: the region of the forwarding ruleDEPLOYMENT_GROUP_ID: the ID of the mirroring deployment group
View mirroring deployment
You can view the details of a specific mirroring deployment in a project.
Permissions required for this task
To perform this task, you must have been granted the following permissions or one of the following IAM roles on your project.
Permissions
networksecurity.mirroringDeployments.get
Roles
networksecurity.mirroringDeploymentAdminnetworksecurity.mirroringDeploymentViewer
To view details of a mirroring deployment, use the
gcloud beta network-security mirroring-deployments describe command:
gcloud beta network-security mirroring-deployments \
describe DEPLOYMENT \
--location ZONE \
--project PROJECT
Replace the following:
DEPLOYMENT: the name of the mirroring deploymentZONE: the zone of the mirroring deploymentPROJECT: the project name of the mirroring deployment
List mirroring deployments
You can list all the mirroring deployments in a project.
Permissions required for this task
To perform this task, you must have been granted the following permissions or one of the following IAM roles on your organization.
Permissions
networksecurity.mirroringDeployments.list
Roles
networksecurity.mirroringDeploymentAdminnetworksecurity.mirroringDeploymentViewer
To list mirroring deployments, use the
gcloud beta network-security mirroring-deployments list command:
gcloud beta network-security mirroring-deployments list \
--location ZONE \
--project PROJECT
Replace the following:
ZONE: the zone of the mirroring deploymentPROJECT: the name of your mirroring deployment project
Delete a mirroring deployment
You can delete a mirroring deployment by specifying its name, location, and project. However, if a mirroring deployment is referenced by a mirroring deployment group, then it cannot be deleted.
Permissions required for this task
To perform this task, you must have been granted the following permissions or one of the following IAM roles on your organization.
Permissions
networksecurity.mirroringDeployments.delete
Roles
-
networksecurity.mirroringDeploymentAdmin
To delete a mirroring deployment, use the
gcloud beta network-security mirroring-deployments delete command:
gcloud beta network-security mirroring-deployments \
delete DEPLOYMENT \
--location ZONE \
--project PROJECT \
--no-async
Replace the following:
DEPLOYMENT: the name of the mirroring deploymentZONE: the zone of the mirroring deploymentPROJECT: the project name of the mirroring deployment