BackendService is the Schema for the BackendServices API. A Backend Service defines a group of virtual machines that will serve traffic for load balancing.
Type
CRD
Group
compute.gcp.upbound.io
Version
apiVersion: compute.gcp.upbound.io/v1beta1
kind: BackendService
BackendServiceSpec defines the desired state of BackendService
No description provided.
The set of backends that serve this BackendService. Structure is documented below.
Reference to a InstanceGroupManager in compute to populate group.
Policies for referencing.
Selector for a InstanceGroupManager in compute to populate group.
Policies for selection.
Cloud CDN configuration for this BackendService. Structure is documented below.
Bypass the cache when the specified request headers are matched - e.g. Pragma or Authorization headers. Up to 5 headers can be specified. The cache is bypassed for all cdnPolicy.cacheMode settings. Structure is documented below.
The CacheKeyPolicy for this CdnPolicy. Structure is documented below.
Allows HTTP request headers (by name) to be used in the cache key.
Names of cookies to include in cache keys.
Names of query string parameters to exclude in cache keys. All other parameters will be included. Either specify query_string_whitelist or query_string_blacklist, not both. '&' and '=' will be percent encoded and not treated as delimiters.
Names of query string parameters to include in cache keys. All other parameters will be excluded. Either specify query_string_whitelist or query_string_blacklist, not both. '&' and '=' will be percent encoded and not treated as delimiters.
Settings controlling the volume of connections to a backend service. This field is applicable only when the load_balancing_scheme is set to INTERNAL_SELF_MANAGED. Structure is documented below.
Consistent Hash-based load balancing can be used to provide soft session affinity based on HTTP headers, cookies or other properties. This load balancing policy is applicable only for HTTP connections. The affinity to a particular destination host will be lost when one or more hosts are added/removed from the destination service. This field specifies parameters that control consistent hashing. This field only applies if the load_balancing_scheme is set to INTERNAL_SELF_MANAGED. This field is only applicable when locality_lb_policy is set to MAGLEV or RING_HASH. Structure is documented below.
Hash is based on HTTP Cookie. This field describes a HTTP cookie that will be used as the hash key for the consistent hash load balancer. If the cookie is not present, it will be generated. This field is applicable if the sessionAffinity is set to HTTP_COOKIE. Structure is documented below.
Headers that the HTTP/S load balancer should add to proxied requests.
Headers that the HTTP/S load balancer should add to proxied responses.
The set of URLs to the HttpHealthCheck or HttpsHealthCheck resource for health checking this BackendService. Currently at most one health check can be specified. A health check must be specified unless the backend service uses an internet or serverless NEG as a backend. For internal load balancing, a URL to a HealthCheck resource must be specified instead.
References to HealthCheck in compute to populate healthChecks.
Policies for referencing.
Selector for a list of HealthCheck in compute to populate healthChecks.
Policies for selection.
Settings for enabling Cloud Identity Aware Proxy Structure is documented below.
A list of locality load balancing policies to be used in order of preference. Either the policy or the customPolicy field should be set. Overrides any value set in the localityLbPolicy field. localityLbPolicies is only supported when the BackendService is referenced by a URL Map that is referenced by a target gRPC proxy that has the validateForProxyless field set to true. Structure is documented below.
This field denotes the logging options for the load balancer traffic served by this backend service. If logging is enabled, logs will be exported to Stackdriver. Structure is documented below.
Settings controlling eviction of unhealthy hosts from the load balancing pool. Applicable backend service types can be a global backend service with the loadBalancingScheme set to INTERNAL_SELF_MANAGED or EXTERNAL_MANAGED. Structure is documented below.
The security settings that apply to this backend service. This field is applicable to either a regional backend service with the service_protocol set to HTTP, HTTPS, or HTTP2, and load_balancing_scheme set to INTERNAL_MANAGED; or a global backend service with the load_balancing_scheme set to INTERNAL_SELF_MANAGED. Structure is documented below.
The configuration needed to generate a signature for access to private storage buckets that support AWS's Signature Version 4 for authentication. Allowed only for INTERNET_IP_PORT and INTERNET_FQDN_PORT NEG backends. Structure is documented below.
The access key used for s3 bucket authentication. Required for updating or creating a backend that uses AWS v4 signature authentication, but will not be returned as part of the configuration when queried with a REST API GET request. Note: This property is sensitive and will not be displayed in the plan.
A list of alternate names to verify the subject identity in the certificate. If specified, the client will verify that the server certificate's subject alt name matches one of the specified values.
THIS IS A BETA FIELD. It will be honored unless the Management Policies feature flag is disabled. InitProvider holds the same fields as ForProvider, with the exception of Identifier and other resource reference fields. The fields that are in InitProvider are merged into ForProvider when the resource is created. The same fields are also added to the terraform ignore_changes hook, to avoid updating them after creation. This is useful for fields that are required on creation, but we do not desire to update them after creation, for example because of an external controller is managing them, like an autoscaler.
The set of backends that serve this BackendService. Structure is documented below.
Reference to a InstanceGroupManager in compute to populate group.
Policies for referencing.
Selector for a InstanceGroupManager in compute to populate group.
Policies for selection.
Cloud CDN configuration for this BackendService. Structure is documented below.
Bypass the cache when the specified request headers are matched - e.g. Pragma or Authorization headers. Up to 5 headers can be specified. The cache is bypassed for all cdnPolicy.cacheMode settings. Structure is documented below.
The CacheKeyPolicy for this CdnPolicy. Structure is documented below.
Allows HTTP request headers (by name) to be used in the cache key.
Names of cookies to include in cache keys.
Names of query string parameters to exclude in cache keys. All other parameters will be included. Either specify query_string_whitelist or query_string_blacklist, not both. '&' and '=' will be percent encoded and not treated as delimiters.
Names of query string parameters to include in cache keys. All other parameters will be excluded. Either specify query_string_whitelist or query_string_blacklist, not both. '&' and '=' will be percent encoded and not treated as delimiters.
Settings controlling the volume of connections to a backend service. This field is applicable only when the load_balancing_scheme is set to INTERNAL_SELF_MANAGED. Structure is documented below.
Consistent Hash-based load balancing can be used to provide soft session affinity based on HTTP headers, cookies or other properties. This load balancing policy is applicable only for HTTP connections. The affinity to a particular destination host will be lost when one or more hosts are added/removed from the destination service. This field specifies parameters that control consistent hashing. This field only applies if the load_balancing_scheme is set to INTERNAL_SELF_MANAGED. This field is only applicable when locality_lb_policy is set to MAGLEV or RING_HASH. Structure is documented below.
Hash is based on HTTP Cookie. This field describes a HTTP cookie that will be used as the hash key for the consistent hash load balancer. If the cookie is not present, it will be generated. This field is applicable if the sessionAffinity is set to HTTP_COOKIE. Structure is documented below.
Headers that the HTTP/S load balancer should add to proxied requests.
Headers that the HTTP/S load balancer should add to proxied responses.
The set of URLs to the HttpHealthCheck or HttpsHealthCheck resource for health checking this BackendService. Currently at most one health check can be specified. A health check must be specified unless the backend service uses an internet or serverless NEG as a backend. For internal load balancing, a URL to a HealthCheck resource must be specified instead.
References to HealthCheck in compute to populate healthChecks.
Policies for referencing.
Selector for a list of HealthCheck in compute to populate healthChecks.
Policies for selection.
Settings for enabling Cloud Identity Aware Proxy Structure is documented below.
A list of locality load balancing policies to be used in order of preference. Either the policy or the customPolicy field should be set. Overrides any value set in the localityLbPolicy field. localityLbPolicies is only supported when the BackendService is referenced by a URL Map that is referenced by a target gRPC proxy that has the validateForProxyless field set to true. Structure is documented below.
This field denotes the logging options for the load balancer traffic served by this backend service. If logging is enabled, logs will be exported to Stackdriver. Structure is documented below.
Settings controlling eviction of unhealthy hosts from the load balancing pool. Applicable backend service types can be a global backend service with the loadBalancingScheme set to INTERNAL_SELF_MANAGED or EXTERNAL_MANAGED. Structure is documented below.
The security settings that apply to this backend service. This field is applicable to either a regional backend service with the service_protocol set to HTTP, HTTPS, or HTTP2, and load_balancing_scheme set to INTERNAL_MANAGED; or a global backend service with the load_balancing_scheme set to INTERNAL_SELF_MANAGED. Structure is documented below.
The configuration needed to generate a signature for access to private storage buckets that support AWS's Signature Version 4 for authentication. Allowed only for INTERNET_IP_PORT and INTERNET_FQDN_PORT NEG backends. Structure is documented below.
The access key used for s3 bucket authentication. Required for updating or creating a backend that uses AWS v4 signature authentication, but will not be returned as part of the configuration when queried with a REST API GET request. Note: This property is sensitive and will not be displayed in the plan.
A list of alternate names to verify the subject identity in the certificate. If specified, the client will verify that the server certificate's subject alt name matches one of the specified values.
THIS IS A BETA FIELD. It is on by default but can be opted out through a Crossplane feature flag. ManagementPolicies specify the array of actions Crossplane is allowed to take on the managed and external resources. This field is planned to replace the DeletionPolicy field in a future release. Currently, both could be set independently and non-default values would be honored if the feature flag is enabled. If both are custom, the DeletionPolicy field will be ignored. See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md
ProviderConfigReference specifies how the provider that will be used to create, observe, update, and delete this managed resource should be configured.
Policies for referencing.
PublishConnectionDetailsTo specifies the connection secret config which contains a name, metadata and a reference to secret store config to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource.
WriteConnectionSecretToReference specifies the namespace and name of a Secret to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource. This field is planned to be replaced in a future release in favor of PublishConnectionDetailsTo. Currently, both could be set independently and connection details would be published to both without affecting each other.
BackendServiceStatus defines the observed state of BackendService.
No description provided.
The set of backends that serve this BackendService. Structure is documented below.
Cloud CDN configuration for this BackendService. Structure is documented below.
Bypass the cache when the specified request headers are matched - e.g. Pragma or Authorization headers. Up to 5 headers can be specified. The cache is bypassed for all cdnPolicy.cacheMode settings. Structure is documented below.
The CacheKeyPolicy for this CdnPolicy. Structure is documented below.
Allows HTTP request headers (by name) to be used in the cache key.
Names of cookies to include in cache keys.
Names of query string parameters to exclude in cache keys. All other parameters will be included. Either specify query_string_whitelist or query_string_blacklist, not both. '&' and '=' will be percent encoded and not treated as delimiters.
Names of query string parameters to include in cache keys. All other parameters will be excluded. Either specify query_string_whitelist or query_string_blacklist, not both. '&' and '=' will be percent encoded and not treated as delimiters.
Settings controlling the volume of connections to a backend service. This field is applicable only when the load_balancing_scheme is set to INTERNAL_SELF_MANAGED. Structure is documented below.
Consistent Hash-based load balancing can be used to provide soft session affinity based on HTTP headers, cookies or other properties. This load balancing policy is applicable only for HTTP connections. The affinity to a particular destination host will be lost when one or more hosts are added/removed from the destination service. This field specifies parameters that control consistent hashing. This field only applies if the load_balancing_scheme is set to INTERNAL_SELF_MANAGED. This field is only applicable when locality_lb_policy is set to MAGLEV or RING_HASH. Structure is documented below.
Hash is based on HTTP Cookie. This field describes a HTTP cookie that will be used as the hash key for the consistent hash load balancer. If the cookie is not present, it will be generated. This field is applicable if the sessionAffinity is set to HTTP_COOKIE. Structure is documented below.
Headers that the HTTP/S load balancer should add to proxied requests.
Headers that the HTTP/S load balancer should add to proxied responses.
The set of URLs to the HttpHealthCheck or HttpsHealthCheck resource for health checking this BackendService. Currently at most one health check can be specified. A health check must be specified unless the backend service uses an internet or serverless NEG as a backend. For internal load balancing, a URL to a HealthCheck resource must be specified instead.
Settings for enabling Cloud Identity Aware Proxy Structure is documented below.
A list of locality load balancing policies to be used in order of preference. Either the policy or the customPolicy field should be set. Overrides any value set in the localityLbPolicy field. localityLbPolicies is only supported when the BackendService is referenced by a URL Map that is referenced by a target gRPC proxy that has the validateForProxyless field set to true. Structure is documented below.
This field denotes the logging options for the load balancer traffic served by this backend service. If logging is enabled, logs will be exported to Stackdriver. Structure is documented below.
Settings controlling eviction of unhealthy hosts from the load balancing pool. Applicable backend service types can be a global backend service with the loadBalancingScheme set to INTERNAL_SELF_MANAGED or EXTERNAL_MANAGED. Structure is documented below.
The security settings that apply to this backend service. This field is applicable to either a regional backend service with the service_protocol set to HTTP, HTTPS, or HTTP2, and load_balancing_scheme set to INTERNAL_MANAGED; or a global backend service with the load_balancing_scheme set to INTERNAL_SELF_MANAGED. Structure is documented below.
The configuration needed to generate a signature for access to private storage buckets that support AWS's Signature Version 4 for authentication. Allowed only for INTERNET_IP_PORT and INTERNET_FQDN_PORT NEG backends. Structure is documented below.
A list of alternate names to verify the subject identity in the certificate. If specified, the client will verify that the server certificate's subject alt name matches one of the specified values.
Conditions of the resource.
urlmap
apiVersion: compute.gcp.upbound.io/v1beta1
kind: BackendService
metadata:
annotations:
meta.upbound.io/example-id: compute/v1beta1/urlmap
labels:
testing.upbound.io/example-name: urlmap
name: urlmap
spec:
forProvider:
healthChecksSelector:
matchLabels:
testing.upbound.io/example-name: urlmap
portName: http
protocol: HTTP
timeoutSec: 10
global-forwarding-rule
apiVersion: compute.gcp.upbound.io/v1beta1
kind: BackendService
metadata:
annotations:
meta.upbound.io/example-id: compute/v1beta1/globalforwardingrule
labels:
testing.upbound.io/example-name: global-forwarding-rule
name: global-forwarding-rule
spec:
forProvider:
backend:
- balancingMode: UTILIZATION
capacityScaler: 1
groupSelector:
matchLabels:
testing.upbound.io/example-name: global-forwarding-rule
maxUtilization: 1
healthChecksRefs:
- name: global-forwarding-rule
loadBalancingScheme: EXTERNAL
portName: tcp
protocol: SSL
timeoutSec: 10
target-tcp-proxy
apiVersion: compute.gcp.upbound.io/v1beta1
kind: BackendService
metadata:
annotations:
meta.upbound.io/example-id: compute/v1beta1/targettcpproxy
labels:
testing.upbound.io/example-name: target-tcp-proxy
name: target-tcp-proxy
spec:
forProvider:
healthChecksRefs:
- name: target-tcp-proxy
protocol: TCP
timeoutSec: 10
backend-service
apiVersion: compute.gcp.upbound.io/v1beta1
kind: BackendService
metadata:
annotations:
meta.upbound.io/example-id: compute/v1beta1/backendservice
labels:
testing.upbound.io/example-name: backend-service
name: backend-service
spec:
forProvider:
healthChecksSelector:
matchLabels:
testing.upbound.io/example-name: backend-service
target-ssl-proxy
apiVersion: compute.gcp.upbound.io/v1beta1
kind: BackendService
metadata:
annotations:
meta.upbound.io/example-id: compute/v1beta1/targetsslproxy
labels:
testing.upbound.io/example-name: target-ssl-proxy
name: target-ssl-proxy
spec:
forProvider:
healthChecksRefs:
- name: target-ssl-proxy
protocol: SSL
backend-service
apiVersion: compute.gcp.upbound.io/v1beta1
kind: BackendService
metadata:
annotations:
meta.upbound.io/example-id: compute/v1beta1/backendservicesignedurlkey
labels:
testing.upbound.io/example-name: example_backend
name: backend-service
spec:
forProvider:
healthChecksSelector:
matchLabels:
testing.upbound.io/example-name: backend-service