From 4558a00e48f3c7f3f0df29a00db54e48560d503e Mon Sep 17 00:00:00 2001 From: Automated Date: Wed, 26 Jul 2023 10:48:49 +0000 Subject: [PATCH] gcloud: Wed Jul 26 10:48:49 UTC 2023 --- gcloud/_version | 8 +- .../billing/accounts/add-iam-policy-binding | 2 +- gcloud/alpha/billing/accounts/describe | 4 + gcloud/alpha/billing/accounts/get-iam-policy | 2 +- gcloud/alpha/billing/accounts/list | 4 + .../accounts/remove-iam-policy-binding | 2 +- gcloud/alpha/billing/accounts/set-iam-policy | 2 +- gcloud/alpha/billing/help | 4 +- gcloud/alpha/billing/projects/describe | 4 + gcloud/alpha/billing/projects/link | 23 +- gcloud/alpha/billing/projects/list | 4 + gcloud/alpha/billing/projects/unlink | 14 +- .../builds/triggers/create/bitbucketserver | 14 +- gcloud/alpha/builds/triggers/create/github | 9 +- gcloud/alpha/builds/triggers/create/gitlab | 14 +- .../builds/triggers/create/gitlab-enterprise | 230 ------------------ gcloud/alpha/builds/triggers/create/help | 3 - gcloud/alpha/composer/environments/create | 2 +- gcloud/alpha/composer/environments/update | 7 + gcloud/alpha/compute/backend-buckets/create | 4 +- gcloud/alpha/compute/backend-buckets/update | 2 +- gcloud/alpha/compute/backend-services/create | 117 ++++----- gcloud/alpha/compute/backend-services/update | 98 ++++---- gcloud/alpha/compute/forwarding-rules/create | 27 +- .../alpha/compute/forwarding-rules/set-target | 27 +- .../alpha/compute/http-health-checks/create | 10 +- .../compute/instance-groups/get-named-ports | 4 +- .../instance-groups/managed/get-named-ports | 4 +- .../instance-groups/managed/set-named-ports | 4 +- .../compute/instance-groups/set-named-ports | 4 +- .../instance-groups/unmanaged/get-named-ports | 4 +- .../instance-groups/unmanaged/set-named-ports | 4 +- gcloud/alpha/compute/instances/create | 4 + .../compute/resource-policies/update/help | 4 +- .../update/snapshot-schedule | 12 +- gcloud/alpha/compute/routers/nats/create | 4 +- .../alpha/compute/routers/nats/rules/create | 2 +- .../alpha/compute/routers/nats/rules/update | 2 +- gcloud/alpha/compute/routers/nats/update | 4 +- gcloud/alpha/compute/ssl-certificates/help | 4 +- gcloud/alpha/compute/tpus/tpu-vm/update | 40 +++ .../backup-restore/restore-plans/create | 67 ++--- .../backup-restore/restore-plans/update | 23 +- gcloud/alpha/container/clusters/create | 53 ++-- gcloud/alpha/container/clusters/create-auto | 11 - gcloud/alpha/container/clusters/update | 25 +- gcloud/alpha/container/fleet/help | 3 + .../alpha/container/fleet/operations/describe | 63 +++++ gcloud/alpha/container/fleet/operations/help | 27 ++ gcloud/alpha/container/fleet/scopes/update | 4 +- gcloud/alpha/container/hub/help | 3 + .../alpha/container/hub/operations/describe | 63 +++++ gcloud/alpha/container/hub/operations/help | 27 ++ gcloud/alpha/container/hub/scopes/update | 4 +- gcloud/alpha/container/node-pools/create | 52 +++- gcloud/alpha/container/node-pools/update | 2 - gcloud/alpha/dataproc/clusters/create | 4 + gcloud/alpha/dataproc/clusters/update | 7 +- .../workflow-templates/set-managed-cluster | 4 + .../functions/add-invoker-policy-binding | 8 +- gcloud/alpha/functions/deploy | 23 +- .../functions/remove-invoker-policy-binding | 8 +- gcloud/alpha/functions/upgrade | 4 +- gcloud/alpha/healthcare/dicom-stores/create | 6 +- gcloud/alpha/healthcare/dicom-stores/update | 6 +- gcloud/alpha/kms/keys/create | 16 +- gcloud/alpha/kms/keys/update | 3 +- gcloud/alpha/kms/keys/versions/create | 3 +- gcloud/alpha/kms/keys/versions/import | 25 +- gcloud/alpha/metastore/operations/cancel | 4 +- .../security-profile-groups/create | 2 +- .../security-profile-groups/delete | 2 +- .../security-profile-groups/describe | 2 +- .../security-profile-groups/update | 2 +- .../threat-prevention/delete | 2 +- gcloud/alpha/scc/custom-modules/etd/create | 69 ++++++ gcloud/alpha/scc/custom-modules/etd/delete | 47 ++++ gcloud/alpha/scc/custom-modules/etd/get | 47 ++++ gcloud/alpha/scc/custom-modules/etd/help | 38 +++ gcloud/alpha/scc/custom-modules/etd/list | 69 ++++++ gcloud/alpha/scc/custom-modules/etd/update | 64 +++++ gcloud/alpha/scc/custom-modules/help | 3 + gcloud/alpha/storage/buckets/create | 15 +- gcloud/alpha/workstations/configs/create | 5 +- gcloud/alpha/workstations/configs/update | 14 ++ .../billing/accounts/add-iam-policy-binding | 2 +- gcloud/beta/billing/accounts/describe | 4 + gcloud/beta/billing/accounts/get-iam-policy | 2 +- gcloud/beta/billing/accounts/list | 4 + .../accounts/remove-iam-policy-binding | 2 +- gcloud/beta/billing/accounts/set-iam-policy | 2 +- gcloud/beta/billing/projects/describe | 4 + gcloud/beta/billing/projects/link | 23 +- gcloud/beta/billing/projects/unlink | 14 +- .../builds/triggers/create/bitbucketserver | 14 +- gcloud/beta/builds/triggers/create/github | 9 +- gcloud/beta/builds/triggers/create/gitlab | 14 +- .../builds/triggers/create/gitlab-enterprise | 228 ----------------- gcloud/beta/builds/triggers/create/help | 3 - gcloud/beta/composer/environments/create | 2 +- gcloud/beta/composer/environments/update | 7 + gcloud/beta/compute/backend-buckets/create | 4 +- gcloud/beta/compute/backend-buckets/update | 2 +- gcloud/beta/compute/backend-services/create | 117 +++++---- gcloud/beta/compute/backend-services/update | 106 ++++---- gcloud/beta/compute/disks/create | 9 +- .../compute/firewall-policies/rules/create | 23 +- .../compute/firewall-policies/rules/update | 23 +- gcloud/beta/compute/forwarding-rules/create | 27 +- .../beta/compute/forwarding-rules/set-target | 27 +- gcloud/beta/compute/http-health-checks/create | 10 +- .../compute/instance-groups/get-named-ports | 4 +- .../instance-groups/managed/get-named-ports | 4 +- .../instance-groups/managed/set-named-ports | 4 +- .../compute/instance-groups/set-named-ports | 4 +- .../instance-groups/unmanaged/get-named-ports | 4 +- .../instance-groups/unmanaged/set-named-ports | 4 +- gcloud/beta/compute/instances/create | 4 + .../network-firewall-policies/rules/create | 14 +- .../network-firewall-policies/rules/update | 14 +- gcloud/beta/compute/networks/subnets/create | 2 + .../compute/resource-policies/update/help | 6 +- .../update/snapshot-schedule | 25 +- gcloud/beta/compute/routers/nats/create | 40 ++- gcloud/beta/compute/routers/nats/rules/create | 40 ++- gcloud/beta/compute/routers/nats/rules/update | 37 ++- gcloud/beta/compute/routers/nats/update | 6 +- gcloud/beta/compute/ssl-certificates/help | 4 +- .../backup-restore/restore-plans/create | 67 ++--- .../backup-restore/restore-plans/update | 23 +- gcloud/beta/container/clusters/create | 52 ++-- gcloud/beta/container/clusters/create-auto | 11 - gcloud/beta/container/clusters/update | 25 +- gcloud/beta/container/fleet/help | 2 +- gcloud/beta/container/fleet/scopes/help | 3 + gcloud/beta/container/fleet/scopes/update | 162 ++++++++++++ gcloud/beta/container/hub/help | 2 +- gcloud/beta/container/hub/scopes/help | 3 + gcloud/beta/container/hub/scopes/update | 162 ++++++++++++ gcloud/beta/container/node-pools/create | 52 +++- gcloud/beta/container/node-pools/update | 2 - .../beta/functions/add-invoker-policy-binding | 8 +- gcloud/beta/functions/deploy | 23 +- .../functions/remove-invoker-policy-binding | 8 +- gcloud/beta/healthcare/dicom-stores/create | 6 +- gcloud/beta/healthcare/dicom-stores/update | 6 +- gcloud/beta/kms/keys/create | 16 +- gcloud/beta/kms/keys/update | 3 +- gcloud/beta/kms/keys/versions/create | 3 +- gcloud/beta/kms/keys/versions/import | 25 +- gcloud/beta/metastore/operations/cancel | 63 +++++ gcloud/beta/metastore/operations/help | 3 + .../security-profile-groups/create | 2 +- .../security-profile-groups/delete | 2 +- .../security-profile-groups/describe | 2 +- .../security-profile-groups/update | 2 +- .../threat-prevention/delete | 2 +- gcloud/beta/workstations/configs/create | 5 +- gcloud/beta/workstations/configs/update | 14 ++ gcloud/billing/help | 4 +- gcloud/builds/triggers/create/bitbucketserver | 14 +- gcloud/builds/triggers/create/github | 9 +- gcloud/builds/triggers/create/gitlab | 14 +- .../builds/triggers/create/gitlab-enterprise | 227 ----------------- gcloud/builds/triggers/create/help | 3 - gcloud/composer/environments/create | 2 +- gcloud/composer/environments/update | 7 + gcloud/compute/backend-buckets/create | 4 +- gcloud/compute/backend-buckets/update | 2 +- gcloud/compute/backend-services/create | 110 +++++---- gcloud/compute/backend-services/update | 91 +++---- gcloud/compute/forwarding-rules/create | 27 +- gcloud/compute/forwarding-rules/set-target | 27 +- gcloud/compute/http-health-checks/create | 10 +- .../compute/instance-groups/get-named-ports | 3 +- gcloud/compute/instance-groups/managed/create | 14 +- .../instance-groups/managed/get-named-ports | 3 +- .../instance-groups/managed/set-named-ports | 3 +- gcloud/compute/instance-groups/managed/update | 13 +- .../compute/instance-groups/set-named-ports | 3 +- .../instance-groups/unmanaged/get-named-ports | 3 +- .../instance-groups/unmanaged/set-named-ports | 3 +- gcloud/compute/resource-policies/help | 3 + gcloud/compute/resource-policies/update/help | 28 +++ .../update/snapshot-schedule | 130 ++++++++++ gcloud/compute/ssl-certificates/help | 4 +- gcloud/container/clusters/create | 58 +++-- gcloud/container/clusters/create-auto | 11 - gcloud/container/clusters/update | 23 +- gcloud/container/fleet/help | 2 +- gcloud/container/hub/help | 2 +- gcloud/container/node-pools/create | 52 +++- gcloud/container/node-pools/update | 2 - gcloud/functions/add-invoker-policy-binding | 8 +- gcloud/functions/deploy | 23 +- .../functions/remove-invoker-policy-binding | 8 +- gcloud/healthcare/dicom-stores/create | 14 +- gcloud/healthcare/dicom-stores/update | 14 +- gcloud/kms/keys/create | 16 +- gcloud/kms/keys/update | 3 +- gcloud/kms/keys/versions/create | 3 +- gcloud/kms/keys/versions/import | 25 +- gcloud/storage/buckets/create | 14 +- gcloud/transcoder/jobs/create | 16 +- 204 files changed, 2787 insertions(+), 1591 deletions(-) delete mode 100644 gcloud/alpha/builds/triggers/create/gitlab-enterprise create mode 100644 gcloud/alpha/container/fleet/operations/describe create mode 100644 gcloud/alpha/container/fleet/operations/help create mode 100644 gcloud/alpha/container/hub/operations/describe create mode 100644 gcloud/alpha/container/hub/operations/help create mode 100644 gcloud/alpha/scc/custom-modules/etd/create create mode 100644 gcloud/alpha/scc/custom-modules/etd/delete create mode 100644 gcloud/alpha/scc/custom-modules/etd/get create mode 100644 gcloud/alpha/scc/custom-modules/etd/help create mode 100644 gcloud/alpha/scc/custom-modules/etd/list create mode 100644 gcloud/alpha/scc/custom-modules/etd/update delete mode 100644 gcloud/beta/builds/triggers/create/gitlab-enterprise create mode 100644 gcloud/beta/container/fleet/scopes/update create mode 100644 gcloud/beta/container/hub/scopes/update create mode 100644 gcloud/beta/metastore/operations/cancel delete mode 100644 gcloud/builds/triggers/create/gitlab-enterprise create mode 100644 gcloud/compute/resource-policies/update/help create mode 100644 gcloud/compute/resource-policies/update/snapshot-schedule diff --git a/gcloud/_version b/gcloud/_version index 23eb4d7ea..529a3c6e7 100644 --- a/gcloud/_version +++ b/gcloud/_version @@ -1,8 +1,8 @@ -Google Cloud SDK 439.0.0 -alpha 2023.07.14 -beta 2023.07.14 +Google Cloud SDK 440.0.0 +alpha 2023.07.21 +beta 2023.07.21 bq 2.0.94 bundled-python3-unix 3.9.16 -core 2023.07.14 +core 2023.07.21 gcloud-crc32c 1.0.0 gsutil 5.25 diff --git a/gcloud/alpha/billing/accounts/add-iam-policy-binding b/gcloud/alpha/billing/accounts/add-iam-policy-binding index 97f914597..f8690ef9a 100644 --- a/gcloud/alpha/billing/accounts/add-iam-policy-binding +++ b/gcloud/alpha/billing/accounts/add-iam-policy-binding @@ -53,7 +53,7 @@ GCLOUD WIDE FLAGS API REFERENCE This command uses the cloudbilling/v1 API. The full documentation for this - API can be found at: https://cloud.google.com/billing/ + API can be found at: https://cloud.google.com/billing/docs/apis NOTES This command is currently in alpha and might change without notice. If this diff --git a/gcloud/alpha/billing/accounts/describe b/gcloud/alpha/billing/accounts/describe index 632971fa3..02671b695 100644 --- a/gcloud/alpha/billing/accounts/describe +++ b/gcloud/alpha/billing/accounts/describe @@ -32,6 +32,10 @@ GCLOUD WIDE FLAGS Run $ gcloud help for details. +API REFERENCE + This command uses the cloudbilling/v1 API. The full documentation for this + API can be found at: https://cloud.google.com/billing/v1/getting-started + NOTES This command is currently in alpha and might change without notice. If this command fails with API permission errors despite specifying the correct diff --git a/gcloud/alpha/billing/accounts/get-iam-policy b/gcloud/alpha/billing/accounts/get-iam-policy index 2dfe60aac..3c3111178 100644 --- a/gcloud/alpha/billing/accounts/get-iam-policy +++ b/gcloud/alpha/billing/accounts/get-iam-policy @@ -68,7 +68,7 @@ GCLOUD WIDE FLAGS API REFERENCE This command uses the cloudbilling/v1 API. The full documentation for this - API can be found at: https://cloud.google.com/billing/ + API can be found at: https://cloud.google.com/billing/docs/apis NOTES This command is currently in alpha and might change without notice. If this diff --git a/gcloud/alpha/billing/accounts/list b/gcloud/alpha/billing/accounts/list index 385b45232..2fd1185e2 100644 --- a/gcloud/alpha/billing/accounts/list +++ b/gcloud/alpha/billing/accounts/list @@ -56,6 +56,10 @@ GCLOUD WIDE FLAGS Run $ gcloud help for details. +API REFERENCE + This command uses the cloudbilling/v1 API. The full documentation for this + API can be found at: https://cloud.google.com/billing/v1/getting-started + NOTES This command is currently in alpha and might change without notice. If this command fails with API permission errors despite specifying the correct diff --git a/gcloud/alpha/billing/accounts/remove-iam-policy-binding b/gcloud/alpha/billing/accounts/remove-iam-policy-binding index 28788c101..f179f3ba4 100644 --- a/gcloud/alpha/billing/accounts/remove-iam-policy-binding +++ b/gcloud/alpha/billing/accounts/remove-iam-policy-binding @@ -54,7 +54,7 @@ GCLOUD WIDE FLAGS API REFERENCE This command uses the cloudbilling/v1 API. The full documentation for this - API can be found at: https://cloud.google.com/billing/ + API can be found at: https://cloud.google.com/billing/docs/apis NOTES This command is currently in alpha and might change without notice. If this diff --git a/gcloud/alpha/billing/accounts/set-iam-policy b/gcloud/alpha/billing/accounts/set-iam-policy index 9d158cefe..d3f9900b7 100644 --- a/gcloud/alpha/billing/accounts/set-iam-policy +++ b/gcloud/alpha/billing/accounts/set-iam-policy @@ -53,7 +53,7 @@ GCLOUD WIDE FLAGS API REFERENCE This command uses the cloudbilling/v1 API. The full documentation for this - API can be found at: https://cloud.google.com/billing/ + API can be found at: https://cloud.google.com/billing/docs/apis NOTES This command is currently in alpha and might change without notice. If this diff --git a/gcloud/alpha/billing/help b/gcloud/alpha/billing/help index 18ddd5f3d..4673e9a5c 100644 --- a/gcloud/alpha/billing/help +++ b/gcloud/alpha/billing/help @@ -11,12 +11,12 @@ DESCRIPTION EXAMPLES To list billing accounts associated with the current user, run: - $ gcloud alpha billing accounts list + $ gcloud beta billing accounts list To link one of the billing accounts 0X0X0X-0X0X0X-0X0X0X with a project my-project, run: - $ gcloud alpha billing projects link my-project \ + $ gcloud beta billing projects link my-project \ --billing-account 0X0X0X-0X0X0X-0X0X0X GCLOUD WIDE FLAGS diff --git a/gcloud/alpha/billing/projects/describe b/gcloud/alpha/billing/projects/describe index a105ad0f1..523e1747b 100644 --- a/gcloud/alpha/billing/projects/describe +++ b/gcloud/alpha/billing/projects/describe @@ -30,6 +30,10 @@ GCLOUD WIDE FLAGS Run $ gcloud help for details. +API REFERENCE + This command uses the cloudbilling/v1 API. The full documentation for this + API can be found at: https://cloud.google.com/billing/v1/getting-started + NOTES This command is currently in alpha and might change without notice. If this command fails with API permission errors despite specifying the correct diff --git a/gcloud/alpha/billing/projects/link b/gcloud/alpha/billing/projects/link index 4993ec2f9..ed6e43c13 100644 --- a/gcloud/alpha/billing/projects/link +++ b/gcloud/alpha/billing/projects/link @@ -7,11 +7,24 @@ SYNOPSIS [GCLOUD_WIDE_FLAG ...] DESCRIPTION - (ALPHA) This command links a billing account to a project. - - If the specified billing account is open, this enables billing on the + (ALPHA) This command sets or updates the billing account associated with a project. + Billing is enabled on a project when the project is linked to a valid, + active Cloud Billing account. The billing account accrues charges for the + usage of resources in all of the linked projects. If the project is already + linked to a billing account, this command moves the project to the billing + account you specify, updating the billing account that is linked to the + project. + + Note that associating a project with a closed billing account has the same + effect as disabling billing on the project: any paid resources in use by + the project are shut down, and your application stops functioning. Unless + you want to disable billing, you should always specify a valid, active + Cloud Billing account when you run this command. Learn how to confirm the + status of a Cloud Billing account at + https://cloud.google.com/billing/docs/how-to/verify-billing-enabled#billing_account_status + EXAMPLES To link a billing account 0X0X0X-0X0X0X-0X0X0X with a project my-project, run: @@ -46,6 +59,10 @@ GCLOUD WIDE FLAGS Run $ gcloud help for details. +API REFERENCE + This command uses the cloudbilling/v1 API. The full documentation for this + API can be found at: https://cloud.google.com/billing/v1/getting-started + NOTES This command is currently in alpha and might change without notice. If this command fails with API permission errors despite specifying the correct diff --git a/gcloud/alpha/billing/projects/list b/gcloud/alpha/billing/projects/list index adbe95151..7e2ec1a8c 100644 --- a/gcloud/alpha/billing/projects/list +++ b/gcloud/alpha/billing/projects/list @@ -66,6 +66,10 @@ GCLOUD WIDE FLAGS Run $ gcloud help for details. +API REFERENCE + This command uses the cloudbilling/v1 API. The full documentation for this + API can be found at: https://cloud.google.com/billing/v1/getting-started + NOTES This command is currently in alpha and might change without notice. If this command fails with API permission errors despite specifying the correct diff --git a/gcloud/alpha/billing/projects/unlink b/gcloud/alpha/billing/projects/unlink index 2d4e5a53f..0cfe19f78 100644 --- a/gcloud/alpha/billing/projects/unlink +++ b/gcloud/alpha/billing/projects/unlink @@ -6,8 +6,14 @@ SYNOPSIS gcloud alpha billing projects unlink PROJECT_ID [GCLOUD_WIDE_FLAG ...] DESCRIPTION - (ALPHA) This command unlinks a project from its linked billing account. - This disables billing on the project. + (ALPHA) This command unlinks a project from its associated billing account. + This action disables billing on the project. Any billable resources and + services in use in your project are stopped, and your application stops + functioning. Any costs accrued prior to disabling billing on the project + are charged to the previously associated billing account. + + Note: To link a project to a different billing account, use the billing + projects link command. You do not need to unlink the project first. EXAMPLES To unlink the project my-project from its linked billing account, run: @@ -26,6 +32,10 @@ GCLOUD WIDE FLAGS Run $ gcloud help for details. +API REFERENCE + This command uses the cloudbilling/v1 API. The full documentation for this + API can be found at: https://cloud.google.com/billing/v1/getting-started + NOTES This command is currently in alpha and might change without notice. If this command fails with API permission errors despite specifying the correct diff --git a/gcloud/alpha/builds/triggers/create/bitbucketserver b/gcloud/alpha/builds/triggers/create/bitbucketserver index 5d4f4fbe9..182265472 100644 --- a/gcloud/alpha/builds/triggers/create/bitbucketserver +++ b/gcloud/alpha/builds/triggers/create/bitbucketserver @@ -169,7 +169,19 @@ REQUIRED FLAGS --comment-control=COMMENT_CONTROL; default=CommentControlValueValuesEnum(COMMENTS_ENABLED, 1) Require a repository collaborator or owner to comment '/gcbrun' - on a pull request before running the build. + on a pull request before running the build. COMMENT_CONTROL + must be one of: + + COMMENTS_DISABLED + Do not require comments on Pull Requests before builds are + triggered. + COMMENTS_ENABLED + Enforce that repository owners or collaborators must + comment on Pull Requests before builds are triggered. + COMMENTS_ENABLED_FOR_EXTERNAL_CONTRIBUTORS_ONLY + Enforce that repository owners or collaborators must + comment on external contributors' Pull Requests before + builds are triggered. Exactly one of these must be specified: diff --git a/gcloud/alpha/builds/triggers/create/github b/gcloud/alpha/builds/triggers/create/github index f343de573..9fe63ece4 100644 --- a/gcloud/alpha/builds/triggers/create/github +++ b/gcloud/alpha/builds/triggers/create/github @@ -6,9 +6,10 @@ SYNOPSIS gcloud alpha builds triggers create github (--trigger-config=PATH | [(--branch-pattern=REGEX | --tag-pattern=REGEX | [--pull-request-pattern=REGEX : --comment-control=COMMENT_CONTROL; - default="COMMENTS_ENABLED"]) (--build-config=PATH - | --inline-config=PATH | [--dockerfile=DOCKERFILE - : --dockerfile-dir=DOCKERFILE_DIR; default="/" + default=CommentControlValueValuesEnum(COMMENTS_ENABLED, + 1)]) (--build-config=PATH | --inline-config=PATH + | [--dockerfile=DOCKERFILE : --dockerfile-dir=DOCKERFILE_DIR; + default="/" --dockerfile-image=DOCKERFILE_IMAGE]) (--repository=REPOSITORY | [--repo-name=REPO_NAME --repo-owner=REPO_OWNER : --enterprise-config=ENTERPRISE_CONFIG]) : --description=DESCRIPTION @@ -158,7 +159,7 @@ REQUIRED FLAGS This flag argument must be specified if any of the other arguments in this group are specified. - --comment-control=COMMENT_CONTROL; default="COMMENTS_ENABLED" + --comment-control=COMMENT_CONTROL; default=CommentControlValueValuesEnum(COMMENTS_ENABLED, 1) Require a repository collaborator or owner to comment '/gcbrun' on a pull request before running the build. COMMENT_CONTROL must be one of: diff --git a/gcloud/alpha/builds/triggers/create/gitlab b/gcloud/alpha/builds/triggers/create/gitlab index d62c61338..0c5beaa26 100644 --- a/gcloud/alpha/builds/triggers/create/gitlab +++ b/gcloud/alpha/builds/triggers/create/gitlab @@ -149,7 +149,19 @@ REQUIRED FLAGS --comment-control=COMMENT_CONTROL; default=CommentControlValueValuesEnum(COMMENTS_ENABLED, 1) Require a repository collaborator or owner to comment '/gcbrun' - on a pull request before running the build. + on a pull request before running the build. COMMENT_CONTROL + must be one of: + + COMMENTS_DISABLED + Do not require comments on Pull Requests before builds are + triggered. + COMMENTS_ENABLED + Enforce that repository owners or collaborators must + comment on Pull Requests before builds are triggered. + COMMENTS_ENABLED_FOR_EXTERNAL_CONTRIBUTORS_ONLY + Enforce that repository owners or collaborators must + comment on external contributors' Pull Requests before + builds are triggered. Exactly one of these must be specified: diff --git a/gcloud/alpha/builds/triggers/create/gitlab-enterprise b/gcloud/alpha/builds/triggers/create/gitlab-enterprise deleted file mode 100644 index 14158cd9b..000000000 --- a/gcloud/alpha/builds/triggers/create/gitlab-enterprise +++ /dev/null @@ -1,230 +0,0 @@ -NAME - gcloud alpha builds triggers create gitlab-enterprise - create a build - trigger for a GitLab Enterprise repository - -SYNOPSIS - gcloud alpha builds triggers create gitlab-enterprise - (--trigger-config=PATH | [(--branch-pattern=REGEX | --tag-pattern=REGEX - | [--pull-request-pattern=REGEX : --comment-control=COMMENT_CONTROL; - default=CommentControlValueValuesEnum(COMMENTS_ENABLED, - 1)]) (--build-config=PATH | --inline-config=PATH - | [--dockerfile=DOCKERFILE : --dockerfile-dir=DOCKERFILE_DIR; - default="/" --dockerfile-image=DOCKERFILE_IMAGE]) - (--gitlab-config-resource=GITLAB_CONFIG_RESOURCE - --project-namespace=PROJECT_NAMESPACE) : --description=DESCRIPTION - --ignored-files=[GLOB,...] --included-files=[GLOB,...] --name=NAME - --region=REGION --[no-]require-approval - --service-account=SERVICE_ACCOUNT --substitutions=[KEY=VALUE,...]]) - [GCLOUD_WIDE_FLAG ...] - -DESCRIPTION - (ALPHA) Create a build trigger for a GitLab Enterprise repository. - -EXAMPLES - To create a push trigger with a 1st-gen repository for all branches: - - $ gcloud alpha builds triggers create gitlab-enterprise \ - --name="my-trigger" \ - --service-account="projects/my-project/serviceAccounts/my-byosa@\ - my-project.iam.gserviceaccount.com" \ - --project-namespace="cloud-builders" \ - --gitlab-config-resource="projects/1234/locations/global/gitLabC\ - onfigs/5678" --branch-pattern=".*" --build-config="cloudbuild.yaml" - - To create a pull request trigger with a 1st-gen repository for main: - - $ gcloud alpha builds triggers create gitlab-enterprise \ - --name="my-trigger" \ - --service-account="projects/my-project/serviceAccounts/my-byosa@\ - my-project.iam.gserviceaccount.com" \ - --project-namespace="cloud-builders" \ - --gitlab-config-resource="projects/1234/locations/global/gitLabC\ - onfigs/5678" --pull-request-pattern="^main$" \ - --build-config="cloudbuild.yaml" - -REQUIRED FLAGS - Exactly one of these must be specified: - - --trigger-config=PATH - Path to Build Trigger config file (JSON or YAML format). For more - details, see - https://cloud.google.com/cloud-build/docs/api/reference/rest/v1/projects.triggers#BuildTrigger - - Flag based trigger configuration - - --description=DESCRIPTION - Build trigger description. - - --ignored-files=[GLOB,...] - Glob filter. Changes only affecting ignored files won't trigger - builds. - - --included-files=[GLOB,...] - Glob filter. Changes affecting at least one included file will - trigger builds. - - --name=NAME - Build trigger name. - - --region=REGION - The region of the Cloud Build Service to use. Must be set to a - supported region name (e.g. us-central1). If unset, builds/region, - which is the default region to use when working with Cloud Build - resources, is used. If builds/region is unset, region is set to - global. - - --[no-]require-approval - Require manual approval for triggered builds. Use - --require-approval to enable and --no-require-approval to disable. - - --service-account=SERVICE_ACCOUNT - The service account used for all user-controlled operations - including UpdateBuildTrigger, RunBuildTrigger, CreateBuild, and - CancelBuild. If no service account is set, then the standard Cloud - Build service account ([PROJECT_NUM]@system.gserviceaccount.com) is - used instead. Format: - projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT_ID_OR_EMAIL}. - - --substitutions=[KEY=VALUE,...] - Parameters to be substituted in the build specification. For - example: - - $ gcloud alpha builds triggers create gitlab-enterprise ... \ - --substitutions _FAVORITE_COLOR=blue,_NUM_CANDIES=10 - - This will result in a build where every occurrence of - ${_FAVORITE_COLOR} in certain fields is replaced by "blue", and - similarly for ${_NUM_CANDIES} and "10". - - Substitutions can be applied to user-defined variables (starting - with an underscore) and to the following built-in variables: - REPO_NAME, BRANCH_NAME, TAG_NAME, REVISION_ID, COMMIT_SHA, - SHORT_SHA. - - For more details, see: - https://cloud.google.com/build/docs/configuring-builds/substitute-variable-values - - Exactly one of these must be specified: - - --branch-pattern=REGEX - A regular expression specifying which git branches to match. - - This pattern is used as a regular expression search for any - incoming pushes. For example, --branch-pattern=foo will match - "foo", "foobar", and "barfoo". Events on a branch that does not - match will be ignored. - - The syntax of the regular expressions accepted is the syntax - accepted by RE2 and described at - https://github.com/google/re2/wiki/Syntax. - - --tag-pattern=REGEX - A regular expression specifying which git tags to match. - - This pattern is used as a regular expression search for any - incoming pushes. For example, --tag-pattern=foo will match "foo", - "foobar", and "barfoo". Events on a tag that does not match will - be ignored. - - The syntax of the regular expressions accepted is the syntax - accepted by RE2 and described at - https://github.com/google/re2/wiki/Syntax. - - Pull Request settings - - --pull-request-pattern=REGEX - Regular expression specifying which base git branch to match - for pull request events. - - This pattern is used as a regex search for the base branch (the - branch you are trying to merge into) for pull request updates. - For example, --pull-request-pattern=foo will match "foo", - "foobar", and "barfoo". - - The syntax of the regular expressions accepted is the syntax - accepted by RE2 and described at - https://github.com/google/re2/wiki/Syntax. - - This flag argument must be specified if any of the other - arguments in this group are specified. - - --comment-control=COMMENT_CONTROL; default=CommentControlValueValuesEnum(COMMENTS_ENABLED, 1) - Require a repository collaborator or owner to comment '/gcbrun' - on a pull request before running the build. - - Exactly one of these must be specified: - - --build-config=PATH - Path to a YAML or JSON file containing the build configuration in - the repository. - - For more details, see: - https://cloud.google.com/cloud-build/docs/build-config - - --inline-config=PATH - Local path to a YAML or JSON file containing a build - configuration. - - Dockerfile build configuration flags - - --dockerfile=DOCKERFILE - Path of Dockerfile to use for builds in the repository. - - If specified, a build config will be generated to run docker - build using the specified file. - - The filename is relative to the Dockerfile directory. - - This flag argument must be specified if any of the other - arguments in this group are specified. - - --dockerfile-dir=DOCKERFILE_DIR; default="/" - Location of the directory containing the Dockerfile in the - repository. - - The directory will also be used as the Docker build context. - - --dockerfile-image=DOCKERFILE_IMAGE - Docker image name to build. - - If not specified, - gcr.io/PROJECT/github.com/REPO_OWNER/REPO_NAME:$COMMIT_SHA will - be used. - - Use a build configuration (cloudbuild.yaml) file for building - multiple images in a single trigger. - - Exactly one of these must be specified: - - 1st-gen repository settings. - - --gitlab-config-resource=GITLAB_CONFIG_RESOURCE - GitLab config resource name. - - This flag argument must be specified if any of the other - arguments in this group are specified. - - --project-namespace=PROJECT_NAMESPACE - GitLab project namespace. - - This flag argument must be specified if any of the other - arguments in this group are specified. - -GCLOUD WIDE FLAGS - These flags are available to all commands: --access-token-file, --account, - --billing-project, --configuration, --flags-file, --flatten, --format, - --help, --impersonate-service-account, --log-http, --project, --quiet, - --trace-token, --user-output-enabled, --verbosity. - - Run $ gcloud help for details. - -NOTES - This command is currently in alpha and might change without notice. If this - command fails with API permission errors despite specifying the correct - project, you might be trying to access an API with an invitation-only early - access allowlist. These variants are also available: - - $ gcloud builds triggers create gitlab-enterprise - - $ gcloud beta builds triggers create gitlab-enterprise - diff --git a/gcloud/alpha/builds/triggers/create/help b/gcloud/alpha/builds/triggers/create/help index 8368b7ea3..3de891bc8 100644 --- a/gcloud/alpha/builds/triggers/create/help +++ b/gcloud/alpha/builds/triggers/create/help @@ -28,9 +28,6 @@ COMMANDS gitlab (ALPHA) Create a build trigger for a 2nd-gen GitLab repository. - gitlab-enterprise - (ALPHA) Create a build trigger for a GitLab Enterprise repository. - manual (ALPHA) Create a build trigger with a manual trigger event. diff --git a/gcloud/alpha/composer/environments/create b/gcloud/alpha/composer/environments/create index ec354f5ba..db2e884c8 100644 --- a/gcloud/alpha/composer/environments/create +++ b/gcloud/alpha/composer/environments/create @@ -133,7 +133,7 @@ FLAGS Enable Cloud Data Lineage integration. --enable-high-resilience - Enable use of a high resilience, supported for Composer 2 Environments. + Enable high resilience, supported for Composer 2 Environments. --env-variables=[NAME=VALUE,...] A comma-delimited list of environment variable NAME=VALUE pairs to diff --git a/gcloud/alpha/composer/environments/update b/gcloud/alpha/composer/environments/update index bbf45e14f..5294279a2 100644 --- a/gcloud/alpha/composer/environments/update +++ b/gcloud/alpha/composer/environments/update @@ -6,6 +6,7 @@ SYNOPSIS gcloud alpha composer environments update (ENVIRONMENT : --location=LOCATION) (--cloud-sql-machine-type=CLOUD_SQL_MACHINE_TYPE + | --disable-high-resilience | --enable-high-resilience | --environment-size=ENVIRONMENT_SIZE | --node-count=NODE_COUNT | --web-server-machine-type=WEB_SERVER_MACHINE_TYPE | --airflow-version=AIRFLOW_VERSION | --image-version=IMAGE_VERSION @@ -99,6 +100,12 @@ REQUIRED FLAGS available machine types is available here: https://cloud.google.com/composer/pricing#db-machine-types. + --disable-high-resilience + Disable high resilience, supported for Composer 2 Environments. + + --enable-high-resilience + Enable high resilience, supported for Composer 2 Environments. + --environment-size=ENVIRONMENT_SIZE Size of the environment. Unspecified means that the default option will be chosen. ENVIRONMENT_SIZE must be one of: large, medium, diff --git a/gcloud/alpha/compute/backend-buckets/create b/gcloud/alpha/compute/backend-buckets/create index 98784bc95..b1c3185ee 100644 --- a/gcloud/alpha/compute/backend-buckets/create +++ b/gcloud/alpha/compute/backend-buckets/create @@ -120,8 +120,8 @@ OPTIONAL FLAGS AUTOMATIC. --custom-response-header=CUSTOM_RESPONSE_HEADER - Custom headers that the external HTTP(S) load balancer adds to proxied - responses. For the list of headers, see Creating custom headers + Custom headers that the external Application Load Balancer adds to + proxied responses. For the list of headers, see Creating custom headers (https://cloud.google.com/load-balancing/docs/custom-headers). Variables are not case-sensitive. diff --git a/gcloud/alpha/compute/backend-buckets/update b/gcloud/alpha/compute/backend-buckets/update index 20d3681f8..566336952 100644 --- a/gcloud/alpha/compute/backend-buckets/update +++ b/gcloud/alpha/compute/backend-buckets/update @@ -182,7 +182,7 @@ FLAGS At most one of these can be specified: --custom-response-header=CUSTOM_RESPONSE_HEADER - Custom headers that the external HTTP(S) load balancer adds to + Custom headers that the external Application Load Balancer adds to proxied responses. For the list of headers, see Creating custom headers (https://cloud.google.com/load-balancing/docs/custom-headers). diff --git a/gcloud/alpha/compute/backend-services/create b/gcloud/alpha/compute/backend-services/create index 5fc49789c..88d124fbc 100644 --- a/gcloud/alpha/compute/backend-services/create +++ b/gcloud/alpha/compute/backend-services/create @@ -213,8 +213,8 @@ FLAGS --custom-request-header "another-header:" --custom-response-header=CUSTOM_RESPONSE_HEADER - Custom headers that the external HTTP(S) load balancer adds to proxied - responses. For the list of headers, see Creating custom headers + Custom headers that the external Application Load Balancer adds to + proxied responses. For the list of headers, see Creating custom headers (https://cloud.google.com/load-balancing/docs/custom-headers). Variables are not case-sensitive. @@ -249,13 +249,13 @@ FLAGS --drop-traffic-if-unhealthy Enable dropping of traffic if there are no healthy VMs detected in both the primary and backup instance groups. Not compatible with the - --global flag. Applicable only for backend service-based network load - balancers and internal TCP/UDP load balancers as part of a connection + --global flag. Applicable only for backend service-based external and + internal passthrough Network Load Balancers as part of a connection tracking policy. For details, see: Connection persistence on unhealthy - backends for internal TCP/UDP load balancing + backends for internal passthrough Network Load Balancers (https://cloud.google.com/load-balancing/docs/internal#connection-persistence) - and Connection persistence on unhealthy backends for network load - balancing + and Connection persistence on unhealthy backends for external + passthrough Network Load Balancers (https://cloud.google.com/load-balancing/docs/network/networklb-backend-service#connection-persistence). --[no-]enable-cdn @@ -268,9 +268,9 @@ FLAGS --[no-]enable-logging The logging options for the load balancer traffic served by this backend service. If logging is enabled, logs will be exported to Cloud - Logging. Disabled by default. This field cannot be specified for SSL - Proxy and TCP Proxy Load Balancing. Use --enable-logging to enable and - --no-enable-logging to disable. + Logging. Disabled by default. This field cannot be specified for global + external proxy Network Load Balancers. Use --enable-logging to enable + and --no-enable-logging to disable. --[no-]enable-strong-affinity Enable or disable strong session affinity. This is only available for @@ -293,9 +293,9 @@ FLAGS health of the backend service. Legacy health checks are not recommended for backend services. It is - possible to use a legacy health check on a backend service for a - HTTP(S) load balancer if that backend service uses instance groups. For - more information, refer to this guide: + possible to use a legacy health check on a backend service for an + Application Load Balancer if that backend service uses instance groups. + For more information, refer to this guide: https://cloud.google.com/load-balancing/docs/health-check-concepts#lb_guide. --https-health-checks=HTTPS_HEALTH_CHECK,[...] @@ -303,9 +303,9 @@ FLAGS health of the backend service. Legacy health checks are not recommended for backend services. It is - possible to use a legacy health check on a backend service for a - HTTP(S) load balancer if that backend service uses instance groups. For - more information, refer to this guide: + possible to use a legacy health check on a backend service for an + Application Load Balancer if that backend service uses instance groups. + For more information, refer to this guide: https://cloud.google.com/load-balancing/docs/health-check-concepts#lb_guide. --iap=disabled|enabled,[oauth2-client-id=OAUTH2-CLIENT-ID,oauth2-client-secret=OAUTH2-CLIENT-SECRET] @@ -320,8 +320,8 @@ FLAGS --idle-timeout-sec=IDLE_TIMEOUT_SEC Specifies how long to keep a connection tracking table entry while there is no matching traffic (in seconds). Applicable only for backend - service-based network load balancers and internal TCP/UDP load - balancers as part of a connection tracking policy. + service-based external and internal passthrough Network Load Balancers + as part of a connection tracking policy. --ip-address-selection-policy=IP_ADDRESS_SELECTION_POLICY Specifies preference of traffic to the backend (from the proxy and from @@ -351,14 +351,15 @@ FLAGS --load-balancing-scheme=LOAD_BALANCING_SCHEME; default="EXTERNAL" Specifies the load balancer type. Choose EXTERNAL for the classic - HTTP(S) load balancers, the external TCP/UDP network load balancers, - and the external TCP/SSL proxy load balancers. Choose EXTERNAL_MANAGED - for the Envoy-based global and regional external HTTP(S) load - balancers. Choose INTERNAL for internal TCP/UDP load balancers. Choose - INTERNAL_MANAGED for Envoy-based internal load balancers such as the - internal HTTP(S) load balancers and the internal TCP proxy load - balancers. Choose INTERNAL_SELF_MANAGED for Traffic Director. For more - information, refer to this guide: + Application Load Balancers, the external passthrough Network Load + Balancers, and the global external proxy Network Load Balancers. Choose + EXTERNAL_MANAGED for the Envoy-based global and regional external + Application Load Balancers, and the regional external proxy Network + Load Balancers. Choose INTERNAL for the internal passthrough Network + Load Balancers. Choose INTERNAL_MANAGED for Envoy-based internal load + balancers such as the internal Application Load Balancers and the + internal proxy Network Load Balancers. Choose INTERNAL_SELF_MANAGED for + Traffic Director. For more information, refer to this guide: https://cloud.google.com/load-balancing/docs/choosing-load-balancer. LOAD_BALANCING_SCHEME must be one of: INTERNAL, EXTERNAL, INTERNAL_SELF_MANAGED, EXTERNAL_MANAGED, INTERNAL_MANAGED. @@ -373,8 +374,8 @@ FLAGS This field can only be specified if logging is enabled for the backend service. Configures whether all, none, or a subset of optional fields should be added to the reported logs. Default is EXCLUDE_ALL_OPTIONAL. - This field can only be specified for Internal TCP/UDP Load Balancing - and External Network Load Balancing. LOGGING_OPTIONAL must be one of: + This field can only be specified for internal and external passthrough + Network Load Balancers. LOGGING_OPTIONAL must be one of: EXCLUDE_ALL_OPTIONAL, INCLUDE_ALL_OPTIONAL, CUSTOM. --logging-optional-fields=[LOGGING_OPTIONAL_FIELDS,...] @@ -383,7 +384,7 @@ FLAGS comma-separated list of optional fields you want to include in the logs. For example: serverInstance, serverGkeDetails.cluster, serverGkeDetails.pod.podNamespace. This can only be specified for - Internal TCP/UDP Load Balancing and External Network Load Balancing. + internal and external passthrough Network Load Balancers. --logging-sample-rate=LOGGING_SAMPLE_RATE This field can only be specified if logging is enabled for the backend @@ -476,9 +477,9 @@ FLAGS load-balancing-scheme is INTERNAL. --port-name=PORT_NAME - Backend services for external HTTP(S) load balancing, internal HTTP(S) - load balancing, TCP proxy load balancing, and SSL proxy load balancing - must reference exactly one named port if using instance group backends. + Backend services for Application Load Balancers and proxy Network Load + Balancers must reference exactly one named port if using instance group + backends. Each instance group backend exports one or more named ports, which map a user-configurable name to a port number. The backend service's named @@ -493,8 +494,8 @@ FLAGS ◆ For any load balancer, if the backends are not instance groups (for example, GCE_VM_IP_PORT NEGs). - ◆ For any type of backend on a backend service for internal TCP/UDP - load balancing or external TCP/UDP network load balancing. + ◆ For any type of backend on a backend service for internal or + external passthrough Network Load Balancers. See also https://cloud.google.com/load-balancing/docs/backend-service#named_ports. @@ -502,26 +503,26 @@ FLAGS --protocol=PROTOCOL Protocol for incoming requests. - If the load-balancing-scheme is INTERNAL (Internal TCP/UDP Load - Balancing), the protocol must be one of: TCP, UDP, UNSPECIFIED. + If the load-balancing-scheme is INTERNAL (Internal passthrough Network + Load Balancer), the protocol must be one of: TCP, UDP, UNSPECIFIED. If the load-balancing-scheme is INTERNAL_SELF_MANAGED (Traffic Director), the protocol must be one of: HTTP, HTTPS, HTTP2, GRPC. - If the load-balancing-scheme is INTERNAL_MANAGED (Internal HTTP(S) Load - Balancing), the protocol must be one of: HTTP, HTTPS, HTTP2. + If the load-balancing-scheme is INTERNAL_MANAGED (Internal Application + Load Balancer), the protocol must be one of: HTTP, HTTPS, HTTP2. - If the load-balancing-scheme is EXTERNAL and region is not set - (HTTP(S), SSL Proxy, or TCP Proxy Load Balancing), the protocol must be - one of: HTTP, HTTPS, HTTP2, SSL, TCP. + If the load-balancing-scheme is EXTERNAL and region is not set (Classic + Application Load Balancer and global external proxy Network Load + Balancer), the protocol must be one of: HTTP, HTTPS, HTTP2, SSL, TCP. If the load-balancing-scheme is EXTERNAL and region is set (External - Network Load Balancing), the protocol must be one of: TCP, UDP, - UNSPECIFIED. + passthrough Network Load Balancer), the protocol must be one of: TCP, + UDP, UNSPECIFIED. - If the load-balancing-scheme is EXTERNAL_MANAGED (Envoy based External - HTTP(S) Load Balancing), the protocol must be one of: HTTP, HTTPS, - HTTP2. + If the load-balancing-scheme is EXTERNAL_MANAGED (Envoy based Global + and regional external Application Load Balancers), the protocol must be + one of: HTTP, HTTPS, HTTP2. --[no-]request-coalescing Enables request coalescing to the backend (recommended). @@ -562,10 +563,9 @@ FLAGS --service-lb-policy=SERVICE_LOAD_BALANCING_POLICY Service load balancing policy to be applied to this backend service. - Can only be set if load balancing scheme is EXTERNAL, INTERNAL_MANAGED - or INTERNAL_SELF_MANAGED. If used with a backend service, must - reference a global policy. If used with a regional backend service, - must reference a regional policy. + Can only be set if load balancing scheme is EXTERNAL_MANAGED, + INTERNAL_MANAGED, or INTERNAL_SELF_MANAGED. Only available for global + backend services. --session-affinity=SESSION_AFFINITY The type of session affinity to use. Supports both TCP and UDP. @@ -655,11 +655,11 @@ FLAGS INTERNAL_MANAGED or INTERNAL_SELF_MANAGED. --timeout=TIMEOUT; default="30s" - Applicable to all load balancing products except Internal TCP/UDP Load - Balancing and External TCP/UDP Network Load Balancing. For Internal - TCP/UDP Load Balancing (load-balancing-scheme set to INTERNAL) and - External TCP/UDP Network Load Balancing (global not set and - load-balancing-scheme set to EXTERNAL), timeout is ignored. + Applicable to all load balancing products except passthrough Network + Load Balancers. For internal passthrough Network Load Balancers + (load-balancing-scheme set to INTERNAL) and external passthrough + Network Load Balancers (global not set and load-balancing-scheme set to + EXTERNAL), timeout is ignored. If the protocol is HTTP, HTTPS, or HTTP2, timeout is a request/response timeout for HTTP(S) traffic, meaning the amount of time that the load @@ -684,11 +684,12 @@ FLAGS --tracking-mode=TRACKING_MODE Specifies the connection key used for connection tracking. The default value is PER_CONNECTION. Applicable only for backend service-based - network load balancers and internal TCP/UDP load balancers as part of a + external and internal passthrough Network Load Balancers as part of a connection tracking policy. For details, see: Connection tracking mode - for internal TCP/UDP load balancing + for internal passthrough Network Load Balancers balancing (https://cloud.google.com/load-balancing/docs/internal#tracking-mode) - and Connection tracking mode for network load balancing + and Connection tracking mode for external passthrough Network Load + Balancers (https://cloud.google.com/load-balancing/docs/network/networklb-backend-service#tracking-mode). TRACKING_MODE must be one of: PER_CONNECTION, PER_SESSION. diff --git a/gcloud/alpha/compute/backend-services/update b/gcloud/alpha/compute/backend-services/update index 0d44ad550..15a4d1fee 100644 --- a/gcloud/alpha/compute/backend-services/update +++ b/gcloud/alpha/compute/backend-services/update @@ -157,13 +157,13 @@ FLAGS --drop-traffic-if-unhealthy Enable dropping of traffic if there are no healthy VMs detected in both the primary and backup instance groups. Not compatible with the - --global flag. Applicable only for backend service-based network load - balancers and internal TCP/UDP load balancers as part of a connection + --global flag. Applicable only for backend service-based external and + internal passthrough Network Load Balancers as part of a connection tracking policy. For details, see: Connection persistence on unhealthy - backends for internal TCP/UDP load balancing + backends for internal passthrough Network Load Balancers (https://cloud.google.com/load-balancing/docs/internal#connection-persistence) - and Connection persistence on unhealthy backends for network load - balancing + and Connection persistence on unhealthy backends for external + passthrough Network Load Balancers (https://cloud.google.com/load-balancing/docs/network/networklb-backend-service#connection-persistence). --edge-security-policy=EDGE_SECURITY_POLICY @@ -181,9 +181,9 @@ FLAGS --[no-]enable-logging The logging options for the load balancer traffic served by this backend service. If logging is enabled, logs will be exported to Cloud - Logging. Disabled by default. This field cannot be specified for SSL - Proxy and TCP Proxy Load Balancing. Use --enable-logging to enable and - --no-enable-logging to disable. + Logging. Disabled by default. This field cannot be specified for global + external proxy Network Load Balancers. Use --enable-logging to enable + and --no-enable-logging to disable. --[no-]enable-strong-affinity Enable or disable strong session affinity. This is only available for @@ -210,9 +210,9 @@ FLAGS health of the backend service. Legacy health checks are not recommended for backend services. It is - possible to use a legacy health check on a backend service for a - HTTP(S) load balancer if that backend service uses instance groups. For - more information, refer to this guide: + possible to use a legacy health check on a backend service for an + Application Load Balancer if that backend service uses instance groups. + For more information, refer to this guide: https://cloud.google.com/load-balancing/docs/health-check-concepts#lb_guide. --https-health-checks=HTTPS_HEALTH_CHECK,[...] @@ -220,9 +220,9 @@ FLAGS health of the backend service. Legacy health checks are not recommended for backend services. It is - possible to use a legacy health check on a backend service for a - HTTP(S) load balancer if that backend service uses instance groups. For - more information, refer to this guide: + possible to use a legacy health check on a backend service for an + Application Load Balancer if that backend service uses instance groups. + For more information, refer to this guide: https://cloud.google.com/load-balancing/docs/health-check-concepts#lb_guide. --iap=disabled|enabled,[oauth2-client-id=OAUTH2-CLIENT-ID,oauth2-client-secret=OAUTH2-CLIENT-SECRET] @@ -239,8 +239,8 @@ FLAGS --idle-timeout-sec=IDLE_TIMEOUT_SEC Specifies how long to keep a connection tracking table entry while there is no matching traffic (in seconds). Applicable only for backend - service-based network load balancers and internal TCP/UDP load - balancers as part of a connection tracking policy. + service-based external and internal passthrough Network Load Balancers + as part of a connection tracking policy. --ip-address-selection-policy=IP_ADDRESS_SELECTION_POLICY Specifies preference of traffic to the backend (from the proxy and from @@ -278,8 +278,8 @@ FLAGS This field can only be specified if logging is enabled for the backend service. Configures whether all, none, or a subset of optional fields should be added to the reported logs. Default is EXCLUDE_ALL_OPTIONAL. - This field can only be specified for Internal TCP/UDP Load Balancing - and External Network Load Balancing. LOGGING_OPTIONAL must be one of: + This field can only be specified for internal and external passthrough + Network Load Balancers. LOGGING_OPTIONAL must be one of: EXCLUDE_ALL_OPTIONAL, INCLUDE_ALL_OPTIONAL, CUSTOM. --logging-optional-fields=[LOGGING_OPTIONAL_FIELDS,...] @@ -288,7 +288,7 @@ FLAGS comma-separated list of optional fields you want to include in the logs. For example: serverInstance, serverGkeDetails.cluster, serverGkeDetails.pod.podNamespace. This can only be specified for - Internal TCP/UDP Load Balancing and External Network Load Balancing. + internal and external passthrough Network Load Balancers. --logging-sample-rate=LOGGING_SAMPLE_RATE This field can only be specified if logging is enabled for the backend @@ -299,9 +299,9 @@ FLAGS enabled and 0.0 otherwise. --port-name=PORT_NAME - Backend services for external HTTP(S) load balancing, internal HTTP(S) - load balancing, TCP proxy load balancing, and SSL proxy load balancing - must reference exactly one named port if using instance group backends. + Backend services for Application Load Balancers and proxy Network Load + Balancers must reference exactly one named port if using instance group + backends. Each instance group backend exports one or more named ports, which map a user-configurable name to a port number. The backend service's named @@ -316,8 +316,8 @@ FLAGS ◆ For any load balancer, if the backends are not instance groups (for example, GCE_VM_IP_PORT NEGs). - ◆ For any type of backend on a backend service for internal TCP/UDP - load balancing or external TCP/UDP network load balancing. + ◆ For any type of backend on a backend service for internal or + external passthrough Network Load Balancers. See also https://cloud.google.com/load-balancing/docs/backend-service#named_ports. @@ -325,26 +325,26 @@ FLAGS --protocol=PROTOCOL Protocol for incoming requests. - If the load-balancing-scheme is INTERNAL (Internal TCP/UDP Load - Balancing), the protocol must be one of: TCP, UDP, UNSPECIFIED. + If the load-balancing-scheme is INTERNAL (Internal passthrough Network + Load Balancer), the protocol must be one of: TCP, UDP, UNSPECIFIED. If the load-balancing-scheme is INTERNAL_SELF_MANAGED (Traffic Director), the protocol must be one of: HTTP, HTTPS, HTTP2, GRPC. - If the load-balancing-scheme is INTERNAL_MANAGED (Internal HTTP(S) Load - Balancing), the protocol must be one of: HTTP, HTTPS, HTTP2. + If the load-balancing-scheme is INTERNAL_MANAGED (Internal Application + Load Balancer), the protocol must be one of: HTTP, HTTPS, HTTP2. - If the load-balancing-scheme is EXTERNAL and region is not set - (HTTP(S), SSL Proxy, or TCP Proxy Load Balancing), the protocol must be - one of: HTTP, HTTPS, HTTP2, SSL, TCP. + If the load-balancing-scheme is EXTERNAL and region is not set (Classic + Application Load Balancer and global external proxy Network Load + Balancer), the protocol must be one of: HTTP, HTTPS, HTTP2, SSL, TCP. If the load-balancing-scheme is EXTERNAL and region is set (External - Network Load Balancing), the protocol must be one of: TCP, UDP, - UNSPECIFIED. + passthrough Network Load Balancer), the protocol must be one of: TCP, + UDP, UNSPECIFIED. - If the load-balancing-scheme is EXTERNAL_MANAGED (Envoy based External - HTTP(S) Load Balancing), the protocol must be one of: HTTP, HTTPS, - HTTP2. + If the load-balancing-scheme is EXTERNAL_MANAGED (Envoy based Global + and regional external Application Load Balancers), the protocol must be + one of: HTTP, HTTPS, HTTP2. --[no-]request-coalescing Enables request coalescing to the backend (recommended). @@ -451,11 +451,11 @@ FLAGS INTERNAL_MANAGED or INTERNAL_SELF_MANAGED. --timeout=TIMEOUT - Applicable to all load balancing products except Internal TCP/UDP Load - Balancing and External TCP/UDP Network Load Balancing. For Internal - TCP/UDP Load Balancing (load-balancing-scheme set to INTERNAL) and - External TCP/UDP Network Load Balancing (global not set and - load-balancing-scheme set to EXTERNAL), timeout is ignored. + Applicable to all load balancing products except passthrough Network + Load Balancers. For internal passthrough Network Load Balancers + (load-balancing-scheme set to INTERNAL) and external passthrough + Network Load Balancers (global not set and load-balancing-scheme set to + EXTERNAL), timeout is ignored. If the protocol is HTTP, HTTPS, or HTTP2, timeout is a request/response timeout for HTTP(S) traffic, meaning the amount of time that the load @@ -480,11 +480,12 @@ FLAGS --tracking-mode=TRACKING_MODE Specifies the connection key used for connection tracking. The default value is PER_CONNECTION. Applicable only for backend service-based - network load balancers and internal TCP/UDP load balancers as part of a + external and internal passthrough Network Load Balancers as part of a connection tracking policy. For details, see: Connection tracking mode - for internal TCP/UDP load balancing + for internal passthrough Network Load Balancers balancing (https://cloud.google.com/load-balancing/docs/internal#tracking-mode) - and Connection tracking mode for network load balancing + and Connection tracking mode for external passthrough Network Load + Balancers (https://cloud.google.com/load-balancing/docs/network/networklb-backend-service#tracking-mode). TRACKING_MODE must be one of: PER_CONNECTION, PER_SESSION. @@ -583,7 +584,7 @@ FLAGS At most one of these can be specified: --custom-response-header=CUSTOM_RESPONSE_HEADER - Custom headers that the external HTTP(S) load balancer adds to + Custom headers that the external Application Load Balancer adds to proxied responses. For the list of headers, see Creating custom headers (https://cloud.google.com/load-balancing/docs/custom-headers). @@ -794,10 +795,9 @@ FLAGS --service-lb-policy=SERVICE_LOAD_BALANCING_POLICY Service load balancing policy to be applied to this backend service. - Can only be set if load balancing scheme is EXTERNAL, - INTERNAL_MANAGED or INTERNAL_SELF_MANAGED. If used with a backend - service, must reference a global policy. If used with a regional - backend service, must reference a regional policy. + Can only be set if load balancing scheme is EXTERNAL_MANAGED, + INTERNAL_MANAGED, or INTERNAL_SELF_MANAGED. Only available for global + backend services. --no-service-lb-policy No service load balancing policies should be attached to the backend diff --git a/gcloud/alpha/compute/forwarding-rules/create b/gcloud/alpha/compute/forwarding-rules/create index 12d566a2c..0530712f3 100644 --- a/gcloud/alpha/compute/forwarding-rules/create +++ b/gcloud/alpha/compute/forwarding-rules/create @@ -242,22 +242,25 @@ OPTIONAL FLAGS forwarding rules. LOAD_BALANCING_SCHEME must be one of: EXTERNAL - External load balancing or forwarding, used with one of - --target-http-proxy, --target-https-proxy, --target-tcp-proxy, - --target-ssl-proxy, --target-pool, --target-vpn-gateway, - --target-instance. + Classic Application Load Balancers, global external proxy Network + Load Balancers, external passthrough Network Load Balancers or + protocol forwarding, used with one of --target-http-proxy, + --target-https-proxy, --target-tcp-proxy, --target-ssl-proxy, + --target-pool, --target-vpn-gateway, --target-instance. EXTERNAL_MANAGED - Envoy based External HTTP(S) Load Balancing, used with - --target-http-proxy, --target-https-proxy. + Global and regional external Application Load Balancers, and + regional external proxy Network Load Balancers, used with + --target-http-proxy, --target-https-proxy, --target-tcp-proxy. INTERNAL - Internal load balancing or forwarding, used with --backend-service. + Internal passthrough Network Load Balancers or protocol forwarding, + used with --backend-service. INTERNAL_MANAGED - Internal load balancing, used with --target-http-proxy, - --target-https-proxy, --target-tcp-proxy. - INTERNAL_SELF_MANAGED - Traffic Director load balancing or forwarding, used with - --target-http-proxy, --target-https-proxy, --target-grpc-proxy, + Internal Application Load Balancers and internal proxy Network Load + Balancers, used with --target-http-proxy, --target-https-proxy, --target-tcp-proxy. + INTERNAL_SELF_MANAGED + Traffic Director, used with --target-http-proxy, + --target-https-proxy, --target-grpc-proxy, --target-tcp-proxy. --network=NETWORK (Only for --load-balancing-scheme=INTERNAL or diff --git a/gcloud/alpha/compute/forwarding-rules/set-target b/gcloud/alpha/compute/forwarding-rules/set-target index 94efbbf44..268811851 100644 --- a/gcloud/alpha/compute/forwarding-rules/set-target +++ b/gcloud/alpha/compute/forwarding-rules/set-target @@ -138,22 +138,25 @@ OPTIONAL FLAGS of: EXTERNAL - External load balancing or forwarding, used with one of - --target-http-proxy, --target-https-proxy, --target-tcp-proxy, - --target-ssl-proxy, --target-pool, --target-vpn-gateway, - --target-instance. + Classic Application Load Balancers, global external proxy Network + Load Balancers, external passthrough Network Load Balancers or + protocol forwarding, used with one of --target-http-proxy, + --target-https-proxy, --target-tcp-proxy, --target-ssl-proxy, + --target-pool, --target-vpn-gateway, --target-instance. EXTERNAL_MANAGED - Envoy based External HTTP(S) Load Balancing, used with - --target-http-proxy, --target-https-proxy. + Global and regional external Application Load Balancers, and + regional external proxy Network Load Balancers, used with + --target-http-proxy, --target-https-proxy, --target-tcp-proxy. INTERNAL - Internal load balancing or forwarding, used with --backend-service. + Internal passthrough Network Load Balancers or protocol forwarding, + used with --backend-service. INTERNAL_MANAGED - Internal load balancing, used with --target-http-proxy, - --target-https-proxy, --target-tcp-proxy. - INTERNAL_SELF_MANAGED - Traffic Director load balancing or forwarding, used with - --target-http-proxy, --target-https-proxy, --target-grpc-proxy, + Internal Application Load Balancers and internal proxy Network Load + Balancers, used with --target-http-proxy, --target-https-proxy, --target-tcp-proxy. + INTERNAL_SELF_MANAGED + Traffic Director, used with --target-http-proxy, + --target-https-proxy, --target-grpc-proxy, --target-tcp-proxy. --network=NETWORK (DEPRECATED) Only for --load-balancing-scheme=INTERNAL or diff --git a/gcloud/alpha/compute/http-health-checks/create b/gcloud/alpha/compute/http-health-checks/create index 01adb303a..be3642426 100644 --- a/gcloud/alpha/compute/http-health-checks/create +++ b/gcloud/alpha/compute/http-health-checks/create @@ -14,11 +14,11 @@ SYNOPSIS DESCRIPTION (ALPHA) Legacy HTTP health checks are required if you want to implement - health checking of a target pool for a Network TCP/UDP Load Balancer. - Though you can use legacy HTTP health checks in certain other Google Cloud - Platform load balancing configurations and for managed instance group - autohealing, you should consider a non-legacy HTTP health check created - with health-checks create http instead. + health checking for a target pool backend of an external passthrough + Network Load Balancer. Though you can use legacy HTTP health checks in + certain other Google Cloud Platform load balancing configurations and for + managed instance group autohealing, you should consider a non-legacy HTTP + health check created with health-checks create http instead. For more information about the differences between legacy and non-legacy health checks see: diff --git a/gcloud/alpha/compute/instance-groups/get-named-ports b/gcloud/alpha/compute/instance-groups/get-named-ports index d193b46da..393c1c875 100644 --- a/gcloud/alpha/compute/instance-groups/get-named-ports +++ b/gcloud/alpha/compute/instance-groups/get-named-ports @@ -12,8 +12,8 @@ DESCRIPTION (ALPHA) Named ports are key:value pairs metadata representing the service name and the port that it's running on. Named ports can be assigned to an instance group, which indicates that the service is available on all - instances in the group. This information is used by the HTTP Load Balancing - service. + instances in the group. This information is used by Application Load + Balancers and proxy Network Load Balancers. gcloud alpha compute instance-groups get-named-ports lists the named ports (name and port tuples) for an instance group. diff --git a/gcloud/alpha/compute/instance-groups/managed/get-named-ports b/gcloud/alpha/compute/instance-groups/managed/get-named-ports index 610b7090d..c1873f27c 100644 --- a/gcloud/alpha/compute/instance-groups/managed/get-named-ports +++ b/gcloud/alpha/compute/instance-groups/managed/get-named-ports @@ -12,8 +12,8 @@ DESCRIPTION (ALPHA) Named ports are key:value pairs metadata representing the service name and the port that it's running on. Named ports can be assigned to an instance group, which indicates that the service is available on all - instances in the group. This information is used by the HTTP Load Balancing - service. + instances in the group. This information is used by Application Load + Balancers and proxy Network Load Balancers. gcloud alpha compute instance-groups managed get-named-ports lists the named ports (name and port tuples) for an instance group. diff --git a/gcloud/alpha/compute/instance-groups/managed/set-named-ports b/gcloud/alpha/compute/instance-groups/managed/set-named-ports index 647ee572b..62eb5f11b 100644 --- a/gcloud/alpha/compute/instance-groups/managed/set-named-ports +++ b/gcloud/alpha/compute/instance-groups/managed/set-named-ports @@ -11,8 +11,8 @@ DESCRIPTION (ALPHA) Named ports are key:value pairs metadata representing the service name and the port that it's running on. Named ports can be assigned to an instance group, which indicates that the service is available on all - instances in the group. This information is used by the HTTP Load Balancing - service. + instances in the group. This information is used by Application Load + Balancers and proxy Network Load Balancers. gcloud alpha compute instance-groups managed set-named-ports sets the list of named ports for all instances in an instance group. diff --git a/gcloud/alpha/compute/instance-groups/set-named-ports b/gcloud/alpha/compute/instance-groups/set-named-ports index fd042b06a..39f57e00f 100644 --- a/gcloud/alpha/compute/instance-groups/set-named-ports +++ b/gcloud/alpha/compute/instance-groups/set-named-ports @@ -11,8 +11,8 @@ DESCRIPTION (ALPHA) Named ports are key:value pairs metadata representing the service name and the port that it's running on. Named ports can be assigned to an instance group, which indicates that the service is available on all - instances in the group. This information is used by the HTTP Load Balancing - service. + instances in the group. This information is used by Application Load + Balancers and proxy Network Load Balancers. gcloud alpha compute instance-groups set-named-ports sets the list of named ports for all instances in an instance group. diff --git a/gcloud/alpha/compute/instance-groups/unmanaged/get-named-ports b/gcloud/alpha/compute/instance-groups/unmanaged/get-named-ports index 30d37a62e..012e31351 100644 --- a/gcloud/alpha/compute/instance-groups/unmanaged/get-named-ports +++ b/gcloud/alpha/compute/instance-groups/unmanaged/get-named-ports @@ -12,8 +12,8 @@ DESCRIPTION (ALPHA) Named ports are key:value pairs metadata representing the service name and the port that it's running on. Named ports can be assigned to an instance group, which indicates that the service is available on all - instances in the group. This information is used by the HTTP Load Balancing - service. + instances in the group. This information is used by Application Load + Balancers and proxy Network Load Balancers. gcloud alpha compute instance-groups unmanaged get-named-ports lists the named ports (name and port tuples) for an instance group. diff --git a/gcloud/alpha/compute/instance-groups/unmanaged/set-named-ports b/gcloud/alpha/compute/instance-groups/unmanaged/set-named-ports index 2c9a9a482..b69c0d7ba 100644 --- a/gcloud/alpha/compute/instance-groups/unmanaged/set-named-ports +++ b/gcloud/alpha/compute/instance-groups/unmanaged/set-named-ports @@ -10,8 +10,8 @@ DESCRIPTION (ALPHA) Named ports are key:value pairs metadata representing the service name and the port that it's running on. Named ports can be assigned to an instance group, which indicates that the service is available on all - instances in the group. This information is used by the HTTP Load Balancing - service. + instances in the group. This information is used by Application Load + Balancers and proxy Network Load Balancers. gcloud alpha compute instance-groups unmanaged set-named-ports sets the list of named ports for all instances in an instance group. diff --git a/gcloud/alpha/compute/instances/create b/gcloud/alpha/compute/instances/create index c96e8c3dd..d4c10a164 100644 --- a/gcloud/alpha/compute/instances/create +++ b/gcloud/alpha/compute/instances/create @@ -418,6 +418,10 @@ FLAGS among other restrictions. For more information, see https://cloud.google.com/compute/docs/disks/sharing-disks-between-vms. + confidential-compute + If yes, the disk is created in confidential mode. The default value + is no. + replica-zones Required for each regional disk associated with the instance. Specify the URLs of the zones where the disk should be replicated diff --git a/gcloud/alpha/compute/resource-policies/update/help b/gcloud/alpha/compute/resource-policies/update/help index 16e74b9bb..de3983f68 100644 --- a/gcloud/alpha/compute/resource-policies/update/help +++ b/gcloud/alpha/compute/resource-policies/update/help @@ -24,7 +24,9 @@ NOTES This command is currently in alpha and might change without notice. If this command fails with API permission errors despite specifying the correct project, you might be trying to access an API with an invitation-only early - access allowlist. This variant is also available: + access allowlist. These variants are also available: + + $ gcloud compute resource-policies update $ gcloud beta compute resource-policies update diff --git a/gcloud/alpha/compute/resource-policies/update/snapshot-schedule b/gcloud/alpha/compute/resource-policies/update/snapshot-schedule index 2e1c79c34..cb2280285 100644 --- a/gcloud/alpha/compute/resource-policies/update/snapshot-schedule +++ b/gcloud/alpha/compute/resource-policies/update/snapshot-schedule @@ -14,6 +14,14 @@ SYNOPSIS DESCRIPTION (ALPHA) Update a Compute Engine Snapshot Schedule Resource Policy. +EXAMPLES + The following command updates a Compute Engine Snapshot Schedule Resource + Policy to take a daily snapshot at 13:00 UTC + + $ gcloud alpha compute resource-policies update snapshot-schedule \ + my-resource-policy --region=REGION --start-time=13:00 \ + --daily-schedule + POSITIONAL ARGUMENTS NAME Name of the resource policy to operate on. @@ -117,7 +125,9 @@ NOTES This command is currently in alpha and might change without notice. If this command fails with API permission errors despite specifying the correct project, you might be trying to access an API with an invitation-only early - access allowlist. This variant is also available: + access allowlist. These variants are also available: + + $ gcloud compute resource-policies update snapshot-schedule $ gcloud beta compute resource-policies update snapshot-schedule diff --git a/gcloud/alpha/compute/routers/nats/create b/gcloud/alpha/compute/routers/nats/create index 48d02a3aa..5882de813 100644 --- a/gcloud/alpha/compute/routers/nats/create +++ b/gcloud/alpha/compute/routers/nats/create @@ -5,7 +5,7 @@ NAME SYNOPSIS gcloud alpha compute routers nats create NAME --router=ROUTER (--nat-all-subnet-ip-ranges - | --nat-custom-subnet-ip-ranges=SUBNETWORK[:RANGE_NAME|ALL],[...] + | --nat-custom-subnet-ip-ranges=SUBNETWORK[:RANGE_NAME|:ALL],[...] | --nat-primary-subnet-ip-ranges) [--async] [--auto-network-tier=AUTO_NETWORK_TIER] [--[no-]enable-dynamic-port-allocation] @@ -63,7 +63,7 @@ REQUIRED FLAGS Allow all IP ranges of all subnetworks in the region, including primary and secondary ranges, to use NAT. - --nat-custom-subnet-ip-ranges=SUBNETWORK[:RANGE_NAME|ALL],[...] + --nat-custom-subnet-ip-ranges=SUBNETWORK[:RANGE_NAME|:ALL],[...] List of subnetwork primary and secondary IP ranges to be allowed to use NAT. diff --git a/gcloud/alpha/compute/routers/nats/rules/create b/gcloud/alpha/compute/routers/nats/rules/create index 0e05b0706..1479f662e 100644 --- a/gcloud/alpha/compute/routers/nats/rules/create +++ b/gcloud/alpha/compute/routers/nats/rules/create @@ -85,7 +85,7 @@ OPTIONAL FLAGS --source-nat-active-ranges=SUBNETWORK,[SUBNETWORK,...] Subnetworks from which addresses are used for connections matching this rule. This is only supported for Private NAT, and is required when - creating a Private NAT gateway.. + creating a Private NAT gateway. These must be Subnetwork resources in the same region, with purpose set to PRIVATE_NAT. diff --git a/gcloud/alpha/compute/routers/nats/rules/update b/gcloud/alpha/compute/routers/nats/rules/update index 798a8d9cb..0dadf5906 100644 --- a/gcloud/alpha/compute/routers/nats/rules/update +++ b/gcloud/alpha/compute/routers/nats/rules/update @@ -89,7 +89,7 @@ OPTIONAL FLAGS --source-nat-active-ranges=SUBNETWORK,[SUBNETWORK,...] Subnetworks from which addresses are used for connections matching this rule. This is only supported for Private NAT, and is required when - creating a Private NAT gateway.. + creating a Private NAT gateway. These must be Subnetwork resources in the same region, with purpose set to PRIVATE_NAT. diff --git a/gcloud/alpha/compute/routers/nats/update b/gcloud/alpha/compute/routers/nats/update index 9a5981219..fb606119f 100644 --- a/gcloud/alpha/compute/routers/nats/update +++ b/gcloud/alpha/compute/routers/nats/update @@ -23,7 +23,7 @@ SYNOPSIS | --tcp-transitory-idle-timeout=TCP_TRANSITORY_IDLE_TIMEOUT] [--clear-udp-idle-timeout | --udp-idle-timeout=UDP_IDLE_TIMEOUT] [--nat-all-subnet-ip-ranges - | --nat-custom-subnet-ip-ranges=SUBNETWORK[:RANGE_NAME|ALL],[...] + | --nat-custom-subnet-ip-ranges=SUBNETWORK[:RANGE_NAME|:ALL],[...] | --nat-primary-subnet-ip-ranges] [GCLOUD_WIDE_FLAG ...] DESCRIPTION @@ -252,7 +252,7 @@ OPTIONAL FLAGS Allow all IP ranges of all subnetworks in the region, including primary and secondary ranges, to use NAT. - --nat-custom-subnet-ip-ranges=SUBNETWORK[:RANGE_NAME|ALL],[...] + --nat-custom-subnet-ip-ranges=SUBNETWORK[:RANGE_NAME|:ALL],[...] List of subnetwork primary and secondary IP ranges to be allowed to use NAT. diff --git a/gcloud/alpha/compute/ssl-certificates/help b/gcloud/alpha/compute/ssl-certificates/help index 5d323e5f9..871711628 100644 --- a/gcloud/alpha/compute/ssl-certificates/help +++ b/gcloud/alpha/compute/ssl-certificates/help @@ -7,8 +7,8 @@ SYNOPSIS DESCRIPTION (ALPHA) Read and manipulate SSL certificates that encrypt traffic between - clients and a load balancer. The relevant load balancer types are SSL - Proxy, external HTTPS, and internal HTTPS. + clients and a load balancer. The relevant load balancer types are + Application Load Balancers and proxy Network Load Balancers. For more information about SSL certificates, see the SSL certificates documentation diff --git a/gcloud/alpha/compute/tpus/tpu-vm/update b/gcloud/alpha/compute/tpus/tpu-vm/update index 8a78263f0..ee9b67550 100644 --- a/gcloud/alpha/compute/tpus/tpu-vm/update +++ b/gcloud/alpha/compute/tpus/tpu-vm/update @@ -5,6 +5,7 @@ SYNOPSIS gcloud alpha compute tpus tpu-vm update (TPU : --zone=ZONE) [--add-tags=[TAGS,...]] [--async] [--description=DESCRIPTION] [--internal-ips] [--update-labels=[KEY=VALUE,...]] + [--attach-disk=[SOURCE=DATA_DISK,...] | --detach-disk=DATA_DISK] [--clear-labels | --remove-labels=[KEY,...]] [--clear-tags | --remove-tags=[TAG,...]] [--metadata-from-file=[METADATA_FROM_FILE,...] @@ -93,6 +94,45 @@ FLAGS See https://cloud.google.com/compute/docs/labeling-resources for details. + At most one of these can be specified: + + --attach-disk=[SOURCE=DATA_DISK,...] + Attach a data disk to the TPU VM. For example, + + $ gcloud alpha compute tpus tpu-vm update example-tpu \ + --attach-disk \ + source=projects/my-project/zones/us-central1-c/disks/my-disk,\ + mode=read-only --zone=us-central1-c + + attaches the disk named + 'projects/my-project/zones/us-central1-c/disks/my-disk' to a TPU VM + named 'example-tpu' in read-only mode in zone us-central1-c. + + The following keys are allowed: + + source + Specify the full path to an existing disk. Required. The disk + must be in the same zone. + + mode + Specify the mode in which to attach this disk. Valid options are + 'read-write', 'read-only'. If not specified, the default is + 'read-write'. + + --detach-disk=DATA_DISK + Detach a data disk from the TPU VM. For example, + + This flag must be repeated to provide multiple data disks. For + example: + + $ gcloud alpha compute tpus tpu-vm update example-tpu \ + --detach-disk=projects/my-project/zones/us-central1-c/disks/\ + my-disk --zone=us-central1-c + + detaches the disk named + 'projects/my-project/zones/us-central1-c/disks/my-disk' from a TPU VM + named 'example-tpu' in zone us-central1-c. + At most one of these can be specified: --clear-labels diff --git a/gcloud/alpha/container/backup-restore/restore-plans/create b/gcloud/alpha/container/backup-restore/restore-plans/create index f38d472f9..c8b051d12 100644 --- a/gcloud/alpha/container/backup-restore/restore-plans/create +++ b/gcloud/alpha/container/backup-restore/restore-plans/create @@ -6,20 +6,22 @@ SYNOPSIS gcloud alpha container backup-restore restore-plans create (RESTORE_PLAN : --location=LOCATION) --backup-plan=BACKUP_PLAN --cluster=CLUSTER - --namespaced-resource-restore-mode=NAMESPACED_RESOURCE_RESTORE_MODE (--all-namespaces | --excluded-namespaces=[EXCLUDED_NAMESPACES,...] | --no-namespaces | --selected-applications=SELECTED_APPLICATIONS | --selected-namespaces=[SELECTED_NAMESPACES,...]) [--async] [--cluster-resource-conflict-policy=CLUSTER_RESOURCE_CONFLICT_POLICY] [--description=DESCRIPTION] [--labels=[KEY=VALUE,...]] - [--substitution-rules-file=SUBSTITUTION_RULES_FILE] + [--namespaced-resource-restore-mode=NAMESPACED_RESOURCE_RESTORE_MODE] [--volume-data-restore-policy=VOLUME_DATA_RESTORE_POLICY; default="no-volume-data-restoration"] [--cluster-resource-scope-all-group-kinds | --cluster-resource-scope-excluded-group-kinds=[CLUSTER_RESOURCE_SCOPE_EXCLUDED_GROUP_KINDS, ...] | --cluster-resource-scope-no-group-kinds | --cluster-resource-scope-selected-group-kinds=[CLUSTER_RESOURCE_SCOPE_SELECTED_GROUP_KINDS, - ...]] [GCLOUD_WIDE_FLAG ...] + ...]] + [--substitution-rules-file=SUBSTITUTION_RULES_FILE + | --transformation-rules-file=TRANSFORMATION_RULES_FILE] + [GCLOUD_WIDE_FLAG ...] DESCRIPTION (ALPHA) Create a Backup for GKE restore plan. @@ -92,28 +94,6 @@ REQUIRED FLAGS regional cluster or projects//zones//clusters/ for a zonal cluster. - --namespaced-resource-restore-mode=NAMESPACED_RESOURCE_RESTORE_MODE - Define how to handle restore-time conflicts for namespaced resources. - NAMESPACED_RESOURCE_RESTORE_MODE must be one of: - - delete-and-restore - When conflicting top-level resources (either Namespaces or - ProtectedApplications, depending upon the scope) are encountered, - this will first trigger a delete of the conflicting resource AND - ALL OF ITS REFERENCED RESOURCES (e.g., all resources in the - Namespace or all resources referenced by the ProtectedApplication) - before restoring the resources from the Backup. This mode should - only be used when you are intending to revert some portion of a - cluster to an earlier state. - - fail-on-conflict - If conflicting top-level resources (either Namespaces or - ProtectedApplications, depending upon the scope) are encountered at - the beginning of a restore process, the Restore will fail. If a - conflict occurs during the restore process itself (e.g., because an - out of band process creates conflicting resources), a conflict will - be reported. - The scope of namespaced resources to restore. Exactly one of these must be specified: @@ -171,10 +151,27 @@ OPTIONAL FLAGS contain only hyphens (-), underscores (_), lowercase characters, and numbers. - --substitution-rules-file=SUBSTITUTION_RULES_FILE - If provided, defines a set of resource transformations that will be - applied to resources from the source backup before they are created in - the target cluster. + --namespaced-resource-restore-mode=NAMESPACED_RESOURCE_RESTORE_MODE + Define how to handle restore-time conflicts for namespaced resources. + NAMESPACED_RESOURCE_RESTORE_MODE must be one of: + + delete-and-restore + When conflicting top-level resources (either Namespaces or + ProtectedApplications, depending upon the scope) are encountered, + this will first trigger a delete of the conflicting resource AND + ALL OF ITS REFERENCED RESOURCES (e.g., all resources in the + Namespace or all resources referenced by the ProtectedApplication) + before restoring the resources from the Backup. This mode should + only be used when you are intending to revert some portion of a + cluster to an earlier state. + + fail-on-conflict + If conflicting top-level resources (either Namespaces or + ProtectedApplications, depending upon the scope) are encountered at + the beginning of a restore process, the Restore will fail. If a + conflict occurs during the restore process itself (e.g., because an + out of band process creates conflicting resources), a conflict will + be reported. --volume-data-restore-policy=VOLUME_DATA_RESTORE_POLICY; default="no-volume-data-restoration" Define how data is populated for restored volumes. If this flag is not @@ -221,6 +218,18 @@ OPTIONAL FLAGS storage.k8s.io/StorageClass for StorageClass. Use an empty string for core API group. + At most one of these can be specified: + + --substitution-rules-file=SUBSTITUTION_RULES_FILE + If provided, defines a set of resource transformations that will be + applied to resources from the source backup before they are created + in the target cluster. + + --transformation-rules-file=TRANSFORMATION_RULES_FILE + If provided, defines a set of resource transformations that will be + applied to resources from the source backup before they are created + in the target cluster. + GCLOUD WIDE FLAGS These flags are available to all commands: --access-token-file, --account, --billing-project, --configuration, --flags-file, --flatten, --format, diff --git a/gcloud/alpha/container/backup-restore/restore-plans/update b/gcloud/alpha/container/backup-restore/restore-plans/update index c496480a4..b789e237d 100644 --- a/gcloud/alpha/container/backup-restore/restore-plans/update +++ b/gcloud/alpha/container/backup-restore/restore-plans/update @@ -8,7 +8,6 @@ SYNOPSIS [--cluster-resource-conflict-policy=CLUSTER_RESOURCE_CONFLICT_POLICY] [--description=DESCRIPTION] [--etag=ETAG] [--namespaced-resource-restore-mode=NAMESPACED_RESOURCE_RESTORE_MODE] - [--substitution-rules-file=SUBSTITUTION_RULES_FILE] [--update-labels=[KEY=VALUE,...]] [--volume-data-restore-policy=VOLUME_DATA_RESTORE_POLICY; default="no-volume-data-restoration"] @@ -20,7 +19,10 @@ SYNOPSIS | --cluster-resource-scope-excluded-group-kinds=[CLUSTER_RESOURCE_SCOPE_EXCLUDED_GROUP_KINDS, ...] | --cluster-resource-scope-no-group-kinds | --cluster-resource-scope-selected-group-kinds=[CLUSTER_RESOURCE_SCOPE_SELECTED_GROUP_KINDS, - ...]] [GCLOUD_WIDE_FLAG ...] + ...]] + [--substitution-rules-file=SUBSTITUTION_RULES_FILE + | --transformation-rules-file=TRANSFORMATION_RULES_FILE] + [GCLOUD_WIDE_FLAG ...] DESCRIPTION (ALPHA) Update a Backup for GKE restore plan. @@ -123,11 +125,6 @@ FLAGS out of band process creates conflicting resources), a conflict will be reported. - --substitution-rules-file=SUBSTITUTION_RULES_FILE - If provided, defines a set of resource transformations that will be - applied to resources from the source backup before they are created in - the target cluster. - --update-labels=[KEY=VALUE,...] List of label KEY=VALUE pairs to update. If a label exists, its value is modified. Otherwise, a new label is created. @@ -226,6 +223,18 @@ FLAGS storage.k8s.io/StorageClass for StorageClass. Use an empty string for core API group. + At most one of these can be specified: + + --substitution-rules-file=SUBSTITUTION_RULES_FILE + If provided, defines a set of resource transformations that will be + applied to resources from the source backup before they are created + in the target cluster. + + --transformation-rules-file=TRANSFORMATION_RULES_FILE + If provided, defines a set of resource transformations that will be + applied to resources from the source backup before they are created + in the target cluster. + GCLOUD WIDE FLAGS These flags are available to all commands: --access-token-file, --account, --billing-project, --configuration, --flags-file, --flatten, --format, diff --git a/gcloud/alpha/container/clusters/create b/gcloud/alpha/container/clusters/create index bfe6ef6db..eecc1b888 100644 --- a/gcloud/alpha/container/clusters/create +++ b/gcloud/alpha/container/clusters/create @@ -29,16 +29,15 @@ SYNOPSIS [--enable-dataplane-v2] [--enable-fleet] [--enable-fqdn-network-policy] [--enable-gke-oidc] [--enable-google-cloud-access] [--enable-gvnic] [--enable-identity-service] [--enable-image-streaming] - [--enable-insecure-kubelet-readonly-port] [--enable-intra-node-visibility] [--enable-ip-alias] [--enable-kubernetes-alpha] [--enable-kubernetes-unstable-apis=API,[API,...]] [--enable-l4-ilb-subsetting] [--enable-legacy-authorization] [--enable-logging-monitoring-system-only] [--enable-managed-prometheus] - [--enable-master-global-access] [--enable-network-policy] - [--enable-pod-security-policy] [--enable-service-externalips] - [--enable-shielded-nodes] [--enable-stackdriver-kubernetes] - [--enable-vertical-pod-autoscaling] + [--enable-master-global-access] [--enable-multi-networking] + [--enable-network-policy] [--enable-pod-security-policy] + [--enable-service-externalips] [--enable-shielded-nodes] + [--enable-stackdriver-kubernetes] [--enable-vertical-pod-autoscaling] [--fleet-project=PROJECT_ID_OR_NUMBER] [--gateway-api=GATEWAY_API] [--identity-provider=IDENTITY_PROVIDER] [--image-type=IMAGE_TYPE] [--ipv6-access-type=IPV6_ACCESS_TYPE] [--issue-client-certificate] @@ -53,13 +52,14 @@ SYNOPSIS [--metadata=KEY=VALUE,[KEY=VALUE,...]] [--metadata-from-file=KEY=LOCAL_FILE_PATH,[...]] [--min-cpu-platform=PLATFORM] [--monitoring=[COMPONENT,...]] - [--network=NETWORK] [--node-labels=[NODE_LABEL,...]] - [--node-pool-name=NODE_POOL_NAME] [--node-taints=[NODE_TAINT,...]] - [--node-version=NODE_VERSION] + [--network=NETWORK] + [--network-performance-configs=[PROPERTY1=VALUE1,...]] + [--node-labels=[NODE_LABEL,...]] [--node-pool-name=NODE_POOL_NAME] + [--node-taints=[NODE_TAINT,...]] [--node-version=NODE_VERSION] [--notification-config=[pubsub=ENABLED|DISABLED, pubsub-topic=TOPIC,...]] [--num-nodes=NUM_NODES; default=3] - [--placement-type=PLACEMENT_TYPE] [--preemptible] - [--private-endpoint-subnetwork=NAME] + [--placement-policy=PLACEMENT_POLICY] [--placement-type=PLACEMENT_TYPE] + [--preemptible] [--private-endpoint-subnetwork=NAME] [--private-ipv6-google-access-type=PRIVATE_IPV6_GOOGLE_ACCESS_TYPE] [--release-channel=CHANNEL] [--security-group=SECURITY_GROUP] [--security-posture=SECURITY_POSTURE] [--services-ipv4-cidr=CIDR] @@ -514,12 +514,6 @@ FLAGS --enable-image-streaming Specifies whether to enable image streaming on cluster. - --enable-insecure-kubelet-readonly-port - Enables the Kubelet's insecure Read Only Port. - - To disable in an existing cluster, explicitly set flag to - --no-enable-insecure-kubelet-readonly-port. - --enable-intra-node-visibility Enable Intra-node visibility for this cluster. @@ -582,6 +576,10 @@ FLAGS Must be used in conjunction with '--enable-ip-alias' and '--enable-private-nodes'. + --enable-multi-networking + Enables multi-networking on the cluster. Multi-networking is disabled + by default. + --enable-network-policy Enable network policy enforcement for this cluster. If you are enabling network policy on an existing cluster the network policy addon must @@ -868,6 +866,20 @@ FLAGS Kubernetes Engine will use this network when creating routes and firewalls for the clusters. Defaults to the 'default' network. + --network-performance-configs=[PROPERTY1=VALUE1,...] + Configures network performance settings for the cluster. Node pools can + override with their own settings. + + total-egress-bandwidth-tier + Total egress bandwidth is the available outbound bandwidth from a + VM, regardless of whether the traffic is going to internal IP or + external IP destinations. The following tier values are allowed: + [DEFAULT,TIER_1]. + + See + https://cloud.google.com/compute/docs/networking/configure-vm-with-high-bandwidth-configuration + for more information. + --node-labels=[NODE_LABEL,...] Applies the given Kubernetes labels on all nodes in the new node pool. @@ -947,6 +959,12 @@ FLAGS --num-nodes=NUM_NODES; default=3 The number of nodes to be created in each of the cluster's zones. + --placement-policy=PLACEMENT_POLICY + Indicates the desired resource policy to use. + + $ gcloud alpha container clusters create node-pool-1 \ + --cluster=example-cluster --placement-policy my-placement + --placement-type=PLACEMENT_TYPE Placement type allows to define the type of node placement within the default node pool of this cluster. @@ -1036,7 +1054,6 @@ FLAGS Clusters subscribed to 'regular' receive versions that are considered GA quality. 'regular' is intended for production users who want to take advantage of new features. - stable Clusters subscribed to 'stable' receive versions that are known to be stable and reliable in production. @@ -1136,8 +1153,6 @@ FLAGS podPidsLimit integer (The value must be greater than or equal to 1024 and less than 4194304.) - insecureKubeletReadonlyPortEnabled true or false (enabled by - default) List of supported sysctls in 'linuxConfig'. diff --git a/gcloud/alpha/container/clusters/create-auto b/gcloud/alpha/container/clusters/create-auto index 398164435..615fa52e5 100644 --- a/gcloud/alpha/container/clusters/create-auto +++ b/gcloud/alpha/container/clusters/create-auto @@ -13,7 +13,6 @@ SYNOPSIS [--database-encryption-key=DATABASE_ENCRYPTION_KEY] [--dataplane-v2-observability-mode=DATAPLANE_V2_OBSERVABILITY_MODE] [--enable-fleet] [--enable-google-cloud-access] - [--enable-insecure-kubelet-readonly-port] [--enable-kubernetes-unstable-apis=API,[API,...]] [--enable-master-global-access] [--fleet-project=PROJECT_ID_OR_NUMBER] [--logging=[COMPONENT,...]] [--monitoring=[COMPONENT,...]] @@ -197,12 +196,6 @@ FLAGS Google Cloud can reach the public control plane endpoint of your cluster. - --enable-insecure-kubelet-readonly-port - Enables the Kubelet's insecure Read Only Port. - - To disable in an existing cluster, explicitly set flag to - --no-enable-insecure-kubelet-readonly-port. - --enable-kubernetes-unstable-apis=API,[API,...] Enable Kubernetes beta API features on this cluster. Beta APIs are not expected to be production ready and should be avoided in @@ -277,9 +270,6 @@ FLAGS CHANNEL must be one of: - None - Use 'None' to opt-out of any release channel. - rapid 'rapid' channel is offered on an early access basis for customers who want to test new releases. @@ -292,7 +282,6 @@ FLAGS Clusters subscribed to 'regular' receive versions that are considered GA quality. 'regular' is intended for production users who want to take advantage of new features. - stable Clusters subscribed to 'stable' receive versions that are known to be stable and reliable in production. diff --git a/gcloud/alpha/container/clusters/update b/gcloud/alpha/container/clusters/update index d960141d2..7b924720f 100644 --- a/gcloud/alpha/container/clusters/update +++ b/gcloud/alpha/container/clusters/update @@ -14,8 +14,7 @@ SYNOPSIS | --enable-cost-allocation | --enable-fleet | --enable-fqdn-network-policy | --enable-gke-oidc | --enable-google-cloud-access | --enable-identity-service - | --enable-image-streaming | --enable-insecure-kubelet-readonly-port - | --enable-intra-node-visibility + | --enable-image-streaming | --enable-intra-node-visibility | --enable-kubernetes-unstable-apis=API,[API,...] | --enable-l4-ilb-subsetting | --enable-legacy-authorization | --enable-logging-monitoring-system-only @@ -27,6 +26,7 @@ SYNOPSIS | --fleet-project=PROJECT_ID_OR_NUMBER | --gateway-api=GATEWAY_API | --generate-password | --identity-provider=IDENTITY_PROVIDER | --logging-variant=LOGGING_VARIANT | --maintenance-window=START_TIME + | --network-performance-configs=[PROPERTY1=VALUE1,...] | --notification-config=[pubsub=ENABLED|DISABLED, pubsub-topic=TOPIC,...] | --private-ipv6-google-access-type=PRIVATE_IPV6_GOOGLE_ACCESS_TYPE @@ -290,12 +290,6 @@ REQUIRED FLAGS --enable-image-streaming Specifies whether to enable image streaming on cluster. - --enable-insecure-kubelet-readonly-port - Enables the Kubelet's insecure Read Only Port. - - To disable in an existing cluster, explicitly set flag to - --no-enable-insecure-kubelet-readonly-port. - --enable-intra-node-visibility Enable Intra-node visibility for this cluster. @@ -453,6 +447,20 @@ REQUIRED FLAGS To remove an existing maintenance window from the cluster, use '--clear-maintenance-window'. + --network-performance-configs=[PROPERTY1=VALUE1,...] + Configures network performance settings for the cluster. Node pools + can override with their own settings. + + total-egress-bandwidth-tier + Total egress bandwidth is the available outbound bandwidth from a + VM, regardless of whether the traffic is going to internal IP or + external IP destinations. The following tier values are allowed: + [DEFAULT,TIER_1]. + + See + https://cloud.google.com/compute/docs/networking/configure-vm-with-high-bandwidth-configuration + for more information. + --notification-config=[pubsub=ENABLED|DISABLED,pubsub-topic=TOPIC,...] The notification configuration of the cluster. GKE supports publishing cluster upgrade notifications to any Pub/Sub topic you @@ -529,7 +537,6 @@ REQUIRED FLAGS Clusters subscribed to 'regular' receive versions that are considered GA quality. 'regular' is intended for production users who want to take advantage of new features. - stable Clusters subscribed to 'stable' receive versions that are known to be stable and reliable in production. diff --git a/gcloud/alpha/container/fleet/help b/gcloud/alpha/container/fleet/help index a373d6cc9..49a6222a7 100644 --- a/gcloud/alpha/container/fleet/help +++ b/gcloud/alpha/container/fleet/help @@ -77,6 +77,9 @@ GROUPS (ALPHA) Fleet namespaces are the fleet equivalent of k8s cluster namespaces. + operations + (ALPHA) Manage Anthos fleet long-running operations. + policycontroller (ALPHA) Manage Policy Controller Feature. diff --git a/gcloud/alpha/container/fleet/operations/describe b/gcloud/alpha/container/fleet/operations/describe new file mode 100644 index 000000000..b23466d59 --- /dev/null +++ b/gcloud/alpha/container/fleet/operations/describe @@ -0,0 +1,63 @@ +NAME + gcloud alpha container fleet operations describe - describe a long-running + operation + +SYNOPSIS + gcloud alpha container fleet operations describe + (OPERATION : --location=LOCATION; default="global") + [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + (ALPHA) Describe a long-running operation. + +EXAMPLES + To describe a long-running operation in location us-west1, run: + + $ gcloud alpha container fleet operations describe OPERATION \ + --location=us-west1 + +POSITIONAL ARGUMENTS + Operation resource - operation to describe. The arguments in this group + can be used to specify the attributes of this resource. (NOTE) Some + attributes are not given arguments in this group but can be set in other + ways. + + To set the project attribute: + ◆ provide the argument operation on the command line with a fully + specified name; + ◆ provide the argument --project on the command line; + ◆ set the property core/project. + + This must be specified. + + OPERATION + ID of the operation or fully qualified identifier for the operation. + + To set the name attribute: + ▸ provide the argument operation on the command line. + + This positional argument must be specified if any of the other + arguments in this group are specified. + + --location=LOCATION; default="global" + Google Cloud location for the operation. + + To set the location attribute: + ▸ provide the argument operation on the command line with a fully + specified name; + ▸ provide the argument --location on the command line. + +GCLOUD WIDE FLAGS + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. + + Run $ gcloud help for details. + +NOTES + This command is currently in alpha and might change without notice. If this + command fails with API permission errors despite specifying the correct + project, you might be trying to access an API with an invitation-only early + access allowlist. + diff --git a/gcloud/alpha/container/fleet/operations/help b/gcloud/alpha/container/fleet/operations/help new file mode 100644 index 000000000..414b6df5c --- /dev/null +++ b/gcloud/alpha/container/fleet/operations/help @@ -0,0 +1,27 @@ +NAME + gcloud alpha container fleet operations - manage Anthos fleet long-running + operations + +SYNOPSIS + gcloud alpha container fleet operations COMMAND [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + (ALPHA) Manage Anthos fleet long-running operations. + +GCLOUD WIDE FLAGS + These flags are available to all commands: --help. + + Run $ gcloud help for details. + +COMMANDS + COMMAND is one of the following: + + describe + (ALPHA) Describe a long-running operation. + +NOTES + This command is currently in alpha and might change without notice. If this + command fails with API permission errors despite specifying the correct + project, you might be trying to access an API with an invitation-only early + access allowlist. + diff --git a/gcloud/alpha/container/fleet/scopes/update b/gcloud/alpha/container/fleet/scopes/update index 333814454..c1ca24cc6 100644 --- a/gcloud/alpha/container/fleet/scopes/update +++ b/gcloud/alpha/container/fleet/scopes/update @@ -158,5 +158,7 @@ NOTES This command is currently in alpha and might change without notice. If this command fails with API permission errors despite specifying the correct project, you might be trying to access an API with an invitation-only early - access allowlist. + access allowlist. This variant is also available: + + $ gcloud beta container fleet scopes update diff --git a/gcloud/alpha/container/hub/help b/gcloud/alpha/container/hub/help index 7fb6b8a8e..44b36d45f 100644 --- a/gcloud/alpha/container/hub/help +++ b/gcloud/alpha/container/hub/help @@ -77,6 +77,9 @@ GROUPS (ALPHA) Fleet namespaces are the fleet equivalent of k8s cluster namespaces. + operations + (ALPHA) Manage Anthos fleet long-running operations. + policycontroller (ALPHA) Manage Policy Controller Feature. diff --git a/gcloud/alpha/container/hub/operations/describe b/gcloud/alpha/container/hub/operations/describe new file mode 100644 index 000000000..a1a2eed19 --- /dev/null +++ b/gcloud/alpha/container/hub/operations/describe @@ -0,0 +1,63 @@ +NAME + gcloud alpha container hub operations describe - describe a long-running + operation + +SYNOPSIS + gcloud alpha container hub operations describe + (OPERATION : --location=LOCATION; default="global") + [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + (ALPHA) Describe a long-running operation. + +EXAMPLES + To describe a long-running operation in location us-west1, run: + + $ gcloud alpha container hub operations describe OPERATION \ + --location=us-west1 + +POSITIONAL ARGUMENTS + Operation resource - operation to describe. The arguments in this group + can be used to specify the attributes of this resource. (NOTE) Some + attributes are not given arguments in this group but can be set in other + ways. + + To set the project attribute: + ◆ provide the argument operation on the command line with a fully + specified name; + ◆ provide the argument --project on the command line; + ◆ set the property core/project. + + This must be specified. + + OPERATION + ID of the operation or fully qualified identifier for the operation. + + To set the name attribute: + ▸ provide the argument operation on the command line. + + This positional argument must be specified if any of the other + arguments in this group are specified. + + --location=LOCATION; default="global" + Google Cloud location for the operation. + + To set the location attribute: + ▸ provide the argument operation on the command line with a fully + specified name; + ▸ provide the argument --location on the command line. + +GCLOUD WIDE FLAGS + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. + + Run $ gcloud help for details. + +NOTES + This command is currently in alpha and might change without notice. If this + command fails with API permission errors despite specifying the correct + project, you might be trying to access an API with an invitation-only early + access allowlist. + diff --git a/gcloud/alpha/container/hub/operations/help b/gcloud/alpha/container/hub/operations/help new file mode 100644 index 000000000..1e7bc8678 --- /dev/null +++ b/gcloud/alpha/container/hub/operations/help @@ -0,0 +1,27 @@ +NAME + gcloud alpha container hub operations - manage Anthos fleet long-running + operations + +SYNOPSIS + gcloud alpha container hub operations COMMAND [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + (ALPHA) Manage Anthos fleet long-running operations. + +GCLOUD WIDE FLAGS + These flags are available to all commands: --help. + + Run $ gcloud help for details. + +COMMANDS + COMMAND is one of the following: + + describe + (ALPHA) Describe a long-running operation. + +NOTES + This command is currently in alpha and might change without notice. If this + command fails with API permission errors despite specifying the correct + project, you might be trying to access an API with an invitation-only early + access allowlist. + diff --git a/gcloud/alpha/container/hub/scopes/update b/gcloud/alpha/container/hub/scopes/update index 785a44c20..290cc2101 100644 --- a/gcloud/alpha/container/hub/scopes/update +++ b/gcloud/alpha/container/hub/scopes/update @@ -158,5 +158,7 @@ NOTES This command is currently in alpha and might change without notice. If this command fails with API permission errors despite specifying the correct project, you might be trying to access an API with an invitation-only early - access allowlist. + access allowlist. This variant is also available: + + $ gcloud beta container hub scopes update diff --git a/gcloud/alpha/container/node-pools/create b/gcloud/alpha/container/node-pools/create index 66c65e34e..4c09edd07 100644 --- a/gcloud/alpha/container/node-pools/create +++ b/gcloud/alpha/container/node-pools/create @@ -9,7 +9,12 @@ SYNOPSIS gpu-partition-size=GPU_PARTITION_SIZE, gpu-sharing-strategy=GPU_SHARING_STRATEGY, max-shared-clients-per-gpu=MAX_SHARED_CLIENTS_PER_GPU],...]] - [--async] [--boot-disk-kms-key=BOOT_DISK_KMS_KEY] [--cluster=CLUSTER] + [--additional-node-network=[network=NETWORK_NAME, + subnetwork=SUBNETWORK_NAME,...]] + [--additional-pod-network=[subnetwork=SUBNETWORK_NAME, + pod-ipv4-range=SECONDARY_RANGE_NAME, + [max-pods-per-node=NUM_PODS],...]] [--async] + [--boot-disk-kms-key=BOOT_DISK_KMS_KEY] [--cluster=CLUSTER] [--disable-pod-cidr-overprovision] [--disk-size=DISK_SIZE] [--disk-type=DISK_TYPE] [--enable-autoprovisioning] [--enable-autorepair] [--no-enable-autoupgrade] @@ -30,7 +35,8 @@ SYNOPSIS [--node-locations=ZONE,[ZONE,...]] [--node-pool-soak-duration=NODE_POOL_SOAK_DURATION] [--node-taints=[NODE_TAINT,...]] [--node-version=NODE_VERSION] - [--num-nodes=NUM_NODES; default=3] [--placement-type=PLACEMENT_TYPE] + [--num-nodes=NUM_NODES; default=3] + [--placement-policy=PLACEMENT_POLICY] [--placement-type=PLACEMENT_TYPE] [--preemptible] [--sandbox=[type=TYPE]] [--shielded-integrity-monitoring] [--shielded-secure-boot] [--sole-tenant-node-affinity-file=SOLE_TENANT_NODE_AFFINITY_FILE] @@ -126,6 +132,40 @@ FLAGS (Optional) The max number of containers allowed to share each GPU on the node. This field is used together with gpu-sharing-strategy. + --additional-node-network=[network=NETWORK_NAME,subnetwork=SUBNETWORK_NAME,...] + Attach an additional network interface to each node in the pool. This + parameter can be specified up to 7 times. + + e.g. --additional-node-network network=dataplane,subnetwork=subnet-dp + + network + (Required) The network to attach the new interface to. + + subnetwork + (Required) The subnetwork to attach the new interface to. + + --additional-pod-network=[subnetwork=SUBNETWORK_NAME,pod-ipv4-range=SECONDARY_RANGE_NAME,[max-pods-per-node=NUM_PODS],...] + Specify the details of a secondary range to be used for an additional + pod network. Not needed if you use "host" typed NIC from this network. + This parameter can be specified up to 35 times. + + e.g. --additional-pod-network + subnetwork=subnet-dp,pod-ipv4-range=sec-range-blue,max-pods-per-node=8. + + subnetwork + (Optional) The name of the subnetwork to link the pod network to. + If not specified, the pod network defaults to the subnet connected + to the default network interface. + + pod-ipv4-range + (Required) The name of the secondary range in the subnetwork. The + range must hold at least (2 * MAX_PODS_PER_NODE * + MAX_NODES_IN_RANGE) IPs. + + max-pods-per-node + (Optional) Maximum amount of pods per node that can utilize this + ipv4-range. Defaults to NodePool (if specified) or Cluster value. + --async Return immediately, without waiting for the operation in progress to complete. @@ -458,6 +498,12 @@ FLAGS --num-nodes=NUM_NODES; default=3 The number of nodes in the node pool in each of the cluster's zones. + --placement-policy=PLACEMENT_POLICY + Indicates the desired resource policy to use. + + $ gcloud alpha container node-pools create node-pool-1 \ + --cluster=example-cluster --placement-policy my-placement + --placement-type=PLACEMENT_TYPE Placement type allows to define the type of node placement within this node pool. @@ -573,8 +619,6 @@ FLAGS podPidsLimit integer (The value must be greater than or equal to 1024 and less than 4194304.) - insecureKubeletReadonlyPortEnabled true or false (enabled by - default) List of supported sysctls in 'linuxConfig'. diff --git a/gcloud/alpha/container/node-pools/update b/gcloud/alpha/container/node-pools/update index a6acaffef..502024c49 100644 --- a/gcloud/alpha/container/node-pools/update +++ b/gcloud/alpha/container/node-pools/update @@ -168,8 +168,6 @@ REQUIRED FLAGS podPidsLimit integer (The value must be greater than or equal to 1024 and less than 4194304.) - insecureKubeletReadonlyPortEnabled true or false (enabled by - default) List of supported sysctls in 'linuxConfig'. diff --git a/gcloud/alpha/dataproc/clusters/create b/gcloud/alpha/dataproc/clusters/create index 0f0648d3f..359745753 100644 --- a/gcloud/alpha/dataproc/clusters/create +++ b/gcloud/alpha/dataproc/clusters/create @@ -35,6 +35,7 @@ SYNOPSIS [--secondary-worker-boot-disk-size=SECONDARY_WORKER_BOOT_DISK_SIZE] [--secondary-worker-boot-disk-type=SECONDARY_WORKER_BOOT_DISK_TYPE] [--secondary-worker-local-ssd-interface=SECONDARY_WORKER_LOCAL_SSD_INTERFACE] + [--secondary-worker-standard-capacity-base=SECONDARY_WORKER_STANDARD_CAPACITY_BASE] [--shielded-integrity-monitoring] [--shielded-secure-boot] [--shielded-vtpm] [--temp-bucket=TEMP_BUCKET] [--worker-accelerator=[type=TYPE,[count=COUNT],...]] @@ -354,6 +355,9 @@ FLAGS Interface to use to attach local SSDs to each secondary worker in a cluster. + --secondary-worker-standard-capacity-base=SECONDARY_WORKER_STANDARD_CAPACITY_BASE + The number of standard VMs in the Spot and Standard Mix feature. + --shielded-integrity-monitoring Enables monitoring and attestation of the boot integrity of the cluster's VMs. vTPM (virtual Trusted Platform Module) must also be diff --git a/gcloud/alpha/dataproc/clusters/update b/gcloud/alpha/dataproc/clusters/update index b578902bb..ee024ecd4 100644 --- a/gcloud/alpha/dataproc/clusters/update +++ b/gcloud/alpha/dataproc/clusters/update @@ -6,7 +6,9 @@ SYNOPSIS gcloud alpha dataproc clusters update (CLUSTER : --region=REGION) [--async] [--graceful-decommission-timeout=GRACEFUL_DECOMMISSION_TIMEOUT] [--num-secondary-workers=NUM_SECONDARY_WORKERS] - [--num-workers=NUM_WORKERS] [--update-labels=[KEY=VALUE,...]] + [--num-workers=NUM_WORKERS] + [--secondary-worker-standard-capacity-base=SECONDARY_WORKER_STANDARD_CAPACITY_BASE] + [--update-labels=[KEY=VALUE,...]] [--autoscaling-policy=AUTOSCALING_POLICY | --disable-autoscaling] [--clear-labels | --remove-labels=[KEY,...]] [--expiration-time=EXPIRATION_TIME | --max-age=MAX_AGE | --no-max-age] @@ -97,6 +99,9 @@ FLAGS --num-workers=NUM_WORKERS The new number of worker nodes in the cluster. + --secondary-worker-standard-capacity-base=SECONDARY_WORKER_STANDARD_CAPACITY_BASE + The number of standard VMs in the Spot and Standard Mix feature. + --update-labels=[KEY=VALUE,...] List of label KEY=VALUE pairs to update. If a label exists, its value is modified. Otherwise, a new label is created. diff --git a/gcloud/alpha/dataproc/workflow-templates/set-managed-cluster b/gcloud/alpha/dataproc/workflow-templates/set-managed-cluster index 5f81a107c..46c4c3af7 100644 --- a/gcloud/alpha/dataproc/workflow-templates/set-managed-cluster +++ b/gcloud/alpha/dataproc/workflow-templates/set-managed-cluster @@ -28,6 +28,7 @@ SYNOPSIS [--secondary-worker-boot-disk-size=SECONDARY_WORKER_BOOT_DISK_SIZE] [--secondary-worker-boot-disk-type=SECONDARY_WORKER_BOOT_DISK_TYPE] [--secondary-worker-local-ssd-interface=SECONDARY_WORKER_LOCAL_SSD_INTERFACE] + [--secondary-worker-standard-capacity-base=SECONDARY_WORKER_STANDARD_CAPACITY_BASE] [--shielded-integrity-monitoring] [--shielded-secure-boot] [--shielded-vtpm] [--temp-bucket=TEMP_BUCKET] [--worker-accelerator=[type=TYPE,[count=COUNT],...]] @@ -286,6 +287,9 @@ FLAGS Interface to use to attach local SSDs to each secondary worker in a cluster. + --secondary-worker-standard-capacity-base=SECONDARY_WORKER_STANDARD_CAPACITY_BASE + The number of standard VMs in the Spot and Standard Mix feature. + --shielded-integrity-monitoring Enables monitoring and attestation of the boot integrity of the cluster's VMs. vTPM (virtual Trusted Platform Module) must also be diff --git a/gcloud/alpha/functions/add-invoker-policy-binding b/gcloud/alpha/functions/add-invoker-policy-binding index daa8a64e8..973d84aff 100644 --- a/gcloud/alpha/functions/add-invoker-policy-binding +++ b/gcloud/alpha/functions/add-invoker-policy-binding @@ -7,7 +7,13 @@ SYNOPSIS --member=PRINCIPAL [GCLOUD_WIDE_FLAG ...] DESCRIPTION - (ALPHA) This command applies to Cloud Functions 2nd Gen only. + (ALPHA) Adds the Cloud Run Invoker binding to the IAM policy of a Google + Cloud Function's underlying Cloud Run service. + + This command applies to Cloud Functions (2nd gen) only. Cloud Functions + (2nd gen) currently requires the Cloud Run Invoke permission on the + underlying Cloud Run service to be able to call functions. This command + grants the given member permission to invoke the given 2nd gen function. EXAMPLES To add the invoker role policy binding for FUNCTION-1 for member MEMBER-1 diff --git a/gcloud/alpha/functions/deploy b/gcloud/alpha/functions/deploy index fd12d2367..13353c7a8 100644 --- a/gcloud/alpha/functions/deploy +++ b/gcloud/alpha/functions/deploy @@ -44,7 +44,7 @@ SYNOPSIS | --trigger-topic=TRIGGER_TOPIC | --trigger-event=EVENT_TYPE --trigger-resource=RESOURCE | --trigger-event-filters=[ATTRIBUTE=VALUE,...] - --trigger-event-filters-path-pattern=[ATTRIBUTE=VALUE,...]] + --trigger-event-filters-path-pattern=[ATTRIBUTE=PATH_PATTERN,...]] [GCLOUD_WIDE_FLAG ...] DESCRIPTION @@ -580,15 +580,20 @@ FLAGS use this flag to change the setting. If you don't specify a trigger when deploying an update to an existing - function it will keep its current trigger. You must specify - --trigger-topic, --trigger-bucket, --trigger-http, --trigger-event-filters - or (--trigger-event AND --trigger-resource) when deploying a new function. + function it will keep its current trigger. You must specify one of the + following when deploying a new function: + ◆ --trigger-topic, + ◆ --trigger-bucket, + ◆ --trigger-http, + ◆ --trigger-event AND --trigger-resource, + ◆ --trigger-event-filters and optionally + --trigger-event-filters-path-pattern. At most one of these can be specified: --trigger-bucket=TRIGGER_BUCKET - Google Cloud Storage bucket name. Every change in files in this - bucket will trigger function execution. + Google Cloud Storage bucket name. Trigger the function when an object + is created or overwritten in the specified Cloud Storage bucket. --trigger-http Function will be assigned an endpoint, which you can view by using @@ -618,9 +623,11 @@ FLAGS --trigger-event-filters=[ATTRIBUTE=VALUE,...] The Eventarc matching criteria for the trigger. The criteria can be specified either as a single comma-separated argument or as multiple - arguments. This is only relevant when --gen2 is provided. + arguments. The filters must include the type attribute, as well as + any other attributes that are expected for the chosen type. This is + only relevant when --gen2 is provided. - --trigger-event-filters-path-pattern=[ATTRIBUTE=VALUE,...] + --trigger-event-filters-path-pattern=[ATTRIBUTE=PATH_PATTERN,...] The Eventarc matching criteria for the trigger in path pattern format. The criteria can be specified as a single comma-separated argument or as multiple arguments. This is only relevant when --gen2 diff --git a/gcloud/alpha/functions/remove-invoker-policy-binding b/gcloud/alpha/functions/remove-invoker-policy-binding index b308198b4..ec718d544 100644 --- a/gcloud/alpha/functions/remove-invoker-policy-binding +++ b/gcloud/alpha/functions/remove-invoker-policy-binding @@ -7,7 +7,13 @@ SYNOPSIS (NAME : --region=REGION) --member=PRINCIPAL [GCLOUD_WIDE_FLAG ...] DESCRIPTION - (ALPHA) This command applies to Cloud Functions 2nd gen only. + (ALPHA) Removes the Cloud Run Invoker binding from the IAM policy of a + Google Cloud Function's underlying Cloud Run service. + + This command applies to Cloud Functions (2nd gen) only. Cloud Functions + (2nd gen) currently requires the Cloud Run Invoke permission on the + underlying Cloud Run service to be able to call functions. This command + removes the given member permission to invoke the given 2nd gen function. EXAMPLES To remove the invoker role policy binding for FUNCTION-1 for member diff --git a/gcloud/alpha/functions/upgrade b/gcloud/alpha/functions/upgrade index 8ccdb7901..0578304cd 100644 --- a/gcloud/alpha/functions/upgrade +++ b/gcloud/alpha/functions/upgrade @@ -14,7 +14,7 @@ EXAMPLES To start the upgrade process for a 1st gen function foo and create a 2nd gen copy, run: - $ gcloud alpha functions upgrade foo + $ gcloud alpha functions upgrade foo --setup-config Once you are ready to redirect traffic to the 2nd gen copy, run: @@ -87,7 +87,7 @@ FLAGS --setup-config Sets up the function upgrade config by creating a 2nd gen copy of the - function's code and configuration. This is the default action. + function's code and configuration. GCLOUD WIDE FLAGS These flags are available to all commands: --access-token-file, --account, diff --git a/gcloud/alpha/healthcare/dicom-stores/create b/gcloud/alpha/healthcare/dicom-stores/create index 3fd7e6635..e5e5944c5 100644 --- a/gcloud/alpha/healthcare/dicom-stores/create +++ b/gcloud/alpha/healthcare/dicom-stores/create @@ -78,9 +78,9 @@ FLAGS import. Only supported for DICOM imports. --stream-configs=STREAM_CONFIGS - The configuration that indicates the BigQuery destinations for - streaming instances of a DICOM store. To specify StreamConfigs, list - all BigQuery destinations into one string separated by comma. (e.g., + Configuration that indicates the BigQuery destinations for streaming + instances of a DICOM store. To specify StreamConfigs, list all BigQuery + destinations into one string separated by comma. (e.g., --stream-configs bq://{bigqueryProjectId1}.{bigqueryDatasetId1}.{bigqueryTableId1},bq://{bigqueryProjectId2}.{bigqueryDatasetId2}.{bigqueryTableId2}). diff --git a/gcloud/alpha/healthcare/dicom-stores/update b/gcloud/alpha/healthcare/dicom-stores/update index cddbb140e..35eef9982 100644 --- a/gcloud/alpha/healthcare/dicom-stores/update +++ b/gcloud/alpha/healthcare/dicom-stores/update @@ -72,9 +72,9 @@ FLAGS import. Only supported for DICOM imports. --stream-configs=STREAM_CONFIGS - The configuration that indicates the BigQuery destinations for - streaming instances of a DICOM store. To specify StreamConfigs, list - all BigQuery destinations into one string separated by comma. (e.g., + Configuration that indicates the BigQuery destinations for streaming + instances of a DICOM store. To specify StreamConfigs, list all BigQuery + destinations into one string separated by comma. (e.g., --stream-configs bq://{bigqueryProjectId1}.{bigqueryDatasetId1}.{bigqueryTableId1},bq://{bigqueryProjectId2}.{bigqueryDatasetId2}.{bigqueryTableId2}). diff --git a/gcloud/alpha/kms/keys/create b/gcloud/alpha/kms/keys/create index 48e40f6c3..1c2609e25 100644 --- a/gcloud/alpha/kms/keys/create +++ b/gcloud/alpha/kms/keys/create @@ -68,13 +68,13 @@ EXAMPLES --keyring=rangers --purpose=encryption --rotation-period=30d \ --next-rotation-time=2017-10-12T12:34:56.1234Z - The following command creates a key named foo with protection level - software within the keyring fellowship and location us-east1 with two - specified labels: + The following command creates a raw encryption key named foo with + protection level software within the keyring fellowship and location + us-east1 with two specified labels: $ gcloud alpha kms keys create foo --location=us-east1 \ - --keyring=fellowship --purpose=encryption \ - --labels=env=prod,team=kms + --keyring=fellowship --purpose=raw-encryption \ + --default-algorithm=aes-128-cbc --labels=env=prod,team=kms The following command creates an asymmetric key named samwise with protection level software and default algorithm ec-sign-p256-sha256 within @@ -153,7 +153,8 @@ POSITIONAL ARGUMENTS REQUIRED FLAGS --purpose=PURPOSE The "purpose" of the key. PURPOSE must be one of: - asymmetric-encryption, asymmetric-signing, encryption, mac. + asymmetric-encryption, asymmetric-signing, encryption, mac, + raw-encryption. OPTIONAL FLAGS --crypto-key-backend=CRYPTO_KEY_BACKEND @@ -166,7 +167,8 @@ OPTIONAL FLAGS The default algorithm for the crypto key. For more information about choosing an algorithm, see https://cloud.google.com/kms/docs/algorithms. DEFAULT_ALGORITHM must be - one of: ec-sign-p256-sha256, ec-sign-p384-sha384, + one of: aes-128-cbc, aes-128-ctr, aes-128-gcm, aes-256-cbc, + aes-256-ctr, aes-256-gcm, ec-sign-p256-sha256, ec-sign-p384-sha384, ec-sign-secp256k1-sha256, external-symmetric-encryption, google-symmetric-encryption, hmac-sha1, hmac-sha224, hmac-sha256, hmac-sha384, hmac-sha512, rsa-decrypt-oaep-2048-sha1, diff --git a/gcloud/alpha/kms/keys/update b/gcloud/alpha/kms/keys/update index e20a866fa..ed8b90062 100644 --- a/gcloud/alpha/kms/keys/update +++ b/gcloud/alpha/kms/keys/update @@ -116,7 +116,8 @@ FLAGS The default algorithm for the crypto key. For more information about choosing an algorithm, see https://cloud.google.com/kms/docs/algorithms. DEFAULT_ALGORITHM must be - one of: ec-sign-p256-sha256, ec-sign-p384-sha384, + one of: aes-128-cbc, aes-128-ctr, aes-128-gcm, aes-256-cbc, + aes-256-ctr, aes-256-gcm, ec-sign-p256-sha256, ec-sign-p384-sha384, ec-sign-secp256k1-sha256, external-symmetric-encryption, google-symmetric-encryption, hmac-sha1, hmac-sha224, hmac-sha256, hmac-sha384, hmac-sha512, rsa-decrypt-oaep-2048-sha1, diff --git a/gcloud/alpha/kms/keys/versions/create b/gcloud/alpha/kms/keys/versions/create index 04ff988b5..9f9105f78 100644 --- a/gcloud/alpha/kms/keys/versions/create +++ b/gcloud/alpha/kms/keys/versions/create @@ -54,7 +54,8 @@ FLAGS Location of the keyring. --primary - If specified, immediately make the new version primary. + If specified, immediately makes the new version primary. This should + only be used with the encryption purpose. GCLOUD WIDE FLAGS These flags are available to all commands: --access-token-file, --account, diff --git a/gcloud/alpha/kms/keys/versions/import b/gcloud/alpha/kms/keys/versions/import index 62bb38c9f..db5a88640 100644 --- a/gcloud/alpha/kms/keys/versions/import +++ b/gcloud/alpha/kms/keys/versions/import @@ -31,18 +31,19 @@ REQUIRED FLAGS The algorithm to assign to the new key version. For more information about supported algorithms, see https://cloud.google.com/kms/docs/algorithms. ALGORITHM must be one of: - ec-sign-p256-sha256, ec-sign-p384-sha384, ec-sign-secp256k1-sha256, - google-symmetric-encryption, hmac-sha1, hmac-sha224, hmac-sha256, - hmac-sha384, hmac-sha512, rsa-decrypt-oaep-2048-sha1, - rsa-decrypt-oaep-2048-sha256, rsa-decrypt-oaep-3072-sha1, - rsa-decrypt-oaep-3072-sha256, rsa-decrypt-oaep-4096-sha1, - rsa-decrypt-oaep-4096-sha256, rsa-decrypt-oaep-4096-sha512, - rsa-sign-pkcs1-2048-sha256, rsa-sign-pkcs1-3072-sha256, - rsa-sign-pkcs1-4096-sha256, rsa-sign-pkcs1-4096-sha512, - rsa-sign-pss-2048-sha256, rsa-sign-pss-3072-sha256, - rsa-sign-pss-4096-sha256, rsa-sign-pss-4096-sha512, - rsa-sign-raw-pkcs1-2048, rsa-sign-raw-pkcs1-3072, - rsa-sign-raw-pkcs1-4096. + aes-128-cbc, aes-128-ctr, aes-128-gcm, aes-256-cbc, aes-256-ctr, + aes-256-gcm, ec-sign-p256-sha256, ec-sign-p384-sha384, + ec-sign-secp256k1-sha256, google-symmetric-encryption, hmac-sha1, + hmac-sha224, hmac-sha256, hmac-sha384, hmac-sha512, + rsa-decrypt-oaep-2048-sha1, rsa-decrypt-oaep-2048-sha256, + rsa-decrypt-oaep-3072-sha1, rsa-decrypt-oaep-3072-sha256, + rsa-decrypt-oaep-4096-sha1, rsa-decrypt-oaep-4096-sha256, + rsa-decrypt-oaep-4096-sha512, rsa-sign-pkcs1-2048-sha256, + rsa-sign-pkcs1-3072-sha256, rsa-sign-pkcs1-4096-sha256, + rsa-sign-pkcs1-4096-sha512, rsa-sign-pss-2048-sha256, + rsa-sign-pss-3072-sha256, rsa-sign-pss-4096-sha256, + rsa-sign-pss-4096-sha512, rsa-sign-raw-pkcs1-2048, + rsa-sign-raw-pkcs1-3072, rsa-sign-raw-pkcs1-4096. --import-job=IMPORT_JOB Name of the import job to import from. diff --git a/gcloud/alpha/metastore/operations/cancel b/gcloud/alpha/metastore/operations/cancel index 4ef528161..e2d749bae 100644 --- a/gcloud/alpha/metastore/operations/cancel +++ b/gcloud/alpha/metastore/operations/cancel @@ -59,5 +59,7 @@ NOTES This command is currently in alpha and might change without notice. If this command fails with API permission errors despite specifying the correct project, you might be trying to access an API with an invitation-only early - access allowlist. + access allowlist. This variant is also available: + + $ gcloud beta metastore operations cancel diff --git a/gcloud/alpha/network-security/security-profile-groups/create b/gcloud/alpha/network-security/security-profile-groups/create index 9f655f405..44c8d7a9a 100644 --- a/gcloud/alpha/network-security/security-profile-groups/create +++ b/gcloud/alpha/network-security/security-profile-groups/create @@ -43,7 +43,7 @@ POSITIONAL ARGUMENTS arguments in this group are specified. --location=LOCATION - Location Id of the resource. + Location ID of the resource. To set the location attribute: ▸ provide the argument security_profile_group on the command line diff --git a/gcloud/alpha/network-security/security-profile-groups/delete b/gcloud/alpha/network-security/security-profile-groups/delete index 78abe138d..5d9b01248 100644 --- a/gcloud/alpha/network-security/security-profile-groups/delete +++ b/gcloud/alpha/network-security/security-profile-groups/delete @@ -35,7 +35,7 @@ POSITIONAL ARGUMENTS arguments in this group are specified. --location=LOCATION - Location Id of the resource. + Location ID of the resource. To set the location attribute: ▸ provide the argument security_profile_group on the command line diff --git a/gcloud/alpha/network-security/security-profile-groups/describe b/gcloud/alpha/network-security/security-profile-groups/describe index 1113de348..51168c879 100644 --- a/gcloud/alpha/network-security/security-profile-groups/describe +++ b/gcloud/alpha/network-security/security-profile-groups/describe @@ -36,7 +36,7 @@ POSITIONAL ARGUMENTS arguments in this group are specified. --location=LOCATION - Location Id of the resource. + Location ID of the resource. To set the location attribute: ▸ provide the argument security_profile_group on the command line diff --git a/gcloud/alpha/network-security/security-profile-groups/update b/gcloud/alpha/network-security/security-profile-groups/update index 16e020227..403040dba 100644 --- a/gcloud/alpha/network-security/security-profile-groups/update +++ b/gcloud/alpha/network-security/security-profile-groups/update @@ -42,7 +42,7 @@ POSITIONAL ARGUMENTS arguments in this group are specified. --location=LOCATION - Location Id of the resource. + Location ID of the resource. To set the location attribute: ▸ provide the argument security_profile_group on the command line diff --git a/gcloud/alpha/network-security/security-profiles/threat-prevention/delete b/gcloud/alpha/network-security/security-profiles/threat-prevention/delete index 101ef664a..71b44352d 100644 --- a/gcloud/alpha/network-security/security-profiles/threat-prevention/delete +++ b/gcloud/alpha/network-security/security-profiles/threat-prevention/delete @@ -34,7 +34,7 @@ POSITIONAL ARGUMENTS arguments in this group are specified. --location=LOCATION - Location Id of the resource. + Location ID of the resource. To set the location attribute: ▸ provide the argument security_profile on the command line with a diff --git a/gcloud/alpha/scc/custom-modules/etd/create b/gcloud/alpha/scc/custom-modules/etd/create new file mode 100644 index 000000000..d965920aa --- /dev/null +++ b/gcloud/alpha/scc/custom-modules/etd/create @@ -0,0 +1,69 @@ +NAME + gcloud alpha scc custom-modules etd create - create an Event Threat + Detection custom module + +SYNOPSIS + gcloud alpha scc custom-modules etd create + --custom-config-from-file=CUSTOM_CONFIG_FROM_FILE + --display-name=DISPLAY_NAME --enablement-state=ENABLEMENT_STATE + --module-type=MODULE_TYPE [--organization=ORGANIZATION] + [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + (ALPHA) Create an Event Threat Detection custom module. + +EXAMPLES + To create an Event Threat Detection custom module for organization 123, + run: + + $ gcloud alpha scc custom-modules etd create \ + --organization=organizations/123 \ + --display-name="test_display_name" \ + --module-type="CONFIGURABLE_BAD_IP" \ + --enablement-state="ENABLED" \ + --custom-config-from-file=config.json + +REQUIRED FLAGS + --custom-config-from-file=CUSTOM_CONFIG_FROM_FILE + Path to a JSON file that contains the configuration for the Event + Threat Detection custom module. + + --display-name=DISPLAY_NAME + Sets the display name of the Event Threat Detection custom module. This + display name becomes the finding category for all findings that are + returned by this custom module. The display name must be between 1 and + 128 characters, start with a lowercase letter, and contain alphanumeric + characters or underscores only. + + --enablement-state=ENABLEMENT_STATE + Sets the enablement state of the Event Threat Detection custom module. + From the following list of possible enablement states, specify either + enabled or disabled only. ENABLEMENT_STATE must be one of: disabled, + enabled, enablement-state-unspecified, inherited. + + --module-type=MODULE_TYPE + Sets the module type of the Event Threat Detection custom module. + +OPTIONAL FLAGS + --organization=ORGANIZATION + Organization where the Event Threat Detection custom module resides. + Formatted as organizations/123 or just 123. + +GCLOUD WIDE FLAGS + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. + + Run $ gcloud help for details. + +API REFERENCE + This command uses the securitycenter/v1 API. The full documentation for + this API can be found at: https://cloud.google.com/security-command-center + +NOTES + This command is currently in alpha and might change without notice. If this + command fails with API permission errors despite specifying the correct + project, you might be trying to access an API with an invitation-only early + access allowlist. + diff --git a/gcloud/alpha/scc/custom-modules/etd/delete b/gcloud/alpha/scc/custom-modules/etd/delete new file mode 100644 index 000000000..a95233f1f --- /dev/null +++ b/gcloud/alpha/scc/custom-modules/etd/delete @@ -0,0 +1,47 @@ +NAME + gcloud alpha scc custom-modules etd delete - delete an Event Threat + Detection custom module + +SYNOPSIS + gcloud alpha scc custom-modules etd delete CUSTOM_MODULE + [--organization=ORGANIZATION] [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + (ALPHA) Delete an Event Threat Detection custom module. + +EXAMPLES + To delete an Event Threat Detection custom module with ID 123456 for + organization 123, run: + + $ gcloud alpha scc custom-modules etd delete 123456 \ + --organization=organizations/123 + +POSITIONAL ARGUMENTS + CUSTOM_MODULE + ID or the full resource name of the Event Threat Detection custom + module. If you specify the full resource name, you do not need to + specify the --organization, --folder, or --project flags. + +FLAGS + --organization=ORGANIZATION + Organization where the Event Threat Detection custom module resides. + Formatted as organizations/123 or just 123. + +GCLOUD WIDE FLAGS + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. + + Run $ gcloud help for details. + +API REFERENCE + This command uses the securitycenter/v1 API. The full documentation for + this API can be found at: https://cloud.google.com/security-command-center + +NOTES + This command is currently in alpha and might change without notice. If this + command fails with API permission errors despite specifying the correct + project, you might be trying to access an API with an invitation-only early + access allowlist. + diff --git a/gcloud/alpha/scc/custom-modules/etd/get b/gcloud/alpha/scc/custom-modules/etd/get new file mode 100644 index 000000000..52cc025a6 --- /dev/null +++ b/gcloud/alpha/scc/custom-modules/etd/get @@ -0,0 +1,47 @@ +NAME + gcloud alpha scc custom-modules etd get - get the details of an Event + Threat Detection custom module + +SYNOPSIS + gcloud alpha scc custom-modules etd get CUSTOM_MODULE + [--organization=ORGANIZATION] [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + (ALPHA) Get the details of an Event Threat Detection custom module. + +EXAMPLES + To get the details of a Event Threat Detection custom module with ID 123456 + for organization 123, run: + + $ gcloud alpha scc custom-modules etd get 123456 \ + --organization=organizations/123 + +POSITIONAL ARGUMENTS + CUSTOM_MODULE + ID or the full resource name of the Event Threat Detection custom + module. If you specify the full resource name, you do not need to + specify the --organization, --folder, or --project flags. + +FLAGS + --organization=ORGANIZATION + Organization from which to get the custom module details. Formatted as + organizations/123 or just 123. + +GCLOUD WIDE FLAGS + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. + + Run $ gcloud help for details. + +API REFERENCE + This command uses the securitycenter/v1 API. The full documentation for + this API can be found at: https://cloud.google.com/security-command-center + +NOTES + This command is currently in alpha and might change without notice. If this + command fails with API permission errors despite specifying the correct + project, you might be trying to access an API with an invitation-only early + access allowlist. + diff --git a/gcloud/alpha/scc/custom-modules/etd/help b/gcloud/alpha/scc/custom-modules/etd/help new file mode 100644 index 000000000..812fb8163 --- /dev/null +++ b/gcloud/alpha/scc/custom-modules/etd/help @@ -0,0 +1,38 @@ +NAME + gcloud alpha scc custom-modules etd - manage custom modules + +SYNOPSIS + gcloud alpha scc custom-modules etd COMMAND [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + (ALPHA) Manage custom modules. + +GCLOUD WIDE FLAGS + These flags are available to all commands: --help. + + Run $ gcloud help for details. + +COMMANDS + COMMAND is one of the following: + + create + (ALPHA) Create an Event Threat Detection custom module. + + delete + (ALPHA) Delete an Event Threat Detection custom module. + + get + (ALPHA) Get the details of an Event Threat Detection custom module. + + list + (ALPHA) List the details of Event Threat Detection custom modules. + + update + (ALPHA) Update an Event Threat Detection custom module. + +NOTES + This command is currently in alpha and might change without notice. If this + command fails with API permission errors despite specifying the correct + project, you might be trying to access an API with an invitation-only early + access allowlist. + diff --git a/gcloud/alpha/scc/custom-modules/etd/list b/gcloud/alpha/scc/custom-modules/etd/list new file mode 100644 index 000000000..01ce0977a --- /dev/null +++ b/gcloud/alpha/scc/custom-modules/etd/list @@ -0,0 +1,69 @@ +NAME + gcloud alpha scc custom-modules etd list - list the details of Event Threat + Detection custom modules + +SYNOPSIS + gcloud alpha scc custom-modules etd list --organization=ORGANIZATION + [--filter=EXPRESSION] [--limit=LIMIT] [--page-size=PAGE_SIZE] + [--sort-by=[FIELD,...]] [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + (ALPHA) List the details of the Event Threat Detection custom modules for + the specified organization. + +EXAMPLES + To list Event Threat Detection custom modules for organization 123, run: + + $ gcloud alpha scc custom-modules etd list \ + --organization=organizations/123 + +REQUIRED FLAGS + --organization=ORGANIZATION + Organization for listing the Event Threat Detection custom modules + created at the organization level. Formatted as organizations/123 or + just 123. + +LIST COMMAND FLAGS + --filter=EXPRESSION + Apply a Boolean filter EXPRESSION to each resource item to be listed. + If the expression evaluates True, then that item is listed. For more + details and examples of filter expressions, run $ gcloud topic filters. + This flag interacts with other flags that are applied in this order: + --flatten, --sort-by, --filter, --limit. + + --limit=LIMIT + Maximum number of resources to list. The default is unlimited. This + flag interacts with other flags that are applied in this order: + --flatten, --sort-by, --filter, --limit. + + --page-size=PAGE_SIZE + Some services group resource list output into pages. This flag + specifies the maximum number of resources per page. The default is + determined by the service if it supports paging, otherwise it is + unlimited (no paging). Paging may be applied before or after --filter + and --limit depending on the service. + + --sort-by=[FIELD,...] + Comma-separated list of resource field key names to sort by. The + default order is ascending. Prefix a field with ``~'' for descending + order on that field. This flag interacts with other flags that are + applied in this order: --flatten, --sort-by, --filter, --limit. + +GCLOUD WIDE FLAGS + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. + + Run $ gcloud help for details. + +API REFERENCE + This command uses the securitycenter/v1 API. The full documentation for + this API can be found at: https://cloud.google.com/security-command-center + +NOTES + This command is currently in alpha and might change without notice. If this + command fails with API permission errors despite specifying the correct + project, you might be trying to access an API with an invitation-only early + access allowlist. + diff --git a/gcloud/alpha/scc/custom-modules/etd/update b/gcloud/alpha/scc/custom-modules/etd/update new file mode 100644 index 000000000..b39ebe1a0 --- /dev/null +++ b/gcloud/alpha/scc/custom-modules/etd/update @@ -0,0 +1,64 @@ +NAME + gcloud alpha scc custom-modules etd update - update an Event Threat + Detection custom module + +SYNOPSIS + gcloud alpha scc custom-modules etd update CUSTOM_MODULE + [--custom-config-from-file=CUSTOM_CONFIG_FROM_FILE] + [--enablement-state=ENABLEMENT_STATE] [--organization=ORGANIZATION] + [--update-mask=UPDATE_MASK] [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + (ALPHA) Update an Event Threat Detection custom module. + +EXAMPLES + To update an Event Threat Detection custom module with ID 123456 for + organization 123, run: + + $ gcloud alpha scc custom-modules etd update 123456 \ + --organization=organizations/123 --enablement-state="ENABLED" \ + --custom-config-from-file=custom_config.json + +POSITIONAL ARGUMENTS + CUSTOM_MODULE + ID or the full resource name of the Event Threat Detection custom + module. If you specify the full resource name, you do not need to + specify the --organization, --folder, or --project flags. + +FLAGS + --custom-config-from-file=CUSTOM_CONFIG_FROM_FILE + Path to a JSON file that contains the configuration for the Event + Threat Detection custom module. + + --enablement-state=ENABLEMENT_STATE + Sets the enablement state of the Event Threat Detection custom module. + Valid options are ENABLED and DISABLED. ENABLEMENT_STATE must be one + of: disabled, enabled, enablement-state-unspecified, inherited. + + --organization=ORGANIZATION + Organization where the Event Threat Detection custom module resides. + Formatted as organizations/123 or just 123. + + --update-mask=UPDATE_MASK + Optional: If left unspecified (default), an update mask is + automatically created using the flags specified in the command and only + those values are updated. + +GCLOUD WIDE FLAGS + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. + + Run $ gcloud help for details. + +API REFERENCE + This command uses the securitycenter/v1 API. The full documentation for + this API can be found at: https://cloud.google.com/security-command-center + +NOTES + This command is currently in alpha and might change without notice. If this + command fails with API permission errors despite specifying the correct + project, you might be trying to access an API with an invitation-only early + access allowlist. + diff --git a/gcloud/alpha/scc/custom-modules/help b/gcloud/alpha/scc/custom-modules/help index 8a174cdc5..51086fd7b 100644 --- a/gcloud/alpha/scc/custom-modules/help +++ b/gcloud/alpha/scc/custom-modules/help @@ -16,6 +16,9 @@ GCLOUD WIDE FLAGS GROUPS GROUP is one of the following: + etd + (ALPHA) Manage custom modules. + sha (ALPHA) Manage Security Health Analytics custom modules. diff --git a/gcloud/alpha/storage/buckets/create b/gcloud/alpha/storage/buckets/create index af8630891..a92b7e106 100644 --- a/gcloud/alpha/storage/buckets/create +++ b/gcloud/alpha/storage/buckets/create @@ -2,7 +2,8 @@ NAME gcloud alpha storage buckets create - create buckets for storing objects SYNOPSIS - gcloud alpha storage buckets create URL [--additional-headers=HEADER=VALUE] + gcloud alpha storage buckets create URL [URL ...] + [--additional-headers=HEADER=VALUE] [--default-encryption-key=DEFAULT_ENCRYPTION_KEY, -k DEFAULT_ENCRYPTION_KEY] [--default-storage-class=DEFAULT_STORAGE_CLASS, @@ -15,12 +16,14 @@ SYNOPSIS [--[no-]uniform-bucket-level-access, -b] [GCLOUD_WIDE_FLAG ...] DESCRIPTION - (ALPHA) Create a new bucket. + (ALPHA) Create new buckets. EXAMPLES - The following command creates a Cloud Storage bucket named my-bucket: + The following command creates 2 Cloud Storage buckets, one named my-bucket + and a second bucket named my-other-bucket: - $ gcloud alpha storage buckets create gs://my-bucket + $ gcloud alpha storage buckets create gs://my-bucket \ + gs://my-other-bucket The following command creates a bucket with the nearline default storage class (https://cloud.google.com/storage/docs/storage-classes) in the asia @@ -30,8 +33,8 @@ EXAMPLES --default-storage-class=nearline --location=asia POSITIONAL ARGUMENTS - URL - The URL of the bucket to create. + URL [URL ...] + The URLs of the buckets to create. FLAGS --additional-headers=HEADER=VALUE diff --git a/gcloud/alpha/workstations/configs/create b/gcloud/alpha/workstations/configs/create index fc9ff16a5..820c3456a 100644 --- a/gcloud/alpha/workstations/configs/create +++ b/gcloud/alpha/workstations/configs/create @@ -23,7 +23,7 @@ SYNOPSIS [--service-account=SERVICE_ACCOUNT] [--shielded-integrity-monitoring] [--shielded-secure-boot] [--shielded-vtpm] [--accelerator-count=ACCELERATOR_COUNT - --accelerator-type=ACCELERATOR_TYPE] + : --accelerator-type=ACCELERATOR_TYPE] [--container-custom-image=CONTAINER_CUSTOM_IMAGE | --container-predefined-image=CONTAINER_PREDEFINED_IMAGE; default="codeoss"] @@ -220,9 +220,6 @@ FLAGS The type of accelerator resource to attach to the instance, for example, "nvidia-tesla-p100". - This flag argument must be specified if any of the other arguments in - this group are specified. - At most one of these can be specified: --container-custom-image=CONTAINER_CUSTOM_IMAGE diff --git a/gcloud/alpha/workstations/configs/update b/gcloud/alpha/workstations/configs/update index 26b77aeca..b8c6c9d72 100644 --- a/gcloud/alpha/workstations/configs/update +++ b/gcloud/alpha/workstations/configs/update @@ -17,6 +17,8 @@ SYNOPSIS [--pool-size=POOL_SIZE] [--running-timeout=RUNNING_TIMEOUT] [--service-account=SERVICE_ACCOUNT] [--shielded-integrity-monitoring] [--shielded-secure-boot] [--shielded-vtpm] + [--accelerator-count=ACCELERATOR_COUNT + : --accelerator-type=ACCELERATOR_TYPE] [--container-custom-image=CONTAINER_CUSTOM_IMAGE | --container-predefined-image=CONTAINER_PREDEFINED_IMAGE] [GCLOUD_WIDE_FLAG ...] @@ -176,6 +178,18 @@ FLAGS --shielded-vtpm Default value is false. If set, instances will have vTPM enabled. + Accelerator settings + + --accelerator-count=ACCELERATOR_COUNT + The number of accelerator cards exposed to the instance. + + This flag argument must be specified if any of the other arguments in + this group are specified. + + --accelerator-type=ACCELERATOR_TYPE + The type of accelerator resource to attach to the instance, for + example, "nvidia-tesla-p100". + At most one of these can be specified: --container-custom-image=CONTAINER_CUSTOM_IMAGE diff --git a/gcloud/beta/billing/accounts/add-iam-policy-binding b/gcloud/beta/billing/accounts/add-iam-policy-binding index 89472bcdd..2d573cc7e 100644 --- a/gcloud/beta/billing/accounts/add-iam-policy-binding +++ b/gcloud/beta/billing/accounts/add-iam-policy-binding @@ -53,7 +53,7 @@ GCLOUD WIDE FLAGS API REFERENCE This command uses the cloudbilling/v1 API. The full documentation for this - API can be found at: https://cloud.google.com/billing/ + API can be found at: https://cloud.google.com/billing/docs/apis NOTES This command is currently in beta and might change without notice. This diff --git a/gcloud/beta/billing/accounts/describe b/gcloud/beta/billing/accounts/describe index 0821994db..b4875ea9e 100644 --- a/gcloud/beta/billing/accounts/describe +++ b/gcloud/beta/billing/accounts/describe @@ -31,6 +31,10 @@ GCLOUD WIDE FLAGS Run $ gcloud help for details. +API REFERENCE + This command uses the cloudbilling/v1 API. The full documentation for this + API can be found at: https://cloud.google.com/billing/v1/getting-started + NOTES This command is currently in beta and might change without notice. This variant is also available: diff --git a/gcloud/beta/billing/accounts/get-iam-policy b/gcloud/beta/billing/accounts/get-iam-policy index 721335afc..da0aaf57d 100644 --- a/gcloud/beta/billing/accounts/get-iam-policy +++ b/gcloud/beta/billing/accounts/get-iam-policy @@ -68,7 +68,7 @@ GCLOUD WIDE FLAGS API REFERENCE This command uses the cloudbilling/v1 API. The full documentation for this - API can be found at: https://cloud.google.com/billing/ + API can be found at: https://cloud.google.com/billing/docs/apis NOTES This command is currently in beta and might change without notice. This diff --git a/gcloud/beta/billing/accounts/list b/gcloud/beta/billing/accounts/list index 105ddadf7..1a56ac7ec 100644 --- a/gcloud/beta/billing/accounts/list +++ b/gcloud/beta/billing/accounts/list @@ -56,6 +56,10 @@ GCLOUD WIDE FLAGS Run $ gcloud help for details. +API REFERENCE + This command uses the cloudbilling/v1 API. The full documentation for this + API can be found at: https://cloud.google.com/billing/v1/getting-started + NOTES This command is currently in beta and might change without notice. This variant is also available: diff --git a/gcloud/beta/billing/accounts/remove-iam-policy-binding b/gcloud/beta/billing/accounts/remove-iam-policy-binding index abe39d151..69a31a105 100644 --- a/gcloud/beta/billing/accounts/remove-iam-policy-binding +++ b/gcloud/beta/billing/accounts/remove-iam-policy-binding @@ -54,7 +54,7 @@ GCLOUD WIDE FLAGS API REFERENCE This command uses the cloudbilling/v1 API. The full documentation for this - API can be found at: https://cloud.google.com/billing/ + API can be found at: https://cloud.google.com/billing/docs/apis NOTES This command is currently in beta and might change without notice. This diff --git a/gcloud/beta/billing/accounts/set-iam-policy b/gcloud/beta/billing/accounts/set-iam-policy index d11c11162..1be0331bd 100644 --- a/gcloud/beta/billing/accounts/set-iam-policy +++ b/gcloud/beta/billing/accounts/set-iam-policy @@ -53,7 +53,7 @@ GCLOUD WIDE FLAGS API REFERENCE This command uses the cloudbilling/v1 API. The full documentation for this - API can be found at: https://cloud.google.com/billing/ + API can be found at: https://cloud.google.com/billing/docs/apis NOTES This command is currently in beta and might change without notice. This diff --git a/gcloud/beta/billing/projects/describe b/gcloud/beta/billing/projects/describe index 256997937..c1f53e30a 100644 --- a/gcloud/beta/billing/projects/describe +++ b/gcloud/beta/billing/projects/describe @@ -30,6 +30,10 @@ GCLOUD WIDE FLAGS Run $ gcloud help for details. +API REFERENCE + This command uses the cloudbilling/v1 API. The full documentation for this + API can be found at: https://cloud.google.com/billing/v1/getting-started + NOTES This command is currently in beta and might change without notice. This variant is also available: diff --git a/gcloud/beta/billing/projects/link b/gcloud/beta/billing/projects/link index 1867fe190..a4a24306d 100644 --- a/gcloud/beta/billing/projects/link +++ b/gcloud/beta/billing/projects/link @@ -6,11 +6,24 @@ SYNOPSIS [GCLOUD_WIDE_FLAG ...] DESCRIPTION - (BETA) This command links a billing account to a project. - - If the specified billing account is open, this enables billing on the + (BETA) This command sets or updates the billing account associated with a project. + Billing is enabled on a project when the project is linked to a valid, + active Cloud Billing account. The billing account accrues charges for the + usage of resources in all of the linked projects. If the project is already + linked to a billing account, this command moves the project to the billing + account you specify, updating the billing account that is linked to the + project. + + Note that associating a project with a closed billing account has the same + effect as disabling billing on the project: any paid resources in use by + the project are shut down, and your application stops functioning. Unless + you want to disable billing, you should always specify a valid, active + Cloud Billing account when you run this command. Learn how to confirm the + status of a Cloud Billing account at + https://cloud.google.com/billing/docs/how-to/verify-billing-enabled#billing_account_status + EXAMPLES To link a billing account 0X0X0X-0X0X0X-0X0X0X with a project my-project, run: @@ -36,6 +49,10 @@ GCLOUD WIDE FLAGS Run $ gcloud help for details. +API REFERENCE + This command uses the cloudbilling/v1 API. The full documentation for this + API can be found at: https://cloud.google.com/billing/v1/getting-started + NOTES This command is currently in beta and might change without notice. This variant is also available: diff --git a/gcloud/beta/billing/projects/unlink b/gcloud/beta/billing/projects/unlink index f097491e6..91f31dea0 100644 --- a/gcloud/beta/billing/projects/unlink +++ b/gcloud/beta/billing/projects/unlink @@ -6,8 +6,14 @@ SYNOPSIS gcloud beta billing projects unlink PROJECT_ID [GCLOUD_WIDE_FLAG ...] DESCRIPTION - (BETA) This command unlinks a project from its linked billing account. This - disables billing on the project. + (BETA) This command unlinks a project from its associated billing account. + This action disables billing on the project. Any billable resources and + services in use in your project are stopped, and your application stops + functioning. Any costs accrued prior to disabling billing on the project + are charged to the previously associated billing account. + + Note: To link a project to a different billing account, use the billing + projects link command. You do not need to unlink the project first. EXAMPLES To unlink the project my-project from its linked billing account, run: @@ -26,6 +32,10 @@ GCLOUD WIDE FLAGS Run $ gcloud help for details. +API REFERENCE + This command uses the cloudbilling/v1 API. The full documentation for this + API can be found at: https://cloud.google.com/billing/v1/getting-started + NOTES This command is currently in beta and might change without notice. This variant is also available: diff --git a/gcloud/beta/builds/triggers/create/bitbucketserver b/gcloud/beta/builds/triggers/create/bitbucketserver index fd7875182..e31a135f9 100644 --- a/gcloud/beta/builds/triggers/create/bitbucketserver +++ b/gcloud/beta/builds/triggers/create/bitbucketserver @@ -169,7 +169,19 @@ REQUIRED FLAGS --comment-control=COMMENT_CONTROL; default=CommentControlValueValuesEnum(COMMENTS_ENABLED, 1) Require a repository collaborator or owner to comment '/gcbrun' - on a pull request before running the build. + on a pull request before running the build. COMMENT_CONTROL + must be one of: + + COMMENTS_DISABLED + Do not require comments on Pull Requests before builds are + triggered. + COMMENTS_ENABLED + Enforce that repository owners or collaborators must + comment on Pull Requests before builds are triggered. + COMMENTS_ENABLED_FOR_EXTERNAL_CONTRIBUTORS_ONLY + Enforce that repository owners or collaborators must + comment on external contributors' Pull Requests before + builds are triggered. Exactly one of these must be specified: diff --git a/gcloud/beta/builds/triggers/create/github b/gcloud/beta/builds/triggers/create/github index e1c20a31d..6ecd888ea 100644 --- a/gcloud/beta/builds/triggers/create/github +++ b/gcloud/beta/builds/triggers/create/github @@ -6,9 +6,10 @@ SYNOPSIS gcloud beta builds triggers create github (--trigger-config=PATH | [(--branch-pattern=REGEX | --tag-pattern=REGEX | [--pull-request-pattern=REGEX : --comment-control=COMMENT_CONTROL; - default="COMMENTS_ENABLED"]) (--build-config=PATH - | --inline-config=PATH | [--dockerfile=DOCKERFILE - : --dockerfile-dir=DOCKERFILE_DIR; default="/" + default=CommentControlValueValuesEnum(COMMENTS_ENABLED, + 1)]) (--build-config=PATH | --inline-config=PATH + | [--dockerfile=DOCKERFILE : --dockerfile-dir=DOCKERFILE_DIR; + default="/" --dockerfile-image=DOCKERFILE_IMAGE]) (--repository=REPOSITORY | [--repo-name=REPO_NAME --repo-owner=REPO_OWNER : --enterprise-config=ENTERPRISE_CONFIG]) : --description=DESCRIPTION @@ -158,7 +159,7 @@ REQUIRED FLAGS This flag argument must be specified if any of the other arguments in this group are specified. - --comment-control=COMMENT_CONTROL; default="COMMENTS_ENABLED" + --comment-control=COMMENT_CONTROL; default=CommentControlValueValuesEnum(COMMENTS_ENABLED, 1) Require a repository collaborator or owner to comment '/gcbrun' on a pull request before running the build. COMMENT_CONTROL must be one of: diff --git a/gcloud/beta/builds/triggers/create/gitlab b/gcloud/beta/builds/triggers/create/gitlab index 7a6ca5f54..3f75ee54a 100644 --- a/gcloud/beta/builds/triggers/create/gitlab +++ b/gcloud/beta/builds/triggers/create/gitlab @@ -149,7 +149,19 @@ REQUIRED FLAGS --comment-control=COMMENT_CONTROL; default=CommentControlValueValuesEnum(COMMENTS_ENABLED, 1) Require a repository collaborator or owner to comment '/gcbrun' - on a pull request before running the build. + on a pull request before running the build. COMMENT_CONTROL + must be one of: + + COMMENTS_DISABLED + Do not require comments on Pull Requests before builds are + triggered. + COMMENTS_ENABLED + Enforce that repository owners or collaborators must + comment on Pull Requests before builds are triggered. + COMMENTS_ENABLED_FOR_EXTERNAL_CONTRIBUTORS_ONLY + Enforce that repository owners or collaborators must + comment on external contributors' Pull Requests before + builds are triggered. Exactly one of these must be specified: diff --git a/gcloud/beta/builds/triggers/create/gitlab-enterprise b/gcloud/beta/builds/triggers/create/gitlab-enterprise deleted file mode 100644 index 4101382f9..000000000 --- a/gcloud/beta/builds/triggers/create/gitlab-enterprise +++ /dev/null @@ -1,228 +0,0 @@ -NAME - gcloud beta builds triggers create gitlab-enterprise - create a build - trigger for a GitLab Enterprise repository - -SYNOPSIS - gcloud beta builds triggers create gitlab-enterprise - (--trigger-config=PATH | [(--branch-pattern=REGEX | --tag-pattern=REGEX - | [--pull-request-pattern=REGEX : --comment-control=COMMENT_CONTROL; - default=CommentControlValueValuesEnum(COMMENTS_ENABLED, - 1)]) (--build-config=PATH | --inline-config=PATH - | [--dockerfile=DOCKERFILE : --dockerfile-dir=DOCKERFILE_DIR; - default="/" --dockerfile-image=DOCKERFILE_IMAGE]) - (--gitlab-config-resource=GITLAB_CONFIG_RESOURCE - --project-namespace=PROJECT_NAMESPACE) : --description=DESCRIPTION - --ignored-files=[GLOB,...] --included-files=[GLOB,...] --name=NAME - --region=REGION --[no-]require-approval - --service-account=SERVICE_ACCOUNT --substitutions=[KEY=VALUE,...]]) - [GCLOUD_WIDE_FLAG ...] - -DESCRIPTION - (BETA) Create a build trigger for a GitLab Enterprise repository. - -EXAMPLES - To create a push trigger with a 1st-gen repository for all branches: - - $ gcloud beta builds triggers create gitlab-enterprise \ - --name="my-trigger" \ - --service-account="projects/my-project/serviceAccounts/my-byosa@\ - my-project.iam.gserviceaccount.com" \ - --project-namespace="cloud-builders" \ - --gitlab-config-resource="projects/1234/locations/global/gitLabC\ - onfigs/5678" --branch-pattern=".*" --build-config="cloudbuild.yaml" - - To create a pull request trigger with a 1st-gen repository for main: - - $ gcloud beta builds triggers create gitlab-enterprise \ - --name="my-trigger" \ - --service-account="projects/my-project/serviceAccounts/my-byosa@\ - my-project.iam.gserviceaccount.com" \ - --project-namespace="cloud-builders" \ - --gitlab-config-resource="projects/1234/locations/global/gitLabC\ - onfigs/5678" --pull-request-pattern="^main$" \ - --build-config="cloudbuild.yaml" - -REQUIRED FLAGS - Exactly one of these must be specified: - - --trigger-config=PATH - Path to Build Trigger config file (JSON or YAML format). For more - details, see - https://cloud.google.com/cloud-build/docs/api/reference/rest/v1/projects.triggers#BuildTrigger - - Flag based trigger configuration - - --description=DESCRIPTION - Build trigger description. - - --ignored-files=[GLOB,...] - Glob filter. Changes only affecting ignored files won't trigger - builds. - - --included-files=[GLOB,...] - Glob filter. Changes affecting at least one included file will - trigger builds. - - --name=NAME - Build trigger name. - - --region=REGION - The region of the Cloud Build Service to use. Must be set to a - supported region name (e.g. us-central1). If unset, builds/region, - which is the default region to use when working with Cloud Build - resources, is used. If builds/region is unset, region is set to - global. - - --[no-]require-approval - Require manual approval for triggered builds. Use - --require-approval to enable and --no-require-approval to disable. - - --service-account=SERVICE_ACCOUNT - The service account used for all user-controlled operations - including UpdateBuildTrigger, RunBuildTrigger, CreateBuild, and - CancelBuild. If no service account is set, then the standard Cloud - Build service account ([PROJECT_NUM]@system.gserviceaccount.com) is - used instead. Format: - projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT_ID_OR_EMAIL}. - - --substitutions=[KEY=VALUE,...] - Parameters to be substituted in the build specification. For - example: - - $ gcloud beta builds triggers create gitlab-enterprise ... \ - --substitutions _FAVORITE_COLOR=blue,_NUM_CANDIES=10 - - This will result in a build where every occurrence of - ${_FAVORITE_COLOR} in certain fields is replaced by "blue", and - similarly for ${_NUM_CANDIES} and "10". - - Substitutions can be applied to user-defined variables (starting - with an underscore) and to the following built-in variables: - REPO_NAME, BRANCH_NAME, TAG_NAME, REVISION_ID, COMMIT_SHA, - SHORT_SHA. - - For more details, see: - https://cloud.google.com/build/docs/configuring-builds/substitute-variable-values - - Exactly one of these must be specified: - - --branch-pattern=REGEX - A regular expression specifying which git branches to match. - - This pattern is used as a regular expression search for any - incoming pushes. For example, --branch-pattern=foo will match - "foo", "foobar", and "barfoo". Events on a branch that does not - match will be ignored. - - The syntax of the regular expressions accepted is the syntax - accepted by RE2 and described at - https://github.com/google/re2/wiki/Syntax. - - --tag-pattern=REGEX - A regular expression specifying which git tags to match. - - This pattern is used as a regular expression search for any - incoming pushes. For example, --tag-pattern=foo will match "foo", - "foobar", and "barfoo". Events on a tag that does not match will - be ignored. - - The syntax of the regular expressions accepted is the syntax - accepted by RE2 and described at - https://github.com/google/re2/wiki/Syntax. - - Pull Request settings - - --pull-request-pattern=REGEX - Regular expression specifying which base git branch to match - for pull request events. - - This pattern is used as a regex search for the base branch (the - branch you are trying to merge into) for pull request updates. - For example, --pull-request-pattern=foo will match "foo", - "foobar", and "barfoo". - - The syntax of the regular expressions accepted is the syntax - accepted by RE2 and described at - https://github.com/google/re2/wiki/Syntax. - - This flag argument must be specified if any of the other - arguments in this group are specified. - - --comment-control=COMMENT_CONTROL; default=CommentControlValueValuesEnum(COMMENTS_ENABLED, 1) - Require a repository collaborator or owner to comment '/gcbrun' - on a pull request before running the build. - - Exactly one of these must be specified: - - --build-config=PATH - Path to a YAML or JSON file containing the build configuration in - the repository. - - For more details, see: - https://cloud.google.com/cloud-build/docs/build-config - - --inline-config=PATH - Local path to a YAML or JSON file containing a build - configuration. - - Dockerfile build configuration flags - - --dockerfile=DOCKERFILE - Path of Dockerfile to use for builds in the repository. - - If specified, a build config will be generated to run docker - build using the specified file. - - The filename is relative to the Dockerfile directory. - - This flag argument must be specified if any of the other - arguments in this group are specified. - - --dockerfile-dir=DOCKERFILE_DIR; default="/" - Location of the directory containing the Dockerfile in the - repository. - - The directory will also be used as the Docker build context. - - --dockerfile-image=DOCKERFILE_IMAGE - Docker image name to build. - - If not specified, - gcr.io/PROJECT/github.com/REPO_OWNER/REPO_NAME:$COMMIT_SHA will - be used. - - Use a build configuration (cloudbuild.yaml) file for building - multiple images in a single trigger. - - Exactly one of these must be specified: - - 1st-gen repository settings. - - --gitlab-config-resource=GITLAB_CONFIG_RESOURCE - GitLab config resource name. - - This flag argument must be specified if any of the other - arguments in this group are specified. - - --project-namespace=PROJECT_NAMESPACE - GitLab project namespace. - - This flag argument must be specified if any of the other - arguments in this group are specified. - -GCLOUD WIDE FLAGS - These flags are available to all commands: --access-token-file, --account, - --billing-project, --configuration, --flags-file, --flatten, --format, - --help, --impersonate-service-account, --log-http, --project, --quiet, - --trace-token, --user-output-enabled, --verbosity. - - Run $ gcloud help for details. - -NOTES - This command is currently in beta and might change without notice. These - variants are also available: - - $ gcloud builds triggers create gitlab-enterprise - - $ gcloud alpha builds triggers create gitlab-enterprise - diff --git a/gcloud/beta/builds/triggers/create/help b/gcloud/beta/builds/triggers/create/help index 038057266..cb1b5ebef 100644 --- a/gcloud/beta/builds/triggers/create/help +++ b/gcloud/beta/builds/triggers/create/help @@ -28,9 +28,6 @@ COMMANDS gitlab (BETA) Create a build trigger for a 2nd-gen GitLab repository. - gitlab-enterprise - (BETA) Create a build trigger for a GitLab Enterprise repository. - manual (BETA) Create a build trigger with a manual trigger event. diff --git a/gcloud/beta/composer/environments/create b/gcloud/beta/composer/environments/create index cb364a456..9615d7b0d 100644 --- a/gcloud/beta/composer/environments/create +++ b/gcloud/beta/composer/environments/create @@ -133,7 +133,7 @@ FLAGS Enable Cloud Data Lineage integration. --enable-high-resilience - Enable use of a high resilience, supported for Composer 2 Environments. + Enable high resilience, supported for Composer 2 Environments. --env-variables=[NAME=VALUE,...] A comma-delimited list of environment variable NAME=VALUE pairs to diff --git a/gcloud/beta/composer/environments/update b/gcloud/beta/composer/environments/update index 0482707a6..5ce3fd163 100644 --- a/gcloud/beta/composer/environments/update +++ b/gcloud/beta/composer/environments/update @@ -6,6 +6,7 @@ SYNOPSIS gcloud beta composer environments update (ENVIRONMENT : --location=LOCATION) (--cloud-sql-machine-type=CLOUD_SQL_MACHINE_TYPE + | --disable-high-resilience | --enable-high-resilience | --environment-size=ENVIRONMENT_SIZE | --node-count=NODE_COUNT | --web-server-machine-type=WEB_SERVER_MACHINE_TYPE | --airflow-version=AIRFLOW_VERSION | --image-version=IMAGE_VERSION @@ -99,6 +100,12 @@ REQUIRED FLAGS available machine types is available here: https://cloud.google.com/composer/pricing#db-machine-types. + --disable-high-resilience + Disable high resilience, supported for Composer 2 Environments. + + --enable-high-resilience + Enable high resilience, supported for Composer 2 Environments. + --environment-size=ENVIRONMENT_SIZE Size of the environment. Unspecified means that the default option will be chosen. ENVIRONMENT_SIZE must be one of: large, medium, diff --git a/gcloud/beta/compute/backend-buckets/create b/gcloud/beta/compute/backend-buckets/create index 8af9ed059..bcc91197d 100644 --- a/gcloud/beta/compute/backend-buckets/create +++ b/gcloud/beta/compute/backend-buckets/create @@ -119,8 +119,8 @@ OPTIONAL FLAGS AUTOMATIC. --custom-response-header=CUSTOM_RESPONSE_HEADER - Custom headers that the external HTTP(S) load balancer adds to proxied - responses. For the list of headers, see Creating custom headers + Custom headers that the external Application Load Balancer adds to + proxied responses. For the list of headers, see Creating custom headers (https://cloud.google.com/load-balancing/docs/custom-headers). Variables are not case-sensitive. diff --git a/gcloud/beta/compute/backend-buckets/update b/gcloud/beta/compute/backend-buckets/update index 74fbb392e..7390b98f7 100644 --- a/gcloud/beta/compute/backend-buckets/update +++ b/gcloud/beta/compute/backend-buckets/update @@ -182,7 +182,7 @@ FLAGS At most one of these can be specified: --custom-response-header=CUSTOM_RESPONSE_HEADER - Custom headers that the external HTTP(S) load balancer adds to + Custom headers that the external Application Load Balancer adds to proxied responses. For the list of headers, see Creating custom headers (https://cloud.google.com/load-balancing/docs/custom-headers). diff --git a/gcloud/beta/compute/backend-services/create b/gcloud/beta/compute/backend-services/create index 27eb9fbbd..dd44a928f 100644 --- a/gcloud/beta/compute/backend-services/create +++ b/gcloud/beta/compute/backend-services/create @@ -33,6 +33,7 @@ SYNOPSIS [--network=NETWORK] [--port-name=PORT_NAME] [--protocol=PROTOCOL] [--[no-]request-coalescing] [--serve-while-stale=SERVE_WHILE_STALE] [--service-bindings=SERVICE_BINDING,[...]] + [--service-lb-policy=SERVICE_LOAD_BALANCING_POLICY] [--session-affinity=SESSION_AFFINITY] [--signed-url-cache-max-age=SIGNED_URL_CACHE_MAX_AGE] [--subsetting-policy=SUBSETTING_POLICY; default="NONE"] @@ -211,8 +212,8 @@ FLAGS --custom-request-header "another-header:" --custom-response-header=CUSTOM_RESPONSE_HEADER - Custom headers that the external HTTP(S) load balancer adds to proxied - responses. For the list of headers, see Creating custom headers + Custom headers that the external Application Load Balancer adds to + proxied responses. For the list of headers, see Creating custom headers (https://cloud.google.com/load-balancing/docs/custom-headers). Variables are not case-sensitive. @@ -247,13 +248,13 @@ FLAGS --drop-traffic-if-unhealthy Enable dropping of traffic if there are no healthy VMs detected in both the primary and backup instance groups. Not compatible with the - --global flag. Applicable only for backend service-based network load - balancers and internal TCP/UDP load balancers as part of a connection + --global flag. Applicable only for backend service-based external and + internal passthrough Network Load Balancers as part of a connection tracking policy. For details, see: Connection persistence on unhealthy - backends for internal TCP/UDP load balancing + backends for internal passthrough Network Load Balancers (https://cloud.google.com/load-balancing/docs/internal#connection-persistence) - and Connection persistence on unhealthy backends for network load - balancing + and Connection persistence on unhealthy backends for external + passthrough Network Load Balancers (https://cloud.google.com/load-balancing/docs/network/networklb-backend-service#connection-persistence). --[no-]enable-cdn @@ -266,9 +267,9 @@ FLAGS --[no-]enable-logging The logging options for the load balancer traffic served by this backend service. If logging is enabled, logs will be exported to Cloud - Logging. Disabled by default. This field cannot be specified for SSL - Proxy and TCP Proxy Load Balancing. Use --enable-logging to enable and - --no-enable-logging to disable. + Logging. Disabled by default. This field cannot be specified for global + external proxy Network Load Balancers. Use --enable-logging to enable + and --no-enable-logging to disable. --[no-]enable-strong-affinity Enable or disable strong session affinity. This is only available for @@ -291,9 +292,9 @@ FLAGS health of the backend service. Legacy health checks are not recommended for backend services. It is - possible to use a legacy health check on a backend service for a - HTTP(S) load balancer if that backend service uses instance groups. For - more information, refer to this guide: + possible to use a legacy health check on a backend service for an + Application Load Balancer if that backend service uses instance groups. + For more information, refer to this guide: https://cloud.google.com/load-balancing/docs/health-check-concepts#lb_guide. --https-health-checks=HTTPS_HEALTH_CHECK,[...] @@ -301,9 +302,9 @@ FLAGS health of the backend service. Legacy health checks are not recommended for backend services. It is - possible to use a legacy health check on a backend service for a - HTTP(S) load balancer if that backend service uses instance groups. For - more information, refer to this guide: + possible to use a legacy health check on a backend service for an + Application Load Balancer if that backend service uses instance groups. + For more information, refer to this guide: https://cloud.google.com/load-balancing/docs/health-check-concepts#lb_guide. --iap=disabled|enabled,[oauth2-client-id=OAUTH2-CLIENT-ID,oauth2-client-secret=OAUTH2-CLIENT-SECRET] @@ -318,19 +319,20 @@ FLAGS --idle-timeout-sec=IDLE_TIMEOUT_SEC Specifies how long to keep a connection tracking table entry while there is no matching traffic (in seconds). Applicable only for backend - service-based network load balancers and internal TCP/UDP load - balancers as part of a connection tracking policy. + service-based external and internal passthrough Network Load Balancers + as part of a connection tracking policy. --load-balancing-scheme=LOAD_BALANCING_SCHEME; default="EXTERNAL" Specifies the load balancer type. Choose EXTERNAL for the classic - HTTP(S) load balancers, the external TCP/UDP network load balancers, - and the external TCP/SSL proxy load balancers. Choose EXTERNAL_MANAGED - for the Envoy-based global and regional external HTTP(S) load - balancers. Choose INTERNAL for internal TCP/UDP load balancers. Choose - INTERNAL_MANAGED for Envoy-based internal load balancers such as the - internal HTTP(S) load balancers and the internal TCP proxy load - balancers. Choose INTERNAL_SELF_MANAGED for Traffic Director. For more - information, refer to this guide: + Application Load Balancers, the external passthrough Network Load + Balancers, and the global external proxy Network Load Balancers. Choose + EXTERNAL_MANAGED for the Envoy-based global and regional external + Application Load Balancers, and the regional external proxy Network + Load Balancers. Choose INTERNAL for the internal passthrough Network + Load Balancers. Choose INTERNAL_MANAGED for Envoy-based internal load + balancers such as the internal Application Load Balancers and the + internal proxy Network Load Balancers. Choose INTERNAL_SELF_MANAGED for + Traffic Director. For more information, refer to this guide: https://cloud.google.com/load-balancing/docs/choosing-load-balancer. LOAD_BALANCING_SCHEME must be one of: INTERNAL, EXTERNAL, INTERNAL_SELF_MANAGED, EXTERNAL_MANAGED, INTERNAL_MANAGED. @@ -345,8 +347,8 @@ FLAGS This field can only be specified if logging is enabled for the backend service. Configures whether all, none, or a subset of optional fields should be added to the reported logs. Default is EXCLUDE_ALL_OPTIONAL. - This field can only be specified for Internal TCP/UDP Load Balancing - and External Network Load Balancing. LOGGING_OPTIONAL must be one of: + This field can only be specified for internal and external passthrough + Network Load Balancers. LOGGING_OPTIONAL must be one of: EXCLUDE_ALL_OPTIONAL, INCLUDE_ALL_OPTIONAL, CUSTOM. --logging-optional-fields=[LOGGING_OPTIONAL_FIELDS,...] @@ -355,7 +357,7 @@ FLAGS comma-separated list of optional fields you want to include in the logs. For example: serverInstance, serverGkeDetails.cluster, serverGkeDetails.pod.podNamespace. This can only be specified for - Internal TCP/UDP Load Balancing and External Network Load Balancing. + internal and external passthrough Network Load Balancers. --logging-sample-rate=LOGGING_SAMPLE_RATE This field can only be specified if logging is enabled for the backend @@ -448,9 +450,9 @@ FLAGS load-balancing-scheme is INTERNAL. --port-name=PORT_NAME - Backend services for external HTTP(S) load balancing, internal HTTP(S) - load balancing, TCP proxy load balancing, and SSL proxy load balancing - must reference exactly one named port if using instance group backends. + Backend services for Application Load Balancers and proxy Network Load + Balancers must reference exactly one named port if using instance group + backends. Each instance group backend exports one or more named ports, which map a user-configurable name to a port number. The backend service's named @@ -465,8 +467,8 @@ FLAGS ◆ For any load balancer, if the backends are not instance groups (for example, GCE_VM_IP_PORT NEGs). - ◆ For any type of backend on a backend service for internal TCP/UDP - load balancing or external TCP/UDP network load balancing. + ◆ For any type of backend on a backend service for internal or + external passthrough Network Load Balancers. See also https://cloud.google.com/load-balancing/docs/backend-service#named_ports. @@ -474,26 +476,26 @@ FLAGS --protocol=PROTOCOL Protocol for incoming requests. - If the load-balancing-scheme is INTERNAL (Internal TCP/UDP Load - Balancing), the protocol must be one of: TCP, UDP, UNSPECIFIED. + If the load-balancing-scheme is INTERNAL (Internal passthrough Network + Load Balancer), the protocol must be one of: TCP, UDP, UNSPECIFIED. If the load-balancing-scheme is INTERNAL_SELF_MANAGED (Traffic Director), the protocol must be one of: HTTP, HTTPS, HTTP2, GRPC. - If the load-balancing-scheme is INTERNAL_MANAGED (Internal HTTP(S) Load - Balancing), the protocol must be one of: HTTP, HTTPS, HTTP2. + If the load-balancing-scheme is INTERNAL_MANAGED (Internal Application + Load Balancer), the protocol must be one of: HTTP, HTTPS, HTTP2. - If the load-balancing-scheme is EXTERNAL and region is not set - (HTTP(S), SSL Proxy, or TCP Proxy Load Balancing), the protocol must be - one of: HTTP, HTTPS, HTTP2, SSL, TCP. + If the load-balancing-scheme is EXTERNAL and region is not set (Classic + Application Load Balancer and global external proxy Network Load + Balancer), the protocol must be one of: HTTP, HTTPS, HTTP2, SSL, TCP. If the load-balancing-scheme is EXTERNAL and region is set (External - Network Load Balancing), the protocol must be one of: TCP, UDP, - UNSPECIFIED. + passthrough Network Load Balancer), the protocol must be one of: TCP, + UDP, UNSPECIFIED. - If the load-balancing-scheme is EXTERNAL_MANAGED (Envoy based External - HTTP(S) Load Balancing), the protocol must be one of: HTTP, HTTPS, - HTTP2. + If the load-balancing-scheme is EXTERNAL_MANAGED (Envoy based Global + and regional external Application Load Balancers), the protocol must be + one of: HTTP, HTTPS, HTTP2. --[no-]request-coalescing Enables request coalescing to the backend (recommended). @@ -532,6 +534,12 @@ FLAGS only be set if load balancing scheme is INTERNAL_SELF_MANAGED. If set, lists of backends and health checks must be both empty. + --service-lb-policy=SERVICE_LOAD_BALANCING_POLICY + Service load balancing policy to be applied to this backend service. + Can only be set if load balancing scheme is EXTERNAL_MANAGED, + INTERNAL_MANAGED, or INTERNAL_SELF_MANAGED. Only available for global + backend services. + --session-affinity=SESSION_AFFINITY The type of session affinity to use. Supports both TCP and UDP. SESSION_AFFINITY must be one of: @@ -620,11 +628,11 @@ FLAGS INTERNAL_MANAGED or INTERNAL_SELF_MANAGED. --timeout=TIMEOUT; default="30s" - Applicable to all load balancing products except Internal TCP/UDP Load - Balancing and External TCP/UDP Network Load Balancing. For Internal - TCP/UDP Load Balancing (load-balancing-scheme set to INTERNAL) and - External TCP/UDP Network Load Balancing (global not set and - load-balancing-scheme set to EXTERNAL), timeout is ignored. + Applicable to all load balancing products except passthrough Network + Load Balancers. For internal passthrough Network Load Balancers + (load-balancing-scheme set to INTERNAL) and external passthrough + Network Load Balancers (global not set and load-balancing-scheme set to + EXTERNAL), timeout is ignored. If the protocol is HTTP, HTTPS, or HTTP2, timeout is a request/response timeout for HTTP(S) traffic, meaning the amount of time that the load @@ -649,11 +657,12 @@ FLAGS --tracking-mode=TRACKING_MODE Specifies the connection key used for connection tracking. The default value is PER_CONNECTION. Applicable only for backend service-based - network load balancers and internal TCP/UDP load balancers as part of a + external and internal passthrough Network Load Balancers as part of a connection tracking policy. For details, see: Connection tracking mode - for internal TCP/UDP load balancing + for internal passthrough Network Load Balancers balancing (https://cloud.google.com/load-balancing/docs/internal#tracking-mode) - and Connection tracking mode for network load balancing + and Connection tracking mode for external passthrough Network Load + Balancers (https://cloud.google.com/load-balancing/docs/network/networklb-backend-service#tracking-mode). TRACKING_MODE must be one of: PER_CONNECTION, PER_SESSION. diff --git a/gcloud/beta/compute/backend-services/update b/gcloud/beta/compute/backend-services/update index 75d835e0f..bf02c72b6 100644 --- a/gcloud/beta/compute/backend-services/update +++ b/gcloud/beta/compute/backend-services/update @@ -48,7 +48,8 @@ SYNOPSIS | --negative-caching-policy=[[CODE=TTL],...]] [--serve-while-stale=SERVE_WHILE_STALE | --no-serve-while-stale] [--service-bindings=SERVICE_BINDING,[...] | --no-service-bindings] - [GCLOUD_WIDE_FLAG ...] + [--service-lb-policy=SERVICE_LOAD_BALANCING_POLICY + | --no-service-lb-policy] [GCLOUD_WIDE_FLAG ...] DESCRIPTION (BETA) gcloud beta compute backend-services update is used to update @@ -155,13 +156,13 @@ FLAGS --drop-traffic-if-unhealthy Enable dropping of traffic if there are no healthy VMs detected in both the primary and backup instance groups. Not compatible with the - --global flag. Applicable only for backend service-based network load - balancers and internal TCP/UDP load balancers as part of a connection + --global flag. Applicable only for backend service-based external and + internal passthrough Network Load Balancers as part of a connection tracking policy. For details, see: Connection persistence on unhealthy - backends for internal TCP/UDP load balancing + backends for internal passthrough Network Load Balancers (https://cloud.google.com/load-balancing/docs/internal#connection-persistence) - and Connection persistence on unhealthy backends for network load - balancing + and Connection persistence on unhealthy backends for external + passthrough Network Load Balancers (https://cloud.google.com/load-balancing/docs/network/networklb-backend-service#connection-persistence). --edge-security-policy=EDGE_SECURITY_POLICY @@ -179,9 +180,9 @@ FLAGS --[no-]enable-logging The logging options for the load balancer traffic served by this backend service. If logging is enabled, logs will be exported to Cloud - Logging. Disabled by default. This field cannot be specified for SSL - Proxy and TCP Proxy Load Balancing. Use --enable-logging to enable and - --no-enable-logging to disable. + Logging. Disabled by default. This field cannot be specified for global + external proxy Network Load Balancers. Use --enable-logging to enable + and --no-enable-logging to disable. --[no-]enable-strong-affinity Enable or disable strong session affinity. This is only available for @@ -208,9 +209,9 @@ FLAGS health of the backend service. Legacy health checks are not recommended for backend services. It is - possible to use a legacy health check on a backend service for a - HTTP(S) load balancer if that backend service uses instance groups. For - more information, refer to this guide: + possible to use a legacy health check on a backend service for an + Application Load Balancer if that backend service uses instance groups. + For more information, refer to this guide: https://cloud.google.com/load-balancing/docs/health-check-concepts#lb_guide. --https-health-checks=HTTPS_HEALTH_CHECK,[...] @@ -218,9 +219,9 @@ FLAGS health of the backend service. Legacy health checks are not recommended for backend services. It is - possible to use a legacy health check on a backend service for a - HTTP(S) load balancer if that backend service uses instance groups. For - more information, refer to this guide: + possible to use a legacy health check on a backend service for an + Application Load Balancer if that backend service uses instance groups. + For more information, refer to this guide: https://cloud.google.com/load-balancing/docs/health-check-concepts#lb_guide. --iap=disabled|enabled,[oauth2-client-id=OAUTH2-CLIENT-ID,oauth2-client-secret=OAUTH2-CLIENT-SECRET] @@ -237,8 +238,8 @@ FLAGS --idle-timeout-sec=IDLE_TIMEOUT_SEC Specifies how long to keep a connection tracking table entry while there is no matching traffic (in seconds). Applicable only for backend - service-based network load balancers and internal TCP/UDP load - balancers as part of a connection tracking policy. + service-based external and internal passthrough Network Load Balancers + as part of a connection tracking policy. --locality-lb-policy=LOCALITY_LB_POLICY The load balancing algorithm used within the scope of the locality. @@ -250,8 +251,8 @@ FLAGS This field can only be specified if logging is enabled for the backend service. Configures whether all, none, or a subset of optional fields should be added to the reported logs. Default is EXCLUDE_ALL_OPTIONAL. - This field can only be specified for Internal TCP/UDP Load Balancing - and External Network Load Balancing. LOGGING_OPTIONAL must be one of: + This field can only be specified for internal and external passthrough + Network Load Balancers. LOGGING_OPTIONAL must be one of: EXCLUDE_ALL_OPTIONAL, INCLUDE_ALL_OPTIONAL, CUSTOM. --logging-optional-fields=[LOGGING_OPTIONAL_FIELDS,...] @@ -260,7 +261,7 @@ FLAGS comma-separated list of optional fields you want to include in the logs. For example: serverInstance, serverGkeDetails.cluster, serverGkeDetails.pod.podNamespace. This can only be specified for - Internal TCP/UDP Load Balancing and External Network Load Balancing. + internal and external passthrough Network Load Balancers. --logging-sample-rate=LOGGING_SAMPLE_RATE This field can only be specified if logging is enabled for the backend @@ -271,9 +272,9 @@ FLAGS enabled and 0.0 otherwise. --port-name=PORT_NAME - Backend services for external HTTP(S) load balancing, internal HTTP(S) - load balancing, TCP proxy load balancing, and SSL proxy load balancing - must reference exactly one named port if using instance group backends. + Backend services for Application Load Balancers and proxy Network Load + Balancers must reference exactly one named port if using instance group + backends. Each instance group backend exports one or more named ports, which map a user-configurable name to a port number. The backend service's named @@ -288,8 +289,8 @@ FLAGS ◆ For any load balancer, if the backends are not instance groups (for example, GCE_VM_IP_PORT NEGs). - ◆ For any type of backend on a backend service for internal TCP/UDP - load balancing or external TCP/UDP network load balancing. + ◆ For any type of backend on a backend service for internal or + external passthrough Network Load Balancers. See also https://cloud.google.com/load-balancing/docs/backend-service#named_ports. @@ -297,26 +298,26 @@ FLAGS --protocol=PROTOCOL Protocol for incoming requests. - If the load-balancing-scheme is INTERNAL (Internal TCP/UDP Load - Balancing), the protocol must be one of: TCP, UDP, UNSPECIFIED. + If the load-balancing-scheme is INTERNAL (Internal passthrough Network + Load Balancer), the protocol must be one of: TCP, UDP, UNSPECIFIED. If the load-balancing-scheme is INTERNAL_SELF_MANAGED (Traffic Director), the protocol must be one of: HTTP, HTTPS, HTTP2, GRPC. - If the load-balancing-scheme is INTERNAL_MANAGED (Internal HTTP(S) Load - Balancing), the protocol must be one of: HTTP, HTTPS, HTTP2. + If the load-balancing-scheme is INTERNAL_MANAGED (Internal Application + Load Balancer), the protocol must be one of: HTTP, HTTPS, HTTP2. - If the load-balancing-scheme is EXTERNAL and region is not set - (HTTP(S), SSL Proxy, or TCP Proxy Load Balancing), the protocol must be - one of: HTTP, HTTPS, HTTP2, SSL, TCP. + If the load-balancing-scheme is EXTERNAL and region is not set (Classic + Application Load Balancer and global external proxy Network Load + Balancer), the protocol must be one of: HTTP, HTTPS, HTTP2, SSL, TCP. If the load-balancing-scheme is EXTERNAL and region is set (External - Network Load Balancing), the protocol must be one of: TCP, UDP, - UNSPECIFIED. + passthrough Network Load Balancer), the protocol must be one of: TCP, + UDP, UNSPECIFIED. - If the load-balancing-scheme is EXTERNAL_MANAGED (Envoy based External - HTTP(S) Load Balancing), the protocol must be one of: HTTP, HTTPS, - HTTP2. + If the load-balancing-scheme is EXTERNAL_MANAGED (Envoy based Global + and regional external Application Load Balancers), the protocol must be + one of: HTTP, HTTPS, HTTP2. --[no-]request-coalescing Enables request coalescing to the backend (recommended). @@ -423,11 +424,11 @@ FLAGS INTERNAL_MANAGED or INTERNAL_SELF_MANAGED. --timeout=TIMEOUT - Applicable to all load balancing products except Internal TCP/UDP Load - Balancing and External TCP/UDP Network Load Balancing. For Internal - TCP/UDP Load Balancing (load-balancing-scheme set to INTERNAL) and - External TCP/UDP Network Load Balancing (global not set and - load-balancing-scheme set to EXTERNAL), timeout is ignored. + Applicable to all load balancing products except passthrough Network + Load Balancers. For internal passthrough Network Load Balancers + (load-balancing-scheme set to INTERNAL) and external passthrough + Network Load Balancers (global not set and load-balancing-scheme set to + EXTERNAL), timeout is ignored. If the protocol is HTTP, HTTPS, or HTTP2, timeout is a request/response timeout for HTTP(S) traffic, meaning the amount of time that the load @@ -452,11 +453,12 @@ FLAGS --tracking-mode=TRACKING_MODE Specifies the connection key used for connection tracking. The default value is PER_CONNECTION. Applicable only for backend service-based - network load balancers and internal TCP/UDP load balancers as part of a + external and internal passthrough Network Load Balancers as part of a connection tracking policy. For details, see: Connection tracking mode - for internal TCP/UDP load balancing + for internal passthrough Network Load Balancers balancing (https://cloud.google.com/load-balancing/docs/internal#tracking-mode) - and Connection tracking mode for network load balancing + and Connection tracking mode for external passthrough Network Load + Balancers (https://cloud.google.com/load-balancing/docs/network/networklb-backend-service#tracking-mode). TRACKING_MODE must be one of: PER_CONNECTION, PER_SESSION. @@ -555,7 +557,7 @@ FLAGS At most one of these can be specified: --custom-response-header=CUSTOM_RESPONSE_HEADER - Custom headers that the external HTTP(S) load balancer adds to + Custom headers that the external Application Load Balancer adds to proxied responses. For the list of headers, see Creating custom headers (https://cloud.google.com/load-balancing/docs/custom-headers). @@ -762,6 +764,18 @@ FLAGS --no-service-bindings No service bindings should be attached to the backend service. + At most one of these can be specified: + + --service-lb-policy=SERVICE_LOAD_BALANCING_POLICY + Service load balancing policy to be applied to this backend service. + Can only be set if load balancing scheme is EXTERNAL_MANAGED, + INTERNAL_MANAGED, or INTERNAL_SELF_MANAGED. Only available for global + backend services. + + --no-service-lb-policy + No service load balancing policies should be attached to the backend + service. + GCLOUD WIDE FLAGS These flags are available to all commands: --access-token-file, --account, --billing-project, --configuration, --flags-file, --flatten, --format, diff --git a/gcloud/beta/compute/disks/create b/gcloud/beta/compute/disks/create index d892046e6..b0988ff48 100644 --- a/gcloud/beta/compute/disks/create +++ b/gcloud/beta/compute/disks/create @@ -3,8 +3,9 @@ NAME SYNOPSIS gcloud beta compute disks create DISK_NAME [DISK_NAME ...] - [--architecture=ARCHITECTURE] [--csek-key-file=FILE] - [--description=DESCRIPTION] [--erase-windows-vss-signature] + [--architecture=ARCHITECTURE] [--confidential-compute] + [--csek-key-file=FILE] [--description=DESCRIPTION] + [--erase-windows-vss-signature] [--guest-os-features=[GUEST_OS_FEATURE,...]] [--interface=INTERFACE] [--labels=[KEY=VALUE,...]] [--licenses=[LICENSE,...]] [--multi-writer] [--physical-block-size=PHYSICAL_BLOCK_SIZE; default="4096"] @@ -65,6 +66,10 @@ FLAGS https://cloud.google.com/compute/docs/cpu-platforms. ARCHITECTURE must be one of: ARM64, X86_64. + --confidential-compute + Create the disk in confidential compute mode, CMEK layer is required + and only applicable to HyperDisk series. + --csek-key-file=FILE Path to a Customer-Supplied Encryption Key (CSEK) key file that maps Compute Engine resources to user managed keys to be used when creating, diff --git a/gcloud/beta/compute/firewall-policies/rules/create b/gcloud/beta/compute/firewall-policies/rules/create index 06a352381..18cc3ae80 100644 --- a/gcloud/beta/compute/firewall-policies/rules/create +++ b/gcloud/beta/compute/firewall-policies/rules/create @@ -11,13 +11,14 @@ SYNOPSIS [--dest-threat-intelligence=[DEST_THREAT_INTELLIGENCE_LISTS,...]] [--direction=DIRECTION] [--[no-]disabled] [--[no-]enable-logging] [--layer4-configs=[LAYER4_CONFIG,...]] [--organization=ORGANIZATION] + [--security-profile-group=SECURITY_PROFILE_GROUP] [--src-address-groups=[SOURCE_ADDRESS_GROUPS,...]] [--src-fqdns=[SOURCE_FQDNS,...]] [--src-ip-ranges=[SRC_IP_RANGE,...]] [--src-region-codes=[SOURCE_REGION_CODES,...]] [--src-threat-intelligence=[SOURCE_THREAT_INTELLIGENCE_LISTS,...]] [--target-resources=[TARGET_RESOURCES,...]] [--target-service-accounts=[TARGET_SERVICE_ACCOUNTS,...]] - [GCLOUD_WIDE_FLAG ...] + [--[no-]tls-inspect] [GCLOUD_WIDE_FLAG ...] DESCRIPTION (BETA) gcloud beta compute firewall-policies rules create is used to create @@ -38,7 +39,7 @@ POSITIONAL ARGUMENTS REQUIRED FLAGS --action=ACTION Action to take if the request matches the match condition. ACTION must - be one of: allow, deny, goto_next. + be one of: allow, deny, goto_next, apply_security_profile_group. --firewall-policy=FIREWALL_POLICY Short name of the firewall policy into which the rule should be @@ -90,6 +91,18 @@ OPTIONAL FLAGS Organization which the organization firewall policy belongs to. Must be set if FIREWALL_POLICY is short name. + --security-profile-group=SECURITY_PROFILE_GROUP + An org-based security profile group to be used with + apply_security_profile_group action. Allowed formats are: a) + http(s):////organizations//locations/global/securityProfileGroups/ + b) + (//)/organizations//locations/global/securityProfileGroups/ + c) . In case "c" gCloud CLI will create a reference matching + format "a", but to make it work + CLOUDSDK_API_ENDPOINT_OVERRIDES_NETWORKSECURITY property must be set. + In order to set this property, please run the command gcloud config set + api_endpoint_overrides/networksecurity https:///. + --src-address-groups=[SOURCE_ADDRESS_GROUPS,...] Source address groups to match for this rule. Can only be specified if DIRECTION is ingress. @@ -117,6 +130,12 @@ OPTIONAL FLAGS --target-service-accounts=[TARGET_SERVICE_ACCOUNTS,...] List of target service accounts for the rule. + --[no-]tls-inspect + Use this flag to indicate whether TLS traffic should be inspected using + the TLS inspection policy when the security profile group is applied. + Default: no TLS inspection. Use --tls-inspect to enable and + --no-tls-inspect to disable. + GCLOUD WIDE FLAGS These flags are available to all commands: --access-token-file, --account, --billing-project, --configuration, --flags-file, --flatten, --format, diff --git a/gcloud/beta/compute/firewall-policies/rules/update b/gcloud/beta/compute/firewall-policies/rules/update index 6e70cc309..ccd04f68d 100644 --- a/gcloud/beta/compute/firewall-policies/rules/update +++ b/gcloud/beta/compute/firewall-policies/rules/update @@ -13,13 +13,14 @@ SYNOPSIS [--direction=DIRECTION] [--[no-]disabled] [--[no-]enable-logging] [--layer4-configs=[LAYER4_CONFIG,...]] [--new-priority=NEW_PRIORITY] [--organization=ORGANIZATION] + [--security-profile-group=SECURITY_PROFILE_GROUP] [--src-address-groups=[SOURCE_ADDRESS_GROUPS,...]] [--src-fqdns=[SOURCE_FQDNS,...]] [--src-ip-ranges=[SRC_IP_RANGE,...]] [--src-region-codes=[SOURCE_REGION_CODES,...]] [--src-threat-intelligence=[SOURCE_THREAT_INTELLIGENCE_LISTS,...]] [--target-resources=[TARGET_RESOURCES,...]] [--target-service-accounts=[TARGET_SERVICE_ACCOUNTS,...]] - [GCLOUD_WIDE_FLAG ...] + [--[no-]tls-inspect] [GCLOUD_WIDE_FLAG ...] DESCRIPTION (BETA) gcloud beta compute firewall-policies rules update is used to update @@ -46,7 +47,7 @@ REQUIRED FLAGS OPTIONAL FLAGS --action=ACTION Action to take if the request matches the match condition. ACTION must - be one of: allow, deny, goto_next. + be one of: allow, deny, goto_next, apply_security_profile_group. --description=DESCRIPTION An optional, textual description for the rule. @@ -96,6 +97,18 @@ OPTIONAL FLAGS Organization which the organization firewall policy belongs to. Must be set if FIREWALL_POLICY is short name. + --security-profile-group=SECURITY_PROFILE_GROUP + An org-based security profile group to be used with + apply_security_profile_group action. Allowed formats are: a) + http(s):////organizations//locations/global/securityProfileGroups/ + b) + (//)/organizations//locations/global/securityProfileGroups/ + c) . In case "c" gCloud CLI will create a reference matching + format "a", but to make it work + CLOUDSDK_API_ENDPOINT_OVERRIDES_NETWORKSECURITY property must be set. + In order to set this property, please run the command gcloud config set + api_endpoint_overrides/networksecurity https:///. + --src-address-groups=[SOURCE_ADDRESS_GROUPS,...] Source address groups to match for this rule. Can only be specified if DIRECTION is ingress. @@ -123,6 +136,12 @@ OPTIONAL FLAGS --target-service-accounts=[TARGET_SERVICE_ACCOUNTS,...] List of target service accounts for the rule. + --[no-]tls-inspect + Use this flag to indicate whether TLS traffic should be inspected using + the TLS inspection policy when the security profile group is applied. + Default: no TLS inspection. Use --tls-inspect to enable and + --no-tls-inspect to disable. + GCLOUD WIDE FLAGS These flags are available to all commands: --access-token-file, --account, --billing-project, --configuration, --flags-file, --flatten, --format, diff --git a/gcloud/beta/compute/forwarding-rules/create b/gcloud/beta/compute/forwarding-rules/create index dcf57b6bd..b0013b427 100644 --- a/gcloud/beta/compute/forwarding-rules/create +++ b/gcloud/beta/compute/forwarding-rules/create @@ -241,22 +241,25 @@ OPTIONAL FLAGS forwarding rules. LOAD_BALANCING_SCHEME must be one of: EXTERNAL - External load balancing or forwarding, used with one of - --target-http-proxy, --target-https-proxy, --target-tcp-proxy, - --target-ssl-proxy, --target-pool, --target-vpn-gateway, - --target-instance. + Classic Application Load Balancers, global external proxy Network + Load Balancers, external passthrough Network Load Balancers or + protocol forwarding, used with one of --target-http-proxy, + --target-https-proxy, --target-tcp-proxy, --target-ssl-proxy, + --target-pool, --target-vpn-gateway, --target-instance. EXTERNAL_MANAGED - Envoy based External HTTP(S) Load Balancing, used with - --target-http-proxy, --target-https-proxy. + Global and regional external Application Load Balancers, and + regional external proxy Network Load Balancers, used with + --target-http-proxy, --target-https-proxy, --target-tcp-proxy. INTERNAL - Internal load balancing or forwarding, used with --backend-service. + Internal passthrough Network Load Balancers or protocol forwarding, + used with --backend-service. INTERNAL_MANAGED - Internal load balancing, used with --target-http-proxy, - --target-https-proxy, --target-tcp-proxy. - INTERNAL_SELF_MANAGED - Traffic Director load balancing or forwarding, used with - --target-http-proxy, --target-https-proxy, --target-grpc-proxy, + Internal Application Load Balancers and internal proxy Network Load + Balancers, used with --target-http-proxy, --target-https-proxy, --target-tcp-proxy. + INTERNAL_SELF_MANAGED + Traffic Director, used with --target-http-proxy, + --target-https-proxy, --target-grpc-proxy, --target-tcp-proxy. --network=NETWORK (Only for --load-balancing-scheme=INTERNAL or diff --git a/gcloud/beta/compute/forwarding-rules/set-target b/gcloud/beta/compute/forwarding-rules/set-target index a5b81b4c2..62341fa7e 100644 --- a/gcloud/beta/compute/forwarding-rules/set-target +++ b/gcloud/beta/compute/forwarding-rules/set-target @@ -138,22 +138,25 @@ OPTIONAL FLAGS of: EXTERNAL - External load balancing or forwarding, used with one of - --target-http-proxy, --target-https-proxy, --target-tcp-proxy, - --target-ssl-proxy, --target-pool, --target-vpn-gateway, - --target-instance. + Classic Application Load Balancers, global external proxy Network + Load Balancers, external passthrough Network Load Balancers or + protocol forwarding, used with one of --target-http-proxy, + --target-https-proxy, --target-tcp-proxy, --target-ssl-proxy, + --target-pool, --target-vpn-gateway, --target-instance. EXTERNAL_MANAGED - Envoy based External HTTP(S) Load Balancing, used with - --target-http-proxy, --target-https-proxy. + Global and regional external Application Load Balancers, and + regional external proxy Network Load Balancers, used with + --target-http-proxy, --target-https-proxy, --target-tcp-proxy. INTERNAL - Internal load balancing or forwarding, used with --backend-service. + Internal passthrough Network Load Balancers or protocol forwarding, + used with --backend-service. INTERNAL_MANAGED - Internal load balancing, used with --target-http-proxy, - --target-https-proxy, --target-tcp-proxy. - INTERNAL_SELF_MANAGED - Traffic Director load balancing or forwarding, used with - --target-http-proxy, --target-https-proxy, --target-grpc-proxy, + Internal Application Load Balancers and internal proxy Network Load + Balancers, used with --target-http-proxy, --target-https-proxy, --target-tcp-proxy. + INTERNAL_SELF_MANAGED + Traffic Director, used with --target-http-proxy, + --target-https-proxy, --target-grpc-proxy, --target-tcp-proxy. --network=NETWORK (DEPRECATED) Only for --load-balancing-scheme=INTERNAL or diff --git a/gcloud/beta/compute/http-health-checks/create b/gcloud/beta/compute/http-health-checks/create index 4d032559c..142091ad5 100644 --- a/gcloud/beta/compute/http-health-checks/create +++ b/gcloud/beta/compute/http-health-checks/create @@ -14,11 +14,11 @@ SYNOPSIS DESCRIPTION (BETA) Legacy HTTP health checks are required if you want to implement - health checking of a target pool for a Network TCP/UDP Load Balancer. - Though you can use legacy HTTP health checks in certain other Google Cloud - Platform load balancing configurations and for managed instance group - autohealing, you should consider a non-legacy HTTP health check created - with health-checks create http instead. + health checking for a target pool backend of an external passthrough + Network Load Balancer. Though you can use legacy HTTP health checks in + certain other Google Cloud Platform load balancing configurations and for + managed instance group autohealing, you should consider a non-legacy HTTP + health check created with health-checks create http instead. For more information about the differences between legacy and non-legacy health checks see: diff --git a/gcloud/beta/compute/instance-groups/get-named-ports b/gcloud/beta/compute/instance-groups/get-named-ports index 19685c998..da76426d8 100644 --- a/gcloud/beta/compute/instance-groups/get-named-ports +++ b/gcloud/beta/compute/instance-groups/get-named-ports @@ -12,8 +12,8 @@ DESCRIPTION (BETA) Named ports are key:value pairs metadata representing the service name and the port that it's running on. Named ports can be assigned to an instance group, which indicates that the service is available on all - instances in the group. This information is used by the HTTP Load Balancing - service. + instances in the group. This information is used by Application Load + Balancers and proxy Network Load Balancers. gcloud beta compute instance-groups get-named-ports lists the named ports (name and port tuples) for an instance group. diff --git a/gcloud/beta/compute/instance-groups/managed/get-named-ports b/gcloud/beta/compute/instance-groups/managed/get-named-ports index 286884d92..be0c78815 100644 --- a/gcloud/beta/compute/instance-groups/managed/get-named-ports +++ b/gcloud/beta/compute/instance-groups/managed/get-named-ports @@ -12,8 +12,8 @@ DESCRIPTION (BETA) Named ports are key:value pairs metadata representing the service name and the port that it's running on. Named ports can be assigned to an instance group, which indicates that the service is available on all - instances in the group. This information is used by the HTTP Load Balancing - service. + instances in the group. This information is used by Application Load + Balancers and proxy Network Load Balancers. gcloud beta compute instance-groups managed get-named-ports lists the named ports (name and port tuples) for an instance group. diff --git a/gcloud/beta/compute/instance-groups/managed/set-named-ports b/gcloud/beta/compute/instance-groups/managed/set-named-ports index e9e0a22be..e1c81ec01 100644 --- a/gcloud/beta/compute/instance-groups/managed/set-named-ports +++ b/gcloud/beta/compute/instance-groups/managed/set-named-ports @@ -11,8 +11,8 @@ DESCRIPTION (BETA) Named ports are key:value pairs metadata representing the service name and the port that it's running on. Named ports can be assigned to an instance group, which indicates that the service is available on all - instances in the group. This information is used by the HTTP Load Balancing - service. + instances in the group. This information is used by Application Load + Balancers and proxy Network Load Balancers. gcloud beta compute instance-groups managed set-named-ports sets the list of named ports for all instances in an instance group. diff --git a/gcloud/beta/compute/instance-groups/set-named-ports b/gcloud/beta/compute/instance-groups/set-named-ports index 20076f5e2..970a804d8 100644 --- a/gcloud/beta/compute/instance-groups/set-named-ports +++ b/gcloud/beta/compute/instance-groups/set-named-ports @@ -11,8 +11,8 @@ DESCRIPTION (BETA) Named ports are key:value pairs metadata representing the service name and the port that it's running on. Named ports can be assigned to an instance group, which indicates that the service is available on all - instances in the group. This information is used by the HTTP Load Balancing - service. + instances in the group. This information is used by Application Load + Balancers and proxy Network Load Balancers. gcloud beta compute instance-groups set-named-ports sets the list of named ports for all instances in an instance group. diff --git a/gcloud/beta/compute/instance-groups/unmanaged/get-named-ports b/gcloud/beta/compute/instance-groups/unmanaged/get-named-ports index ebec7dfed..700cf84c3 100644 --- a/gcloud/beta/compute/instance-groups/unmanaged/get-named-ports +++ b/gcloud/beta/compute/instance-groups/unmanaged/get-named-ports @@ -12,8 +12,8 @@ DESCRIPTION (BETA) Named ports are key:value pairs metadata representing the service name and the port that it's running on. Named ports can be assigned to an instance group, which indicates that the service is available on all - instances in the group. This information is used by the HTTP Load Balancing - service. + instances in the group. This information is used by Application Load + Balancers and proxy Network Load Balancers. gcloud beta compute instance-groups unmanaged get-named-ports lists the named ports (name and port tuples) for an instance group. diff --git a/gcloud/beta/compute/instance-groups/unmanaged/set-named-ports b/gcloud/beta/compute/instance-groups/unmanaged/set-named-ports index 0b9d25d0f..b748d090c 100644 --- a/gcloud/beta/compute/instance-groups/unmanaged/set-named-ports +++ b/gcloud/beta/compute/instance-groups/unmanaged/set-named-ports @@ -10,8 +10,8 @@ DESCRIPTION (BETA) Named ports are key:value pairs metadata representing the service name and the port that it's running on. Named ports can be assigned to an instance group, which indicates that the service is available on all - instances in the group. This information is used by the HTTP Load Balancing - service. + instances in the group. This information is used by Application Load + Balancers and proxy Network Load Balancers. gcloud beta compute instance-groups unmanaged set-named-ports sets the list of named ports for all instances in an instance group. diff --git a/gcloud/beta/compute/instances/create b/gcloud/beta/compute/instances/create index 0a5e27de1..ecf71b9e7 100644 --- a/gcloud/beta/compute/instances/create +++ b/gcloud/beta/compute/instances/create @@ -350,6 +350,10 @@ FLAGS among other restrictions. For more information, see https://cloud.google.com/compute/docs/disks/sharing-disks-between-vms. + confidential-compute + If yes, the disk is created in confidential mode. The default value + is no. + replica-zones Required for each regional disk associated with the instance. Specify the URLs of the zones where the disk should be replicated diff --git a/gcloud/beta/compute/network-firewall-policies/rules/create b/gcloud/beta/compute/network-firewall-policies/rules/create index edf30da9c..d3f06d174 100644 --- a/gcloud/beta/compute/network-firewall-policies/rules/create +++ b/gcloud/beta/compute/network-firewall-policies/rules/create @@ -12,6 +12,7 @@ SYNOPSIS [--dest-threat-intelligence=[DEST_THREAT_INTELLIGENCE_LISTS,...]] [--direction=DIRECTION] [--[no-]disabled] [--[no-]enable-logging] [--layer4-configs=[LAYER4_CONFIG,...]] + [--security-profile-group=SECURITY_PROFILE_GROUP] [--src-address-groups=[SOURCE_ADDRESS_GROUPS,...]] [--src-fqdns=[SOURCE_FQDNS,...]] [--src-ip-ranges=[SRC_IP_RANGE,...]] [--src-region-codes=[SOURCE_REGION_CODES,...]] @@ -19,6 +20,7 @@ SYNOPSIS [--src-threat-intelligence=[SOURCE_THREAT_INTELLIGENCE_LISTS,...]] [--target-secure-tags=[TARGET_SECURE_TAGS,...]] [--target-service-accounts=[TARGET_SERVICE_ACCOUNTS,...]] + [--[no-]tls-inspect] [--firewall-policy-region=FIREWALL_POLICY_REGION | --global-firewall-policy] [GCLOUD_WIDE_FLAG ...] @@ -49,7 +51,7 @@ POSITIONAL ARGUMENTS REQUIRED FLAGS --action=ACTION Action to take if the request matches the match condition. ACTION must - be one of: allow, deny, goto_next. + be one of: allow, deny, goto_next, apply_security_profile_group. --firewall-policy=FIREWALL_POLICY Firewall policy ID with which to create rule. @@ -96,6 +98,10 @@ OPTIONAL FLAGS A list of destination protocols and ports to which the firewall rule will apply. + --security-profile-group=SECURITY_PROFILE_GROUP + A security profile group to be used with apply_security_profile_group + action. + --src-address-groups=[SOURCE_ADDRESS_GROUPS,...] Source address groups to match for this rule. Can only be specified if DIRECTION is ingress. @@ -143,6 +149,12 @@ OPTIONAL FLAGS --target-service-accounts=[TARGET_SERVICE_ACCOUNTS,...] List of target service accounts for the rule. + --[no-]tls-inspect + Use this flag to indicate whether TLS traffic should be inspected using + the TLS inspection policy when the security profile group is applied. + Default: no TLS inspection. Use --tls-inspect to enable and + --no-tls-inspect to disable. + At most one of these can be specified: --firewall-policy-region=FIREWALL_POLICY_REGION diff --git a/gcloud/beta/compute/network-firewall-policies/rules/update b/gcloud/beta/compute/network-firewall-policies/rules/update index 1cf697b68..0c9bd5178 100644 --- a/gcloud/beta/compute/network-firewall-policies/rules/update +++ b/gcloud/beta/compute/network-firewall-policies/rules/update @@ -12,6 +12,7 @@ SYNOPSIS [--dest-threat-intelligence=[DEST_THREAT_INTELLIGENCE_LISTS,...]] [--direction=DIRECTION] [--[no-]disabled] [--[no-]enable-logging] [--layer4-configs=[LAYER4_CONFIG,...]] [--new-priority=NEW_PRIORITY] + [--security-profile-group=SECURITY_PROFILE_GROUP] [--src-address-groups=[SOURCE_ADDRESS_GROUPS,...]] [--src-fqdns=[SOURCE_FQDNS,...]] [--src-ip-ranges=[SRC_IP_RANGE,...]] [--src-region-codes=[SOURCE_REGION_CODES,...]] @@ -19,6 +20,7 @@ SYNOPSIS [--src-threat-intelligence=[SOURCE_THREAT_INTELLIGENCE_LISTS,...]] [--target-secure-tags=[TARGET_SECURE_TAGS,...]] [--target-service-accounts=[TARGET_SERVICE_ACCOUNTS,...]] + [--[no-]tls-inspect] [--firewall-policy-region=FIREWALL_POLICY_REGION | --global-firewall-policy] [GCLOUD_WIDE_FLAG ...] @@ -46,7 +48,7 @@ REQUIRED FLAGS OPTIONAL FLAGS --action=ACTION Action to take if the request matches the match condition. ACTION must - be one of: allow, deny, goto_next. + be one of: allow, deny, goto_next, apply_security_profile_group. --description=DESCRIPTION An optional, textual description for the rule. @@ -92,6 +94,10 @@ OPTIONAL FLAGS --new-priority=NEW_PRIORITY New priority for the rule to update. Valid in [0, 65535]. + --security-profile-group=SECURITY_PROFILE_GROUP + A security profile group to be used with apply_security_profile_group + action. + --src-address-groups=[SOURCE_ADDRESS_GROUPS,...] Source address groups to match for this rule. Can only be specified if DIRECTION is ingress. @@ -139,6 +145,12 @@ OPTIONAL FLAGS --target-service-accounts=[TARGET_SERVICE_ACCOUNTS,...] List of target service accounts for the rule. + --[no-]tls-inspect + Use this flag to indicate whether TLS traffic should be inspected using + the TLS inspection policy when the security profile group is applied. + Default: no TLS inspection. Use --tls-inspect to enable and + --no-tls-inspect to disable. + At most one of these can be specified: --firewall-policy-region=FIREWALL_POLICY_REGION diff --git a/gcloud/beta/compute/networks/subnets/create b/gcloud/beta/compute/networks/subnets/create index 97e5d4e70..768bd00ea 100644 --- a/gcloud/beta/compute/networks/subnets/create +++ b/gcloud/beta/compute/networks/subnets/create @@ -105,6 +105,8 @@ OPTIONAL FLAGS Reserved for Internal HTTP(S) Load Balancing. PRIVATE Regular user created or automatically created subnet. + PRIVATE_NAT + Reserved for use as source range for Private NAT. PRIVATE_SERVICE_CONNECT Reserved for Private Service Connect Internal Load Balancing. REGIONAL_MANAGED_PROXY diff --git a/gcloud/beta/compute/resource-policies/update/help b/gcloud/beta/compute/resource-policies/update/help index 551c9e103..9f5ba09b4 100644 --- a/gcloud/beta/compute/resource-policies/update/help +++ b/gcloud/beta/compute/resource-policies/update/help @@ -20,8 +20,10 @@ COMMANDS (BETA) Update a Compute Engine Snapshot Schedule Resource Policy. NOTES - This command is currently in beta and might change without notice. This - variant is also available: + This command is currently in beta and might change without notice. These + variants are also available: + + $ gcloud compute resource-policies update $ gcloud alpha compute resource-policies update diff --git a/gcloud/beta/compute/resource-policies/update/snapshot-schedule b/gcloud/beta/compute/resource-policies/update/snapshot-schedule index 875be461f..b23ff315f 100644 --- a/gcloud/beta/compute/resource-policies/update/snapshot-schedule +++ b/gcloud/beta/compute/resource-policies/update/snapshot-schedule @@ -4,7 +4,8 @@ NAME SYNOPSIS gcloud beta compute resource-policies update snapshot-schedule NAME - [--description=DESCRIPTION] [--region=REGION] + [--description=DESCRIPTION] [--max-retention-days=MAX_RETENTION_DAYS] + [--on-source-disk-delete=ON_SOURCE_DISK_DELETE] [--region=REGION] [--snapshot-labels=[KEY=VALUE,...]] [--weekly-schedule-from-file=WEEKLY_CYCLE_FROM_FILE | --start-time=START_TIME (--daily-schedule | --hourly-schedule=HOURS @@ -15,7 +16,7 @@ DESCRIPTION EXAMPLES The following command updates a Compute Engine Snapshot Schedule Resource - Policy to take a daily snapshot taken at 13:00 UTC + Policy to take a daily snapshot at 13:00 UTC $ gcloud beta compute resource-policies update snapshot-schedule \ my-resource-policy --region=REGION --start-time=13:00 \ @@ -29,6 +30,20 @@ FLAGS --description=DESCRIPTION An optional, textual description for the backend. + --max-retention-days=MAX_RETENTION_DAYS + Maximum number of days snapshot can be retained. + + --on-source-disk-delete=ON_SOURCE_DISK_DELETE + Retention behavior of automatic snapshots in the event of source disk + deletion. ON_SOURCE_DISK_DELETE must be one of: + + apply-retention-policy + Continue to apply the retention window to automatically-created + snapshots when the source disk is deleted. + keep-auto-snapshots + Keep automatically-created snapshots when the source disk is + deleted. This is the default behavior. + --region=REGION Region of the resource policy to operate on. If not specified, you might be prompted to select a region (interactive mode only). @@ -107,8 +122,10 @@ GCLOUD WIDE FLAGS Run $ gcloud help for details. NOTES - This command is currently in beta and might change without notice. This - variant is also available: + This command is currently in beta and might change without notice. These + variants are also available: + + $ gcloud compute resource-policies update snapshot-schedule $ gcloud alpha compute resource-policies update snapshot-schedule diff --git a/gcloud/beta/compute/routers/nats/create b/gcloud/beta/compute/routers/nats/create index 402a98a88..6c5bc3f95 100644 --- a/gcloud/beta/compute/routers/nats/create +++ b/gcloud/beta/compute/routers/nats/create @@ -4,10 +4,8 @@ NAME SYNOPSIS gcloud beta compute routers nats create NAME --router=ROUTER - (--auto-allocate-nat-external-ips - | --nat-external-ip-pool=IP_ADDRESS,[IP_ADDRESS,...]) (--nat-all-subnet-ip-ranges - | --nat-custom-subnet-ip-ranges=SUBNETWORK[:RANGE_NAME],[...] + | --nat-custom-subnet-ip-ranges=SUBNETWORK[:RANGE_NAME|:ALL],[...] | --nat-primary-subnet-ip-ranges) [--async] [--auto-network-tier=AUTO_NETWORK_TIER] [--[no-]enable-dynamic-port-allocation] @@ -19,7 +17,10 @@ SYNOPSIS [--tcp-established-idle-timeout=TCP_ESTABLISHED_IDLE_TIMEOUT] [--tcp-time-wait-timeout=TCP_TIME_WAIT_TIMEOUT] [--tcp-transitory-idle-timeout=TCP_TRANSITORY_IDLE_TIMEOUT] - [--udp-idle-timeout=UDP_IDLE_TIMEOUT] [GCLOUD_WIDE_FLAG ...] + [--type=TYPE] [--udp-idle-timeout=UDP_IDLE_TIMEOUT] + [--auto-allocate-nat-external-ips + | --nat-external-ip-pool=IP_ADDRESS,[IP_ADDRESS,...]] + [GCLOUD_WIDE_FLAG ...] DESCRIPTION (BETA) gcloud beta compute routers nats create is used to create a NAT on a @@ -56,24 +57,18 @@ REQUIRED FLAGS --router=ROUTER The Router to use for NAT. - Exactly one of these must be specified: - - --auto-allocate-nat-external-ips - Automatically allocate external IP addresses for Cloud NAT - - --nat-external-ip-pool=IP_ADDRESS,[IP_ADDRESS,...] - External IP Addresses to use for Cloud NAT - Exactly one of these must be specified: --nat-all-subnet-ip-ranges Allow all IP ranges of all subnetworks in the region, including primary and secondary ranges, to use NAT. - --nat-custom-subnet-ip-ranges=SUBNETWORK[:RANGE_NAME],[...] + --nat-custom-subnet-ip-ranges=SUBNETWORK[:RANGE_NAME|:ALL],[...] List of subnetwork primary and secondary IP ranges to be allowed to use NAT. + ▸ SUBNETWORK:ALL - specifying a subnetwork name with ALL includes + the primary range and all secondary ranges of the subnet. ▸ SUBNETWORK - including a subnetwork name includes only the primary subnet range of the subnetwork. ▸ SUBNETWORK:RANGE_NAME - specifying a subnetwork and secondary @@ -219,11 +214,30 @@ OPTIONAL FLAGS https://cloud.google.com/sdk/gcloud/reference/topic/datetimes for information on duration formats. + --type=TYPE + Type of the NAT Gateway. Defaults to PUBLIC if not specified. TYPE must + be one of: + + PRIVATE + Used for private-to-private NAT translations. Allows communication + between VPC Networks. + PUBLIC + Used for private-to-public NAT translations. Allows VMs to + communicate with the Internet. + --udp-idle-timeout=UDP_IDLE_TIMEOUT Timeout for UDP connections. See https://cloud.google.com/sdk/gcloud/reference/topic/datetimes for information on duration formats. + At most one of these can be specified: + + --auto-allocate-nat-external-ips + Automatically allocate external IP addresses for Cloud NAT + + --nat-external-ip-pool=IP_ADDRESS,[IP_ADDRESS,...] + External IP Addresses to use for Cloud NAT + GCLOUD WIDE FLAGS These flags are available to all commands: --access-token-file, --account, --billing-project, --configuration, --flags-file, --flatten, --format, diff --git a/gcloud/beta/compute/routers/nats/rules/create b/gcloud/beta/compute/routers/nats/rules/create index 01aadb9fb..b7ce71814 100644 --- a/gcloud/beta/compute/routers/nats/rules/create +++ b/gcloud/beta/compute/routers/nats/rules/create @@ -4,9 +4,10 @@ NAME SYNOPSIS gcloud beta compute routers nats rules create RULE_NUMBER --match=MATCH - --nat=NAT --router=ROUTER - --source-nat-active-ips=IP_ADDRESS,[IP_ADDRESS,...] [--async] - [--region=REGION] [GCLOUD_WIDE_FLAG ...] + --nat=NAT --router=ROUTER [--async] [--region=REGION] + [--source-nat-active-ips=IP_ADDRESS,[IP_ADDRESS,...]] + [--source-nat-active-ranges=SUBNETWORK,[SUBNETWORK,...]] + [GCLOUD_WIDE_FLAG ...] DESCRIPTION (BETA) gcloud beta compute routers nats rules create is used to create a @@ -28,27 +29,29 @@ POSITIONAL ARGUMENTS REQUIRED FLAGS --match=MATCH CEL Expression used to identify traffic to which this rule applies. - ◆ Supported attributes: destination.ip - ◆ Supported operators: ||, == - ◆ Supported methods: inIpRange - Examples of allowed Match expressions: + ◆ Supported attributes (Public NAT): destination.ip + ◆ Supported attributes (Private NAT): nexthop.hub + ◆ Supported methods (Public Nat): inIpRange + ◆ Supported operators (Public NAT): ||, == + ◆ Supported operators (Private NAT): == + + Examples of allowed Match expressions (Public NAT): ◆ 'inIpRange(destination.ip, "203.0.113.0/24")'' ◆ 'destination.ip == "203.0.113.7"' ◆ 'destination.ip == "203.0.113.7" || inIpRange(destination.ip, "203.0.113.16/25")' + Example of allowed Match expression (Private NAT): + ◆ nexthop.hub == + "//networkconnectivity.googleapis.com/projects/p1/locations/global/hubs/h1" + --nat=NAT Name of the NAT that contains the Rule --router=ROUTER The Router to use for NAT. - --source-nat-active-ips=IP_ADDRESS,[IP_ADDRESS,...] - External IP Addresses to use for connections matching this rule. - - These must be valid reserved external IPs in the same region. - OPTIONAL FLAGS --async Return immediately, without waiting for the operation in progress to @@ -74,6 +77,19 @@ OPTIONAL FLAGS Alternatively, the region can be stored in the environment variable CLOUDSDK_COMPUTE_REGION. + --source-nat-active-ips=IP_ADDRESS,[IP_ADDRESS,...] + External IP Addresses to use for connections matching this rule. + + These must be valid reserved external IPs in the same region. + + --source-nat-active-ranges=SUBNETWORK,[SUBNETWORK,...] + Subnetworks from which addresses are used for connections matching this + rule. This is only supported for Private NAT, and is required when + creating a Private NAT gateway. + + These must be Subnetwork resources in the same region, with purpose set + to PRIVATE_NAT. + GCLOUD WIDE FLAGS These flags are available to all commands: --access-token-file, --account, --billing-project, --configuration, --flags-file, --flatten, --format, diff --git a/gcloud/beta/compute/routers/nats/rules/update b/gcloud/beta/compute/routers/nats/rules/update index 0df691d9a..4af796e9e 100644 --- a/gcloud/beta/compute/routers/nats/rules/update +++ b/gcloud/beta/compute/routers/nats/rules/update @@ -6,8 +6,11 @@ SYNOPSIS gcloud beta compute routers nats rules update RULE_NUMBER --nat=NAT --router=ROUTER [--async] [--match=MATCH] [--region=REGION] [--source-nat-active-ips=IP_ADDRESS,[IP_ADDRESS,...]] + [--source-nat-active-ranges=SUBNETWORK,[SUBNETWORK,...]] [--clear-source-nat-drain-ips | --source-nat-drain-ips=IP_ADDRESS,[IP_ADDRESS,...]] + [--clear-source-nat-drain-ranges + | --source-nat-drain-ranges=SUBNETWORK,[SUBNETWORK,...]] [GCLOUD_WIDE_FLAG ...] DESCRIPTION @@ -41,16 +44,23 @@ OPTIONAL FLAGS --match=MATCH CEL Expression used to identify traffic to which this rule applies. - ◆ Supported attributes: destination.ip - ◆ Supported operators: ||, == - ◆ Supported methods: inIpRange - Examples of allowed Match expressions: + ◆ Supported attributes (Public NAT): destination.ip + ◆ Supported attributes (Private NAT): nexthop.hub + ◆ Supported methods (Public Nat): inIpRange + ◆ Supported operators (Public NAT): ||, == + ◆ Supported operators (Private NAT): == + + Examples of allowed Match expressions (Public NAT): ◆ 'inIpRange(destination.ip, "203.0.113.0/24")'' ◆ 'destination.ip == "203.0.113.7"' ◆ 'destination.ip == "203.0.113.7" || inIpRange(destination.ip, "203.0.113.16/25")' + Example of allowed Match expression (Private NAT): + ◆ nexthop.hub == + "//networkconnectivity.googleapis.com/projects/p1/locations/global/hubs/h1" + --region=REGION Region of the NAT containing the Rule to update. If not specified, you might be prompted to select a region (interactive mode only). @@ -76,6 +86,14 @@ OPTIONAL FLAGS These must be valid reserved external IPs in the same region. + --source-nat-active-ranges=SUBNETWORK,[SUBNETWORK,...] + Subnetworks from which addresses are used for connections matching this + rule. This is only supported for Private NAT, and is required when + creating a Private NAT gateway. + + These must be Subnetwork resources in the same region, with purpose set + to PRIVATE_NAT. + At most one of these can be specified: --clear-source-nat-drain-ips @@ -87,6 +105,17 @@ OPTIONAL FLAGS These must be external IPs previously used as active IPs on this rule. No new connections will be established using these IPs. + At most one of these can be specified: + + --clear-source-nat-drain-ranges + Clear drained ranges from the Rule + + --source-nat-drain-ranges=SUBNETWORK,[SUBNETWORK,...] + Subnetwork ranges to drain connections on. + + These must be subnetworks previously used as active ranges on this + rule. No new connections will be established using these ranges. + GCLOUD WIDE FLAGS These flags are available to all commands: --access-token-file, --account, --billing-project, --configuration, --flags-file, --flatten, --format, diff --git a/gcloud/beta/compute/routers/nats/update b/gcloud/beta/compute/routers/nats/update index 4bf689919..c9c8d25e3 100644 --- a/gcloud/beta/compute/routers/nats/update +++ b/gcloud/beta/compute/routers/nats/update @@ -23,7 +23,7 @@ SYNOPSIS | --tcp-transitory-idle-timeout=TCP_TRANSITORY_IDLE_TIMEOUT] [--clear-udp-idle-timeout | --udp-idle-timeout=UDP_IDLE_TIMEOUT] [--nat-all-subnet-ip-ranges - | --nat-custom-subnet-ip-ranges=SUBNETWORK[:RANGE_NAME],[...] + | --nat-custom-subnet-ip-ranges=SUBNETWORK[:RANGE_NAME|:ALL],[...] | --nat-primary-subnet-ip-ranges] [GCLOUD_WIDE_FLAG ...] DESCRIPTION @@ -252,10 +252,12 @@ OPTIONAL FLAGS Allow all IP ranges of all subnetworks in the region, including primary and secondary ranges, to use NAT. - --nat-custom-subnet-ip-ranges=SUBNETWORK[:RANGE_NAME],[...] + --nat-custom-subnet-ip-ranges=SUBNETWORK[:RANGE_NAME|:ALL],[...] List of subnetwork primary and secondary IP ranges to be allowed to use NAT. + ▸ SUBNETWORK:ALL - specifying a subnetwork name with ALL includes + the primary range and all secondary ranges of the subnet. ▸ SUBNETWORK - including a subnetwork name includes only the primary subnet range of the subnetwork. ▸ SUBNETWORK:RANGE_NAME - specifying a subnetwork and secondary diff --git a/gcloud/beta/compute/ssl-certificates/help b/gcloud/beta/compute/ssl-certificates/help index 4c446d58b..312925b14 100644 --- a/gcloud/beta/compute/ssl-certificates/help +++ b/gcloud/beta/compute/ssl-certificates/help @@ -7,8 +7,8 @@ SYNOPSIS DESCRIPTION (BETA) Read and manipulate SSL certificates that encrypt traffic between - clients and a load balancer. The relevant load balancer types are SSL - Proxy, external HTTPS, and internal HTTPS. + clients and a load balancer. The relevant load balancer types are + Application Load Balancers and proxy Network Load Balancers. For more information about SSL certificates, see the SSL certificates documentation diff --git a/gcloud/beta/container/backup-restore/restore-plans/create b/gcloud/beta/container/backup-restore/restore-plans/create index d0bc63c30..e205266a5 100644 --- a/gcloud/beta/container/backup-restore/restore-plans/create +++ b/gcloud/beta/container/backup-restore/restore-plans/create @@ -6,20 +6,22 @@ SYNOPSIS gcloud beta container backup-restore restore-plans create (RESTORE_PLAN : --location=LOCATION) --backup-plan=BACKUP_PLAN --cluster=CLUSTER - --namespaced-resource-restore-mode=NAMESPACED_RESOURCE_RESTORE_MODE (--all-namespaces | --excluded-namespaces=[EXCLUDED_NAMESPACES,...] | --no-namespaces | --selected-applications=SELECTED_APPLICATIONS | --selected-namespaces=[SELECTED_NAMESPACES,...]) [--async] [--cluster-resource-conflict-policy=CLUSTER_RESOURCE_CONFLICT_POLICY] [--description=DESCRIPTION] [--labels=[KEY=VALUE,...]] - [--substitution-rules-file=SUBSTITUTION_RULES_FILE] + [--namespaced-resource-restore-mode=NAMESPACED_RESOURCE_RESTORE_MODE] [--volume-data-restore-policy=VOLUME_DATA_RESTORE_POLICY; default="no-volume-data-restoration"] [--cluster-resource-scope-all-group-kinds | --cluster-resource-scope-excluded-group-kinds=[CLUSTER_RESOURCE_SCOPE_EXCLUDED_GROUP_KINDS, ...] | --cluster-resource-scope-no-group-kinds | --cluster-resource-scope-selected-group-kinds=[CLUSTER_RESOURCE_SCOPE_SELECTED_GROUP_KINDS, - ...]] [GCLOUD_WIDE_FLAG ...] + ...]] + [--substitution-rules-file=SUBSTITUTION_RULES_FILE + | --transformation-rules-file=TRANSFORMATION_RULES_FILE] + [GCLOUD_WIDE_FLAG ...] DESCRIPTION (BETA) Create a Backup for GKE restore plan. @@ -92,28 +94,6 @@ REQUIRED FLAGS regional cluster or projects//zones//clusters/ for a zonal cluster. - --namespaced-resource-restore-mode=NAMESPACED_RESOURCE_RESTORE_MODE - Define how to handle restore-time conflicts for namespaced resources. - NAMESPACED_RESOURCE_RESTORE_MODE must be one of: - - delete-and-restore - When conflicting top-level resources (either Namespaces or - ProtectedApplications, depending upon the scope) are encountered, - this will first trigger a delete of the conflicting resource AND - ALL OF ITS REFERENCED RESOURCES (e.g., all resources in the - Namespace or all resources referenced by the ProtectedApplication) - before restoring the resources from the Backup. This mode should - only be used when you are intending to revert some portion of a - cluster to an earlier state. - - fail-on-conflict - If conflicting top-level resources (either Namespaces or - ProtectedApplications, depending upon the scope) are encountered at - the beginning of a restore process, the Restore will fail. If a - conflict occurs during the restore process itself (e.g., because an - out of band process creates conflicting resources), a conflict will - be reported. - The scope of namespaced resources to restore. Exactly one of these must be specified: @@ -171,10 +151,27 @@ OPTIONAL FLAGS contain only hyphens (-), underscores (_), lowercase characters, and numbers. - --substitution-rules-file=SUBSTITUTION_RULES_FILE - If provided, defines a set of resource transformations that will be - applied to resources from the source backup before they are created in - the target cluster. + --namespaced-resource-restore-mode=NAMESPACED_RESOURCE_RESTORE_MODE + Define how to handle restore-time conflicts for namespaced resources. + NAMESPACED_RESOURCE_RESTORE_MODE must be one of: + + delete-and-restore + When conflicting top-level resources (either Namespaces or + ProtectedApplications, depending upon the scope) are encountered, + this will first trigger a delete of the conflicting resource AND + ALL OF ITS REFERENCED RESOURCES (e.g., all resources in the + Namespace or all resources referenced by the ProtectedApplication) + before restoring the resources from the Backup. This mode should + only be used when you are intending to revert some portion of a + cluster to an earlier state. + + fail-on-conflict + If conflicting top-level resources (either Namespaces or + ProtectedApplications, depending upon the scope) are encountered at + the beginning of a restore process, the Restore will fail. If a + conflict occurs during the restore process itself (e.g., because an + out of band process creates conflicting resources), a conflict will + be reported. --volume-data-restore-policy=VOLUME_DATA_RESTORE_POLICY; default="no-volume-data-restoration" Define how data is populated for restored volumes. If this flag is not @@ -221,6 +218,18 @@ OPTIONAL FLAGS storage.k8s.io/StorageClass for StorageClass. Use an empty string for core API group. + At most one of these can be specified: + + --substitution-rules-file=SUBSTITUTION_RULES_FILE + If provided, defines a set of resource transformations that will be + applied to resources from the source backup before they are created + in the target cluster. + + --transformation-rules-file=TRANSFORMATION_RULES_FILE + If provided, defines a set of resource transformations that will be + applied to resources from the source backup before they are created + in the target cluster. + GCLOUD WIDE FLAGS These flags are available to all commands: --access-token-file, --account, --billing-project, --configuration, --flags-file, --flatten, --format, diff --git a/gcloud/beta/container/backup-restore/restore-plans/update b/gcloud/beta/container/backup-restore/restore-plans/update index 03b70fb0e..4739ba337 100644 --- a/gcloud/beta/container/backup-restore/restore-plans/update +++ b/gcloud/beta/container/backup-restore/restore-plans/update @@ -8,7 +8,6 @@ SYNOPSIS [--cluster-resource-conflict-policy=CLUSTER_RESOURCE_CONFLICT_POLICY] [--description=DESCRIPTION] [--etag=ETAG] [--namespaced-resource-restore-mode=NAMESPACED_RESOURCE_RESTORE_MODE] - [--substitution-rules-file=SUBSTITUTION_RULES_FILE] [--update-labels=[KEY=VALUE,...]] [--volume-data-restore-policy=VOLUME_DATA_RESTORE_POLICY; default="no-volume-data-restoration"] @@ -20,7 +19,10 @@ SYNOPSIS | --cluster-resource-scope-excluded-group-kinds=[CLUSTER_RESOURCE_SCOPE_EXCLUDED_GROUP_KINDS, ...] | --cluster-resource-scope-no-group-kinds | --cluster-resource-scope-selected-group-kinds=[CLUSTER_RESOURCE_SCOPE_SELECTED_GROUP_KINDS, - ...]] [GCLOUD_WIDE_FLAG ...] + ...]] + [--substitution-rules-file=SUBSTITUTION_RULES_FILE + | --transformation-rules-file=TRANSFORMATION_RULES_FILE] + [GCLOUD_WIDE_FLAG ...] DESCRIPTION (BETA) Update a Backup for GKE restore plan. @@ -123,11 +125,6 @@ FLAGS out of band process creates conflicting resources), a conflict will be reported. - --substitution-rules-file=SUBSTITUTION_RULES_FILE - If provided, defines a set of resource transformations that will be - applied to resources from the source backup before they are created in - the target cluster. - --update-labels=[KEY=VALUE,...] List of label KEY=VALUE pairs to update. If a label exists, its value is modified. Otherwise, a new label is created. @@ -226,6 +223,18 @@ FLAGS storage.k8s.io/StorageClass for StorageClass. Use an empty string for core API group. + At most one of these can be specified: + + --substitution-rules-file=SUBSTITUTION_RULES_FILE + If provided, defines a set of resource transformations that will be + applied to resources from the source backup before they are created + in the target cluster. + + --transformation-rules-file=TRANSFORMATION_RULES_FILE + If provided, defines a set of resource transformations that will be + applied to resources from the source backup before they are created + in the target cluster. + GCLOUD WIDE FLAGS These flags are available to all commands: --access-token-file, --account, --billing-project, --configuration, --flags-file, --flatten, --format, diff --git a/gcloud/beta/container/clusters/create b/gcloud/beta/container/clusters/create index 6125fcd42..983e01624 100644 --- a/gcloud/beta/container/clusters/create +++ b/gcloud/beta/container/clusters/create @@ -29,16 +29,15 @@ SYNOPSIS [--enable-dataplane-v2] [--enable-fleet] [--enable-fqdn-network-policy] [--enable-gke-oidc] [--enable-google-cloud-access] [--enable-gvnic] [--enable-identity-service] [--enable-image-streaming] - [--enable-insecure-kubelet-readonly-port] [--enable-intra-node-visibility] [--enable-ip-alias] [--enable-kubernetes-alpha] [--enable-kubernetes-unstable-apis=API,[API,...]] [--enable-l4-ilb-subsetting] [--enable-legacy-authorization] [--enable-logging-monitoring-system-only] [--enable-managed-prometheus] - [--enable-master-global-access] [--enable-network-policy] - [--enable-pod-security-policy] [--enable-service-externalips] - [--enable-shielded-nodes] [--enable-stackdriver-kubernetes] - [--enable-vertical-pod-autoscaling] + [--enable-master-global-access] [--enable-multi-networking] + [--enable-network-policy] [--enable-pod-security-policy] + [--enable-service-externalips] [--enable-shielded-nodes] + [--enable-stackdriver-kubernetes] [--enable-vertical-pod-autoscaling] [--fleet-project=PROJECT_ID_OR_NUMBER] [--gateway-api=GATEWAY_API] [--identity-provider=IDENTITY_PROVIDER] [--image-type=IMAGE_TYPE] [--ipv6-access-type=IPV6_ACCESS_TYPE] [--issue-client-certificate] @@ -52,12 +51,14 @@ SYNOPSIS [--metadata=KEY=VALUE,[KEY=VALUE,...]] [--metadata-from-file=KEY=LOCAL_FILE_PATH,[...]] [--min-cpu-platform=PLATFORM] [--monitoring=[COMPONENT,...]] - [--network=NETWORK] [--node-labels=[NODE_LABEL,...]] - [--node-taints=[NODE_TAINT,...]] [--node-version=NODE_VERSION] + [--network=NETWORK] + [--network-performance-configs=[PROPERTY1=VALUE1,...]] + [--node-labels=[NODE_LABEL,...]] [--node-taints=[NODE_TAINT,...]] + [--node-version=NODE_VERSION] [--notification-config=[pubsub=ENABLED|DISABLED, pubsub-topic=TOPIC,...]] [--num-nodes=NUM_NODES; default=3] - [--placement-type=PLACEMENT_TYPE] [--preemptible] - [--private-endpoint-subnetwork=NAME] + [--placement-policy=PLACEMENT_POLICY] [--placement-type=PLACEMENT_TYPE] + [--preemptible] [--private-endpoint-subnetwork=NAME] [--private-ipv6-google-access-type=PRIVATE_IPV6_GOOGLE_ACCESS_TYPE] [--release-channel=CHANNEL] [--security-group=SECURITY_GROUP] [--security-posture=SECURITY_POSTURE] [--services-ipv4-cidr=CIDR] @@ -509,12 +510,6 @@ FLAGS --enable-image-streaming Specifies whether to enable image streaming on cluster. - --enable-insecure-kubelet-readonly-port - Enables the Kubelet's insecure Read Only Port. - - To disable in an existing cluster, explicitly set flag to - --no-enable-insecure-kubelet-readonly-port. - --enable-intra-node-visibility Enable Intra-node visibility for this cluster. @@ -577,6 +572,10 @@ FLAGS Must be used in conjunction with '--enable-ip-alias' and '--enable-private-nodes'. + --enable-multi-networking + Enables multi-networking on the cluster. Multi-networking is disabled + by default. + --enable-network-policy Enable network policy enforcement for this cluster. If you are enabling network policy on an existing cluster the network policy addon must @@ -849,6 +848,20 @@ FLAGS Kubernetes Engine will use this network when creating routes and firewalls for the clusters. Defaults to the 'default' network. + --network-performance-configs=[PROPERTY1=VALUE1,...] + Configures network performance settings for the cluster. Node pools can + override with their own settings. + + total-egress-bandwidth-tier + Total egress bandwidth is the available outbound bandwidth from a + VM, regardless of whether the traffic is going to internal IP or + external IP destinations. The following tier values are allowed: + [DEFAULT,TIER_1]. + + See + https://cloud.google.com/compute/docs/networking/configure-vm-with-high-bandwidth-configuration + for more information. + --node-labels=[NODE_LABEL,...] Applies the given Kubernetes labels on all nodes in the new node pool. @@ -914,6 +927,12 @@ FLAGS --num-nodes=NUM_NODES; default=3 The number of nodes to be created in each of the cluster's zones. + --placement-policy=PLACEMENT_POLICY + Indicates the desired resource policy to use. + + $ gcloud beta container clusters create node-pool-1 \ + --cluster=example-cluster --placement-policy my-placement + --placement-type=PLACEMENT_TYPE Placement type allows to define the type of node placement within the default node pool of this cluster. @@ -1002,7 +1021,6 @@ FLAGS Clusters subscribed to 'regular' receive versions that are considered GA quality. 'regular' is intended for production users who want to take advantage of new features. - stable Clusters subscribed to 'stable' receive versions that are known to be stable and reliable in production. @@ -1102,8 +1120,6 @@ FLAGS podPidsLimit integer (The value must be greater than or equal to 1024 and less than 4194304.) - insecureKubeletReadonlyPortEnabled true or false (enabled by - default) List of supported sysctls in 'linuxConfig'. diff --git a/gcloud/beta/container/clusters/create-auto b/gcloud/beta/container/clusters/create-auto index 662b16a70..ef12e06e1 100644 --- a/gcloud/beta/container/clusters/create-auto +++ b/gcloud/beta/container/clusters/create-auto @@ -13,7 +13,6 @@ SYNOPSIS [--database-encryption-key=DATABASE_ENCRYPTION_KEY] [--dataplane-v2-observability-mode=DATAPLANE_V2_OBSERVABILITY_MODE] [--enable-fleet] [--enable-google-cloud-access] - [--enable-insecure-kubelet-readonly-port] [--enable-kubernetes-unstable-apis=API,[API,...]] [--enable-master-global-access] [--fleet-project=PROJECT_ID_OR_NUMBER] [--logging=[COMPONENT,...]] [--monitoring=[COMPONENT,...]] @@ -197,12 +196,6 @@ FLAGS Google Cloud can reach the public control plane endpoint of your cluster. - --enable-insecure-kubelet-readonly-port - Enables the Kubelet's insecure Read Only Port. - - To disable in an existing cluster, explicitly set flag to - --no-enable-insecure-kubelet-readonly-port. - --enable-kubernetes-unstable-apis=API,[API,...] Enable Kubernetes beta API features on this cluster. Beta APIs are not expected to be production ready and should be avoided in @@ -277,9 +270,6 @@ FLAGS CHANNEL must be one of: - None - Use 'None' to opt-out of any release channel. - rapid 'rapid' channel is offered on an early access basis for customers who want to test new releases. @@ -292,7 +282,6 @@ FLAGS Clusters subscribed to 'regular' receive versions that are considered GA quality. 'regular' is intended for production users who want to take advantage of new features. - stable Clusters subscribed to 'stable' receive versions that are known to be stable and reliable in production. diff --git a/gcloud/beta/container/clusters/update b/gcloud/beta/container/clusters/update index e30351933..5052fb67e 100644 --- a/gcloud/beta/container/clusters/update +++ b/gcloud/beta/container/clusters/update @@ -14,8 +14,7 @@ SYNOPSIS | --enable-cost-allocation | --enable-fleet | --enable-fqdn-network-policy | --enable-gke-oidc | --enable-google-cloud-access | --enable-identity-service - | --enable-image-streaming | --enable-insecure-kubelet-readonly-port - | --enable-intra-node-visibility + | --enable-image-streaming | --enable-intra-node-visibility | --enable-kubernetes-unstable-apis=API,[API,...] | --enable-l4-ilb-subsetting | --enable-legacy-authorization | --enable-logging-monitoring-system-only @@ -27,6 +26,7 @@ SYNOPSIS | --fleet-project=PROJECT_ID_OR_NUMBER | --gateway-api=GATEWAY_API | --generate-password | --identity-provider=IDENTITY_PROVIDER | --logging-variant=LOGGING_VARIANT | --maintenance-window=START_TIME + | --network-performance-configs=[PROPERTY1=VALUE1,...] | --notification-config=[pubsub=ENABLED|DISABLED, pubsub-topic=TOPIC,...] | --private-ipv6-google-access-type=PRIVATE_IPV6_GOOGLE_ACCESS_TYPE @@ -289,12 +289,6 @@ REQUIRED FLAGS --enable-image-streaming Specifies whether to enable image streaming on cluster. - --enable-insecure-kubelet-readonly-port - Enables the Kubelet's insecure Read Only Port. - - To disable in an existing cluster, explicitly set flag to - --no-enable-insecure-kubelet-readonly-port. - --enable-intra-node-visibility Enable Intra-node visibility for this cluster. @@ -452,6 +446,20 @@ REQUIRED FLAGS To remove an existing maintenance window from the cluster, use '--clear-maintenance-window'. + --network-performance-configs=[PROPERTY1=VALUE1,...] + Configures network performance settings for the cluster. Node pools + can override with their own settings. + + total-egress-bandwidth-tier + Total egress bandwidth is the available outbound bandwidth from a + VM, regardless of whether the traffic is going to internal IP or + external IP destinations. The following tier values are allowed: + [DEFAULT,TIER_1]. + + See + https://cloud.google.com/compute/docs/networking/configure-vm-with-high-bandwidth-configuration + for more information. + --notification-config=[pubsub=ENABLED|DISABLED,pubsub-topic=TOPIC,...] The notification configuration of the cluster. GKE supports publishing cluster upgrade notifications to any Pub/Sub topic you @@ -528,7 +536,6 @@ REQUIRED FLAGS Clusters subscribed to 'regular' receive versions that are considered GA quality. 'regular' is intended for production users who want to take advantage of new features. - stable Clusters subscribed to 'stable' receive versions that are known to be stable and reliable in production. diff --git a/gcloud/beta/container/fleet/help b/gcloud/beta/container/fleet/help index 4f391f441..7d460113a 100644 --- a/gcloud/beta/container/fleet/help +++ b/gcloud/beta/container/fleet/help @@ -3,7 +3,7 @@ NAME your Kubernetes clusters with fleet SYNOPSIS - gcloud beta container fleet GROUP [GCLOUD_WIDE_FLAG ...] + gcloud beta container fleet GROUP | COMMAND [GCLOUD_WIDE_FLAG ...] DESCRIPTION (BETA) The command group to register GKE or other Kubernetes clusters diff --git a/gcloud/beta/container/fleet/scopes/help b/gcloud/beta/container/fleet/scopes/help index f77d8c1b2..c500195d4 100644 --- a/gcloud/beta/container/fleet/scopes/help +++ b/gcloud/beta/container/fleet/scopes/help @@ -27,6 +27,9 @@ COMMANDS list (BETA) List fleet scopes. + update + (BETA) Update a scope. + NOTES This command is currently in beta and might change without notice. This variant is also available: diff --git a/gcloud/beta/container/fleet/scopes/update b/gcloud/beta/container/fleet/scopes/update new file mode 100644 index 000000000..325235423 --- /dev/null +++ b/gcloud/beta/container/fleet/scopes/update @@ -0,0 +1,162 @@ +NAME + gcloud beta container fleet scopes update - update a scope + +SYNOPSIS + gcloud beta container fleet scopes update (SCOPE : --location=LOCATION) + [--default-upgrade-soaking=DEFAULT_UPGRADE_SOAKING + --remove-upgrade-soaking-overrides + | --add-upgrade-soaking-override=ADD_UPGRADE_SOAKING_OVERRIDE + --upgrade-selector=[UPGRADE_SELECTOR,...] --reset-upstream-scope + | --upstream-scope=UPSTREAM_SCOPE] [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + (BETA) Update an existing Fleet Scope. + +EXAMPLES + First retrieve the ID of the scope using the command below. + + $ gcloud beta container fleet scopes list + + Update a scope. + + $ gcloud beta container fleet scopes update SCOPE_NAME + +POSITIONAL ARGUMENTS + Scope resource - fleet scope resource. The arguments in this group can be + used to specify the attributes of this resource. (NOTE) Some attributes + are not given arguments in this group but can be set in other ways. + + To set the project attribute: + ◆ provide the argument scope on the command line with a fully specified + name; + ◆ set the property core/project; + ◆ provide the argument --project on the command line. + + This must be specified. + + SCOPE + ID of the scope or fully qualified identifier for the scope. + + To set the scope attribute: + ▸ provide the argument scope on the command line. + + This positional argument must be specified if any of the other + arguments in this group are specified. + + --location=LOCATION + The location name. + + To set the location attribute: + ▸ provide the argument scope on the command line with a fully + specified name; + ▸ provide the argument --location on the command line; + ▸ global is the only supported location. + +FLAGS + Rollout Sequencing + + --default-upgrade-soaking=DEFAULT_UPGRADE_SOAKING + Configures the default soaking duration for each upgrade propagating + through the current scope to become "COMPLETE". Soaking begins after + all clusters in the scope are on the target version, or after 30 days + if all cluster upgrades are not complete. Once an upgrade state + becomes "COMPLETE", it will automatically be propagated to the + downstream scope. Max is 30 days. + + See $ gcloud topic datetimes for information on duration formats. + + To configure Rollout Sequencing for a given scope, SCOPE_NAME, this + attribute must be set. To do this while specifying a default soaking + duration of 7 days, run: + + $ gcloud beta container fleet scopes update SCOPE_NAME \ + default-upgrade-soaking=7d + + At most one of these can be specified: + + --remove-upgrade-soaking-overrides + Removes soaking time overrides for all upgrades propagating through + the current scope. Consequently, all upgrades will follow the soak + time configured by --default-upgrade-soaking until new overrides + are configured with --add_upgrade_soaking_override and + --upgrade_selector. + + To remove all soaking time overrides configured for SCOPE_NAME, + run: + + $ gcloud beta container fleet scopes update SCOPE_NAME \ + --remove-upgrade-soaking-overrides + + Upgrade soaking override. + + Defines a specific soaking time override for a particular upgrade + propagating through the current scope that supercedes the default + soaking duration configured by --default-upgrade-soaking. + + To set an upgrade soaking override of 12 hours for the upgrade with + name, k8s_control_plane, and version, 1.23.1-gke.1000, run: + + $ gcloud beta container fleet scopes update SCOPE_NAME \ + --add-upgrade-soaking-override=12h \ + --upgrade-selector=name="k8s_control_plane",version="1.23.1-gke.1000" + + --add-upgrade-soaking-override=ADD_UPGRADE_SOAKING_OVERRIDE + Overrides the soaking time for a particular upgrade name and + version propagating through the current scope. Set soaking to 0 + days to bypass soaking and fast-forward the upgrade to the + downstream scope. + + See $ gcloud topic datetimes for information on duration formats. + + This flag argument must be specified if any of the other + arguments in this group are specified. + + --upgrade-selector=[UPGRADE_SELECTOR,...] + Name and version of the upgrade to be overridden where version is + a full GKE version. Currently, name can be either + k8s_control_plane or k8s_node. + + This flag argument must be specified if any of the other + arguments in this group are specified. + + At most one of these can be specified: + + --reset-upstream-scope + Clears the relationship between the current scope and its upstream + scope in the rollout sequence. + + To remove the link between SCOPE_NAME and its upstream scope, run: + + $ gcloud beta container fleet scopes update SCOPE_NAME \ + --reset-upstream-scope + + --upstream-scope=UPSTREAM_SCOPE + Full resource name of the upstream scope in the format of + projects/{project}/locations/{location}/scopes/{scope}. GKE will + finish upgrades on the upstream scope before applying the same + upgrades to the current scope. + + To configure the upstream scope for SCOPE_NAME, run: + + $ gcloud beta container fleet scopes update SCOPE_NAME \ + --upstream-scope=projects/{upstream_project}/locations/global/scopes/{upstream_scope} + +GCLOUD WIDE FLAGS + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. + + Run $ gcloud help for details. + +API REFERENCE + This command uses the gkehub/v1beta API. The full documentation for this + API can be found at: + https://cloud.google.com/anthos/multicluster-management/connect/registering-a-cluster + +NOTES + This command is currently in beta and might change without notice. This + variant is also available: + + $ gcloud alpha container fleet scopes update + diff --git a/gcloud/beta/container/hub/help b/gcloud/beta/container/hub/help index 154eadd83..d15f3f15a 100644 --- a/gcloud/beta/container/hub/help +++ b/gcloud/beta/container/hub/help @@ -3,7 +3,7 @@ NAME your Kubernetes clusters with fleet SYNOPSIS - gcloud beta container hub GROUP [GCLOUD_WIDE_FLAG ...] + gcloud beta container hub GROUP | COMMAND [GCLOUD_WIDE_FLAG ...] DESCRIPTION (BETA) The command group to register GKE or other Kubernetes clusters diff --git a/gcloud/beta/container/hub/scopes/help b/gcloud/beta/container/hub/scopes/help index 35b985453..a8f038ed2 100644 --- a/gcloud/beta/container/hub/scopes/help +++ b/gcloud/beta/container/hub/scopes/help @@ -27,6 +27,9 @@ COMMANDS list (BETA) List fleet scopes. + update + (BETA) Update a scope. + NOTES This command is currently in beta and might change without notice. This variant is also available: diff --git a/gcloud/beta/container/hub/scopes/update b/gcloud/beta/container/hub/scopes/update new file mode 100644 index 000000000..6690cb188 --- /dev/null +++ b/gcloud/beta/container/hub/scopes/update @@ -0,0 +1,162 @@ +NAME + gcloud beta container hub scopes update - update a scope + +SYNOPSIS + gcloud beta container hub scopes update (SCOPE : --location=LOCATION) + [--default-upgrade-soaking=DEFAULT_UPGRADE_SOAKING + --remove-upgrade-soaking-overrides + | --add-upgrade-soaking-override=ADD_UPGRADE_SOAKING_OVERRIDE + --upgrade-selector=[UPGRADE_SELECTOR,...] --reset-upstream-scope + | --upstream-scope=UPSTREAM_SCOPE] [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + (BETA) Update an existing Fleet Scope. + +EXAMPLES + First retrieve the ID of the scope using the command below. + + $ gcloud beta container hub scopes list + + Update a scope. + + $ gcloud beta container hub scopes update SCOPE_NAME + +POSITIONAL ARGUMENTS + Scope resource - fleet scope resource. The arguments in this group can be + used to specify the attributes of this resource. (NOTE) Some attributes + are not given arguments in this group but can be set in other ways. + + To set the project attribute: + ◆ provide the argument scope on the command line with a fully specified + name; + ◆ set the property core/project; + ◆ provide the argument --project on the command line. + + This must be specified. + + SCOPE + ID of the scope or fully qualified identifier for the scope. + + To set the scope attribute: + ▸ provide the argument scope on the command line. + + This positional argument must be specified if any of the other + arguments in this group are specified. + + --location=LOCATION + The location name. + + To set the location attribute: + ▸ provide the argument scope on the command line with a fully + specified name; + ▸ provide the argument --location on the command line; + ▸ global is the only supported location. + +FLAGS + Rollout Sequencing + + --default-upgrade-soaking=DEFAULT_UPGRADE_SOAKING + Configures the default soaking duration for each upgrade propagating + through the current scope to become "COMPLETE". Soaking begins after + all clusters in the scope are on the target version, or after 30 days + if all cluster upgrades are not complete. Once an upgrade state + becomes "COMPLETE", it will automatically be propagated to the + downstream scope. Max is 30 days. + + See $ gcloud topic datetimes for information on duration formats. + + To configure Rollout Sequencing for a given scope, SCOPE_NAME, this + attribute must be set. To do this while specifying a default soaking + duration of 7 days, run: + + $ gcloud beta container hub scopes update SCOPE_NAME \ + default-upgrade-soaking=7d + + At most one of these can be specified: + + --remove-upgrade-soaking-overrides + Removes soaking time overrides for all upgrades propagating through + the current scope. Consequently, all upgrades will follow the soak + time configured by --default-upgrade-soaking until new overrides + are configured with --add_upgrade_soaking_override and + --upgrade_selector. + + To remove all soaking time overrides configured for SCOPE_NAME, + run: + + $ gcloud beta container hub scopes update SCOPE_NAME \ + --remove-upgrade-soaking-overrides + + Upgrade soaking override. + + Defines a specific soaking time override for a particular upgrade + propagating through the current scope that supercedes the default + soaking duration configured by --default-upgrade-soaking. + + To set an upgrade soaking override of 12 hours for the upgrade with + name, k8s_control_plane, and version, 1.23.1-gke.1000, run: + + $ gcloud beta container hub scopes update SCOPE_NAME \ + --add-upgrade-soaking-override=12h \ + --upgrade-selector=name="k8s_control_plane",version="1.23.1-gke.1000" + + --add-upgrade-soaking-override=ADD_UPGRADE_SOAKING_OVERRIDE + Overrides the soaking time for a particular upgrade name and + version propagating through the current scope. Set soaking to 0 + days to bypass soaking and fast-forward the upgrade to the + downstream scope. + + See $ gcloud topic datetimes for information on duration formats. + + This flag argument must be specified if any of the other + arguments in this group are specified. + + --upgrade-selector=[UPGRADE_SELECTOR,...] + Name and version of the upgrade to be overridden where version is + a full GKE version. Currently, name can be either + k8s_control_plane or k8s_node. + + This flag argument must be specified if any of the other + arguments in this group are specified. + + At most one of these can be specified: + + --reset-upstream-scope + Clears the relationship between the current scope and its upstream + scope in the rollout sequence. + + To remove the link between SCOPE_NAME and its upstream scope, run: + + $ gcloud beta container hub scopes update SCOPE_NAME \ + --reset-upstream-scope + + --upstream-scope=UPSTREAM_SCOPE + Full resource name of the upstream scope in the format of + projects/{project}/locations/{location}/scopes/{scope}. GKE will + finish upgrades on the upstream scope before applying the same + upgrades to the current scope. + + To configure the upstream scope for SCOPE_NAME, run: + + $ gcloud beta container hub scopes update SCOPE_NAME \ + --upstream-scope=projects/{upstream_project}/locations/global/scopes/{upstream_scope} + +GCLOUD WIDE FLAGS + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. + + Run $ gcloud help for details. + +API REFERENCE + This command uses the gkehub/v1beta API. The full documentation for this + API can be found at: + https://cloud.google.com/anthos/multicluster-management/connect/registering-a-cluster + +NOTES + This command is currently in beta and might change without notice. This + variant is also available: + + $ gcloud alpha container hub scopes update + diff --git a/gcloud/beta/container/node-pools/create b/gcloud/beta/container/node-pools/create index 5fbaf7e1a..7d24f2b1f 100644 --- a/gcloud/beta/container/node-pools/create +++ b/gcloud/beta/container/node-pools/create @@ -9,7 +9,12 @@ SYNOPSIS gpu-partition-size=GPU_PARTITION_SIZE, gpu-sharing-strategy=GPU_SHARING_STRATEGY, max-shared-clients-per-gpu=MAX_SHARED_CLIENTS_PER_GPU],...]] - [--async] [--boot-disk-kms-key=BOOT_DISK_KMS_KEY] [--cluster=CLUSTER] + [--additional-node-network=[network=NETWORK_NAME, + subnetwork=SUBNETWORK_NAME,...]] + [--additional-pod-network=[subnetwork=SUBNETWORK_NAME, + pod-ipv4-range=SECONDARY_RANGE_NAME, + [max-pods-per-node=NUM_PODS],...]] [--async] + [--boot-disk-kms-key=BOOT_DISK_KMS_KEY] [--cluster=CLUSTER] [--disable-pod-cidr-overprovision] [--disk-size=DISK_SIZE] [--disk-type=DISK_TYPE] [--enable-autoprovisioning] [--enable-autorepair] [--no-enable-autoupgrade] @@ -29,7 +34,8 @@ SYNOPSIS [--node-locations=ZONE,[ZONE,...]] [--node-pool-soak-duration=NODE_POOL_SOAK_DURATION] [--node-taints=[NODE_TAINT,...]] [--node-version=NODE_VERSION] - [--num-nodes=NUM_NODES; default=3] [--placement-type=PLACEMENT_TYPE] + [--num-nodes=NUM_NODES; default=3] + [--placement-policy=PLACEMENT_POLICY] [--placement-type=PLACEMENT_TYPE] [--preemptible] [--sandbox=[type=TYPE]] [--shielded-integrity-monitoring] [--shielded-secure-boot] [--sole-tenant-node-affinity-file=SOLE_TENANT_NODE_AFFINITY_FILE] @@ -123,6 +129,40 @@ FLAGS (Optional) The max number of containers allowed to share each GPU on the node. This field is used together with gpu-sharing-strategy. + --additional-node-network=[network=NETWORK_NAME,subnetwork=SUBNETWORK_NAME,...] + Attach an additional network interface to each node in the pool. This + parameter can be specified up to 7 times. + + e.g. --additional-node-network network=dataplane,subnetwork=subnet-dp + + network + (Required) The network to attach the new interface to. + + subnetwork + (Required) The subnetwork to attach the new interface to. + + --additional-pod-network=[subnetwork=SUBNETWORK_NAME,pod-ipv4-range=SECONDARY_RANGE_NAME,[max-pods-per-node=NUM_PODS],...] + Specify the details of a secondary range to be used for an additional + pod network. Not needed if you use "host" typed NIC from this network. + This parameter can be specified up to 35 times. + + e.g. --additional-pod-network + subnetwork=subnet-dp,pod-ipv4-range=sec-range-blue,max-pods-per-node=8. + + subnetwork + (Optional) The name of the subnetwork to link the pod network to. + If not specified, the pod network defaults to the subnet connected + to the default network interface. + + pod-ipv4-range + (Required) The name of the secondary range in the subnetwork. The + range must hold at least (2 * MAX_PODS_PER_NODE * + MAX_NODES_IN_RANGE) IPs. + + max-pods-per-node + (Optional) Maximum amount of pods per node that can utilize this + ipv4-range. Defaults to NodePool (if specified) or Cluster value. + --async Return immediately, without waiting for the operation in progress to complete. @@ -442,6 +482,12 @@ FLAGS --num-nodes=NUM_NODES; default=3 The number of nodes in the node pool in each of the cluster's zones. + --placement-policy=PLACEMENT_POLICY + Indicates the desired resource policy to use. + + $ gcloud beta container node-pools create node-pool-1 \ + --cluster=example-cluster --placement-policy my-placement + --placement-type=PLACEMENT_TYPE Placement type allows to define the type of node placement within this node pool. @@ -555,8 +601,6 @@ FLAGS podPidsLimit integer (The value must be greater than or equal to 1024 and less than 4194304.) - insecureKubeletReadonlyPortEnabled true or false (enabled by - default) List of supported sysctls in 'linuxConfig'. diff --git a/gcloud/beta/container/node-pools/update b/gcloud/beta/container/node-pools/update index 98229ae50..25acb6923 100644 --- a/gcloud/beta/container/node-pools/update +++ b/gcloud/beta/container/node-pools/update @@ -168,8 +168,6 @@ REQUIRED FLAGS podPidsLimit integer (The value must be greater than or equal to 1024 and less than 4194304.) - insecureKubeletReadonlyPortEnabled true or false (enabled by - default) List of supported sysctls in 'linuxConfig'. diff --git a/gcloud/beta/functions/add-invoker-policy-binding b/gcloud/beta/functions/add-invoker-policy-binding index 9a9455b39..ae6fbfc2f 100644 --- a/gcloud/beta/functions/add-invoker-policy-binding +++ b/gcloud/beta/functions/add-invoker-policy-binding @@ -7,7 +7,13 @@ SYNOPSIS --member=PRINCIPAL [GCLOUD_WIDE_FLAG ...] DESCRIPTION - (BETA) This command applies to Cloud Functions 2nd gen only. + (BETA) Adds the Cloud Run Invoker binding to the IAM policy of a Google + Cloud Function's underlying Cloud Run service. + + This command applies to Cloud Functions (2nd gen) only. Cloud Functions + (2nd gen) currently requires the Cloud Run Invoke permission on the + underlying Cloud Run service to be able to call functions. This command + grants the given member permission to invoke the given 2nd gen function. EXAMPLES To add the invoker role policy binding for FUNCTION-1 for member MEMBER-1 diff --git a/gcloud/beta/functions/deploy b/gcloud/beta/functions/deploy index e77e5a623..01520d5ff 100644 --- a/gcloud/beta/functions/deploy +++ b/gcloud/beta/functions/deploy @@ -43,7 +43,7 @@ SYNOPSIS | --trigger-topic=TRIGGER_TOPIC | --trigger-event=EVENT_TYPE --trigger-resource=RESOURCE | --trigger-event-filters=[ATTRIBUTE=VALUE,...] - --trigger-event-filters-path-pattern=[ATTRIBUTE=VALUE,...]] + --trigger-event-filters-path-pattern=[ATTRIBUTE=PATH_PATTERN,...]] [GCLOUD_WIDE_FLAG ...] DESCRIPTION @@ -576,15 +576,20 @@ FLAGS use this flag to change the setting. If you don't specify a trigger when deploying an update to an existing - function it will keep its current trigger. You must specify - --trigger-topic, --trigger-bucket, --trigger-http, --trigger-event-filters - or (--trigger-event AND --trigger-resource) when deploying a new function. + function it will keep its current trigger. You must specify one of the + following when deploying a new function: + ◆ --trigger-topic, + ◆ --trigger-bucket, + ◆ --trigger-http, + ◆ --trigger-event AND --trigger-resource, + ◆ --trigger-event-filters and optionally + --trigger-event-filters-path-pattern. At most one of these can be specified: --trigger-bucket=TRIGGER_BUCKET - Google Cloud Storage bucket name. Every change in files in this - bucket will trigger function execution. + Google Cloud Storage bucket name. Trigger the function when an object + is created or overwritten in the specified Cloud Storage bucket. --trigger-http Function will be assigned an endpoint, which you can view by using @@ -614,9 +619,11 @@ FLAGS --trigger-event-filters=[ATTRIBUTE=VALUE,...] The Eventarc matching criteria for the trigger. The criteria can be specified either as a single comma-separated argument or as multiple - arguments. This is only relevant when --gen2 is provided. + arguments. The filters must include the type attribute, as well as + any other attributes that are expected for the chosen type. This is + only relevant when --gen2 is provided. - --trigger-event-filters-path-pattern=[ATTRIBUTE=VALUE,...] + --trigger-event-filters-path-pattern=[ATTRIBUTE=PATH_PATTERN,...] The Eventarc matching criteria for the trigger in path pattern format. The criteria can be specified as a single comma-separated argument or as multiple arguments. This is only relevant when --gen2 diff --git a/gcloud/beta/functions/remove-invoker-policy-binding b/gcloud/beta/functions/remove-invoker-policy-binding index 1361b524a..2267ad5b7 100644 --- a/gcloud/beta/functions/remove-invoker-policy-binding +++ b/gcloud/beta/functions/remove-invoker-policy-binding @@ -7,7 +7,13 @@ SYNOPSIS (NAME : --region=REGION) --member=PRINCIPAL [GCLOUD_WIDE_FLAG ...] DESCRIPTION - (BETA) This command applies to Cloud Functions 2nd gen only. + (BETA) Removes the Cloud Run Invoker binding from the IAM policy of a + Google Cloud Function's underlying Cloud Run service. + + This command applies to Cloud Functions (2nd gen) only. Cloud Functions + (2nd gen) currently requires the Cloud Run Invoke permission on the + underlying Cloud Run service to be able to call functions. This command + removes the given member permission to invoke the given 2nd gen function. EXAMPLES To remove the invoker role policy binding for FUNCTION-1 for member diff --git a/gcloud/beta/healthcare/dicom-stores/create b/gcloud/beta/healthcare/dicom-stores/create index e70fb96ae..5c6a59577 100644 --- a/gcloud/beta/healthcare/dicom-stores/create +++ b/gcloud/beta/healthcare/dicom-stores/create @@ -78,9 +78,9 @@ FLAGS import. Only supported for DICOM imports. --stream-configs=STREAM_CONFIGS - The configuration that indicates the BigQuery destinations for - streaming instances of a DICOM store. To specify StreamConfigs, list - all BigQuery destinations into one string separated by comma. (e.g., + Configuration that indicates the BigQuery destinations for streaming + instances of a DICOM store. To specify StreamConfigs, list all BigQuery + destinations into one string separated by comma. (e.g., --stream-configs bq://{bigqueryProjectId1}.{bigqueryDatasetId1}.{bigqueryTableId1},bq://{bigqueryProjectId2}.{bigqueryDatasetId2}.{bigqueryTableId2}). diff --git a/gcloud/beta/healthcare/dicom-stores/update b/gcloud/beta/healthcare/dicom-stores/update index 25a83c172..87bfefe07 100644 --- a/gcloud/beta/healthcare/dicom-stores/update +++ b/gcloud/beta/healthcare/dicom-stores/update @@ -72,9 +72,9 @@ FLAGS import. Only supported for DICOM imports. --stream-configs=STREAM_CONFIGS - The configuration that indicates the BigQuery destinations for - streaming instances of a DICOM store. To specify StreamConfigs, list - all BigQuery destinations into one string separated by comma. (e.g., + Configuration that indicates the BigQuery destinations for streaming + instances of a DICOM store. To specify StreamConfigs, list all BigQuery + destinations into one string separated by comma. (e.g., --stream-configs bq://{bigqueryProjectId1}.{bigqueryDatasetId1}.{bigqueryTableId1},bq://{bigqueryProjectId2}.{bigqueryDatasetId2}.{bigqueryTableId2}). diff --git a/gcloud/beta/kms/keys/create b/gcloud/beta/kms/keys/create index 5047ff02f..cb9df02c6 100644 --- a/gcloud/beta/kms/keys/create +++ b/gcloud/beta/kms/keys/create @@ -68,13 +68,13 @@ EXAMPLES --keyring=rangers --purpose=encryption --rotation-period=30d \ --next-rotation-time=2017-10-12T12:34:56.1234Z - The following command creates a key named foo with protection level - software within the keyring fellowship and location us-east1 with two - specified labels: + The following command creates a raw encryption key named foo with + protection level software within the keyring fellowship and location + us-east1 with two specified labels: $ gcloud beta kms keys create foo --location=us-east1 \ - --keyring=fellowship --purpose=encryption \ - --labels=env=prod,team=kms + --keyring=fellowship --purpose=raw-encryption \ + --default-algorithm=aes-128-cbc --labels=env=prod,team=kms The following command creates an asymmetric key named samwise with protection level software and default algorithm ec-sign-p256-sha256 within @@ -153,7 +153,8 @@ POSITIONAL ARGUMENTS REQUIRED FLAGS --purpose=PURPOSE The "purpose" of the key. PURPOSE must be one of: - asymmetric-encryption, asymmetric-signing, encryption, mac. + asymmetric-encryption, asymmetric-signing, encryption, mac, + raw-encryption. OPTIONAL FLAGS --crypto-key-backend=CRYPTO_KEY_BACKEND @@ -166,7 +167,8 @@ OPTIONAL FLAGS The default algorithm for the crypto key. For more information about choosing an algorithm, see https://cloud.google.com/kms/docs/algorithms. DEFAULT_ALGORITHM must be - one of: ec-sign-p256-sha256, ec-sign-p384-sha384, + one of: aes-128-cbc, aes-128-ctr, aes-128-gcm, aes-256-cbc, + aes-256-ctr, aes-256-gcm, ec-sign-p256-sha256, ec-sign-p384-sha384, ec-sign-secp256k1-sha256, external-symmetric-encryption, google-symmetric-encryption, hmac-sha1, hmac-sha224, hmac-sha256, hmac-sha384, hmac-sha512, rsa-decrypt-oaep-2048-sha1, diff --git a/gcloud/beta/kms/keys/update b/gcloud/beta/kms/keys/update index 93ec32114..0be566a10 100644 --- a/gcloud/beta/kms/keys/update +++ b/gcloud/beta/kms/keys/update @@ -116,7 +116,8 @@ FLAGS The default algorithm for the crypto key. For more information about choosing an algorithm, see https://cloud.google.com/kms/docs/algorithms. DEFAULT_ALGORITHM must be - one of: ec-sign-p256-sha256, ec-sign-p384-sha384, + one of: aes-128-cbc, aes-128-ctr, aes-128-gcm, aes-256-cbc, + aes-256-ctr, aes-256-gcm, ec-sign-p256-sha256, ec-sign-p384-sha384, ec-sign-secp256k1-sha256, external-symmetric-encryption, google-symmetric-encryption, hmac-sha1, hmac-sha224, hmac-sha256, hmac-sha384, hmac-sha512, rsa-decrypt-oaep-2048-sha1, diff --git a/gcloud/beta/kms/keys/versions/create b/gcloud/beta/kms/keys/versions/create index a9eb96436..407bca18f 100644 --- a/gcloud/beta/kms/keys/versions/create +++ b/gcloud/beta/kms/keys/versions/create @@ -54,7 +54,8 @@ FLAGS Location of the keyring. --primary - If specified, immediately make the new version primary. + If specified, immediately makes the new version primary. This should + only be used with the encryption purpose. GCLOUD WIDE FLAGS These flags are available to all commands: --access-token-file, --account, diff --git a/gcloud/beta/kms/keys/versions/import b/gcloud/beta/kms/keys/versions/import index 74d6866c7..23d2cec91 100644 --- a/gcloud/beta/kms/keys/versions/import +++ b/gcloud/beta/kms/keys/versions/import @@ -31,18 +31,19 @@ REQUIRED FLAGS The algorithm to assign to the new key version. For more information about supported algorithms, see https://cloud.google.com/kms/docs/algorithms. ALGORITHM must be one of: - ec-sign-p256-sha256, ec-sign-p384-sha384, ec-sign-secp256k1-sha256, - google-symmetric-encryption, hmac-sha1, hmac-sha224, hmac-sha256, - hmac-sha384, hmac-sha512, rsa-decrypt-oaep-2048-sha1, - rsa-decrypt-oaep-2048-sha256, rsa-decrypt-oaep-3072-sha1, - rsa-decrypt-oaep-3072-sha256, rsa-decrypt-oaep-4096-sha1, - rsa-decrypt-oaep-4096-sha256, rsa-decrypt-oaep-4096-sha512, - rsa-sign-pkcs1-2048-sha256, rsa-sign-pkcs1-3072-sha256, - rsa-sign-pkcs1-4096-sha256, rsa-sign-pkcs1-4096-sha512, - rsa-sign-pss-2048-sha256, rsa-sign-pss-3072-sha256, - rsa-sign-pss-4096-sha256, rsa-sign-pss-4096-sha512, - rsa-sign-raw-pkcs1-2048, rsa-sign-raw-pkcs1-3072, - rsa-sign-raw-pkcs1-4096. + aes-128-cbc, aes-128-ctr, aes-128-gcm, aes-256-cbc, aes-256-ctr, + aes-256-gcm, ec-sign-p256-sha256, ec-sign-p384-sha384, + ec-sign-secp256k1-sha256, google-symmetric-encryption, hmac-sha1, + hmac-sha224, hmac-sha256, hmac-sha384, hmac-sha512, + rsa-decrypt-oaep-2048-sha1, rsa-decrypt-oaep-2048-sha256, + rsa-decrypt-oaep-3072-sha1, rsa-decrypt-oaep-3072-sha256, + rsa-decrypt-oaep-4096-sha1, rsa-decrypt-oaep-4096-sha256, + rsa-decrypt-oaep-4096-sha512, rsa-sign-pkcs1-2048-sha256, + rsa-sign-pkcs1-3072-sha256, rsa-sign-pkcs1-4096-sha256, + rsa-sign-pkcs1-4096-sha512, rsa-sign-pss-2048-sha256, + rsa-sign-pss-3072-sha256, rsa-sign-pss-4096-sha256, + rsa-sign-pss-4096-sha512, rsa-sign-raw-pkcs1-2048, + rsa-sign-raw-pkcs1-3072, rsa-sign-raw-pkcs1-4096. --import-job=IMPORT_JOB Name of the import job to import from. diff --git a/gcloud/beta/metastore/operations/cancel b/gcloud/beta/metastore/operations/cancel new file mode 100644 index 000000000..64bd8daed --- /dev/null +++ b/gcloud/beta/metastore/operations/cancel @@ -0,0 +1,63 @@ +NAME + gcloud beta metastore operations cancel - cancel a Dataproc Metastore + operation + +SYNOPSIS + gcloud beta metastore operations cancel (OPERATION : --location=LOCATION) + [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + (BETA) Cancel a Dataproc Metastore operation. + +EXAMPLES + To cancel an active Dataproc Metastore operation with the name operation-1 + in location us-central1, run: + + $ gcloud beta metastore operations cancel operation-1 \ + --location=us-central1 + +POSITIONAL ARGUMENTS + Operation resource - The operation cancel. The arguments in this group can + be used to specify the attributes of this resource. (NOTE) Some attributes + are not given arguments in this group but can be set in other ways. + + To set the project attribute: + ◆ provide the argument operation on the command line with a fully + specified name; + ◆ provide the argument --project on the command line; + ◆ set the property core/project. + + This must be specified. + + OPERATION + ID of the operation or fully qualified identifier for the operation. + + To set the operation attribute: + ▸ provide the argument operation on the command line. + + This positional argument must be specified if any of the other + arguments in this group are specified. + + --location=LOCATION + Location to which the operation belongs. + + To set the location attribute: + ▸ provide the argument operation on the command line with a fully + specified name; + ▸ provide the argument --location on the command line; + ▸ set the property metastore/location. + +GCLOUD WIDE FLAGS + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. + + Run $ gcloud help for details. + +NOTES + This command is currently in beta and might change without notice. This + variant is also available: + + $ gcloud alpha metastore operations cancel + diff --git a/gcloud/beta/metastore/operations/help b/gcloud/beta/metastore/operations/help index c84824099..a78ea8d2e 100644 --- a/gcloud/beta/metastore/operations/help +++ b/gcloud/beta/metastore/operations/help @@ -15,6 +15,9 @@ GCLOUD WIDE FLAGS COMMANDS COMMAND is one of the following: + cancel + (BETA) Cancel a Dataproc Metastore operation. + delete (BETA) Delete one or more completed Dataproc Metastore operations. diff --git a/gcloud/beta/network-security/security-profile-groups/create b/gcloud/beta/network-security/security-profile-groups/create index 8212245d8..8f81f3c89 100644 --- a/gcloud/beta/network-security/security-profile-groups/create +++ b/gcloud/beta/network-security/security-profile-groups/create @@ -43,7 +43,7 @@ POSITIONAL ARGUMENTS arguments in this group are specified. --location=LOCATION - Location Id of the resource. + Location ID of the resource. To set the location attribute: ▸ provide the argument security_profile_group on the command line diff --git a/gcloud/beta/network-security/security-profile-groups/delete b/gcloud/beta/network-security/security-profile-groups/delete index 6c48bb700..387810f5f 100644 --- a/gcloud/beta/network-security/security-profile-groups/delete +++ b/gcloud/beta/network-security/security-profile-groups/delete @@ -35,7 +35,7 @@ POSITIONAL ARGUMENTS arguments in this group are specified. --location=LOCATION - Location Id of the resource. + Location ID of the resource. To set the location attribute: ▸ provide the argument security_profile_group on the command line diff --git a/gcloud/beta/network-security/security-profile-groups/describe b/gcloud/beta/network-security/security-profile-groups/describe index 3542081f6..73b2aa107 100644 --- a/gcloud/beta/network-security/security-profile-groups/describe +++ b/gcloud/beta/network-security/security-profile-groups/describe @@ -36,7 +36,7 @@ POSITIONAL ARGUMENTS arguments in this group are specified. --location=LOCATION - Location Id of the resource. + Location ID of the resource. To set the location attribute: ▸ provide the argument security_profile_group on the command line diff --git a/gcloud/beta/network-security/security-profile-groups/update b/gcloud/beta/network-security/security-profile-groups/update index 7142956ac..837801789 100644 --- a/gcloud/beta/network-security/security-profile-groups/update +++ b/gcloud/beta/network-security/security-profile-groups/update @@ -42,7 +42,7 @@ POSITIONAL ARGUMENTS arguments in this group are specified. --location=LOCATION - Location Id of the resource. + Location ID of the resource. To set the location attribute: ▸ provide the argument security_profile_group on the command line diff --git a/gcloud/beta/network-security/security-profiles/threat-prevention/delete b/gcloud/beta/network-security/security-profiles/threat-prevention/delete index df2d9e881..b6a784bbd 100644 --- a/gcloud/beta/network-security/security-profiles/threat-prevention/delete +++ b/gcloud/beta/network-security/security-profiles/threat-prevention/delete @@ -34,7 +34,7 @@ POSITIONAL ARGUMENTS arguments in this group are specified. --location=LOCATION - Location Id of the resource. + Location ID of the resource. To set the location attribute: ▸ provide the argument security_profile on the command line with a diff --git a/gcloud/beta/workstations/configs/create b/gcloud/beta/workstations/configs/create index db952a30e..f9bc7f32d 100644 --- a/gcloud/beta/workstations/configs/create +++ b/gcloud/beta/workstations/configs/create @@ -23,7 +23,7 @@ SYNOPSIS [--service-account=SERVICE_ACCOUNT] [--shielded-integrity-monitoring] [--shielded-secure-boot] [--shielded-vtpm] [--accelerator-count=ACCELERATOR_COUNT - --accelerator-type=ACCELERATOR_TYPE] + : --accelerator-type=ACCELERATOR_TYPE] [--container-custom-image=CONTAINER_CUSTOM_IMAGE | --container-predefined-image=CONTAINER_PREDEFINED_IMAGE; default="codeoss"] @@ -220,9 +220,6 @@ FLAGS The type of accelerator resource to attach to the instance, for example, "nvidia-tesla-p100". - This flag argument must be specified if any of the other arguments in - this group are specified. - At most one of these can be specified: --container-custom-image=CONTAINER_CUSTOM_IMAGE diff --git a/gcloud/beta/workstations/configs/update b/gcloud/beta/workstations/configs/update index 7866dec3c..738a8c708 100644 --- a/gcloud/beta/workstations/configs/update +++ b/gcloud/beta/workstations/configs/update @@ -17,6 +17,8 @@ SYNOPSIS [--pool-size=POOL_SIZE] [--running-timeout=RUNNING_TIMEOUT] [--service-account=SERVICE_ACCOUNT] [--shielded-integrity-monitoring] [--shielded-secure-boot] [--shielded-vtpm] + [--accelerator-count=ACCELERATOR_COUNT + : --accelerator-type=ACCELERATOR_TYPE] [--container-custom-image=CONTAINER_CUSTOM_IMAGE | --container-predefined-image=CONTAINER_PREDEFINED_IMAGE] [GCLOUD_WIDE_FLAG ...] @@ -176,6 +178,18 @@ FLAGS --shielded-vtpm Default value is false. If set, instances will have vTPM enabled. + Accelerator settings + + --accelerator-count=ACCELERATOR_COUNT + The number of accelerator cards exposed to the instance. + + This flag argument must be specified if any of the other arguments in + this group are specified. + + --accelerator-type=ACCELERATOR_TYPE + The type of accelerator resource to attach to the instance, for + example, "nvidia-tesla-p100". + At most one of these can be specified: --container-custom-image=CONTAINER_CUSTOM_IMAGE diff --git a/gcloud/billing/help b/gcloud/billing/help index 2657bb7f9..f72f0f37a 100644 --- a/gcloud/billing/help +++ b/gcloud/billing/help @@ -10,12 +10,12 @@ DESCRIPTION EXAMPLES To list billing accounts associated with the current user, run: - $ gcloud billing accounts list + $ gcloud beta billing accounts list To link one of the billing accounts 0X0X0X-0X0X0X-0X0X0X with a project my-project, run: - $ gcloud billing projects link my-project \ + $ gcloud beta billing projects link my-project \ --billing-account 0X0X0X-0X0X0X-0X0X0X GCLOUD WIDE FLAGS diff --git a/gcloud/builds/triggers/create/bitbucketserver b/gcloud/builds/triggers/create/bitbucketserver index 6fdbee2bf..3e21d7b1f 100644 --- a/gcloud/builds/triggers/create/bitbucketserver +++ b/gcloud/builds/triggers/create/bitbucketserver @@ -169,7 +169,19 @@ REQUIRED FLAGS --comment-control=COMMENT_CONTROL; default=CommentControlValueValuesEnum(COMMENTS_ENABLED, 1) Require a repository collaborator or owner to comment '/gcbrun' - on a pull request before running the build. + on a pull request before running the build. COMMENT_CONTROL + must be one of: + + COMMENTS_DISABLED + Do not require comments on Pull Requests before builds are + triggered. + COMMENTS_ENABLED + Enforce that repository owners or collaborators must + comment on Pull Requests before builds are triggered. + COMMENTS_ENABLED_FOR_EXTERNAL_CONTRIBUTORS_ONLY + Enforce that repository owners or collaborators must + comment on external contributors' Pull Requests before + builds are triggered. Exactly one of these must be specified: diff --git a/gcloud/builds/triggers/create/github b/gcloud/builds/triggers/create/github index 1a7fceabb..88ec43062 100644 --- a/gcloud/builds/triggers/create/github +++ b/gcloud/builds/triggers/create/github @@ -6,9 +6,10 @@ SYNOPSIS gcloud builds triggers create github (--trigger-config=PATH | [(--branch-pattern=REGEX | --tag-pattern=REGEX | [--pull-request-pattern=REGEX : --comment-control=COMMENT_CONTROL; - default="COMMENTS_ENABLED"]) (--build-config=PATH - | --inline-config=PATH | [--dockerfile=DOCKERFILE - : --dockerfile-dir=DOCKERFILE_DIR; default="/" + default=CommentControlValueValuesEnum(COMMENTS_ENABLED, + 1)]) (--build-config=PATH | --inline-config=PATH + | [--dockerfile=DOCKERFILE : --dockerfile-dir=DOCKERFILE_DIR; + default="/" --dockerfile-image=DOCKERFILE_IMAGE]) (--repository=REPOSITORY | [--repo-name=REPO_NAME --repo-owner=REPO_OWNER : --enterprise-config=ENTERPRISE_CONFIG]) : --description=DESCRIPTION @@ -158,7 +159,7 @@ REQUIRED FLAGS This flag argument must be specified if any of the other arguments in this group are specified. - --comment-control=COMMENT_CONTROL; default="COMMENTS_ENABLED" + --comment-control=COMMENT_CONTROL; default=CommentControlValueValuesEnum(COMMENTS_ENABLED, 1) Require a repository collaborator or owner to comment '/gcbrun' on a pull request before running the build. COMMENT_CONTROL must be one of: diff --git a/gcloud/builds/triggers/create/gitlab b/gcloud/builds/triggers/create/gitlab index 7885e8ca8..d40178503 100644 --- a/gcloud/builds/triggers/create/gitlab +++ b/gcloud/builds/triggers/create/gitlab @@ -149,7 +149,19 @@ REQUIRED FLAGS --comment-control=COMMENT_CONTROL; default=CommentControlValueValuesEnum(COMMENTS_ENABLED, 1) Require a repository collaborator or owner to comment '/gcbrun' - on a pull request before running the build. + on a pull request before running the build. COMMENT_CONTROL + must be one of: + + COMMENTS_DISABLED + Do not require comments on Pull Requests before builds are + triggered. + COMMENTS_ENABLED + Enforce that repository owners or collaborators must + comment on Pull Requests before builds are triggered. + COMMENTS_ENABLED_FOR_EXTERNAL_CONTRIBUTORS_ONLY + Enforce that repository owners or collaborators must + comment on external contributors' Pull Requests before + builds are triggered. Exactly one of these must be specified: diff --git a/gcloud/builds/triggers/create/gitlab-enterprise b/gcloud/builds/triggers/create/gitlab-enterprise deleted file mode 100644 index 30068a33c..000000000 --- a/gcloud/builds/triggers/create/gitlab-enterprise +++ /dev/null @@ -1,227 +0,0 @@ -NAME - gcloud builds triggers create gitlab-enterprise - create a build trigger - for a GitLab Enterprise repository - -SYNOPSIS - gcloud builds triggers create gitlab-enterprise - (--trigger-config=PATH | [(--branch-pattern=REGEX | --tag-pattern=REGEX - | [--pull-request-pattern=REGEX : --comment-control=COMMENT_CONTROL; - default=CommentControlValueValuesEnum(COMMENTS_ENABLED, - 1)]) (--build-config=PATH | --inline-config=PATH - | [--dockerfile=DOCKERFILE : --dockerfile-dir=DOCKERFILE_DIR; - default="/" --dockerfile-image=DOCKERFILE_IMAGE]) - (--gitlab-config-resource=GITLAB_CONFIG_RESOURCE - --project-namespace=PROJECT_NAMESPACE) : --description=DESCRIPTION - --ignored-files=[GLOB,...] --included-files=[GLOB,...] --name=NAME - --region=REGION --[no-]require-approval - --service-account=SERVICE_ACCOUNT --substitutions=[KEY=VALUE,...]]) - [GCLOUD_WIDE_FLAG ...] - -DESCRIPTION - Create a build trigger for a GitLab Enterprise repository. - -EXAMPLES - To create a push trigger with a 1st-gen repository for all branches: - - $ gcloud builds triggers create gitlab-enterprise \ - --name="my-trigger" \ - --service-account="projects/my-project/serviceAccounts/my-byosa@\ - my-project.iam.gserviceaccount.com" \ - --project-namespace="cloud-builders" \ - --gitlab-config-resource="projects/1234/locations/global/gitLabC\ - onfigs/5678" --branch-pattern=".*" --build-config="cloudbuild.yaml" - - To create a pull request trigger with a 1st-gen repository for main: - - $ gcloud builds triggers create gitlab-enterprise \ - --name="my-trigger" \ - --service-account="projects/my-project/serviceAccounts/my-byosa@\ - my-project.iam.gserviceaccount.com" \ - --project-namespace="cloud-builders" \ - --gitlab-config-resource="projects/1234/locations/global/gitLabC\ - onfigs/5678" --pull-request-pattern="^main$" \ - --build-config="cloudbuild.yaml" - -REQUIRED FLAGS - Exactly one of these must be specified: - - --trigger-config=PATH - Path to Build Trigger config file (JSON or YAML format). For more - details, see - https://cloud.google.com/cloud-build/docs/api/reference/rest/v1/projects.triggers#BuildTrigger - - Flag based trigger configuration - - --description=DESCRIPTION - Build trigger description. - - --ignored-files=[GLOB,...] - Glob filter. Changes only affecting ignored files won't trigger - builds. - - --included-files=[GLOB,...] - Glob filter. Changes affecting at least one included file will - trigger builds. - - --name=NAME - Build trigger name. - - --region=REGION - The region of the Cloud Build Service to use. Must be set to a - supported region name (e.g. us-central1). If unset, builds/region, - which is the default region to use when working with Cloud Build - resources, is used. If builds/region is unset, region is set to - global. - - --[no-]require-approval - Require manual approval for triggered builds. Use - --require-approval to enable and --no-require-approval to disable. - - --service-account=SERVICE_ACCOUNT - The service account used for all user-controlled operations - including UpdateBuildTrigger, RunBuildTrigger, CreateBuild, and - CancelBuild. If no service account is set, then the standard Cloud - Build service account ([PROJECT_NUM]@system.gserviceaccount.com) is - used instead. Format: - projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT_ID_OR_EMAIL}. - - --substitutions=[KEY=VALUE,...] - Parameters to be substituted in the build specification. For - example: - - $ gcloud builds triggers create gitlab-enterprise ... \ - --substitutions _FAVORITE_COLOR=blue,_NUM_CANDIES=10 - - This will result in a build where every occurrence of - ${_FAVORITE_COLOR} in certain fields is replaced by "blue", and - similarly for ${_NUM_CANDIES} and "10". - - Substitutions can be applied to user-defined variables (starting - with an underscore) and to the following built-in variables: - REPO_NAME, BRANCH_NAME, TAG_NAME, REVISION_ID, COMMIT_SHA, - SHORT_SHA. - - For more details, see: - https://cloud.google.com/build/docs/configuring-builds/substitute-variable-values - - Exactly one of these must be specified: - - --branch-pattern=REGEX - A regular expression specifying which git branches to match. - - This pattern is used as a regular expression search for any - incoming pushes. For example, --branch-pattern=foo will match - "foo", "foobar", and "barfoo". Events on a branch that does not - match will be ignored. - - The syntax of the regular expressions accepted is the syntax - accepted by RE2 and described at - https://github.com/google/re2/wiki/Syntax. - - --tag-pattern=REGEX - A regular expression specifying which git tags to match. - - This pattern is used as a regular expression search for any - incoming pushes. For example, --tag-pattern=foo will match "foo", - "foobar", and "barfoo". Events on a tag that does not match will - be ignored. - - The syntax of the regular expressions accepted is the syntax - accepted by RE2 and described at - https://github.com/google/re2/wiki/Syntax. - - Pull Request settings - - --pull-request-pattern=REGEX - Regular expression specifying which base git branch to match - for pull request events. - - This pattern is used as a regex search for the base branch (the - branch you are trying to merge into) for pull request updates. - For example, --pull-request-pattern=foo will match "foo", - "foobar", and "barfoo". - - The syntax of the regular expressions accepted is the syntax - accepted by RE2 and described at - https://github.com/google/re2/wiki/Syntax. - - This flag argument must be specified if any of the other - arguments in this group are specified. - - --comment-control=COMMENT_CONTROL; default=CommentControlValueValuesEnum(COMMENTS_ENABLED, 1) - Require a repository collaborator or owner to comment '/gcbrun' - on a pull request before running the build. - - Exactly one of these must be specified: - - --build-config=PATH - Path to a YAML or JSON file containing the build configuration in - the repository. - - For more details, see: - https://cloud.google.com/cloud-build/docs/build-config - - --inline-config=PATH - Local path to a YAML or JSON file containing a build - configuration. - - Dockerfile build configuration flags - - --dockerfile=DOCKERFILE - Path of Dockerfile to use for builds in the repository. - - If specified, a build config will be generated to run docker - build using the specified file. - - The filename is relative to the Dockerfile directory. - - This flag argument must be specified if any of the other - arguments in this group are specified. - - --dockerfile-dir=DOCKERFILE_DIR; default="/" - Location of the directory containing the Dockerfile in the - repository. - - The directory will also be used as the Docker build context. - - --dockerfile-image=DOCKERFILE_IMAGE - Docker image name to build. - - If not specified, - gcr.io/PROJECT/github.com/REPO_OWNER/REPO_NAME:$COMMIT_SHA will - be used. - - Use a build configuration (cloudbuild.yaml) file for building - multiple images in a single trigger. - - Exactly one of these must be specified: - - 1st-gen repository settings. - - --gitlab-config-resource=GITLAB_CONFIG_RESOURCE - GitLab config resource name. - - This flag argument must be specified if any of the other - arguments in this group are specified. - - --project-namespace=PROJECT_NAMESPACE - GitLab project namespace. - - This flag argument must be specified if any of the other - arguments in this group are specified. - -GCLOUD WIDE FLAGS - These flags are available to all commands: --access-token-file, --account, - --billing-project, --configuration, --flags-file, --flatten, --format, - --help, --impersonate-service-account, --log-http, --project, --quiet, - --trace-token, --user-output-enabled, --verbosity. - - Run $ gcloud help for details. - -NOTES - These variants are also available: - - $ gcloud alpha builds triggers create gitlab-enterprise - - $ gcloud beta builds triggers create gitlab-enterprise - diff --git a/gcloud/builds/triggers/create/help b/gcloud/builds/triggers/create/help index c18a1b405..892daf30b 100644 --- a/gcloud/builds/triggers/create/help +++ b/gcloud/builds/triggers/create/help @@ -28,9 +28,6 @@ COMMANDS gitlab Create a build trigger for a 2nd-gen GitLab repository. - gitlab-enterprise - Create a build trigger for a GitLab Enterprise repository. - manual Create a build trigger with a manual trigger event. diff --git a/gcloud/composer/environments/create b/gcloud/composer/environments/create index 941e5613b..1e1f333a0 100644 --- a/gcloud/composer/environments/create +++ b/gcloud/composer/environments/create @@ -123,7 +123,7 @@ FLAGS created. If units are not provided, defaults to GB. --enable-high-resilience - Enable use of a high resilience, supported for Composer 2 Environments. + Enable high resilience, supported for Composer 2 Environments. --env-variables=[NAME=VALUE,...] A comma-delimited list of environment variable NAME=VALUE pairs to diff --git a/gcloud/composer/environments/update b/gcloud/composer/environments/update index 9fd5fca49..84a2ad2de 100644 --- a/gcloud/composer/environments/update +++ b/gcloud/composer/environments/update @@ -5,6 +5,7 @@ NAME SYNOPSIS gcloud composer environments update (ENVIRONMENT : --location=LOCATION) (--cloud-sql-machine-type=CLOUD_SQL_MACHINE_TYPE + | --disable-high-resilience | --enable-high-resilience | --environment-size=ENVIRONMENT_SIZE | --node-count=NODE_COUNT | --web-server-machine-type=WEB_SERVER_MACHINE_TYPE | --disable-master-authorized-networks @@ -89,6 +90,12 @@ REQUIRED FLAGS available machine types is available here: https://cloud.google.com/composer/pricing#db-machine-types. + --disable-high-resilience + Disable high resilience, supported for Composer 2 Environments. + + --enable-high-resilience + Enable high resilience, supported for Composer 2 Environments. + --environment-size=ENVIRONMENT_SIZE Size of the environment. Unspecified means that the default option will be chosen. ENVIRONMENT_SIZE must be one of: large, medium, diff --git a/gcloud/compute/backend-buckets/create b/gcloud/compute/backend-buckets/create index 91c7cc289..9cb5d7763 100644 --- a/gcloud/compute/backend-buckets/create +++ b/gcloud/compute/backend-buckets/create @@ -119,8 +119,8 @@ OPTIONAL FLAGS AUTOMATIC. --custom-response-header=CUSTOM_RESPONSE_HEADER - Custom headers that the external HTTP(S) load balancer adds to proxied - responses. For the list of headers, see Creating custom headers + Custom headers that the external Application Load Balancer adds to + proxied responses. For the list of headers, see Creating custom headers (https://cloud.google.com/load-balancing/docs/custom-headers). Variables are not case-sensitive. diff --git a/gcloud/compute/backend-buckets/update b/gcloud/compute/backend-buckets/update index 78f20082c..b4fadcfed 100644 --- a/gcloud/compute/backend-buckets/update +++ b/gcloud/compute/backend-buckets/update @@ -181,7 +181,7 @@ FLAGS At most one of these can be specified: --custom-response-header=CUSTOM_RESPONSE_HEADER - Custom headers that the external HTTP(S) load balancer adds to + Custom headers that the external Application Load Balancer adds to proxied responses. For the list of headers, see Creating custom headers (https://cloud.google.com/load-balancing/docs/custom-headers). diff --git a/gcloud/compute/backend-services/create b/gcloud/compute/backend-services/create index 72a6b33b8..412467b28 100644 --- a/gcloud/compute/backend-services/create +++ b/gcloud/compute/backend-services/create @@ -207,8 +207,8 @@ FLAGS --custom-request-header "another-header:" --custom-response-header=CUSTOM_RESPONSE_HEADER - Custom headers that the external HTTP(S) load balancer adds to proxied - responses. For the list of headers, see Creating custom headers + Custom headers that the external Application Load Balancer adds to + proxied responses. For the list of headers, see Creating custom headers (https://cloud.google.com/load-balancing/docs/custom-headers). Variables are not case-sensitive. @@ -243,13 +243,13 @@ FLAGS --drop-traffic-if-unhealthy Enable dropping of traffic if there are no healthy VMs detected in both the primary and backup instance groups. Not compatible with the - --global flag. Applicable only for backend service-based network load - balancers and internal TCP/UDP load balancers as part of a connection + --global flag. Applicable only for backend service-based external and + internal passthrough Network Load Balancers as part of a connection tracking policy. For details, see: Connection persistence on unhealthy - backends for internal TCP/UDP load balancing + backends for internal passthrough Network Load Balancers (https://cloud.google.com/load-balancing/docs/internal#connection-persistence) - and Connection persistence on unhealthy backends for network load - balancing + and Connection persistence on unhealthy backends for external + passthrough Network Load Balancers (https://cloud.google.com/load-balancing/docs/network/networklb-backend-service#connection-persistence). --[no-]enable-cdn @@ -262,9 +262,9 @@ FLAGS --[no-]enable-logging The logging options for the load balancer traffic served by this backend service. If logging is enabled, logs will be exported to Cloud - Logging. Disabled by default. This field cannot be specified for SSL - Proxy and TCP Proxy Load Balancing. Use --enable-logging to enable and - --no-enable-logging to disable. + Logging. Disabled by default. This field cannot be specified for global + external proxy Network Load Balancers. Use --enable-logging to enable + and --no-enable-logging to disable. --[no-]enable-strong-affinity Enable or disable strong session affinity. This is only available for @@ -287,9 +287,9 @@ FLAGS health of the backend service. Legacy health checks are not recommended for backend services. It is - possible to use a legacy health check on a backend service for a - HTTP(S) load balancer if that backend service uses instance groups. For - more information, refer to this guide: + possible to use a legacy health check on a backend service for an + Application Load Balancer if that backend service uses instance groups. + For more information, refer to this guide: https://cloud.google.com/load-balancing/docs/health-check-concepts#lb_guide. --https-health-checks=HTTPS_HEALTH_CHECK,[...] @@ -297,9 +297,9 @@ FLAGS health of the backend service. Legacy health checks are not recommended for backend services. It is - possible to use a legacy health check on a backend service for a - HTTP(S) load balancer if that backend service uses instance groups. For - more information, refer to this guide: + possible to use a legacy health check on a backend service for an + Application Load Balancer if that backend service uses instance groups. + For more information, refer to this guide: https://cloud.google.com/load-balancing/docs/health-check-concepts#lb_guide. --iap=disabled|enabled,[oauth2-client-id=OAUTH2-CLIENT-ID,oauth2-client-secret=OAUTH2-CLIENT-SECRET] @@ -314,19 +314,20 @@ FLAGS --idle-timeout-sec=IDLE_TIMEOUT_SEC Specifies how long to keep a connection tracking table entry while there is no matching traffic (in seconds). Applicable only for backend - service-based network load balancers and internal TCP/UDP load - balancers as part of a connection tracking policy. + service-based external and internal passthrough Network Load Balancers + as part of a connection tracking policy. --load-balancing-scheme=LOAD_BALANCING_SCHEME; default="EXTERNAL" Specifies the load balancer type. Choose EXTERNAL for the classic - HTTP(S) load balancers, the external TCP/UDP network load balancers, - and the external TCP/SSL proxy load balancers. Choose EXTERNAL_MANAGED - for the Envoy-based global and regional external HTTP(S) load - balancers. Choose INTERNAL for internal TCP/UDP load balancers. Choose - INTERNAL_MANAGED for Envoy-based internal load balancers such as the - internal HTTP(S) load balancers and the internal TCP proxy load - balancers. Choose INTERNAL_SELF_MANAGED for Traffic Director. For more - information, refer to this guide: + Application Load Balancers, the external passthrough Network Load + Balancers, and the global external proxy Network Load Balancers. Choose + EXTERNAL_MANAGED for the Envoy-based global and regional external + Application Load Balancers, and the regional external proxy Network + Load Balancers. Choose INTERNAL for the internal passthrough Network + Load Balancers. Choose INTERNAL_MANAGED for Envoy-based internal load + balancers such as the internal Application Load Balancers and the + internal proxy Network Load Balancers. Choose INTERNAL_SELF_MANAGED for + Traffic Director. For more information, refer to this guide: https://cloud.google.com/load-balancing/docs/choosing-load-balancer. LOAD_BALANCING_SCHEME must be one of: INTERNAL, EXTERNAL, INTERNAL_SELF_MANAGED, EXTERNAL_MANAGED, INTERNAL_MANAGED. @@ -341,8 +342,8 @@ FLAGS This field can only be specified if logging is enabled for the backend service. Configures whether all, none, or a subset of optional fields should be added to the reported logs. Default is EXCLUDE_ALL_OPTIONAL. - This field can only be specified for Internal TCP/UDP Load Balancing - and External Network Load Balancing. LOGGING_OPTIONAL must be one of: + This field can only be specified for internal and external passthrough + Network Load Balancers. LOGGING_OPTIONAL must be one of: EXCLUDE_ALL_OPTIONAL, INCLUDE_ALL_OPTIONAL, CUSTOM. --logging-optional-fields=[LOGGING_OPTIONAL_FIELDS,...] @@ -351,7 +352,7 @@ FLAGS comma-separated list of optional fields you want to include in the logs. For example: serverInstance, serverGkeDetails.cluster, serverGkeDetails.pod.podNamespace. This can only be specified for - Internal TCP/UDP Load Balancing and External Network Load Balancing. + internal and external passthrough Network Load Balancers. --logging-sample-rate=LOGGING_SAMPLE_RATE This field can only be specified if logging is enabled for the backend @@ -444,9 +445,9 @@ FLAGS load-balancing-scheme is INTERNAL. --port-name=PORT_NAME - Backend services for external HTTP(S) load balancing, internal HTTP(S) - load balancing, TCP proxy load balancing, and SSL proxy load balancing - must reference exactly one named port if using instance group backends. + Backend services for Application Load Balancers and proxy Network Load + Balancers must reference exactly one named port if using instance group + backends. Each instance group backend exports one or more named ports, which map a user-configurable name to a port number. The backend service's named @@ -461,8 +462,8 @@ FLAGS ◆ For any load balancer, if the backends are not instance groups (for example, GCE_VM_IP_PORT NEGs). - ◆ For any type of backend on a backend service for internal TCP/UDP - load balancing or external TCP/UDP network load balancing. + ◆ For any type of backend on a backend service for internal or + external passthrough Network Load Balancers. See also https://cloud.google.com/load-balancing/docs/backend-service#named_ports. @@ -470,26 +471,26 @@ FLAGS --protocol=PROTOCOL Protocol for incoming requests. - If the load-balancing-scheme is INTERNAL (Internal TCP/UDP Load - Balancing), the protocol must be one of: TCP, UDP, UNSPECIFIED. + If the load-balancing-scheme is INTERNAL (Internal passthrough Network + Load Balancer), the protocol must be one of: TCP, UDP, UNSPECIFIED. If the load-balancing-scheme is INTERNAL_SELF_MANAGED (Traffic Director), the protocol must be one of: HTTP, HTTPS, HTTP2, GRPC. - If the load-balancing-scheme is INTERNAL_MANAGED (Internal HTTP(S) Load - Balancing), the protocol must be one of: HTTP, HTTPS, HTTP2. + If the load-balancing-scheme is INTERNAL_MANAGED (Internal Application + Load Balancer), the protocol must be one of: HTTP, HTTPS, HTTP2. - If the load-balancing-scheme is EXTERNAL and region is not set - (HTTP(S), SSL Proxy, or TCP Proxy Load Balancing), the protocol must be - one of: HTTP, HTTPS, HTTP2, SSL, TCP. + If the load-balancing-scheme is EXTERNAL and region is not set (Classic + Application Load Balancer and global external proxy Network Load + Balancer), the protocol must be one of: HTTP, HTTPS, HTTP2, SSL, TCP. If the load-balancing-scheme is EXTERNAL and region is set (External - Network Load Balancing), the protocol must be one of: TCP, UDP, - UNSPECIFIED. + passthrough Network Load Balancer), the protocol must be one of: TCP, + UDP, UNSPECIFIED. - If the load-balancing-scheme is EXTERNAL_MANAGED (Envoy based External - HTTP(S) Load Balancing), the protocol must be one of: HTTP, HTTPS, - HTTP2. + If the load-balancing-scheme is EXTERNAL_MANAGED (Envoy based Global + and regional external Application Load Balancers), the protocol must be + one of: HTTP, HTTPS, HTTP2. --[no-]request-coalescing Enables request coalescing to the backend (recommended). @@ -610,11 +611,11 @@ FLAGS one of: NONE, CONSISTENT_HASH_SUBSETTING. --timeout=TIMEOUT; default="30s" - Applicable to all load balancing products except Internal TCP/UDP Load - Balancing and External TCP/UDP Network Load Balancing. For Internal - TCP/UDP Load Balancing (load-balancing-scheme set to INTERNAL) and - External TCP/UDP Network Load Balancing (global not set and - load-balancing-scheme set to EXTERNAL), timeout is ignored. + Applicable to all load balancing products except passthrough Network + Load Balancers. For internal passthrough Network Load Balancers + (load-balancing-scheme set to INTERNAL) and external passthrough + Network Load Balancers (global not set and load-balancing-scheme set to + EXTERNAL), timeout is ignored. If the protocol is HTTP, HTTPS, or HTTP2, timeout is a request/response timeout for HTTP(S) traffic, meaning the amount of time that the load @@ -639,11 +640,12 @@ FLAGS --tracking-mode=TRACKING_MODE Specifies the connection key used for connection tracking. The default value is PER_CONNECTION. Applicable only for backend service-based - network load balancers and internal TCP/UDP load balancers as part of a + external and internal passthrough Network Load Balancers as part of a connection tracking policy. For details, see: Connection tracking mode - for internal TCP/UDP load balancing + for internal passthrough Network Load Balancers balancing (https://cloud.google.com/load-balancing/docs/internal#tracking-mode) - and Connection tracking mode for network load balancing + and Connection tracking mode for external passthrough Network Load + Balancers (https://cloud.google.com/load-balancing/docs/network/networklb-backend-service#tracking-mode). TRACKING_MODE must be one of: PER_CONNECTION, PER_SESSION. diff --git a/gcloud/compute/backend-services/update b/gcloud/compute/backend-services/update index db9a96b53..992666ef0 100644 --- a/gcloud/compute/backend-services/update +++ b/gcloud/compute/backend-services/update @@ -153,13 +153,13 @@ FLAGS --drop-traffic-if-unhealthy Enable dropping of traffic if there are no healthy VMs detected in both the primary and backup instance groups. Not compatible with the - --global flag. Applicable only for backend service-based network load - balancers and internal TCP/UDP load balancers as part of a connection + --global flag. Applicable only for backend service-based external and + internal passthrough Network Load Balancers as part of a connection tracking policy. For details, see: Connection persistence on unhealthy - backends for internal TCP/UDP load balancing + backends for internal passthrough Network Load Balancers (https://cloud.google.com/load-balancing/docs/internal#connection-persistence) - and Connection persistence on unhealthy backends for network load - balancing + and Connection persistence on unhealthy backends for external + passthrough Network Load Balancers (https://cloud.google.com/load-balancing/docs/network/networklb-backend-service#connection-persistence). --edge-security-policy=EDGE_SECURITY_POLICY @@ -177,9 +177,9 @@ FLAGS --[no-]enable-logging The logging options for the load balancer traffic served by this backend service. If logging is enabled, logs will be exported to Cloud - Logging. Disabled by default. This field cannot be specified for SSL - Proxy and TCP Proxy Load Balancing. Use --enable-logging to enable and - --no-enable-logging to disable. + Logging. Disabled by default. This field cannot be specified for global + external proxy Network Load Balancers. Use --enable-logging to enable + and --no-enable-logging to disable. --[no-]enable-strong-affinity Enable or disable strong session affinity. This is only available for @@ -206,9 +206,9 @@ FLAGS health of the backend service. Legacy health checks are not recommended for backend services. It is - possible to use a legacy health check on a backend service for a - HTTP(S) load balancer if that backend service uses instance groups. For - more information, refer to this guide: + possible to use a legacy health check on a backend service for an + Application Load Balancer if that backend service uses instance groups. + For more information, refer to this guide: https://cloud.google.com/load-balancing/docs/health-check-concepts#lb_guide. --https-health-checks=HTTPS_HEALTH_CHECK,[...] @@ -216,9 +216,9 @@ FLAGS health of the backend service. Legacy health checks are not recommended for backend services. It is - possible to use a legacy health check on a backend service for a - HTTP(S) load balancer if that backend service uses instance groups. For - more information, refer to this guide: + possible to use a legacy health check on a backend service for an + Application Load Balancer if that backend service uses instance groups. + For more information, refer to this guide: https://cloud.google.com/load-balancing/docs/health-check-concepts#lb_guide. --iap=disabled|enabled,[oauth2-client-id=OAUTH2-CLIENT-ID,oauth2-client-secret=OAUTH2-CLIENT-SECRET] @@ -235,8 +235,8 @@ FLAGS --idle-timeout-sec=IDLE_TIMEOUT_SEC Specifies how long to keep a connection tracking table entry while there is no matching traffic (in seconds). Applicable only for backend - service-based network load balancers and internal TCP/UDP load - balancers as part of a connection tracking policy. + service-based external and internal passthrough Network Load Balancers + as part of a connection tracking policy. --locality-lb-policy=LOCALITY_LB_POLICY The load balancing algorithm used within the scope of the locality. @@ -248,8 +248,8 @@ FLAGS This field can only be specified if logging is enabled for the backend service. Configures whether all, none, or a subset of optional fields should be added to the reported logs. Default is EXCLUDE_ALL_OPTIONAL. - This field can only be specified for Internal TCP/UDP Load Balancing - and External Network Load Balancing. LOGGING_OPTIONAL must be one of: + This field can only be specified for internal and external passthrough + Network Load Balancers. LOGGING_OPTIONAL must be one of: EXCLUDE_ALL_OPTIONAL, INCLUDE_ALL_OPTIONAL, CUSTOM. --logging-optional-fields=[LOGGING_OPTIONAL_FIELDS,...] @@ -258,7 +258,7 @@ FLAGS comma-separated list of optional fields you want to include in the logs. For example: serverInstance, serverGkeDetails.cluster, serverGkeDetails.pod.podNamespace. This can only be specified for - Internal TCP/UDP Load Balancing and External Network Load Balancing. + internal and external passthrough Network Load Balancers. --logging-sample-rate=LOGGING_SAMPLE_RATE This field can only be specified if logging is enabled for the backend @@ -269,9 +269,9 @@ FLAGS enabled and 0.0 otherwise. --port-name=PORT_NAME - Backend services for external HTTP(S) load balancing, internal HTTP(S) - load balancing, TCP proxy load balancing, and SSL proxy load balancing - must reference exactly one named port if using instance group backends. + Backend services for Application Load Balancers and proxy Network Load + Balancers must reference exactly one named port if using instance group + backends. Each instance group backend exports one or more named ports, which map a user-configurable name to a port number. The backend service's named @@ -286,8 +286,8 @@ FLAGS ◆ For any load balancer, if the backends are not instance groups (for example, GCE_VM_IP_PORT NEGs). - ◆ For any type of backend on a backend service for internal TCP/UDP - load balancing or external TCP/UDP network load balancing. + ◆ For any type of backend on a backend service for internal or + external passthrough Network Load Balancers. See also https://cloud.google.com/load-balancing/docs/backend-service#named_ports. @@ -295,26 +295,26 @@ FLAGS --protocol=PROTOCOL Protocol for incoming requests. - If the load-balancing-scheme is INTERNAL (Internal TCP/UDP Load - Balancing), the protocol must be one of: TCP, UDP, UNSPECIFIED. + If the load-balancing-scheme is INTERNAL (Internal passthrough Network + Load Balancer), the protocol must be one of: TCP, UDP, UNSPECIFIED. If the load-balancing-scheme is INTERNAL_SELF_MANAGED (Traffic Director), the protocol must be one of: HTTP, HTTPS, HTTP2, GRPC. - If the load-balancing-scheme is INTERNAL_MANAGED (Internal HTTP(S) Load - Balancing), the protocol must be one of: HTTP, HTTPS, HTTP2. + If the load-balancing-scheme is INTERNAL_MANAGED (Internal Application + Load Balancer), the protocol must be one of: HTTP, HTTPS, HTTP2. - If the load-balancing-scheme is EXTERNAL and region is not set - (HTTP(S), SSL Proxy, or TCP Proxy Load Balancing), the protocol must be - one of: HTTP, HTTPS, HTTP2, SSL, TCP. + If the load-balancing-scheme is EXTERNAL and region is not set (Classic + Application Load Balancer and global external proxy Network Load + Balancer), the protocol must be one of: HTTP, HTTPS, HTTP2, SSL, TCP. If the load-balancing-scheme is EXTERNAL and region is set (External - Network Load Balancing), the protocol must be one of: TCP, UDP, - UNSPECIFIED. + passthrough Network Load Balancer), the protocol must be one of: TCP, + UDP, UNSPECIFIED. - If the load-balancing-scheme is EXTERNAL_MANAGED (Envoy based External - HTTP(S) Load Balancing), the protocol must be one of: HTTP, HTTPS, - HTTP2. + If the load-balancing-scheme is EXTERNAL_MANAGED (Envoy based Global + and regional external Application Load Balancers), the protocol must be + one of: HTTP, HTTPS, HTTP2. --[no-]request-coalescing Enables request coalescing to the backend (recommended). @@ -415,11 +415,11 @@ FLAGS one of: NONE, CONSISTENT_HASH_SUBSETTING. --timeout=TIMEOUT - Applicable to all load balancing products except Internal TCP/UDP Load - Balancing and External TCP/UDP Network Load Balancing. For Internal - TCP/UDP Load Balancing (load-balancing-scheme set to INTERNAL) and - External TCP/UDP Network Load Balancing (global not set and - load-balancing-scheme set to EXTERNAL), timeout is ignored. + Applicable to all load balancing products except passthrough Network + Load Balancers. For internal passthrough Network Load Balancers + (load-balancing-scheme set to INTERNAL) and external passthrough + Network Load Balancers (global not set and load-balancing-scheme set to + EXTERNAL), timeout is ignored. If the protocol is HTTP, HTTPS, or HTTP2, timeout is a request/response timeout for HTTP(S) traffic, meaning the amount of time that the load @@ -444,11 +444,12 @@ FLAGS --tracking-mode=TRACKING_MODE Specifies the connection key used for connection tracking. The default value is PER_CONNECTION. Applicable only for backend service-based - network load balancers and internal TCP/UDP load balancers as part of a + external and internal passthrough Network Load Balancers as part of a connection tracking policy. For details, see: Connection tracking mode - for internal TCP/UDP load balancing + for internal passthrough Network Load Balancers balancing (https://cloud.google.com/load-balancing/docs/internal#tracking-mode) - and Connection tracking mode for network load balancing + and Connection tracking mode for external passthrough Network Load + Balancers (https://cloud.google.com/load-balancing/docs/network/networklb-backend-service#tracking-mode). TRACKING_MODE must be one of: PER_CONNECTION, PER_SESSION. @@ -547,7 +548,7 @@ FLAGS At most one of these can be specified: --custom-response-header=CUSTOM_RESPONSE_HEADER - Custom headers that the external HTTP(S) load balancer adds to + Custom headers that the external Application Load Balancer adds to proxied responses. For the list of headers, see Creating custom headers (https://cloud.google.com/load-balancing/docs/custom-headers). diff --git a/gcloud/compute/forwarding-rules/create b/gcloud/compute/forwarding-rules/create index 6d707993c..9285c5d52 100644 --- a/gcloud/compute/forwarding-rules/create +++ b/gcloud/compute/forwarding-rules/create @@ -241,22 +241,25 @@ OPTIONAL FLAGS forwarding rules. LOAD_BALANCING_SCHEME must be one of: EXTERNAL - External load balancing or forwarding, used with one of - --target-http-proxy, --target-https-proxy, --target-tcp-proxy, - --target-ssl-proxy, --target-pool, --target-vpn-gateway, - --target-instance. + Classic Application Load Balancers, global external proxy Network + Load Balancers, external passthrough Network Load Balancers or + protocol forwarding, used with one of --target-http-proxy, + --target-https-proxy, --target-tcp-proxy, --target-ssl-proxy, + --target-pool, --target-vpn-gateway, --target-instance. EXTERNAL_MANAGED - Envoy based External HTTP(S) Load Balancing, used with - --target-http-proxy, --target-https-proxy. + Global and regional external Application Load Balancers, and + regional external proxy Network Load Balancers, used with + --target-http-proxy, --target-https-proxy, --target-tcp-proxy. INTERNAL - Internal load balancing or forwarding, used with --backend-service. + Internal passthrough Network Load Balancers or protocol forwarding, + used with --backend-service. INTERNAL_MANAGED - Internal load balancing, used with --target-http-proxy, - --target-https-proxy, --target-tcp-proxy. - INTERNAL_SELF_MANAGED - Traffic Director load balancing or forwarding, used with - --target-http-proxy, --target-https-proxy, --target-grpc-proxy, + Internal Application Load Balancers and internal proxy Network Load + Balancers, used with --target-http-proxy, --target-https-proxy, --target-tcp-proxy. + INTERNAL_SELF_MANAGED + Traffic Director, used with --target-http-proxy, + --target-https-proxy, --target-grpc-proxy, --target-tcp-proxy. --network=NETWORK (Only for --load-balancing-scheme=INTERNAL or diff --git a/gcloud/compute/forwarding-rules/set-target b/gcloud/compute/forwarding-rules/set-target index 117d1ed9f..c7134eeec 100644 --- a/gcloud/compute/forwarding-rules/set-target +++ b/gcloud/compute/forwarding-rules/set-target @@ -138,22 +138,25 @@ OPTIONAL FLAGS of: EXTERNAL - External load balancing or forwarding, used with one of - --target-http-proxy, --target-https-proxy, --target-tcp-proxy, - --target-ssl-proxy, --target-pool, --target-vpn-gateway, - --target-instance. + Classic Application Load Balancers, global external proxy Network + Load Balancers, external passthrough Network Load Balancers or + protocol forwarding, used with one of --target-http-proxy, + --target-https-proxy, --target-tcp-proxy, --target-ssl-proxy, + --target-pool, --target-vpn-gateway, --target-instance. EXTERNAL_MANAGED - Envoy based External HTTP(S) Load Balancing, used with - --target-http-proxy, --target-https-proxy. + Global and regional external Application Load Balancers, and + regional external proxy Network Load Balancers, used with + --target-http-proxy, --target-https-proxy, --target-tcp-proxy. INTERNAL - Internal load balancing or forwarding, used with --backend-service. + Internal passthrough Network Load Balancers or protocol forwarding, + used with --backend-service. INTERNAL_MANAGED - Internal load balancing, used with --target-http-proxy, - --target-https-proxy, --target-tcp-proxy. - INTERNAL_SELF_MANAGED - Traffic Director load balancing or forwarding, used with - --target-http-proxy, --target-https-proxy, --target-grpc-proxy, + Internal Application Load Balancers and internal proxy Network Load + Balancers, used with --target-http-proxy, --target-https-proxy, --target-tcp-proxy. + INTERNAL_SELF_MANAGED + Traffic Director, used with --target-http-proxy, + --target-https-proxy, --target-grpc-proxy, --target-tcp-proxy. --network=NETWORK (DEPRECATED) Only for --load-balancing-scheme=INTERNAL or diff --git a/gcloud/compute/http-health-checks/create b/gcloud/compute/http-health-checks/create index d72b77afb..06e50a1c4 100644 --- a/gcloud/compute/http-health-checks/create +++ b/gcloud/compute/http-health-checks/create @@ -14,11 +14,11 @@ SYNOPSIS DESCRIPTION Legacy HTTP health checks are required if you want to implement health - checking of a target pool for a Network TCP/UDP Load Balancer. Though you - can use legacy HTTP health checks in certain other Google Cloud Platform - load balancing configurations and for managed instance group autohealing, - you should consider a non-legacy HTTP health check created with - health-checks create http instead. + checking for a target pool backend of an external passthrough Network Load + Balancer. Though you can use legacy HTTP health checks in certain other + Google Cloud Platform load balancing configurations and for managed + instance group autohealing, you should consider a non-legacy HTTP health + check created with health-checks create http instead. For more information about the differences between legacy and non-legacy health checks see: diff --git a/gcloud/compute/instance-groups/get-named-ports b/gcloud/compute/instance-groups/get-named-ports index 98154c477..909965856 100644 --- a/gcloud/compute/instance-groups/get-named-ports +++ b/gcloud/compute/instance-groups/get-named-ports @@ -12,7 +12,8 @@ DESCRIPTION Named ports are key:value pairs metadata representing the service name and the port that it's running on. Named ports can be assigned to an instance group, which indicates that the service is available on all instances in - the group. This information is used by the HTTP Load Balancing service. + the group. This information is used by Application Load Balancers and proxy + Network Load Balancers. gcloud compute instance-groups get-named-ports lists the named ports (name and port tuples) for an instance group. diff --git a/gcloud/compute/instance-groups/managed/create b/gcloud/compute/instance-groups/managed/create index 24ab664f7..5f82fe05b 100644 --- a/gcloud/compute/instance-groups/managed/create +++ b/gcloud/compute/instance-groups/managed/create @@ -5,8 +5,8 @@ NAME SYNOPSIS gcloud compute instance-groups managed create NAME --size=SIZE --template=TEMPLATE [--base-instance-name=BASE_INSTANCE_NAME] - [--description=DESCRIPTION] [--initial-delay=INITIAL_DELAY] - [--instance-redistribution-type=TYPE] + [--description=DESCRIPTION] [--[no-]force-update-on-repair] + [--initial-delay=INITIAL_DELAY] [--instance-redistribution-type=TYPE] [--list-managed-instances-results=MODE] [--stateful-disk=[auto-delete=AUTO-DELETE],[device-name=DEVICE-NAME]] [--target-distribution-shape=SHAPE] [--target-pool=[TARGET_POOL,...]] @@ -70,6 +70,16 @@ OPTIONAL FLAGS --description=DESCRIPTION An optional description for this group. + --[no-]force-update-on-repair + Specifies whether to apply the group's latest configuration when + repairing a VM. If you updated the group's instance template or + per-instance configurations after the VM was created, then these + changes are applied when VM is repaired. If this flag is disabled with + -no-force-update-on-repair, then updates are applied in accordance with + the group's update policy type. By default, this flag is disabled. Use + --force-update-on-repair to enable and --no-force-update-on-repair to + disable. + --initial-delay=INITIAL_DELAY Specifies the number of seconds that a new VM takes to initialize and run its startup script. During a VM's initial delay period, the MIG diff --git a/gcloud/compute/instance-groups/managed/get-named-ports b/gcloud/compute/instance-groups/managed/get-named-ports index f3360974d..3c175fd35 100644 --- a/gcloud/compute/instance-groups/managed/get-named-ports +++ b/gcloud/compute/instance-groups/managed/get-named-ports @@ -12,7 +12,8 @@ DESCRIPTION Named ports are key:value pairs metadata representing the service name and the port that it's running on. Named ports can be assigned to an instance group, which indicates that the service is available on all instances in - the group. This information is used by the HTTP Load Balancing service. + the group. This information is used by Application Load Balancers and proxy + Network Load Balancers. gcloud compute instance-groups managed get-named-ports lists the named ports (name and port tuples) for an instance group. diff --git a/gcloud/compute/instance-groups/managed/set-named-ports b/gcloud/compute/instance-groups/managed/set-named-ports index 5c4a2239d..665e19ab1 100644 --- a/gcloud/compute/instance-groups/managed/set-named-ports +++ b/gcloud/compute/instance-groups/managed/set-named-ports @@ -11,7 +11,8 @@ DESCRIPTION Named ports are key:value pairs metadata representing the service name and the port that it's running on. Named ports can be assigned to an instance group, which indicates that the service is available on all instances in - the group. This information is used by the HTTP Load Balancing service. + the group. This information is used by Application Load Balancers and proxy + Network Load Balancers. gcloud compute instance-groups managed set-named-ports sets the list of named ports for all instances in an instance group. diff --git a/gcloud/compute/instance-groups/managed/update b/gcloud/compute/instance-groups/managed/update index 170d184ed..962c7d15c 100644 --- a/gcloud/compute/instance-groups/managed/update +++ b/gcloud/compute/instance-groups/managed/update @@ -4,7 +4,8 @@ NAME SYNOPSIS gcloud compute instance-groups managed update NAME - [--description=DESCRIPTION] [--instance-redistribution-type=TYPE] + [--description=DESCRIPTION] [--[no-]force-update-on-repair] + [--instance-redistribution-type=TYPE] [--list-managed-instances-results=MODE] [--remove-stateful-disks=DEVICE_NAME,[DEVICE_NAME,...]] [--stateful-disk=[auto-delete=AUTO-DELETE],[device-name=DEVICE-NAME]] @@ -57,6 +58,16 @@ FLAGS An optional description for this group. To clear the description, set the value to an empty string. + --[no-]force-update-on-repair + Specifies whether to apply the group's latest configuration when + repairing a VM. If you updated the group's instance template or + per-instance configurations after the VM was created, then these + changes are applied when VM is repaired. If this flag is disabled with + -no-force-update-on-repair, then updates are applied in accordance with + the group's update policy type. By default, this flag is disabled. Use + --force-update-on-repair to enable and --no-force-update-on-repair to + disable. + --instance-redistribution-type=TYPE Specifies the type of the instance redistribution policy. An instance redistribution type lets you enable or disable automatic instance diff --git a/gcloud/compute/instance-groups/set-named-ports b/gcloud/compute/instance-groups/set-named-ports index b2f2c4de3..7efa6b201 100644 --- a/gcloud/compute/instance-groups/set-named-ports +++ b/gcloud/compute/instance-groups/set-named-ports @@ -11,7 +11,8 @@ DESCRIPTION Named ports are key:value pairs metadata representing the service name and the port that it's running on. Named ports can be assigned to an instance group, which indicates that the service is available on all instances in - the group. This information is used by the HTTP Load Balancing service. + the group. This information is used by Application Load Balancers and proxy + Network Load Balancers. gcloud compute instance-groups set-named-ports sets the list of named ports for all instances in an instance group. diff --git a/gcloud/compute/instance-groups/unmanaged/get-named-ports b/gcloud/compute/instance-groups/unmanaged/get-named-ports index 18a3d0a49..9bf9fed6e 100644 --- a/gcloud/compute/instance-groups/unmanaged/get-named-ports +++ b/gcloud/compute/instance-groups/unmanaged/get-named-ports @@ -11,7 +11,8 @@ DESCRIPTION Named ports are key:value pairs metadata representing the service name and the port that it's running on. Named ports can be assigned to an instance group, which indicates that the service is available on all instances in - the group. This information is used by the HTTP Load Balancing service. + the group. This information is used by Application Load Balancers and proxy + Network Load Balancers. gcloud compute instance-groups unmanaged get-named-ports lists the named ports (name and port tuples) for an instance group. diff --git a/gcloud/compute/instance-groups/unmanaged/set-named-ports b/gcloud/compute/instance-groups/unmanaged/set-named-ports index 6c218627e..673755509 100644 --- a/gcloud/compute/instance-groups/unmanaged/set-named-ports +++ b/gcloud/compute/instance-groups/unmanaged/set-named-ports @@ -10,7 +10,8 @@ DESCRIPTION Named ports are key:value pairs metadata representing the service name and the port that it's running on. Named ports can be assigned to an instance group, which indicates that the service is available on all instances in - the group. This information is used by the HTTP Load Balancing service. + the group. This information is used by Application Load Balancers and proxy + Network Load Balancers. gcloud compute instance-groups unmanaged set-named-ports sets the list of named ports for all instances in an instance group. diff --git a/gcloud/compute/resource-policies/help b/gcloud/compute/resource-policies/help index 27c17b2c8..7636173ca 100644 --- a/gcloud/compute/resource-policies/help +++ b/gcloud/compute/resource-policies/help @@ -25,6 +25,9 @@ GROUPS create Create Compute Engine Resource Policies. + update + Update Compute Engine Resource Policies. + COMMANDS COMMAND is one of the following: diff --git a/gcloud/compute/resource-policies/update/help b/gcloud/compute/resource-policies/update/help new file mode 100644 index 000000000..5c7da19b1 --- /dev/null +++ b/gcloud/compute/resource-policies/update/help @@ -0,0 +1,28 @@ +NAME + gcloud compute resource-policies update - update Compute Engine Resource + Policies + +SYNOPSIS + gcloud compute resource-policies update COMMAND [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + Update Compute Engine Resource Policies. + +GCLOUD WIDE FLAGS + These flags are available to all commands: --help. + + Run $ gcloud help for details. + +COMMANDS + COMMAND is one of the following: + + snapshot-schedule + Update a Compute Engine Snapshot Schedule Resource Policy. + +NOTES + These variants are also available: + + $ gcloud alpha compute resource-policies update + + $ gcloud beta compute resource-policies update + diff --git a/gcloud/compute/resource-policies/update/snapshot-schedule b/gcloud/compute/resource-policies/update/snapshot-schedule new file mode 100644 index 000000000..b63432676 --- /dev/null +++ b/gcloud/compute/resource-policies/update/snapshot-schedule @@ -0,0 +1,130 @@ +NAME + gcloud compute resource-policies update snapshot-schedule - update a + Compute Engine Snapshot Schedule Resource Policy + +SYNOPSIS + gcloud compute resource-policies update snapshot-schedule NAME + [--description=DESCRIPTION] [--max-retention-days=MAX_RETENTION_DAYS] + [--on-source-disk-delete=ON_SOURCE_DISK_DELETE] [--region=REGION] + [--snapshot-labels=[KEY=VALUE,...]] + [--weekly-schedule-from-file=WEEKLY_CYCLE_FROM_FILE + | --start-time=START_TIME (--daily-schedule | --hourly-schedule=HOURS + | --weekly-schedule=WEEKLY_CYCLE)] [GCLOUD_WIDE_FLAG ...] + +DESCRIPTION + Update a Compute Engine Snapshot Schedule Resource Policy. + +EXAMPLES + The following command updates a Compute Engine Snapshot Schedule Resource + Policy to take a daily snapshot at 13:00 UTC + + $ gcloud compute resource-policies update snapshot-schedule \ + my-resource-policy --region=REGION --start-time=13:00 \ + --daily-schedule + +POSITIONAL ARGUMENTS + NAME + Name of the resource policy to operate on. + +FLAGS + --description=DESCRIPTION + An optional, textual description for the backend. + + --max-retention-days=MAX_RETENTION_DAYS + Maximum number of days snapshot can be retained. + + --on-source-disk-delete=ON_SOURCE_DISK_DELETE + Retention behavior of automatic snapshots in the event of source disk + deletion. ON_SOURCE_DISK_DELETE must be one of: + + apply-retention-policy + Continue to apply the retention window to automatically-created + snapshots when the source disk is deleted. + keep-auto-snapshots + Keep automatically-created snapshots when the source disk is + deleted. This is the default behavior. + + --region=REGION + Region of the resource policy to operate on. If not specified, you + might be prompted to select a region (interactive mode only). + + To avoid prompting when this flag is omitted, you can set the + compute/region property: + + $ gcloud config set compute/region REGION + + A list of regions can be fetched by running: + + $ gcloud compute regions list + + To unset the property, run: + + $ gcloud config unset compute/region + + Alternatively, the region can be stored in the environment variable + CLOUDSDK_COMPUTE_REGION. + + --snapshot-labels=[KEY=VALUE,...] + List of label KEY=VALUE pairs to add. + + Keys must start with a lowercase character and contain only hyphens + (-), underscores (_), lowercase characters, and numbers. Values must + contain only hyphens (-), underscores (_), lowercase characters, and + numbers. + + The label is added to each snapshot created by the schedule. + + Cycle Frequency Group. + + At most one of these can be specified: + + Using a file: + + --weekly-schedule-from-file=WEEKLY_CYCLE_FROM_FILE + A JSON/YAML file which specifies a weekly schedule. The file should + contain the following fields: + + day: Day of the week with the same choices as --weekly-schedule. + startTime: Start time of the snapshot schedule with the same format + as --start-time. + + For more information about using a file, see + https://cloud.google.com/compute/docs/disks/scheduled-snapshots#create_snapshot_schedule + + Using command flags: + + --start-time=START_TIME + Start time for the disk snapshot schedule in UTC. For example, + --start-time="15:00". + + This flag argument must be specified if any of the other arguments + in this group are specified. + + Exactly one of these must be specified: + + --daily-schedule + Snapshot schedule starts daily at START_TIME. + + --hourly-schedule=HOURS + Snapshot schedule occurs every n hours starting at START_TIME. + + --weekly-schedule=WEEKLY_CYCLE + Snapshot schedule occurs weekly on WEEKLY_SCHEDULE at START_TIME. + WEEKLY_CYCLE must be one of: monday, tuesday, wednesday, + thursday, friday, saturday, sunday. + +GCLOUD WIDE FLAGS + These flags are available to all commands: --access-token-file, --account, + --billing-project, --configuration, --flags-file, --flatten, --format, + --help, --impersonate-service-account, --log-http, --project, --quiet, + --trace-token, --user-output-enabled, --verbosity. + + Run $ gcloud help for details. + +NOTES + These variants are also available: + + $ gcloud alpha compute resource-policies update snapshot-schedule + + $ gcloud beta compute resource-policies update snapshot-schedule + diff --git a/gcloud/compute/ssl-certificates/help b/gcloud/compute/ssl-certificates/help index 330014e66..57c6de0e9 100644 --- a/gcloud/compute/ssl-certificates/help +++ b/gcloud/compute/ssl-certificates/help @@ -7,8 +7,8 @@ SYNOPSIS DESCRIPTION Read and manipulate SSL certificates that encrypt traffic between clients - and a load balancer. The relevant load balancer types are SSL Proxy, - external HTTPS, and internal HTTPS. + and a load balancer. The relevant load balancer types are Application Load + Balancers and proxy Network Load Balancers. For more information about SSL certificates, see the SSL certificates documentation diff --git a/gcloud/container/clusters/create b/gcloud/container/clusters/create index eab8b4e6a..f636d9649 100644 --- a/gcloud/container/clusters/create +++ b/gcloud/container/clusters/create @@ -27,18 +27,18 @@ SYNOPSIS [--enable-cost-allocation] [--enable-dataplane-v2] [--enable-google-cloud-access] [--enable-gvnic] [--enable-identity-service] [--enable-image-streaming] - [--enable-insecure-kubelet-readonly-port] [--enable-intra-node-visibility] [--enable-ip-alias] [--enable-kubernetes-alpha] [--enable-kubernetes-unstable-apis=API,[API,...]] [--enable-l4-ilb-subsetting] [--enable-legacy-authorization] [--enable-managed-prometheus] [--enable-master-global-access] - [--enable-network-policy] [--enable-service-externalips] - [--enable-shielded-nodes] [--enable-stackdriver-kubernetes] - [--enable-vertical-pod-autoscaling] [--gateway-api=GATEWAY_API] - [--image-type=IMAGE_TYPE] [--ipv6-access-type=IPV6_ACCESS_TYPE] - [--issue-client-certificate] [--labels=[KEY=VALUE,...]] - [--logging=[COMPONENT,...]] [--logging-variant=LOGGING_VARIANT] + [--enable-multi-networking] [--enable-network-policy] + [--enable-service-externalips] [--enable-shielded-nodes] + [--enable-stackdriver-kubernetes] [--enable-vertical-pod-autoscaling] + [--gateway-api=GATEWAY_API] [--image-type=IMAGE_TYPE] + [--ipv6-access-type=IPV6_ACCESS_TYPE] [--issue-client-certificate] + [--labels=[KEY=VALUE,...]] [--logging=[COMPONENT,...]] + [--logging-variant=LOGGING_VARIANT] [--machine-type=MACHINE_TYPE, -m MACHINE_TYPE] [--max-nodes-per-pool=MAX_NODES_PER_POOL] [--max-pods-per-node=MAX_PODS_PER_NODE] @@ -47,13 +47,14 @@ SYNOPSIS [--metadata=KEY=VALUE,[KEY=VALUE,...]] [--metadata-from-file=KEY=LOCAL_FILE_PATH,[...]] [--min-cpu-platform=PLATFORM] [--monitoring=[COMPONENT,...]] - [--network=NETWORK] [--node-labels=[NODE_LABEL,...]] - [--node-locations=ZONE,[ZONE,...]] [--node-taints=[NODE_TAINT,...]] - [--node-version=NODE_VERSION] + [--network=NETWORK] + [--network-performance-configs=[PROPERTY1=VALUE1,...]] + [--node-labels=[NODE_LABEL,...]] [--node-locations=ZONE,[ZONE,...]] + [--node-taints=[NODE_TAINT,...]] [--node-version=NODE_VERSION] [--notification-config=[pubsub=ENABLED|DISABLED, pubsub-topic=TOPIC,...]] [--num-nodes=NUM_NODES; default=3] - [--placement-type=PLACEMENT_TYPE] [--preemptible] - [--private-endpoint-subnetwork=NAME] + [--placement-policy=PLACEMENT_POLICY] [--placement-type=PLACEMENT_TYPE] + [--preemptible] [--private-endpoint-subnetwork=NAME] [--private-ipv6-google-access-type=PRIVATE_IPV6_GOOGLE_ACCESS_TYPE] [--release-channel=CHANNEL] [--security-group=SECURITY_GROUP] [--security-posture=SECURITY_POSTURE] [--services-ipv4-cidr=CIDR] @@ -480,12 +481,6 @@ FLAGS --enable-image-streaming Specifies whether to enable image streaming on cluster. - --enable-insecure-kubelet-readonly-port - Enables the Kubelet's insecure Read Only Port. - - To disable in an existing cluster, explicitly set flag to - --no-enable-insecure-kubelet-readonly-port. - --enable-intra-node-visibility Enable Intra-node visibility for this cluster. @@ -539,6 +534,10 @@ FLAGS Must be used in conjunction with '--enable-ip-alias' and '--enable-private-nodes'. + --enable-multi-networking + Enables multi-networking on the cluster. Multi-networking is disabled + by default. + --enable-network-policy Enable network policy enforcement for this cluster. If you are enabling network policy on an existing cluster the network policy addon must @@ -773,6 +772,20 @@ FLAGS Kubernetes Engine will use this network when creating routes and firewalls for the clusters. Defaults to the 'default' network. + --network-performance-configs=[PROPERTY1=VALUE1,...] + Configures network performance settings for the cluster. Node pools can + override with their own settings. + + total-egress-bandwidth-tier + Total egress bandwidth is the available outbound bandwidth from a + VM, regardless of whether the traffic is going to internal IP or + external IP destinations. The following tier values are allowed: + [DEFAULT,TIER_1]. + + See + https://cloud.google.com/compute/docs/networking/configure-vm-with-high-bandwidth-configuration + for more information. + --node-labels=[NODE_LABEL,...] Applies the given Kubernetes labels on all nodes in the new node pool. @@ -858,6 +871,12 @@ FLAGS --num-nodes=NUM_NODES; default=3 The number of nodes to be created in each of the cluster's zones. + --placement-policy=PLACEMENT_POLICY + Indicates the desired resource policy to use. + + $ gcloud container clusters create node-pool-1 \ + --cluster=example-cluster --placement-policy my-placement + --placement-type=PLACEMENT_TYPE Placement type allows to define the type of node placement within the default node pool of this cluster. @@ -946,7 +965,6 @@ FLAGS Clusters subscribed to 'regular' receive versions that are considered GA quality. 'regular' is intended for production users who want to take advantage of new features. - stable Clusters subscribed to 'stable' receive versions that are known to be stable and reliable in production. @@ -1046,8 +1064,6 @@ FLAGS podPidsLimit integer (The value must be greater than or equal to 1024 and less than 4194304.) - insecureKubeletReadonlyPortEnabled true or false (enabled by - default) List of supported sysctls in 'linuxConfig'. diff --git a/gcloud/container/clusters/create-auto b/gcloud/container/clusters/create-auto index e1dff2e48..7de966b24 100644 --- a/gcloud/container/clusters/create-auto +++ b/gcloud/container/clusters/create-auto @@ -14,7 +14,6 @@ SYNOPSIS [--database-encryption-key=DATABASE_ENCRYPTION_KEY] [--dataplane-v2-observability-mode=DATAPLANE_V2_OBSERVABILITY_MODE] [--enable-google-cloud-access] - [--enable-insecure-kubelet-readonly-port] [--enable-kubernetes-unstable-apis=API,[API,...]] [--enable-master-global-access] [--logging=[COMPONENT,...]] [--monitoring=[COMPONENT,...]] [--network=NETWORK] @@ -196,12 +195,6 @@ FLAGS Google Cloud can reach the public control plane endpoint of your cluster. - --enable-insecure-kubelet-readonly-port - Enables the Kubelet's insecure Read Only Port. - - To disable in an existing cluster, explicitly set flag to - --no-enable-insecure-kubelet-readonly-port. - --enable-kubernetes-unstable-apis=API,[API,...] Enable Kubernetes beta API features on this cluster. Beta APIs are not expected to be production ready and should be avoided in @@ -268,9 +261,6 @@ FLAGS CHANNEL must be one of: - None - Use 'None' to opt-out of any release channel. - rapid 'rapid' channel is offered on an early access basis for customers who want to test new releases. @@ -283,7 +273,6 @@ FLAGS Clusters subscribed to 'regular' receive versions that are considered GA quality. 'regular' is intended for production users who want to take advantage of new features. - stable Clusters subscribed to 'stable' receive versions that are known to be stable and reliable in production. diff --git a/gcloud/container/clusters/update b/gcloud/container/clusters/update index 48fbabac8..5799fd627 100644 --- a/gcloud/container/clusters/update +++ b/gcloud/container/clusters/update @@ -13,7 +13,6 @@ SYNOPSIS | --disable-workload-identity | --enable-autoscaling | --enable-cost-allocation | --enable-google-cloud-access | --enable-identity-service | --enable-image-streaming - | --enable-insecure-kubelet-readonly-port | --enable-intra-node-visibility | --enable-kubernetes-unstable-apis=API,[API,...] | --enable-l4-ilb-subsetting | --enable-legacy-authorization @@ -23,6 +22,7 @@ SYNOPSIS | --enable-stackdriver-kubernetes | --enable-vertical-pod-autoscaling | --gateway-api=GATEWAY_API | --generate-password | --logging-variant=LOGGING_VARIANT | --maintenance-window=START_TIME + | --network-performance-configs=[PROPERTY1=VALUE1,...] | --node-locations=ZONE,[ZONE,...] | --notification-config=[pubsub=ENABLED|DISABLED, pubsub-topic=TOPIC,...] @@ -254,12 +254,6 @@ REQUIRED FLAGS --enable-image-streaming Specifies whether to enable image streaming on cluster. - --enable-insecure-kubelet-readonly-port - Enables the Kubelet's insecure Read Only Port. - - To disable in an existing cluster, explicitly set flag to - --no-enable-insecure-kubelet-readonly-port. - --enable-intra-node-visibility Enable Intra-node visibility for this cluster. @@ -388,6 +382,20 @@ REQUIRED FLAGS To remove an existing maintenance window from the cluster, use '--clear-maintenance-window'. + --network-performance-configs=[PROPERTY1=VALUE1,...] + Configures network performance settings for the cluster. Node pools + can override with their own settings. + + total-egress-bandwidth-tier + Total egress bandwidth is the available outbound bandwidth from a + VM, regardless of whether the traffic is going to internal IP or + external IP destinations. The following tier values are allowed: + [DEFAULT,TIER_1]. + + See + https://cloud.google.com/compute/docs/networking/configure-vm-with-high-bandwidth-configuration + for more information. + --node-locations=ZONE,[ZONE,...] The set of zones in which the specified node footprint should be replicated. All zones must be in the same region as the cluster's @@ -485,7 +493,6 @@ REQUIRED FLAGS Clusters subscribed to 'regular' receive versions that are considered GA quality. 'regular' is intended for production users who want to take advantage of new features. - stable Clusters subscribed to 'stable' receive versions that are known to be stable and reliable in production. diff --git a/gcloud/container/fleet/help b/gcloud/container/fleet/help index b4679c423..c582defd1 100644 --- a/gcloud/container/fleet/help +++ b/gcloud/container/fleet/help @@ -3,7 +3,7 @@ NAME Kubernetes clusters with fleet SYNOPSIS - gcloud container fleet GROUP [GCLOUD_WIDE_FLAG ...] + gcloud container fleet GROUP | COMMAND [GCLOUD_WIDE_FLAG ...] DESCRIPTION The command group to register GKE or other Kubernetes clusters running in a diff --git a/gcloud/container/hub/help b/gcloud/container/hub/help index 5ace079a8..a2e71fe88 100644 --- a/gcloud/container/hub/help +++ b/gcloud/container/hub/help @@ -3,7 +3,7 @@ NAME Kubernetes clusters with fleet SYNOPSIS - gcloud container hub GROUP [GCLOUD_WIDE_FLAG ...] + gcloud container hub GROUP | COMMAND [GCLOUD_WIDE_FLAG ...] DESCRIPTION The command group to register GKE or other Kubernetes clusters running in a diff --git a/gcloud/container/node-pools/create b/gcloud/container/node-pools/create index 18ab88591..5b2c33a2f 100644 --- a/gcloud/container/node-pools/create +++ b/gcloud/container/node-pools/create @@ -9,7 +9,12 @@ SYNOPSIS gpu-partition-size=GPU_PARTITION_SIZE, gpu-sharing-strategy=GPU_SHARING_STRATEGY, max-shared-clients-per-gpu=MAX_SHARED_CLIENTS_PER_GPU],...]] - [--async] [--boot-disk-kms-key=BOOT_DISK_KMS_KEY] [--cluster=CLUSTER] + [--additional-node-network=[network=NETWORK_NAME, + subnetwork=SUBNETWORK_NAME,...]] + [--additional-pod-network=[subnetwork=SUBNETWORK_NAME, + pod-ipv4-range=SECONDARY_RANGE_NAME, + [max-pods-per-node=NUM_PODS],...]] [--async] + [--boot-disk-kms-key=BOOT_DISK_KMS_KEY] [--cluster=CLUSTER] [--disk-size=DISK_SIZE] [--disk-type=DISK_TYPE] [--enable-autoprovisioning] [--enable-autorepair] [--no-enable-autoupgrade] [--enable-blue-green-upgrade] @@ -29,7 +34,8 @@ SYNOPSIS [--node-locations=ZONE,[ZONE,...]] [--node-pool-soak-duration=NODE_POOL_SOAK_DURATION] [--node-taints=[NODE_TAINT,...]] [--node-version=NODE_VERSION] - [--num-nodes=NUM_NODES; default=3] [--placement-type=PLACEMENT_TYPE] + [--num-nodes=NUM_NODES; default=3] + [--placement-policy=PLACEMENT_POLICY] [--placement-type=PLACEMENT_TYPE] [--preemptible] [--sandbox=[type=TYPE]] [--shielded-integrity-monitoring] [--shielded-secure-boot] [--sole-tenant-node-affinity-file=SOLE_TENANT_NODE_AFFINITY_FILE] @@ -122,6 +128,40 @@ FLAGS (Optional) The max number of containers allowed to share each GPU on the node. This field is used together with gpu-sharing-strategy. + --additional-node-network=[network=NETWORK_NAME,subnetwork=SUBNETWORK_NAME,...] + Attach an additional network interface to each node in the pool. This + parameter can be specified up to 7 times. + + e.g. --additional-node-network network=dataplane,subnetwork=subnet-dp + + network + (Required) The network to attach the new interface to. + + subnetwork + (Required) The subnetwork to attach the new interface to. + + --additional-pod-network=[subnetwork=SUBNETWORK_NAME,pod-ipv4-range=SECONDARY_RANGE_NAME,[max-pods-per-node=NUM_PODS],...] + Specify the details of a secondary range to be used for an additional + pod network. Not needed if you use "host" typed NIC from this network. + This parameter can be specified up to 35 times. + + e.g. --additional-pod-network + subnetwork=subnet-dp,pod-ipv4-range=sec-range-blue,max-pods-per-node=8. + + subnetwork + (Optional) The name of the subnetwork to link the pod network to. + If not specified, the pod network defaults to the subnet connected + to the default network interface. + + pod-ipv4-range + (Required) The name of the secondary range in the subnetwork. The + range must hold at least (2 * MAX_PODS_PER_NODE * + MAX_NODES_IN_RANGE) IPs. + + max-pods-per-node + (Optional) Maximum amount of pods per node that can utilize this + ipv4-range. Defaults to NodePool (if specified) or Cluster value. + --async Return immediately, without waiting for the operation in progress to complete. @@ -437,6 +477,12 @@ FLAGS --num-nodes=NUM_NODES; default=3 The number of nodes in the node pool in each of the cluster's zones. + --placement-policy=PLACEMENT_POLICY + Indicates the desired resource policy to use. + + $ gcloud container node-pools create node-pool-1 \ + --cluster=example-cluster --placement-policy my-placement + --placement-type=PLACEMENT_TYPE Placement type allows to define the type of node placement within this node pool. @@ -550,8 +596,6 @@ FLAGS podPidsLimit integer (The value must be greater than or equal to 1024 and less than 4194304.) - insecureKubeletReadonlyPortEnabled true or false (enabled by - default) List of supported sysctls in 'linuxConfig'. diff --git a/gcloud/container/node-pools/update b/gcloud/container/node-pools/update index ffcf378df..91eeb8360 100644 --- a/gcloud/container/node-pools/update +++ b/gcloud/container/node-pools/update @@ -168,8 +168,6 @@ REQUIRED FLAGS podPidsLimit integer (The value must be greater than or equal to 1024 and less than 4194304.) - insecureKubeletReadonlyPortEnabled true or false (enabled by - default) List of supported sysctls in 'linuxConfig'. diff --git a/gcloud/functions/add-invoker-policy-binding b/gcloud/functions/add-invoker-policy-binding index b76acbb93..41c91836e 100644 --- a/gcloud/functions/add-invoker-policy-binding +++ b/gcloud/functions/add-invoker-policy-binding @@ -7,7 +7,13 @@ SYNOPSIS --member=PRINCIPAL [GCLOUD_WIDE_FLAG ...] DESCRIPTION - This command applies to Cloud Functions 2nd gen only. + Adds the Cloud Run Invoker binding to the IAM policy of a Google Cloud + Function's underlying Cloud Run service. + + This command applies to Cloud Functions (2nd gen) only. Cloud Functions + (2nd gen) currently requires the Cloud Run Invoke permission on the + underlying Cloud Run service to be able to call functions. This command + grants the given member permission to invoke the given 2nd gen function. EXAMPLES To add the invoker role policy binding for FUNCTION-1 for member MEMBER-1 diff --git a/gcloud/functions/deploy b/gcloud/functions/deploy index 783cb78d8..c4adf6ab7 100644 --- a/gcloud/functions/deploy +++ b/gcloud/functions/deploy @@ -42,7 +42,7 @@ SYNOPSIS | --trigger-topic=TRIGGER_TOPIC | --trigger-event=EVENT_TYPE --trigger-resource=RESOURCE | --trigger-event-filters=[ATTRIBUTE=VALUE,...] - --trigger-event-filters-path-pattern=[ATTRIBUTE=VALUE,...]] + --trigger-event-filters-path-pattern=[ATTRIBUTE=PATH_PATTERN,...]] [GCLOUD_WIDE_FLAG ...] DESCRIPTION @@ -554,15 +554,20 @@ FLAGS ▫ provide the argument --vpc-connector on the command line. If you don't specify a trigger when deploying an update to an existing - function it will keep its current trigger. You must specify - --trigger-topic, --trigger-bucket, --trigger-http, --trigger-event-filters - or (--trigger-event AND --trigger-resource) when deploying a new function. + function it will keep its current trigger. You must specify one of the + following when deploying a new function: + ◆ --trigger-topic, + ◆ --trigger-bucket, + ◆ --trigger-http, + ◆ --trigger-event AND --trigger-resource, + ◆ --trigger-event-filters and optionally + --trigger-event-filters-path-pattern. At most one of these can be specified: --trigger-bucket=TRIGGER_BUCKET - Google Cloud Storage bucket name. Every change in files in this - bucket will trigger function execution. + Google Cloud Storage bucket name. Trigger the function when an object + is created or overwritten in the specified Cloud Storage bucket. --trigger-http Function will be assigned an endpoint, which you can view by using @@ -592,9 +597,11 @@ FLAGS --trigger-event-filters=[ATTRIBUTE=VALUE,...] The Eventarc matching criteria for the trigger. The criteria can be specified either as a single comma-separated argument or as multiple - arguments. This is only relevant when --gen2 is provided. + arguments. The filters must include the type attribute, as well as + any other attributes that are expected for the chosen type. This is + only relevant when --gen2 is provided. - --trigger-event-filters-path-pattern=[ATTRIBUTE=VALUE,...] + --trigger-event-filters-path-pattern=[ATTRIBUTE=PATH_PATTERN,...] The Eventarc matching criteria for the trigger in path pattern format. The criteria can be specified as a single comma-separated argument or as multiple arguments. This is only relevant when --gen2 diff --git a/gcloud/functions/remove-invoker-policy-binding b/gcloud/functions/remove-invoker-policy-binding index 666fbb8ec..3e4b5e7dc 100644 --- a/gcloud/functions/remove-invoker-policy-binding +++ b/gcloud/functions/remove-invoker-policy-binding @@ -7,7 +7,13 @@ SYNOPSIS --member=PRINCIPAL [GCLOUD_WIDE_FLAG ...] DESCRIPTION - This command applies to Cloud Functions 2nd gen only. + Removes the Cloud Run Invoker binding from the IAM policy of a Google Cloud + Function's underlying Cloud Run service. + + This command applies to Cloud Functions (2nd gen) only. Cloud Functions + (2nd gen) currently requires the Cloud Run Invoke permission on the + underlying Cloud Run service to be able to call functions. This command + removes the given member permission to invoke the given 2nd gen function. EXAMPLES To remove the invoker role policy binding for FUNCTION-1 for member diff --git a/gcloud/healthcare/dicom-stores/create b/gcloud/healthcare/dicom-stores/create index 7e3b4041b..787999348 100644 --- a/gcloud/healthcare/dicom-stores/create +++ b/gcloud/healthcare/dicom-stores/create @@ -5,7 +5,8 @@ NAME SYNOPSIS gcloud healthcare dicom-stores create (DICOM_STORE : --dataset=DATASET --location=LOCATION) - [--pubsub-topic=PUBSUB_TOPIC] [GCLOUD_WIDE_FLAG ...] + [--pubsub-topic=PUBSUB_TOPIC] [--send-for-bulk-import] + [--stream-configs=STREAM_CONFIGS] [GCLOUD_WIDE_FLAG ...] DESCRIPTION Create a Cloud Healthcare API DICOM store. @@ -72,6 +73,17 @@ FLAGS For instructions on creating topics, refer to: https://cloud.google.com/pubsub/docs/admin#create_a_topic + --send-for-bulk-import + Indicates whether or not to send Cloud Pub/Sub notifications on bulk + import. Only supported for DICOM imports. + + --stream-configs=STREAM_CONFIGS + Configuration that indicates the BigQuery destinations for streaming + instances of a DICOM store. To specify StreamConfigs, list all BigQuery + destinations into one string separated by comma. (e.g., + --stream-configs + bq://{bigqueryProjectId1}.{bigqueryDatasetId1}.{bigqueryTableId1},bq://{bigqueryProjectId2}.{bigqueryDatasetId2}.{bigqueryTableId2}). + GCLOUD WIDE FLAGS These flags are available to all commands: --access-token-file, --account, --billing-project, --configuration, --flags-file, --flatten, --format, diff --git a/gcloud/healthcare/dicom-stores/update b/gcloud/healthcare/dicom-stores/update index 6fdd5d061..0f6ea92f7 100644 --- a/gcloud/healthcare/dicom-stores/update +++ b/gcloud/healthcare/dicom-stores/update @@ -5,7 +5,8 @@ NAME SYNOPSIS gcloud healthcare dicom-stores update (DICOM_STORE : --dataset=DATASET --location=LOCATION) - [--pubsub-topic=PUBSUB_TOPIC] [GCLOUD_WIDE_FLAG ...] + [--pubsub-topic=PUBSUB_TOPIC] [--send-for-bulk-import] + [--stream-configs=STREAM_CONFIGS] [GCLOUD_WIDE_FLAG ...] DESCRIPTION Update a Cloud Healthcare API DICOM store. @@ -66,6 +67,17 @@ FLAGS For instructions on creating topics, refer to: https://cloud.google.com/pubsub/docs/admin#create_a_topic + --send-for-bulk-import + Indicates whether or not to send Cloud Pub/Sub notifications on bulk + import. Only supported for DICOM imports. + + --stream-configs=STREAM_CONFIGS + Configuration that indicates the BigQuery destinations for streaming + instances of a DICOM store. To specify StreamConfigs, list all BigQuery + destinations into one string separated by comma. (e.g., + --stream-configs + bq://{bigqueryProjectId1}.{bigqueryDatasetId1}.{bigqueryTableId1},bq://{bigqueryProjectId2}.{bigqueryDatasetId2}.{bigqueryTableId2}). + GCLOUD WIDE FLAGS These flags are available to all commands: --access-token-file, --account, --billing-project, --configuration, --flags-file, --flatten, --format, diff --git a/gcloud/kms/keys/create b/gcloud/kms/keys/create index 08a80f133..871d58bff 100644 --- a/gcloud/kms/keys/create +++ b/gcloud/kms/keys/create @@ -68,13 +68,13 @@ EXAMPLES --keyring=rangers --purpose=encryption --rotation-period=30d \ --next-rotation-time=2017-10-12T12:34:56.1234Z - The following command creates a key named foo with protection level - software within the keyring fellowship and location us-east1 with two - specified labels: + The following command creates a raw encryption key named foo with + protection level software within the keyring fellowship and location + us-east1 with two specified labels: $ gcloud kms keys create foo --location=us-east1 \ - --keyring=fellowship --purpose=encryption \ - --labels=env=prod,team=kms + --keyring=fellowship --purpose=raw-encryption \ + --default-algorithm=aes-128-cbc --labels=env=prod,team=kms The following command creates an asymmetric key named samwise with protection level software and default algorithm ec-sign-p256-sha256 within @@ -153,7 +153,8 @@ POSITIONAL ARGUMENTS REQUIRED FLAGS --purpose=PURPOSE The "purpose" of the key. PURPOSE must be one of: - asymmetric-encryption, asymmetric-signing, encryption, mac. + asymmetric-encryption, asymmetric-signing, encryption, mac, + raw-encryption. OPTIONAL FLAGS --crypto-key-backend=CRYPTO_KEY_BACKEND @@ -166,7 +167,8 @@ OPTIONAL FLAGS The default algorithm for the crypto key. For more information about choosing an algorithm, see https://cloud.google.com/kms/docs/algorithms. DEFAULT_ALGORITHM must be - one of: ec-sign-p256-sha256, ec-sign-p384-sha384, + one of: aes-128-cbc, aes-128-ctr, aes-128-gcm, aes-256-cbc, + aes-256-ctr, aes-256-gcm, ec-sign-p256-sha256, ec-sign-p384-sha384, ec-sign-secp256k1-sha256, external-symmetric-encryption, google-symmetric-encryption, hmac-sha1, hmac-sha224, hmac-sha256, hmac-sha384, hmac-sha512, rsa-decrypt-oaep-2048-sha1, diff --git a/gcloud/kms/keys/update b/gcloud/kms/keys/update index 82693fb03..b91c89e62 100644 --- a/gcloud/kms/keys/update +++ b/gcloud/kms/keys/update @@ -116,7 +116,8 @@ FLAGS The default algorithm for the crypto key. For more information about choosing an algorithm, see https://cloud.google.com/kms/docs/algorithms. DEFAULT_ALGORITHM must be - one of: ec-sign-p256-sha256, ec-sign-p384-sha384, + one of: aes-128-cbc, aes-128-ctr, aes-128-gcm, aes-256-cbc, + aes-256-ctr, aes-256-gcm, ec-sign-p256-sha256, ec-sign-p384-sha384, ec-sign-secp256k1-sha256, external-symmetric-encryption, google-symmetric-encryption, hmac-sha1, hmac-sha224, hmac-sha256, hmac-sha384, hmac-sha512, rsa-decrypt-oaep-2048-sha1, diff --git a/gcloud/kms/keys/versions/create b/gcloud/kms/keys/versions/create index 25f52dfb2..a32cb9bc1 100644 --- a/gcloud/kms/keys/versions/create +++ b/gcloud/kms/keys/versions/create @@ -54,7 +54,8 @@ FLAGS Location of the keyring. --primary - If specified, immediately make the new version primary. + If specified, immediately makes the new version primary. This should + only be used with the encryption purpose. GCLOUD WIDE FLAGS These flags are available to all commands: --access-token-file, --account, diff --git a/gcloud/kms/keys/versions/import b/gcloud/kms/keys/versions/import index d27cb8307..e818d5702 100644 --- a/gcloud/kms/keys/versions/import +++ b/gcloud/kms/keys/versions/import @@ -31,18 +31,19 @@ REQUIRED FLAGS The algorithm to assign to the new key version. For more information about supported algorithms, see https://cloud.google.com/kms/docs/algorithms. ALGORITHM must be one of: - ec-sign-p256-sha256, ec-sign-p384-sha384, ec-sign-secp256k1-sha256, - google-symmetric-encryption, hmac-sha1, hmac-sha224, hmac-sha256, - hmac-sha384, hmac-sha512, rsa-decrypt-oaep-2048-sha1, - rsa-decrypt-oaep-2048-sha256, rsa-decrypt-oaep-3072-sha1, - rsa-decrypt-oaep-3072-sha256, rsa-decrypt-oaep-4096-sha1, - rsa-decrypt-oaep-4096-sha256, rsa-decrypt-oaep-4096-sha512, - rsa-sign-pkcs1-2048-sha256, rsa-sign-pkcs1-3072-sha256, - rsa-sign-pkcs1-4096-sha256, rsa-sign-pkcs1-4096-sha512, - rsa-sign-pss-2048-sha256, rsa-sign-pss-3072-sha256, - rsa-sign-pss-4096-sha256, rsa-sign-pss-4096-sha512, - rsa-sign-raw-pkcs1-2048, rsa-sign-raw-pkcs1-3072, - rsa-sign-raw-pkcs1-4096. + aes-128-cbc, aes-128-ctr, aes-128-gcm, aes-256-cbc, aes-256-ctr, + aes-256-gcm, ec-sign-p256-sha256, ec-sign-p384-sha384, + ec-sign-secp256k1-sha256, google-symmetric-encryption, hmac-sha1, + hmac-sha224, hmac-sha256, hmac-sha384, hmac-sha512, + rsa-decrypt-oaep-2048-sha1, rsa-decrypt-oaep-2048-sha256, + rsa-decrypt-oaep-3072-sha1, rsa-decrypt-oaep-3072-sha256, + rsa-decrypt-oaep-4096-sha1, rsa-decrypt-oaep-4096-sha256, + rsa-decrypt-oaep-4096-sha512, rsa-sign-pkcs1-2048-sha256, + rsa-sign-pkcs1-3072-sha256, rsa-sign-pkcs1-4096-sha256, + rsa-sign-pkcs1-4096-sha512, rsa-sign-pss-2048-sha256, + rsa-sign-pss-3072-sha256, rsa-sign-pss-4096-sha256, + rsa-sign-pss-4096-sha512, rsa-sign-raw-pkcs1-2048, + rsa-sign-raw-pkcs1-3072, rsa-sign-raw-pkcs1-4096. --import-job=IMPORT_JOB Name of the import job to import from. diff --git a/gcloud/storage/buckets/create b/gcloud/storage/buckets/create index b8ed61ed3..cc66db8dc 100644 --- a/gcloud/storage/buckets/create +++ b/gcloud/storage/buckets/create @@ -2,7 +2,8 @@ NAME gcloud storage buckets create - create buckets for storing objects SYNOPSIS - gcloud storage buckets create URL [--additional-headers=HEADER=VALUE] + gcloud storage buckets create URL [URL ...] + [--additional-headers=HEADER=VALUE] [--default-encryption-key=DEFAULT_ENCRYPTION_KEY, -k DEFAULT_ENCRYPTION_KEY] [--default-storage-class=DEFAULT_STORAGE_CLASS, @@ -15,12 +16,13 @@ SYNOPSIS [--[no-]uniform-bucket-level-access, -b] [GCLOUD_WIDE_FLAG ...] DESCRIPTION - Create a new bucket. + Create new buckets. EXAMPLES - The following command creates a Cloud Storage bucket named my-bucket: + The following command creates 2 Cloud Storage buckets, one named my-bucket + and a second bucket named my-other-bucket: - $ gcloud storage buckets create gs://my-bucket + $ gcloud storage buckets create gs://my-bucket gs://my-other-bucket The following command creates a bucket with the nearline default storage class (https://cloud.google.com/storage/docs/storage-classes) in the asia @@ -30,8 +32,8 @@ EXAMPLES --default-storage-class=nearline --location=asia POSITIONAL ARGUMENTS - URL - The URL of the bucket to create. + URL [URL ...] + The URLs of the buckets to create. FLAGS --additional-headers=HEADER=VALUE diff --git a/gcloud/transcoder/jobs/create b/gcloud/transcoder/jobs/create index 577d67b92..2c68f541e 100644 --- a/gcloud/transcoder/jobs/create +++ b/gcloud/transcoder/jobs/create @@ -4,7 +4,7 @@ NAME SYNOPSIS gcloud transcoder jobs create [--input-uri=INPUT_URI] [--labels=[KEY=VALUE,...]] [--location=LOCATION] [--mode=MODE] - [--output-uri=OUTPUT_URI] + [--optimization=OPTIMIZATION] [--output-uri=OUTPUT_URI] [--file=FILE | --json=JSON | --template-id=TEMPLATE_ID] [GCLOUD_WIDE_FLAG ...] @@ -40,9 +40,16 @@ EXAMPLES $ gcloud transcoder jobs create --location=us-central1 \ --file="config.json" --labels=key=value - To create a transcoder job in batch mode: $ gcloud transcoder jobs create --location=us-central1 \ + To create a transcoder job in batch mode: + + $ gcloud transcoder jobs create --location=us-central1 \ --file="config.json" --mode=PROCESSING_MODE_BATCH + To create a transcoder job with optimizations disabled: + + $ gcloud transcoder jobs create --location=us-central1 \ + --file="config.json" --optimization=DISABLED + FLAGS --input-uri=INPUT_URI Google Cloud Storage URI. This value will override input URI in job @@ -79,6 +86,11 @@ FLAGS config. MODE must be one of: PROCESSING_MODE_INTERACTIVE, PROCESSING_MODE_BATCH. + --optimization=OPTIMIZATION + Optimization strategy of transcode job. This value will override + optimization in job config. OPTIMIZATION must be one of: AUTODETECT, + DISABLED. + --output-uri=OUTPUT_URI Google Cloud Storage directory URI (followed by a trailing forward slash). This value will override output URI in job config.