--account <ACCOUNT> | Google Cloud Platform user account to use for invocation. Overrides the default *core/account* property value for this command invocation |
--affinity-cookie-ttl <AFFINITY_COOKIE_TTL> | If session-affinity is set to "generated_cookie", this flag sets
the TTL, in seconds, of the resulting cookie. A setting of 0
indicates that the cookie should be transient.
See $ gcloud topic datetimes for information on duration formats |
--billing-project <BILLING_PROJECT> | The Google Cloud Platform project that will be charged quota for operations performed in gcloud. If you need to operate on one project, but need quota against a different project, you can use this flag to specify the billing project. If both `billing/quota_project` and `--billing-project` are specified, `--billing-project` takes precedence. Run `$ gcloud config set --help` to see more information about `billing/quota_project` |
--cache-key-include-host | Enable including host in cache key. If enabled, requests to different
hosts will be cached separately. Can only be applied for global resources. Enabled by default, use *--no-cache-key-include-host* to disable |
--cache-key-include-protocol | Enable including protocol in cache key. If enabled, http and https
requests will be cached separately. Can only be applied for global
resources. Enabled by default, use *--no-cache-key-include-protocol* to disable |
--cache-key-include-query-string | Enable including query string in cache key. If enabled, the query string
parameters will be included according to
--cache-key-query-string-whitelist and
--cache-key-query-string-blacklist. If neither is set, the entire query
string will be included. If disabled, then the entire query string will
be excluded. Can only be applied for global resources. Enabled by default, use *--no-cache-key-include-query-string* to disable |
--cache-key-query-string-blacklist <QUERY_STRING> | Specifies a comma separated list of query string parameters to exclude
in cache keys. All other parameters will be included. Either specify
--cache-key-query-string-whitelist or --cache-key-query-string-blacklist,
not both. '&' and '=' will be percent encoded and not treated as
delimiters. Can only be applied for global resources |
--cache-key-query-string-whitelist <QUERY_STRING> | Specifies a comma separated list of query string parameters to include
in cache keys. All other parameters will be excluded. Either specify
--cache-key-query-string-whitelist or --cache-key-query-string-blacklist,
not both. '&' and '=' will be percent encoded and not treated as
delimiters. Can only be applied for global resources |
--configuration <CONFIGURATION> | The configuration to use for this command invocation. For more
information on how to use configurations, run:
`gcloud topic configurations`. You can also use the CLOUDSDK_ACTIVE_CONFIG_NAME environment
variable to set the equivalent of this flag for a terminal
session |
--connection-drain-on-failover | Connection drain is enabled by default and on failover or failback
connections will be drained. If connection drain is disabled, the existing
connection state will be cleared immediately on a best effort basis on
failover or failback, all connections will then be served by the active
pool of instances. Not compatible with the --global flag, load balancing
scheme must be INTERNAL, and the protocol must be TCP |
--connection-draining-timeout <CONNECTION_DRAINING_TIMEOUT> | Connection draining timeout to be used during removal of VMs from
instance groups. This guarantees that for the specified time all existing
connections to a VM will remain untouched, but no new connections will be
accepted. Set timeout to zero to disable connection draining. Enable
feature by specifying a timeout of up to one hour.
If the flag is omitted API default value (0s) will be used.
See $ gcloud topic datetimes for information on duration formats |
--custom-request-header <CUSTOM_REQUEST_HEADER> | Specifies a HTTP Header to be added by your load balancer.
This flag can be repeated to specify multiple headers.
For example:
+
$ {command} NAME --custom-request-header "header-name: value" --custom-request-header "another-header:" |
--description <DESCRIPTION> | An optional, textual description for the backend service |
--drop-traffic-if-unhealthy | Enable dropping of traffic if there are no healthy VMs detected in both
the primary and backup instance groups. Not compatible with the --global
flag and load balancing scheme must be INTERNAL |
--enable-cdn | Enable or disable Cloud CDN for the backend service. Only available for
backend services with --load-balancing-scheme=EXTERNAL that use a
--protocol of HTTP, HTTPS, or HTTP2. Cloud CDN caches HTTP responses at
the edge of Google's network. Cloud CDN is disabled by default. Use *--enable-cdn* to enable and *--no-enable-cdn* to disable |
--enable-logging | The logging options for the load balancer traffic served by this backend
service. If logging is enabled, logs will be exported to Stackdriver.
Enabled by default. Use *--enable-logging* to enable and *--no-enable-logging* to disable |
--failover-ratio <FAILOVER_RATIO> | If the ratio of the healthy VMs in the primary backend is at or below this
number, traffic arriving at the load-balanced IP will be directed to the
failover backend(s). Not compatible with the --global flag |
--flags-file <YAML_FILE> | A YAML or JSON file that specifies a *--flag*:*value* dictionary.
Useful for specifying complex flag values with special characters
that work with any command interpreter. Additionally, each
*--flags-file* arg is replaced by its constituent flags. See
$ gcloud topic flags-file for more information |
--flatten <KEY> | Flatten _name_[] output resource slices in _KEY_ into separate records
for each item in each slice. Multiple keys and slices may be specified.
This also flattens keys for *--format* and *--filter*. For example,
*--flatten=abc.def* flattens *abc.def[].ghi* references to
*abc.def.ghi*. A resource record containing *abc.def[]* with N elements
will expand to N records in the flattened output. This flag interacts
with other flags that are applied in this order: *--flatten*,
*--sort-by*, *--filter*, *--limit* |
--format <FORMAT> | Set the format for printing command output resources. The default is a
command-specific human-friendly output format. The supported formats
are: `config`, `csv`, `default`, `diff`, `disable`, `flattened`, `get`, `json`, `list`, `multi`, `none`, `object`, `table`, `text`, `value`, `yaml`. For more details run $ gcloud topic formats |
--global | If set, the backend service is global |
--global-health-checks | If set, the health checks are global |
--health-checks <HEALTH_CHECK> | Specifies a list of health check objects for checking the health of
the backend service. Currently at most one health check can be specified.
Health checks need not be for the same protocol as that of the backend
service |
--health-checks-region <HEALTH_CHECKS_REGION> | Region of the health checks to operate on. If not specified, you may be prompted to select a region.
+
To avoid prompting when this flag is omitted, you can set the
``compute/region'' property:
+
$ gcloud config set compute/region REGION
+
A list of regions can be fetched by running:
+
$ gcloud compute regions list
+
To unset the property, run:
+
$ gcloud config unset compute/region
+
Alternatively, the region can be stored in the environment
variable ``CLOUDSDK_COMPUTE_REGION'' |
--help | Display detailed help |
--http-health-checks <HTTP_HEALTH_CHECK> | Specifies a list of legacy HTTP health check objects for checking the
health of the backend service.
+
Legacy health checks are not recommended for backend services. It is
possible to use a legacy health check on a backend service for a HTTP(S)
load balancer if that backend service uses instance groups. For more
information, refer to this guide:
https://cloud.google.com/load-balancing/docs/health-check-concepts#lb_guide |
--https-health-checks <HTTPS_HEALTH_CHECK> | Specifies a list of legacy HTTPS health check objects for checking the
health of the backend service.
+
Legacy health checks are not recommended for backend services. It is
possible to use a legacy health check on a backend service for a HTTP(S)
load balancer if that backend service uses instance groups. For more
information, refer to this guide:
https://cloud.google.com/load-balancing/docs/health-check-concepts#lb_guide |
--iap <disabled|enabled,[oauth2-client-id=OAUTH2-CLIENT-ID,oauth2-client-secret=OAUTH2-CLIENT-SECRET]> | Configure Identity Aware Proxy (IAP) for external HTTP(S) load balancing.
You can configure IAP to be `enabled` or `disabled` (default). If enabled,
you can provide values for `oauth2-client-id` and `oauth2-client-secret`.
For example, `--iap=enabled,oauth2-client-id=foo,oauth2-client-secret=bar`
turns IAP on, and `--iap=disabled` turns it off. For more information, see
https://cloud.google.com/iap/ |
--impersonate-service-account <SERVICE_ACCOUNT_EMAIL> | For this gcloud invocation, all API requests will be made as the given service account instead of the currently selected account. This is done without needing to create, download, and activate a key for the account. In order to perform operations as the service account, your currently selected account must have an IAM role that includes the iam.serviceAccounts.getAccessToken permission for the service account. The roles/iam.serviceAccountTokenCreator role has this permission or you may create a custom role. Overrides the default *auth/impersonate_service_account* property value for this command invocation |
--load-balancing-scheme <LOAD_BALANCING_SCHEME> | Specifies the load balancer type. Choose EXTERNAL for load balancers
that receive traffic from external clients. Choose INTERNAL for
Internal TCP/UDP Load Balancing. Choose INTERNAL_MANAGED for
Internal HTTP(S) Load Balancing. Choose INTERNAL_SELF_MANAGED for
Traffic Director. For more information, refer to this guide:
https://cloud.google.com/load-balancing/docs/choosing-load-balancer. _LOAD_BALANCING_SCHEME_ must be one of: *INTERNAL*, *EXTERNAL*, *INTERNAL_SELF_MANAGED*, *INTERNAL_MANAGED* |
--log-http | Log all HTTP server requests and responses to stderr. Overrides the default *core/log_http* property value for this command invocation |
--logging-sample-rate <LOGGING_SAMPLE_RATE> | This field can only be specified if logging is enabled for the backend
service. The value of the field must be a float in the range [0, 1]. This
configures the sampling rate of requests to the load balancer where 1.0
means all logged requests are reported and 0.0 means no logged requests
are reported. The default value is 1.0 |
--network <NETWORK> | Network that this backend service applies to. It can only be set if
the load-balancing-scheme is INTERNAL |
--port-name <PORT_NAME> | The name of a service that has been added to an instance group
in this backend. Instance group services map a name to a port
number which is used by the load balancing service.
Only one ``port-name'' may be added to a backend service, and that
name must exist as a service on all instance groups that are a
part of this backend service. The port number associated with the
name may differ between instances. If you do not specify
this flag, your instance groups must have a service named ``http''
configured. See also
`gcloud compute instance-groups set-named-ports --help`.
The ``port-name'' parameter cannot be set if the
load-balancing-scheme is INTERNAL |
--project <PROJECT_ID> | The Google Cloud Platform project ID to use for this invocation. If
omitted, then the current project is assumed; the current project can
be listed using `gcloud config list --format='text(core.project)'`
and can be set using `gcloud config set project PROJECTID`.
+
`--project` and its fallback `core/project` property play two roles
in the invocation. It specifies the project of the resource to
operate on. It also specifies the project for API enablement check,
quota, and billing. To specify a different project for quota and
billing, use `--billing-project` or `billing/quota_project` property |
--protocol <PROTOCOL> | Protocol for incoming requests.
+
If the `load-balancing-scheme` is `INTERNAL` (internal TCP/UDP load
balancers), the protocol must be one of: TCP, UDP.
+
If the `load-balancing-scheme` is `INTERNAL_SELF_MANAGED` (Traffic
Director), the protocol must be one of: HTTP, HTTPS, HTTP2, GRPC.
+
If the `load-balancing-scheme` is `INTERNAL_MANAGED` (internal HTTP(S)
load balancers), the protocol must be one of: HTTP, HTTPS, HTTP2.
+
If the `load-balancing-scheme` is `EXTERNAL` (HTTP(S), SSL proxy, or TCP
proxy load balancers), the protocol must be one of: HTTP, HTTPS, HTTP2,
SSL, TCP |
--quiet | Disable all interactive prompts when running gcloud commands. If input
is required, defaults will be used, or an error will be raised.
Overrides the default core/disable_prompts property value for this
command invocation. This is equivalent to setting the environment
variable `CLOUDSDK_CORE_DISABLE_PROMPTS` to 1 |
--region <REGION> | Region of the backend service to create. Overrides the default *compute/region* property value for this command invocation |
--session-affinity <SESSION_AFFINITY> | The type of session affinity to use. Supports both TCP and UDP. _SESSION_AFFINITY_ must be one of:
+
*CLIENT_IP*::: Route requests to instances based on the hash of the client's IP address.
*CLIENT_IP_PORT_PROTO*::: (Applicable if `--load-balancing-scheme` is `INTERNAL`) Connections from the same client IP with the same IP protocol and port will go to the same backend VM while that VM remains healthy.
*CLIENT_IP_PROTO*::: (Applicable if `--load-balancing-scheme` is `INTERNAL`) Connections from the same client IP with the same IP protocol will go to the same backend VM while that VM remains healthy.
*GENERATED_COOKIE*::: (Applicable if `--load-balancing-scheme` is `INTERNAL_MANAGED`, `INTERNAL_SELF_MANAGED`, or `EXTERNAL`) If the `--load-balancing-scheme` is `EXTERNAL`, routes requests to backend VMs or endpoints in a NEG, based on the contents of the `GCLB` cookie set by the load balancer. Only applicable when `--protocol` is HTTP, HTTPS, or HTTP2. If the `--load-balancing-scheme` is `INTERNAL_MANAGED` or `INTERNAL_SELF_MANAGED`, routes requests to backend VMs or endpoints in a NEG, based on the contents of the `GCILB` cookie set by the proxy. (If no cookie is present, the proxy chooses a backend VM or endpoint and sends a `Set-Cookie` response for future requests.) If the `--load-balancing-scheme` is `INTERNAL_SELF_MANAGED`, routes requests to backend VMs or endpoints in a NEG, based on the contents of a cookie set by Traffic Director.
*HEADER_FIELD*::: (Applicable if `--load-balancing-scheme` is `INTERNAL_MANAGED` or `INTERNAL_SELF_MANAGED`) Route requests to backend VMs or endpoints in a NEG based on the value of the HTTP header named in the `--custom-request-header` flag. This session affinity is only valid if the load balancing locality policy is either RING_HASH or MAGLEV and the backend service's consistent hash specifies the name of the HTTP header.
*HTTP_COOKIE*::: (Applicable if `--load-balancing-scheme` is `INTERNAL_MANAGED` or `INTERNAL_SELF_MANAGED`) Route requests to backend VMs or endpoints in a NEG, based on an HTTP cookie named in the `HTTP_COOKIE` flag (with the optional `--affinity-cookie-ttl` flag). If the client has not provided the cookie, the proxy generates the cookie and returns it to the client in a `Set-Cookie` header. This session affinity is only valid if the load balancing locality policy is either `RING_HASH` or `MAGLEV` and the backend service's consistent hash specifies the HTTP cookie.
*NONE*::: Session affinity is disabled.
:::
+ |
--signed-url-cache-max-age <SIGNED_URL_CACHE_MAX_AGE> | The amount of time up to which the response to a signed URL request
will be cached in the CDN. After this time period, the Signed URL will
be revalidated before being served. Cloud CDN will internally act as
though all responses from this backend had a
`Cache-Control: public, max-age=[TTL]` header, regardless of any
existing Cache-Control header. The actual headers served in responses
will not be altered. If unspecified, the default value is 3600s.
+
For example, specifying `12h` will cause the responses to signed URL
requests to be cached in the CDN up to 12 hours.
See $ gcloud topic datetimes for information on duration formats.
+
This flag only affects signed URL requests |
--timeout <TIMEOUT> | Applicable to all load balancers except internal TCP/UDP load
balancers. For internal TCP/UDP load balancers
(``load-balancing-scheme'' INTERNAL), ``timeout'' is ignored.
+
If the ``protocol'' is HTTP, HTTPS, or HTTP2, ``timeout'' is a
request/response timeout for HTTP(S) traffic, meaning the amount
of time that the load balancer waits for a backend to return a
full response to a request. If WebSockets traffic is supported, the
``timeout'' parameter sets the maximum amount of time that a
WebSocket can be open (idle or not).
+
For example, for HTTP, HTTPS, or HTTP2 traffic, specifying a ``timeout''
of 10s means that backends have 10 seconds to respond to the load
balancer's requests. The load balancer retries the HTTP GET request one
time if the backend closes the connection or times out before sending
response headers to the load balancer. If the backend sends response
headers or if the request sent to the backend is not an HTTP GET request,
the load balancer does not retry. If the backend does not reply at all,
the load balancer returns a 502 Bad Gateway error to the client.
+
If the ``protocol'' is SSL or TCP, ``timeout'' is an idle timeout |
--trace-token <TRACE_TOKEN> | Token used to route traces of service requests for investigation of issues. Overrides the default *core/trace_token* property value for this command invocation |
--user-output-enabled | Print user intended output to the console. Overrides the default *core/user_output_enabled* property value for this command invocation. Use *--no-user-output-enabled* to disable |
--verbosity <VERBOSITY> | Override the default verbosity for this command. Overrides the default *core/verbosity* property value for this command invocation. _VERBOSITY_ must be one of: *debug*, *info*, *warning*, *error*, *critical*, *none* |