--account <ACCOUNT> | Google Cloud Platform user account to use for invocation. Overrides the default *core/account* property value for this command invocation |
--address <ADDRESS> | IP address that the forwarding rule serves. When a client sends traffic
to this IP address, the forwarding rule directs the traffic to the target
that you specify in the forwarding rule.
+
If you don't specify a reserved IP address, an ephemeral IP address is
assigned. You can specify the IP address as a literal IP address or a
reference to an existing Address resource. The following examples are all
valid:
- 100.1.2.3
- https://compute.googleapis.com/compute/v1/projects/project-1/regions/us-central1/addresses/address-1
- projects/project-1/regions/us-central1/addresses/address-1
- regions/us-central1/addresses/address-1
- global/addresses/address-1
- address-1
+
The load-balancing-scheme ((EXTERNAL, INTERNAL, INTERNAL_MANAGED, INTERNAL_MANAGED)) and the forwarding rule's target determine
the type of IP address that you can use. The address type must be external
for load-balancing-scheme EXTERNAL, and for the other load-balancing-schemes
the address must be internal. For detailed information, refer to
https://cloud.google.com/load-balancing/docs/forwarding-rule-concepts#ip_address_specifications |
--address-region <ADDRESS_REGION> | Region of the address to operate on. If not specified, you may be prompted to select a region.
+
To avoid prompting when this flag is omitted, you can set the
``compute/region'' property:
+
$ gcloud config set compute/region REGION
+
A list of regions can be fetched by running:
+
$ gcloud compute regions list
+
To unset the property, run:
+
$ gcloud config unset compute/region
+
Alternatively, the region can be stored in the environment
variable ``CLOUDSDK_COMPUTE_REGION'' |
--allow-global-access | If True, then clients from all regions can access this internal
forwarding rule. This can only be specified for forwarding rules with
the LOAD_BALANCING_SCHEME set to INTERNAL and the target must be either
a backend service or a target instance |
--backend-service <BACKEND_SERVICE> | Target backend service that receives the traffic |
--backend-service-region <BACKEND_SERVICE_REGION> | Region of the backend service to operate on. If not specified, the region is set to the region of the forwarding rule. Overrides the default *compute/region* property value for this command invocation |
--billing-project <BILLING_PROJECT> | The Google Cloud Platform project that will be charged quota for operations performed in gcloud. If you need to operate on one project, but need quota against a different project, you can use this flag to specify the billing project. If both `billing/quota_project` and `--billing-project` are specified, `--billing-project` takes precedence. Run `$ gcloud config set --help` to see more information about `billing/quota_project` |
--configuration <CONFIGURATION> | The configuration to use for this command invocation. For more
information on how to use configurations, run:
`gcloud topic configurations`. You can also use the CLOUDSDK_ACTIVE_CONFIG_NAME environment
variable to set the equivalent of this flag for a terminal
session |
--description <DESCRIPTION> | Optional textual description for the forwarding rule |
--flags-file <YAML_FILE> | A YAML or JSON file that specifies a *--flag*:*value* dictionary.
Useful for specifying complex flag values with special characters
that work with any command interpreter. Additionally, each
*--flags-file* arg is replaced by its constituent flags. See
$ gcloud topic flags-file for more information |
--flatten <KEY> | Flatten _name_[] output resource slices in _KEY_ into separate records
for each item in each slice. Multiple keys and slices may be specified.
This also flattens keys for *--format* and *--filter*. For example,
*--flatten=abc.def* flattens *abc.def[].ghi* references to
*abc.def.ghi*. A resource record containing *abc.def[]* with N elements
will expand to N records in the flattened output. This flag interacts
with other flags that are applied in this order: *--flatten*,
*--sort-by*, *--filter*, *--limit* |
--format <FORMAT> | Set the format for printing command output resources. The default is a
command-specific human-friendly output format. The supported formats
are: `config`, `csv`, `default`, `diff`, `disable`, `flattened`, `get`, `json`, `list`, `multi`, `none`, `object`, `table`, `text`, `value`, `yaml`. For more details run $ gcloud topic formats |
--global | If set, the forwarding rule is global |
--global-address | If set, the address is global |
--global-backend-service | If set, the backend service is global |
--global-target-http-proxy | If set, the http proxy is global |
--global-target-https-proxy | If set, the https proxy is global |
--help | Display detailed help |
--impersonate-service-account <SERVICE_ACCOUNT_EMAIL> | For this gcloud invocation, all API requests will be made as the given service account instead of the currently selected account. This is done without needing to create, download, and activate a key for the account. In order to perform operations as the service account, your currently selected account must have an IAM role that includes the iam.serviceAccounts.getAccessToken permission for the service account. The roles/iam.serviceAccountTokenCreator role has this permission or you may create a custom role. Overrides the default *auth/impersonate_service_account* property value for this command invocation |
--ip-protocol <IP_PROTOCOL> | IP protocol that the rule will serve. The default is `TCP`.
+
Note that if the load-balancing scheme is `INTERNAL`, the protocol must
be one of: `TCP`, `UDP`.
+
For a load-balancing scheme that is `EXTERNAL`, all IP_PROTOCOL
options are valid.
+
_IP_PROTOCOL_ must be one of: *AH*, *ESP*, *ICMP*, *SCTP*, *TCP*, *UDP* |
--ip-version <IP_VERSION> | Version of the IP address to be allocated if no --address is given.
The default is IPv4. _IP_VERSION_ must be one of: *IPV4*, *IPV6* |
--is-mirroring-collector | If set, this forwarding rule can be used as a collector for packet
mirroring. This can only be specified for forwarding rules with the
LOAD_BALANCING_SCHEME set to INTERNAL |
--load-balancing-scheme <LOAD_BALANCING_SCHEME> | This defines the forwarding rule's load balancing scheme. _LOAD_BALANCING_SCHEME_ must be one of:
+
*EXTERNAL*::: External load balancing or forwarding, used with one of --target-http-proxy, --target-https-proxy, --target-tcp-proxy, --target-ssl-proxy, --target-pool, --target-vpn-gateway, --target-instance.
*INTERNAL*::: Internal load balancing or forwarding, used with --backend-service.
*INTERNAL_MANAGED*::: Internal HTTP(S) Load Balancing, used with --target-http-proxy, --target-https-proxy.
*INTERNAL_SELF_MANAGED*::: Traffic director load balancing or forwarding, used with
--target-http-proxy, --target-https-proxy, --target-grpc-proxy.
:::
+ |
--log-http | Log all HTTP server requests and responses to stderr. Overrides the default *core/log_http* property value for this command invocation |
--network <NETWORK> | (Only for --load-balancing-scheme=INTERNAL or --load-balancing-scheme=INTERNAL_SELF_MANAGED or --load-balancing-scheme=INTERNAL_MANAGED) Network that this
forwarding rule applies to. If this field is not specified, the default
network is used. In the absence of the default network, this field
must be specified |
--network-tier <NETWORK_TIER> | Network tier to assign to the forwarding rules. ``NETWORK_TIER''
must be one of: `PREMIUM`, `STANDARD`. The default value is `PREMIUM` |
--port-range <[PORT | START_PORT-END_PORT]> | DEPRECATED, use --ports. If specified, only packets addressed to ports in
the specified range are forwarded. For more information, refer to
https://cloud.google.com/load-balancing/docs/forwarding-rule-concepts#port_specifications |
--ports <ALL | [PORT | START_PORT-END_PORT],[...]> | List of comma-separated ports. The forwarding rule forwards packets with
matching destination ports. Port specification requirements vary
depending on the load-balancing scheme and target.
For more information, refer to https://cloud.google.com/load-balancing/docs/forwarding-rule-concepts#port_specifications |
--project <PROJECT_ID> | The Google Cloud Platform project ID to use for this invocation. If
omitted, then the current project is assumed; the current project can
be listed using `gcloud config list --format='text(core.project)'`
and can be set using `gcloud config set project PROJECTID`.
+
`--project` and its fallback `core/project` property play two roles
in the invocation. It specifies the project of the resource to
operate on. It also specifies the project for API enablement check,
quota, and billing. To specify a different project for quota and
billing, use `--billing-project` or `billing/quota_project` property |
--quiet | Disable all interactive prompts when running gcloud commands. If input
is required, defaults will be used, or an error will be raised.
Overrides the default core/disable_prompts property value for this
command invocation. This is equivalent to setting the environment
variable `CLOUDSDK_CORE_DISABLE_PROMPTS` to 1 |
--region <REGION> | Region of the forwarding rule to create. If not specified, you may be prompted to select a region.
+
To avoid prompting when this flag is omitted, you can set the
``compute/region'' property:
+
$ gcloud config set compute/region REGION
+
A list of regions can be fetched by running:
+
$ gcloud compute regions list
+
To unset the property, run:
+
$ gcloud config unset compute/region
+
Alternatively, the region can be stored in the environment
variable ``CLOUDSDK_COMPUTE_REGION'' |
--service-label <SERVICE_LABEL> | (Only for Internal Load Balancing): https://cloud.google.com/load-balancing/docs/dns-names/
The DNS label to use as the prefix of the fully qualified domain name for this forwarding rule. The full name will be internally generated and output as dnsName. If this field is not specified, no DNS record will be generated and no DNS name will be output. You cannot use the `--service-label` flag if the forwarding rule references an internal IP address that has the `--purpose=SHARED_LOADBALANCER_VIP` flag set |
--subnet <SUBNET> | (Only for --load-balancing-scheme=INTERNAL and
--load-balancing-scheme=INTERNAL_MANAGED) Subnetwork that this
forwarding rule applies to. If the network is auto mode, this flag is
optional. If the network is custom mode, this flag is required |
--subnet-region <SUBNET_REGION> | Region of the subnetwork to operate on. If not specified, the region is set to the region of the forwarding rule. Overrides the default *compute/region* property value for this command invocation |
--target-grpc-proxy <TARGET_GRPC_PROXY> | Target gRPC proxy that receives the traffic |
--target-http-proxy <TARGET_HTTP_PROXY> | Target HTTP proxy that receives the traffic. Acceptable values for --ports flag are: 80, 8080 |
--target-http-proxy-region <TARGET_HTTP_PROXY_REGION> | Region of the http proxy to operate on. If not specified, you may be prompted to select a region.
+
To avoid prompting when this flag is omitted, you can set the
``compute/region'' property:
+
$ gcloud config set compute/region REGION
+
A list of regions can be fetched by running:
+
$ gcloud compute regions list
+
To unset the property, run:
+
$ gcloud config unset compute/region
+
Alternatively, the region can be stored in the environment
variable ``CLOUDSDK_COMPUTE_REGION'' |
--target-https-proxy <TARGET_HTTPS_PROXY> | Target HTTPS proxy that receives the traffic. Acceptable values for --ports flag are: 443 |
--target-https-proxy-region <TARGET_HTTPS_PROXY_REGION> | Region of the https proxy to operate on. If not specified, you may be prompted to select a region.
+
To avoid prompting when this flag is omitted, you can set the
``compute/region'' property:
+
$ gcloud config set compute/region REGION
+
A list of regions can be fetched by running:
+
$ gcloud compute regions list
+
To unset the property, run:
+
$ gcloud config unset compute/region
+
Alternatively, the region can be stored in the environment
variable ``CLOUDSDK_COMPUTE_REGION'' |
--target-instance <TARGET_INSTANCE> | Name of the target instance that receives the traffic. The
target instance must be in a zone in the forwarding rule's
region. Global forwarding rules cannot direct traffic to target
instances.
If not specified and the ``compute/zone'' property isn't set, you
may be prompted to select a zone.
+
To avoid prompting when this flag is omitted, you can set the
``compute/zone'' property:
+
$ gcloud config set compute/zone ZONE
+
A list of zones can be fetched by running:
+
$ gcloud compute zones list
+
To unset the property, run:
+
$ gcloud config unset compute/zone
+
Alternatively, the zone can be stored in the environment variable
``CLOUDSDK_COMPUTE_ZONE'' |
--target-instance-zone <TARGET_INSTANCE_ZONE> | Zone of the target instance to operate on. Overrides the default *compute/zone* property value for this command invocation |
--target-pool <TARGET_POOL> | Target pool that receives the traffic. The target pool
must be in the same region as the forwarding rule. Global
forwarding rules cannot direct traffic to target pools |
--target-pool-region <TARGET_POOL_REGION> | Region of the target pool to operate on. If not specified, the region is set to the region of the forwarding rule. Overrides the default *compute/region* property value for this command invocation |
--target-ssl-proxy <TARGET_SSL_PROXY> | Target SSL proxy that receives the traffic. Acceptable values for --ports flag are: 25, 43, 110, 143, 195, 443, 465, 587, 700, 993, 995, 1883, 5222 |
--target-tcp-proxy <TARGET_TCP_PROXY> | Target TCP proxy that receives the traffic. Acceptable values for --ports flag are: 25, 43, 110, 143, 195, 443, 465, 587, 700, 993, 995, 1883, 5222 |
--target-vpn-gateway <TARGET_VPN_GATEWAY> | Target VPN gateway (Cloud VPN Classic gateway) that receives forwardedtraffic. Acceptable values for --ports flag are: 500, 4500 |
--target-vpn-gateway-region <TARGET_VPN_GATEWAY_REGION> | Region of the VPN gateway to operate on. If not specified, the region is set to the region of the forwarding rule. Overrides the default *compute/region* property value for this command invocation |
--trace-token <TRACE_TOKEN> | Token used to route traces of service requests for investigation of issues. Overrides the default *core/trace_token* property value for this command invocation |
--user-output-enabled | Print user intended output to the console. Overrides the default *core/user_output_enabled* property value for this command invocation. Use *--no-user-output-enabled* to disable |
--verbosity <VERBOSITY> | Override the default verbosity for this command. Overrides the default *core/verbosity* property value for this command invocation. _VERBOSITY_ must be one of: *debug*, *info*, *warning*, *error*, *critical*, *none* |