mirror of
https://github.com/imjasonh/gcloud-help
synced 2026-07-08 10:35:03 +00:00
gcloud: Thu Apr 6 10:23:36 UTC 2023
This commit is contained in:
parent
5fabf24be7
commit
32e56b8b99
209 changed files with 5396 additions and 561 deletions
|
|
@ -24,6 +24,7 @@ SYNOPSIS
|
|||
[--iap=disabled|enabled,[oauth2-client-id=OAUTH2-CLIENT-ID,
|
||||
oauth2-client-secret=OAUTH2-CLIENT-SECRET]]
|
||||
[--idle-timeout-sec=IDLE_TIMEOUT_SEC]
|
||||
[--ip-address-selection-policy=IP_ADDRESS_SELECTION_POLICY]
|
||||
[--load-balancing-scheme=LOAD_BALANCING_SCHEME; default="EXTERNAL"]
|
||||
[--locality-lb-policy=LOCALITY_LB_POLICY]
|
||||
[--logging-optional=LOGGING_OPTIONAL]
|
||||
|
|
@ -322,6 +323,32 @@ FLAGS
|
|||
service-based network load balancers and internal TCP/UDP load
|
||||
balancers as part of a connection tracking policy.
|
||||
|
||||
--ip-address-selection-policy=IP_ADDRESS_SELECTION_POLICY
|
||||
Specifies preference of traffic to the backend (from the proxy and from
|
||||
the client for proxyless gRPC).
|
||||
|
||||
Can only be set if load balancing scheme is INTERNAL_SELF_MANAGED,
|
||||
INTERNAL_MANAGED or EXTERNAL_MANAGED.
|
||||
|
||||
The possible values are:
|
||||
|
||||
IPV4_ONLY
|
||||
Only send IPv4 traffic to the backends of the Backend Service
|
||||
regardless of traffic from the client to the proxy. Only IPv4
|
||||
health-checks are used to check the health of the backends.
|
||||
|
||||
PREFER_IPV6
|
||||
Prioritize the connection to the endpoints IPv6 address over its IPv4
|
||||
address (provided there is a healthy IPv6 address).
|
||||
|
||||
IPV6_ONLY
|
||||
Only send IPv6 traffic to the backends of the Backend Service
|
||||
regardless of traffic from the client to the proxy. Only IPv6
|
||||
health-checks are used to check the health of the backends.
|
||||
|
||||
IP_ADDRESS_SELECTION_POLICY must be one of: IPV4_ONLY, PREFER_IPV6,
|
||||
IPV6_ONLY.
|
||||
|
||||
--load-balancing-scheme=LOAD_BALANCING_SCHEME; default="EXTERNAL"
|
||||
Specifies the load balancer type. Choose EXTERNAL for load balancers
|
||||
that receive traffic from external clients. Choose EXTERNAL_MANAGED for
|
||||
|
|
|
|||
|
|
@ -20,6 +20,7 @@ SYNOPSIS
|
|||
[--iap=disabled|enabled,[oauth2-client-id=OAUTH2-CLIENT-ID,
|
||||
oauth2-client-secret=OAUTH2-CLIENT-SECRET]]
|
||||
[--idle-timeout-sec=IDLE_TIMEOUT_SEC]
|
||||
[--ip-address-selection-policy=IP_ADDRESS_SELECTION_POLICY]
|
||||
[--locality-lb-policy=LOCALITY_LB_POLICY]
|
||||
[--logging-optional=LOGGING_OPTIONAL]
|
||||
[--logging-optional-fields=[LOGGING_OPTIONAL_FIELDS,...]]
|
||||
|
|
@ -241,6 +242,32 @@ FLAGS
|
|||
service-based network load balancers and internal TCP/UDP load
|
||||
balancers as part of a connection tracking policy.
|
||||
|
||||
--ip-address-selection-policy=IP_ADDRESS_SELECTION_POLICY
|
||||
Specifies preference of traffic to the backend (from the proxy and from
|
||||
the client for proxyless gRPC).
|
||||
|
||||
Can only be set if load balancing scheme is INTERNAL_SELF_MANAGED,
|
||||
INTERNAL_MANAGED or EXTERNAL_MANAGED.
|
||||
|
||||
The possible values are:
|
||||
|
||||
IPV4_ONLY
|
||||
Only send IPv4 traffic to the backends of the Backend Service
|
||||
regardless of traffic from the client to the proxy. Only IPv4
|
||||
health-checks are used to check the health of the backends.
|
||||
|
||||
PREFER_IPV6
|
||||
Prioritize the connection to the endpoints IPv6 address over its IPv4
|
||||
address (provided there is a healthy IPv6 address).
|
||||
|
||||
IPV6_ONLY
|
||||
Only send IPv6 traffic to the backends of the Backend Service
|
||||
regardless of traffic from the client to the proxy. Only IPv6
|
||||
health-checks are used to check the health of the backends.
|
||||
|
||||
IP_ADDRESS_SELECTION_POLICY must be one of: IPV4_ONLY, PREFER_IPV6,
|
||||
IPV6_ONLY.
|
||||
|
||||
--locality-lb-policy=LOCALITY_LB_POLICY
|
||||
The load balancing algorithm used within the scope of the locality.
|
||||
LOCALITY_LB_POLICY must be one of: INVALID_LB_POLICY, ROUND_ROBIN,
|
||||
|
|
|
|||
|
|
@ -289,9 +289,9 @@ OPTIONAL FLAGS
|
|||
address that has the --purpose=SHARED_LOADBALANCER_VIP flag set.
|
||||
|
||||
--source-ip-ranges=SOURCE_IP_RANGE,[...]
|
||||
List of comma-separated IP addresses or IP ranges. If not empty, this
|
||||
Forwarding Rule will only forward the traffic when the source IP
|
||||
address falls into one of the IP ranges set here.
|
||||
List of comma-separated IP addresses or IP ranges. If set, this
|
||||
forwarding rule only forwards traffic when the packet's source IP
|
||||
address matches one of the IP ranges set here.
|
||||
|
||||
--subnet=SUBNET
|
||||
(Only for --load-balancing-scheme=INTERNAL and
|
||||
|
|
|
|||
|
|
@ -58,9 +58,9 @@ FLAGS
|
|||
change from PREMIUM to STANDARD and visa versa.
|
||||
|
||||
--source-ip-ranges=SOURCE_IP_RANGE,[...]
|
||||
List of comma-separated IP addresses or IP ranges. If not empty, this
|
||||
Forwarding Rule will only forward the traffic when the source IP
|
||||
address falls into one of the IP ranges set here.
|
||||
List of comma-separated IP addresses or IP ranges. If set, this
|
||||
forwarding rule only forwards traffic when the packet's source IP
|
||||
address matches one of the IP ranges set here.
|
||||
|
||||
--update-labels=[KEY=VALUE,...]
|
||||
List of label KEY=VALUE pairs to update. If a label exists, its value
|
||||
|
|
|
|||
|
|
@ -11,8 +11,11 @@ SYNOPSIS
|
|||
[--ipv6-address=IPV6_ADDRESS] [--ipv6-network-tier=IPV6_NETWORK_TIER]
|
||||
[--ipv6-prefix-length=IPV6_PREFIX_LENGTH] [--network=NETWORK]
|
||||
[--network-interface=NETWORK_INTERFACE; default="nic0"]
|
||||
[--private-network-ip=PRIVATE_NETWORK_IP] [--stack-type=STACK_TYPE]
|
||||
[--subnetwork=SUBNETWORK] [--zone=ZONE] [GCLOUD_WIDE_FLAG ...]
|
||||
[--private-network-ip=PRIVATE_NETWORK_IP]
|
||||
[--security-policy=SECURITY_POLICY]
|
||||
[--security-policy-region=SECURITY_POLICY_REGION]
|
||||
[--stack-type=STACK_TYPE] [--subnetwork=SUBNETWORK] [--zone=ZONE]
|
||||
[GCLOUD_WIDE_FLAG ...]
|
||||
|
||||
DESCRIPTION
|
||||
(ALPHA) gcloud alpha compute instances network-interfaces update updates
|
||||
|
|
@ -102,6 +105,15 @@ FLAGS
|
|||
available in the new subnetwork, then another available IP address will
|
||||
be allocated automatically from the new subnetwork CIDR range.
|
||||
|
||||
--security-policy=SECURITY_POLICY
|
||||
The security policy that will be set for this instance network
|
||||
interface. To remove the policy from this instance network interface
|
||||
set the policy to an empty string.
|
||||
|
||||
--security-policy-region=SECURITY_POLICY_REGION
|
||||
Region of the security policy to operate on. Overrides the default
|
||||
compute/region property value for this command invocation.
|
||||
|
||||
--stack-type=STACK_TYPE
|
||||
The stack type for the default network interface. Determines if IPv6 is
|
||||
enabled on the default network interface. STACK_TYPE must be one of:
|
||||
|
|
|
|||
|
|
@ -4,9 +4,10 @@ NAME
|
|||
|
||||
SYNOPSIS
|
||||
gcloud alpha compute network-endpoint-groups update NAME
|
||||
(--add-endpoint=[fqdn=FQDN],[instance=INSTANCE],[ip=IP],[port=PORT]
|
||||
(--add-endpoint=[fqdn=FQDN],
|
||||
[instance=INSTANCE],[ip=IP],[ipv6=IPV6],[port=PORT]
|
||||
| --remove-endpoint=[fqdn=FQDN],
|
||||
[instance=INSTANCE],[ip=IP],[port=PORT])
|
||||
[instance=INSTANCE],[ip=IP],[ipv6=IPV6],[port=PORT])
|
||||
[--global | --region=REGION | --zone=ZONE] [GCLOUD_WIDE_FLAG ...]
|
||||
|
||||
DESCRIPTION
|
||||
|
|
@ -37,7 +38,7 @@ REQUIRED FLAGS
|
|||
|
||||
Exactly one of these must be specified:
|
||||
|
||||
--add-endpoint=[fqdn=FQDN],[instance=INSTANCE],[ip=IP],[port=PORT]
|
||||
--add-endpoint=[fqdn=FQDN],[instance=INSTANCE],[ip=IP],[ipv6=IPV6],[port=PORT]
|
||||
The network endpoint to add to the network endpoint group. Keys used
|
||||
depend on the endpoint type of the NEG.
|
||||
|
||||
|
|
@ -51,20 +52,31 @@ REQUIRED FLAGS
|
|||
is deleted, then any network endpoint group that has a reference
|
||||
to it is updated.
|
||||
|
||||
*ip* - Optional IP address of the network endpoint. the IP address
|
||||
*ip* - Optional IP address of the network endpoint. The IP address
|
||||
must belong to a VM in compute engine (either the primary IP or
|
||||
as part of an aliased IP range). If the IP address is not
|
||||
specified, then the primary IP address for the VM instance in
|
||||
the network that the network endpoint group belongs to is
|
||||
used.
|
||||
|
||||
*ipv6* - Optional IPv6 address of the network endpoint. The IPv6
|
||||
address must belong to a VM in compute engine (either the internal
|
||||
or external IPv6 address).
|
||||
|
||||
At least one of the ip and ipv6 must be specified.
|
||||
|
||||
*port* - Required endpoint port unless NEG default port is set.
|
||||
|
||||
internet-ip-port
|
||||
|
||||
*ip* - Required IP address of the endpoint to attach. Must be
|
||||
*ip* - Optional IPv4 address of the endpoint to attach. Must be
|
||||
publicly routable.
|
||||
|
||||
*ipv6* - Optional IPv6 address of the endpoint to attach. Must be
|
||||
publicly routable.
|
||||
|
||||
At least one of the ip and ipv6 must be specified.
|
||||
|
||||
*port* - Optional port of the endpoint to attach. If unspecified,
|
||||
the NEG default port is set. If no default port is set, the
|
||||
well-known port for the backend protocol is used instead
|
||||
|
|
@ -85,12 +97,20 @@ REQUIRED FLAGS
|
|||
|
||||
non-gcp-private-ip-port
|
||||
|
||||
*ip* - Required IP address of the network endpoint to attach. The
|
||||
IP address must belong to a VM not in Compute Engine and
|
||||
must be routable using a Cloud Router over VPN or an Interconnect connection.
|
||||
*ip* - Optional IPv4 address of the network endpoint to attach.
|
||||
The IP address must belong to a VM not in Compute Engine and must
|
||||
be routable using a Cloud Router over VPN or an Interconnect
|
||||
connection.
|
||||
|
||||
*port* - Required port of the network endpoint to attach unless the
|
||||
NEG default port is set.
|
||||
*ipv6* - Optional IPv6 address of the network endpoint to attach.
|
||||
The IP address must belong to a VM not in Compute Engine and must
|
||||
be routable using a Cloud Router over VPN or an Interconnect
|
||||
connection.
|
||||
|
||||
At least one of the ip and ipv6 must be specified.
|
||||
|
||||
*port* - Required port of the network endpoint to attach unless
|
||||
the NEG default port is set.
|
||||
|
||||
gce-vm-primary-ip
|
||||
|
||||
|
|
@ -119,7 +139,7 @@ REQUIRED FLAGS
|
|||
IP address must be the VM's network interface address. If not
|
||||
specified, the primary NIC address is used.
|
||||
|
||||
--remove-endpoint=[fqdn=FQDN],[instance=INSTANCE],[ip=IP],[port=PORT]
|
||||
--remove-endpoint=[fqdn=FQDN],[instance=INSTANCE],[ip=IP],[ipv6=IPV6],[port=PORT]
|
||||
The network endpoint to detach from the network endpoint group. Keys
|
||||
used depend on the endpoint type of the NEG.
|
||||
|
||||
|
|
@ -129,14 +149,21 @@ REQUIRED FLAGS
|
|||
detach. If the IP address is unset, all endpoints for the
|
||||
instance in the NEG are detached.
|
||||
|
||||
*ip* - Optional IP address of the network endpoint to detach.
|
||||
*ip* - Optional IPv4 address of the network endpoint to detach.
|
||||
If specified port must be provided as well.
|
||||
|
||||
*ipv6* - Optional IPv6 address of the network endpoint to detach.
|
||||
If specified port must be provided as well.
|
||||
|
||||
*port* - Optional port of the network endpoint to detach.
|
||||
|
||||
internet-ip-port
|
||||
|
||||
*ip* - Required IP address of the network endpoint to detach.
|
||||
*ip* - Required IPv4 address of the network endpoint to detach.
|
||||
|
||||
*ipv6* - Required IPv6 address of the network endpoint to detach.
|
||||
|
||||
At least one of the ip and ipv6 must be specified.
|
||||
|
||||
*port* - Optional port of the network endpoint to detach if the
|
||||
endpoint has a port specified.
|
||||
|
|
@ -151,7 +178,11 @@ REQUIRED FLAGS
|
|||
|
||||
non-gcp-private-ip-port
|
||||
|
||||
*ip* - Required IP address of the network endpoint to detach.
|
||||
*ip* - Required IPv4 address of the network endpoint to detach.
|
||||
|
||||
*ipv6* - Required IPv6 address of the network endpoint to detach.
|
||||
|
||||
At least one of the ip and ipv6 must be specified.
|
||||
|
||||
*port* - Required port of the network endpoint to detach unless
|
||||
NEG default port is set.
|
||||
|
|
|
|||
|
|
@ -0,0 +1,63 @@
|
|||
NAME
|
||||
gcloud alpha compute security-policies add-user-defined-field - add a user
|
||||
defined field to a Compute Engine security policy
|
||||
|
||||
SYNOPSIS
|
||||
gcloud alpha compute security-policies add-user-defined-field NAME
|
||||
--base=BASE --offset=OFFSET --size=SIZE
|
||||
--user-defined-field-name=USER_DEFINED_FIELD_NAME [--mask=MASK]
|
||||
[--region=REGION] [GCLOUD_WIDE_FLAG ...]
|
||||
|
||||
DESCRIPTION
|
||||
(ALPHA) gcloud alpha compute security-policies add-user-defined-field is
|
||||
used to add user defined fields to security policies.
|
||||
|
||||
EXAMPLES
|
||||
To add a user defined field run this:
|
||||
|
||||
$ gcloud alpha compute security-policies add-user-defined-field \
|
||||
SECURITY_POLICY --user-defined-field-name=my-field --base=ipv6 \
|
||||
--offset=10 --size=3
|
||||
|
||||
POSITIONAL ARGUMENTS
|
||||
NAME
|
||||
Name of the security policy to update.
|
||||
|
||||
REQUIRED FLAGS
|
||||
--base=BASE
|
||||
The base relative to which offset is measured. BASE must be one of:
|
||||
ipv4, ipv6, tcp, udp.
|
||||
|
||||
--offset=OFFSET
|
||||
Offset of the first byte of the field (in network byte order) relative
|
||||
to base.
|
||||
|
||||
--size=SIZE
|
||||
Size of the field in bytes. Valid values: 1-4.
|
||||
|
||||
--user-defined-field-name=USER_DEFINED_FIELD_NAME
|
||||
The name for the user defined field.
|
||||
|
||||
OPTIONAL FLAGS
|
||||
--mask=MASK
|
||||
If specified, apply this mask (bitwise AND) to the field to ignore bits
|
||||
before matching. Encoded as a hexadecimal number (starting with "0x").
|
||||
|
||||
--region=REGION
|
||||
Region of the security policy to update. Overrides the default
|
||||
compute/region property value for this command invocation.
|
||||
|
||||
GCLOUD WIDE FLAGS
|
||||
These flags are available to all commands: --access-token-file, --account,
|
||||
--billing-project, --configuration, --flags-file, --flatten, --format,
|
||||
--help, --impersonate-service-account, --log-http, --project, --quiet,
|
||||
--trace-token, --user-output-enabled, --verbosity.
|
||||
|
||||
Run $ gcloud help for details.
|
||||
|
||||
NOTES
|
||||
This command is currently in alpha and might change without notice. If this
|
||||
command fails with API permission errors despite specifying the correct
|
||||
project, you might be trying to access an API with an invitation-only early
|
||||
access allowlist.
|
||||
|
||||
|
|
@ -33,6 +33,9 @@ GROUPS
|
|||
COMMANDS
|
||||
COMMAND is one of the following:
|
||||
|
||||
add-user-defined-field
|
||||
(ALPHA) Add a user defined field to a Compute Engine security policy.
|
||||
|
||||
create
|
||||
(ALPHA) Create a Compute Engine security policy.
|
||||
|
||||
|
|
@ -54,6 +57,10 @@ COMMANDS
|
|||
list-preconfigured-expression-sets
|
||||
(ALPHA) List all available preconfigured expression sets.
|
||||
|
||||
remove-user-defined-field
|
||||
(ALPHA) Remove a user defined field from a Compute Engine security
|
||||
policy.
|
||||
|
||||
update
|
||||
(ALPHA) Update a Compute Engine security policy.
|
||||
|
||||
|
|
|
|||
|
|
@ -0,0 +1,46 @@
|
|||
NAME
|
||||
gcloud alpha compute security-policies remove-user-defined-field - remove a
|
||||
user defined field from a Compute Engine security policy
|
||||
|
||||
SYNOPSIS
|
||||
gcloud alpha compute security-policies remove-user-defined-field NAME
|
||||
--user-defined-field-name=USER_DEFINED_FIELD_NAME [--region=REGION]
|
||||
[GCLOUD_WIDE_FLAG ...]
|
||||
|
||||
DESCRIPTION
|
||||
(ALPHA) gcloud alpha compute security-policies remove-user-defined-field is
|
||||
used to remove user defined fields from security policies.
|
||||
|
||||
EXAMPLES
|
||||
To remove a user defined field run this:
|
||||
|
||||
$ gcloud alpha compute security-policies remove-user-defined-field \
|
||||
SECURITY_POLICY --user-defined-field-name=my-field
|
||||
|
||||
POSITIONAL ARGUMENTS
|
||||
NAME
|
||||
Name of the security policy to update.
|
||||
|
||||
REQUIRED FLAGS
|
||||
--user-defined-field-name=USER_DEFINED_FIELD_NAME
|
||||
The name of the user defined field to remove.
|
||||
|
||||
OPTIONAL FLAGS
|
||||
--region=REGION
|
||||
Region of the security policy to update. Overrides the default
|
||||
compute/region property value for this command invocation.
|
||||
|
||||
GCLOUD WIDE FLAGS
|
||||
These flags are available to all commands: --access-token-file, --account,
|
||||
--billing-project, --configuration, --flags-file, --flatten, --format,
|
||||
--help, --impersonate-service-account, --log-http, --project, --quiet,
|
||||
--trace-token, --user-output-enabled, --verbosity.
|
||||
|
||||
Run $ gcloud help for details.
|
||||
|
||||
NOTES
|
||||
This command is currently in alpha and might change without notice. If this
|
||||
command fails with API permission errors despite specifying the correct
|
||||
project, you might be trying to access an API with an invitation-only early
|
||||
access allowlist.
|
||||
|
||||
|
|
@ -5,7 +5,15 @@ NAME
|
|||
SYNOPSIS
|
||||
gcloud alpha compute security-policies rules create PRIORITY
|
||||
--action=ACTION
|
||||
(--expression=EXPRESSION | --src-ip-ranges=[SRC_IP_RANGE,...])
|
||||
(--expression=EXPRESSION --network-dest-ip-ranges=[DEST_IP_RANGE,...]
|
||||
--network-dest-ports=[DEST_PORT,...]
|
||||
--network-ip-protocols=[IP_PROTOCOL,...]
|
||||
--network-src-asns=[SRC_ASN,...]
|
||||
--network-src-ip-ranges=[SRC_IP_RANGE,...]
|
||||
--network-src-ports=[SRC_PORT,...]
|
||||
--network-src-region-codes=[SRC_REGION_CODE,...]
|
||||
--network-user-defined-fields=[NAME;VALUE:VALUE:...,...]
|
||||
--src-ip-ranges=[SRC_IP_RANGE,...])
|
||||
[--ban-duration-sec=BAN_DURATION_SEC]
|
||||
[--ban-threshold-count=BAN_THRESHOLD_COUNT]
|
||||
[--ban-threshold-interval-sec=BAN_THRESHOLD_INTERVAL_SEC]
|
||||
|
|
@ -81,11 +89,48 @@ REQUIRED FLAGS
|
|||
|
||||
Security policy rule matcher.
|
||||
|
||||
Exactly one of these must be specified:
|
||||
At least one of these must be specified:
|
||||
|
||||
--expression=EXPRESSION
|
||||
The Cloud Armor rules language expression to match for this rule.
|
||||
|
||||
--network-dest-ip-ranges=[DEST_IP_RANGE,...]
|
||||
The destination IPs/IP ranges to match for this rule. To match all
|
||||
IPs specify *.
|
||||
|
||||
--network-dest-ports=[DEST_PORT,...]
|
||||
The destination ports to match for this rule. Each element can be an
|
||||
16-bit unsigned decimal number (e.g. "80") or range (e.g."0-1023"),
|
||||
To match all destination ports specify *.
|
||||
|
||||
--network-ip-protocols=[IP_PROTOCOL,...]
|
||||
The IP protocols to match for this rule. Each element can be an 8-bit
|
||||
unsigned decimal number (e.g. "6"), range (e.g."253-254"), or one of
|
||||
the following protocol names: "tcp", "udp", "icmp", "esp", "ah",
|
||||
"ipip", or "sctp". To match all protocols specify *.
|
||||
|
||||
--network-src-asns=[SRC_ASN,...]
|
||||
BGP Autonomous System Number associated with the source IP address to
|
||||
match for this rule.
|
||||
|
||||
--network-src-ip-ranges=[SRC_IP_RANGE,...]
|
||||
The source IPs/IP ranges to match for this rule. To match all IPs
|
||||
specify *.
|
||||
|
||||
--network-src-ports=[SRC_PORT,...]
|
||||
The source ports to match for this rule. Each element can be an
|
||||
16-bit unsigned decimal number (e.g. "80") or range (e.g."0-1023"),
|
||||
To match all source ports specify *.
|
||||
|
||||
--network-src-region-codes=[SRC_REGION_CODE,...]
|
||||
The two letter ISO 3166-1 alpha-2 country code associated with the
|
||||
source IP address to match for this rule. To match all region codes
|
||||
specify *.
|
||||
|
||||
--network-user-defined-fields=[NAME;VALUE:VALUE:...,...]
|
||||
Each element names a defined field and lists the matching values for
|
||||
that field.
|
||||
|
||||
--src-ip-ranges=[SRC_IP_RANGE,...]
|
||||
The source IPs/IP ranges to match for this rule. To match all IPs
|
||||
specify *.
|
||||
|
|
|
|||
|
|
@ -23,8 +23,15 @@ SYNOPSIS
|
|||
[--redirect-target=REDIRECT_TARGET] [--redirect-type=REDIRECT_TYPE]
|
||||
[--request-headers-to-add=[REQUEST_HEADERS_TO_ADD,...]]
|
||||
[--security-policy=SECURITY_POLICY]
|
||||
[--expression=EXPRESSION | --src-ip-ranges=[SRC_IP_RANGE,...]]
|
||||
[GCLOUD_WIDE_FLAG ...]
|
||||
[--expression=EXPRESSION --network-dest-ip-ranges=[DEST_IP_RANGE,...]
|
||||
--network-dest-ports=[DEST_PORT,...]
|
||||
--network-ip-protocols=[IP_PROTOCOL,...]
|
||||
--network-src-asns=[SRC_ASN,...]
|
||||
--network-src-ip-ranges=[SRC_IP_RANGE,...]
|
||||
--network-src-ports=[SRC_PORT,...]
|
||||
--network-src-region-codes=[SRC_REGION_CODE,...]
|
||||
--network-user-defined-fields=[NAME;VALUE:VALUE:...,...]
|
||||
--src-ip-ranges=[SRC_IP_RANGE,...]] [GCLOUD_WIDE_FLAG ...]
|
||||
|
||||
DESCRIPTION
|
||||
(ALPHA) gcloud alpha compute security-policies rules update is used to
|
||||
|
|
@ -211,11 +218,46 @@ FLAGS
|
|||
|
||||
Security policy rule matcher.
|
||||
|
||||
At most one of these can be specified:
|
||||
|
||||
--expression=EXPRESSION
|
||||
The Cloud Armor rules language expression to match for this rule.
|
||||
|
||||
--network-dest-ip-ranges=[DEST_IP_RANGE,...]
|
||||
The destination IPs/IP ranges to match for this rule. To match all
|
||||
IPs specify *.
|
||||
|
||||
--network-dest-ports=[DEST_PORT,...]
|
||||
The destination ports to match for this rule. Each element can be an
|
||||
16-bit unsigned decimal number (e.g. "80") or range (e.g."0-1023"),
|
||||
To match all destination ports specify *.
|
||||
|
||||
--network-ip-protocols=[IP_PROTOCOL,...]
|
||||
The IP protocols to match for this rule. Each element can be an 8-bit
|
||||
unsigned decimal number (e.g. "6"), range (e.g."253-254"), or one of
|
||||
the following protocol names: "tcp", "udp", "icmp", "esp", "ah",
|
||||
"ipip", or "sctp". To match all protocols specify *.
|
||||
|
||||
--network-src-asns=[SRC_ASN,...]
|
||||
BGP Autonomous System Number associated with the source IP address to
|
||||
match for this rule.
|
||||
|
||||
--network-src-ip-ranges=[SRC_IP_RANGE,...]
|
||||
The source IPs/IP ranges to match for this rule. To match all IPs
|
||||
specify *.
|
||||
|
||||
--network-src-ports=[SRC_PORT,...]
|
||||
The source ports to match for this rule. Each element can be an
|
||||
16-bit unsigned decimal number (e.g. "80") or range (e.g."0-1023"),
|
||||
To match all source ports specify *.
|
||||
|
||||
--network-src-region-codes=[SRC_REGION_CODE,...]
|
||||
The two letter ISO 3166-1 alpha-2 country code associated with the
|
||||
source IP address to match for this rule. To match all region codes
|
||||
specify *.
|
||||
|
||||
--network-user-defined-fields=[NAME;VALUE:VALUE:...,...]
|
||||
Each element names a defined field and lists the matching values for
|
||||
that field.
|
||||
|
||||
--src-ip-ranges=[SRC_IP_RANGE,...]
|
||||
The source IPs/IP ranges to match for this rule. To match all IPs
|
||||
specify *.
|
||||
|
|
|
|||
|
|
@ -38,6 +38,9 @@ COMMANDS
|
|||
list-nodes
|
||||
(ALPHA) List Compute Engine sole-tenant nodes present in a nodegroup.
|
||||
|
||||
perform-maintenance
|
||||
(ALPHA) Perform maintenance on nodes in a Compute Engine node group.
|
||||
|
||||
remove-iam-policy-binding
|
||||
(ALPHA) Remove IAM policy binding from a Compute Engine node group.
|
||||
|
||||
|
|
|
|||
|
|
@ -0,0 +1,67 @@
|
|||
NAME
|
||||
gcloud alpha compute sole-tenancy node-groups perform-maintenance - perform
|
||||
maintenance on nodes in a Compute Engine node group
|
||||
|
||||
SYNOPSIS
|
||||
gcloud alpha compute sole-tenancy node-groups perform-maintenance NAME
|
||||
--nodes=NODE,[NODE,...] [--start-time=START_TIME] [--zone=ZONE]
|
||||
[GCLOUD_WIDE_FLAG ...]
|
||||
|
||||
DESCRIPTION
|
||||
(ALPHA) Perform maintenance on nodes in a Compute Engine node group.
|
||||
|
||||
EXAMPLES
|
||||
To perform maintenance on nodes in a node group, run:
|
||||
|
||||
$ gcloud alpha compute sole-tenancy node-groups \
|
||||
perform-maintenance my-node-group --nodes=node-1,node-2 \
|
||||
--start-time=2023-05-01T00:00:00.000-08:00
|
||||
|
||||
POSITIONAL ARGUMENTS
|
||||
NAME
|
||||
Name of the node group to operate on.
|
||||
|
||||
REQUIRED FLAGS
|
||||
--nodes=NODE,[NODE,...]
|
||||
The names of the nodes to perform maintenance on.
|
||||
|
||||
OPTIONAL FLAGS
|
||||
--start-time=START_TIME
|
||||
The requested time for the maintenance window to start. The timestamp
|
||||
must be an RFC3339 valid string.
|
||||
|
||||
--zone=ZONE
|
||||
Zone of the node group to operate on. If not specified and the
|
||||
compute/zone property isn't set, you might be prompted to select a zone
|
||||
(interactive mode only).
|
||||
|
||||
To avoid prompting when this flag is omitted, you can set the
|
||||
compute/zone property:
|
||||
|
||||
$ gcloud config set compute/zone ZONE
|
||||
|
||||
A list of zones can be fetched by running:
|
||||
|
||||
$ gcloud compute zones list
|
||||
|
||||
To unset the property, run:
|
||||
|
||||
$ gcloud config unset compute/zone
|
||||
|
||||
Alternatively, the zone can be stored in the environment variable
|
||||
CLOUDSDK_COMPUTE_ZONE.
|
||||
|
||||
GCLOUD WIDE FLAGS
|
||||
These flags are available to all commands: --access-token-file, --account,
|
||||
--billing-project, --configuration, --flags-file, --flatten, --format,
|
||||
--help, --impersonate-service-account, --log-http, --project, --quiet,
|
||||
--trace-token, --user-output-enabled, --verbosity.
|
||||
|
||||
Run $ gcloud help for details.
|
||||
|
||||
NOTES
|
||||
This command is currently in alpha and might change without notice. If this
|
||||
command fails with API permission errors despite specifying the correct
|
||||
project, you might be trying to access an API with an invitation-only early
|
||||
access allowlist.
|
||||
|
||||
|
|
@ -43,6 +43,9 @@ COMMANDS
|
|||
list
|
||||
(ALPHA) List Google Compute Engine target instances.
|
||||
|
||||
update
|
||||
(ALPHA) Update a Compute Engine target instance.
|
||||
|
||||
NOTES
|
||||
This command is currently in alpha and might change without notice. If this
|
||||
command fails with API permission errors despite specifying the correct
|
||||
|
|
|
|||
69
gcloud/alpha/compute/target-instances/update
Normal file
69
gcloud/alpha/compute/target-instances/update
Normal file
|
|
@ -0,0 +1,69 @@
|
|||
NAME
|
||||
gcloud alpha compute target-instances update - update a Compute Engine
|
||||
target instance
|
||||
|
||||
SYNOPSIS
|
||||
gcloud alpha compute target-instances update NAME
|
||||
[--security-policy=SECURITY_POLICY]
|
||||
[--security-policy-region=SECURITY_POLICY_REGION] [--zone=ZONE]
|
||||
[GCLOUD_WIDE_FLAG ...]
|
||||
|
||||
DESCRIPTION
|
||||
(ALPHA) gcloud alpha compute target-instances update updates a Compute
|
||||
Engine target instance.
|
||||
|
||||
EXAMPLES
|
||||
To update the security policy run this:
|
||||
|
||||
$ gcloud alpha compute target-instances update TARGET_INSTANCE \
|
||||
--security-policy='my-policy'
|
||||
|
||||
POSITIONAL ARGUMENTS
|
||||
NAME
|
||||
Name of the target instance to update.
|
||||
|
||||
FLAGS
|
||||
--security-policy=SECURITY_POLICY
|
||||
The security policy that will be set for this target instance. To
|
||||
remove the policy from this target instance set the policy to an empty
|
||||
string.
|
||||
|
||||
--security-policy-region=SECURITY_POLICY_REGION
|
||||
Region of the security policy to operate on. Overrides the default
|
||||
compute/region property value for this command invocation.
|
||||
|
||||
--zone=ZONE
|
||||
Zone of the target instance to update. If not specified and the
|
||||
compute/zone property isn't set, you might be prompted to select a zone
|
||||
(interactive mode only).
|
||||
|
||||
To avoid prompting when this flag is omitted, you can set the
|
||||
compute/zone property:
|
||||
|
||||
$ gcloud config set compute/zone ZONE
|
||||
|
||||
A list of zones can be fetched by running:
|
||||
|
||||
$ gcloud compute zones list
|
||||
|
||||
To unset the property, run:
|
||||
|
||||
$ gcloud config unset compute/zone
|
||||
|
||||
Alternatively, the zone can be stored in the environment variable
|
||||
CLOUDSDK_COMPUTE_ZONE.
|
||||
|
||||
GCLOUD WIDE FLAGS
|
||||
These flags are available to all commands: --access-token-file, --account,
|
||||
--billing-project, --configuration, --flags-file, --flatten, --format,
|
||||
--help, --impersonate-service-account, --log-http, --project, --quiet,
|
||||
--trace-token, --user-output-enabled, --verbosity.
|
||||
|
||||
Run $ gcloud help for details.
|
||||
|
||||
NOTES
|
||||
This command is currently in alpha and might change without notice. If this
|
||||
command fails with API permission errors despite specifying the correct
|
||||
project, you might be trying to access an API with an invitation-only early
|
||||
access allowlist.
|
||||
|
||||
|
|
@ -58,6 +58,9 @@ COMMANDS
|
|||
set-backup
|
||||
(ALPHA) Set a backup pool for a target pool.
|
||||
|
||||
update
|
||||
(ALPHA) Update a Compute Engine target pool.
|
||||
|
||||
NOTES
|
||||
This command is currently in alpha and might change without notice. If this
|
||||
command fails with API permission errors despite specifying the correct
|
||||
|
|
|
|||
67
gcloud/alpha/compute/target-pools/update
Normal file
67
gcloud/alpha/compute/target-pools/update
Normal file
|
|
@ -0,0 +1,67 @@
|
|||
NAME
|
||||
gcloud alpha compute target-pools update - update a Compute Engine target
|
||||
pool
|
||||
|
||||
SYNOPSIS
|
||||
gcloud alpha compute target-pools update NAME [--region=REGION]
|
||||
[--security-policy=SECURITY_POLICY]
|
||||
[--security-policy-region=SECURITY_POLICY_REGION]
|
||||
[GCLOUD_WIDE_FLAG ...]
|
||||
|
||||
DESCRIPTION
|
||||
(ALPHA) gcloud alpha compute target-pools update updates a Compute Engine
|
||||
target pool.
|
||||
|
||||
EXAMPLES
|
||||
To update the security policy run this:
|
||||
|
||||
$ gcloud alpha compute target-pools update TARGET_POOL \
|
||||
--security-policy='my-policy'
|
||||
|
||||
POSITIONAL ARGUMENTS
|
||||
NAME
|
||||
The name of the target pool.
|
||||
|
||||
FLAGS
|
||||
--region=REGION
|
||||
Region of the target pool to update. If not specified, you might be
|
||||
prompted to select a region (interactive mode only).
|
||||
|
||||
To avoid prompting when this flag is omitted, you can set the
|
||||
compute/region property:
|
||||
|
||||
$ gcloud config set compute/region REGION
|
||||
|
||||
A list of regions can be fetched by running:
|
||||
|
||||
$ gcloud compute regions list
|
||||
|
||||
To unset the property, run:
|
||||
|
||||
$ gcloud config unset compute/region
|
||||
|
||||
Alternatively, the region can be stored in the environment variable
|
||||
CLOUDSDK_COMPUTE_REGION.
|
||||
|
||||
--security-policy=SECURITY_POLICY
|
||||
The security policy that will be set for this target pool. To remove
|
||||
the policy from this target pool set the policy to an empty string.
|
||||
|
||||
--security-policy-region=SECURITY_POLICY_REGION
|
||||
Region of the security policy to operate on. Overrides the default
|
||||
compute/region property value for this command invocation.
|
||||
|
||||
GCLOUD WIDE FLAGS
|
||||
These flags are available to all commands: --access-token-file, --account,
|
||||
--billing-project, --configuration, --flags-file, --flatten, --format,
|
||||
--help, --impersonate-service-account, --log-http, --project, --quiet,
|
||||
--trace-token, --user-output-enabled, --verbosity.
|
||||
|
||||
Run $ gcloud help for details.
|
||||
|
||||
NOTES
|
||||
This command is currently in alpha and might change without notice. If this
|
||||
command fails with API permission errors despite specifying the correct
|
||||
project, you might be trying to access an API with an invitation-only early
|
||||
access allowlist.
|
||||
|
||||
|
|
@ -8,10 +8,12 @@ SYNOPSIS
|
|||
--runtime-version=RUNTIME_VERSION
|
||||
(--node-id=NODE_ID | --node-count=NODE_COUNT --node-prefix=NODE_PREFIX)
|
||||
[--async] [--best-effort] [--guaranteed] [--internal-ips]
|
||||
[--network=NETWORK; default="default"]
|
||||
[--reservation-host-folder=RESERVATION_HOST_FOLDER]
|
||||
[--reservation-host-organization=RESERVATION_HOST_ORGANIZATION]
|
||||
[--reservation-host-project=RESERVATION_HOST_PROJECT] [--reserved]
|
||||
[--valid-after-duration=VALID_AFTER_DURATION]
|
||||
[--scopes=[SCOPES,...]] [--service-account=SERVICE_ACCOUNT]
|
||||
[--subnetwork=SUBNETWORK] [--valid-after-duration=VALID_AFTER_DURATION]
|
||||
[--valid-after-time=VALID_AFTER_TIME]
|
||||
[--valid-until-duration=VALID_UNTIL_DURATION]
|
||||
[--valid-until-time=VALID_UNTIL_TIME] [GCLOUD_WIDE_FLAG ...]
|
||||
|
|
@ -127,6 +129,9 @@ OPTIONAL FLAGS
|
|||
default is that external IP addresses will be associated with the TPU
|
||||
workers.
|
||||
|
||||
--network=NETWORK; default="default"
|
||||
Network that this TPU will be a part of.
|
||||
|
||||
--reservation-host-folder=RESERVATION_HOST_FOLDER
|
||||
The folder hosting the reservation that the TPU should use. Only one
|
||||
reservation host entity may be specified.
|
||||
|
|
@ -144,6 +149,17 @@ OPTIONAL FLAGS
|
|||
|
||||
If this flag is set the guaranteed flag is also set.
|
||||
|
||||
--scopes=[SCOPES,...]
|
||||
List of comma-separated scopes to be made available for the service
|
||||
account.
|
||||
|
||||
--service-account=SERVICE_ACCOUNT
|
||||
Email address of the service account. If empty, default Google Compute
|
||||
Engine service account will be used.
|
||||
|
||||
--subnetwork=SUBNETWORK
|
||||
Subnetwork that this TPU will be a part of.
|
||||
|
||||
--valid-after-duration=VALID_AFTER_DURATION
|
||||
A duration before which the TPU must not be provisioned, relative to
|
||||
the current time. See $ gcloud topic datetimes for information on
|
||||
|
|
|
|||
|
|
@ -4,7 +4,8 @@ NAME
|
|||
|
||||
SYNOPSIS
|
||||
gcloud alpha compute tpus queued-resources delete
|
||||
(QUEUED_RESOURCE : --zone=ZONE) [--async] [GCLOUD_WIDE_FLAG ...]
|
||||
(QUEUED_RESOURCE : --zone=ZONE) [--async] [--force]
|
||||
[GCLOUD_WIDE_FLAG ...]
|
||||
|
||||
DESCRIPTION
|
||||
(ALPHA) Delete an existing Queued Resource.
|
||||
|
|
@ -56,6 +57,11 @@ FLAGS
|
|||
Return immediately, without waiting for the operation in progress to
|
||||
complete.
|
||||
|
||||
--force
|
||||
If set to true, any nodes in this queued resource will also be deleted.
|
||||
Otherwise, the request will only work if the queued resource has no
|
||||
nodes.
|
||||
|
||||
GCLOUD WIDE FLAGS
|
||||
These flags are available to all commands: --access-token-file, --account,
|
||||
--billing-project, --configuration, --flags-file, --flatten, --format,
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue