EndpointPolicy is a resource that helps apply desired configuration on the endpoints that match specific criteria.
To get more information about EndpointPolicy, see:
resource "google_network_services_endpoint_policy" "default" {
provider = google-beta
name = "my-endpoint-policy"
labels = {
foo = "bar"
}
description = "my description"
type = "SIDECAR_PROXY"
traffic_port_selector {
ports = ["8081"]
}
endpoint_matcher {
metadata_label_matcher {
metadata_label_match_criteria = "MATCH_ANY"
metadata_labels {
label_name = "foo"
label_value = "bar"
}
}
}
}
resource "google_network_services_endpoint_policy" "default" {
provider = google-beta
name = "my-endpoint-policy"
labels = {
foo = "bar"
}
description = "my description"
type = "SIDECAR_PROXY"
traffic_port_selector {
ports = ["8081"]
}
endpoint_matcher {
metadata_label_matcher {
metadata_label_match_criteria = "MATCH_ANY"
}
}
}
The following arguments are supported:
type
-
(Required)
The type of endpoint policy. This is primarily used to validate the configuration.
Possible values are: SIDECAR_PROXY
, GRPC_SERVER
.
endpoint_matcher
-
(Required)
Required. A matcher that selects endpoints to which the policies should be applied.
Structure is documented below.
name
-
(Required)
Name of the EndpointPolicy resource.
The endpoint_matcher
block supports:
metadata_label_matcher
-
(Required)
The matcher is based on node metadata presented by xDS clients.
Structure is documented below.The metadata_label_matcher
block supports:
metadata_label_match_criteria
-
(Required)
Specifies how matching should be done.
Possible values are: MATCH_ANY
, MATCH_ALL
.
metadata_labels
-
(Optional)
The list of label value pairs that must match labels in the provided metadata based on filterMatchCriteria
Structure is documented below.
The metadata_labels
block supports:
label_name
-
(Required)
Required. Label name presented as key in xDS Node Metadata.
label_value
-
(Required)
Required. Label value presented as value corresponding to the above key, in xDS Node Metadata.
labels
-
(Optional)
Set of label tags associated with the TcpRoute resource.
Note: This field is non-authoritative, and will only manage the labels present in your configuration.
Please refer to the field effective_labels
for all of the labels present on the resource.
description
-
(Optional)
A free-text description of the resource. Max length 1024 characters.
authorization_policy
-
(Optional)
This field specifies the URL of AuthorizationPolicy resource that applies authorization policies to the inbound traffic at the matched endpoints.
server_tls_policy
-
(Optional)
A URL referring to ServerTlsPolicy resource. ServerTlsPolicy is used to determine the authentication policy to be applied to terminate the inbound traffic at the identified backends.
client_tls_policy
-
(Optional)
A URL referring to a ClientTlsPolicy resource. ClientTlsPolicy can be set to specify the authentication for traffic from the proxy to the actual endpoints.
traffic_port_selector
-
(Optional)
Port selector for the (matched) endpoints. If no port selector is provided, the matched config is applied to all ports.
Structure is documented below.
project
- (Optional) The ID of the project in which the resource belongs.
If it is not provided, the provider project is used.
The traffic_port_selector
block supports:
ports
-
(Required)
List of ports. Can be port numbers or port range (example, [80-90] specifies all ports from 80 to 90, including 80 and 90) or named ports or * to specify all ports. If the list is empty, all ports are selected.In addition to the arguments listed above, the following computed attributes are exported:
id
- an identifier for the resource with format projects/{{project}}/locations/global/endpointPolicies/{{name}}
create_time
-
Time the TcpRoute was created in UTC.
update_time
-
Time the TcpRoute was updated in UTC.
terraform_labels
-
The combination of labels configured directly on the resource
and default labels configured on the provider.
effective_labels
-
All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.
This resource provides the following Timeouts configuration options:
create
- Default is 30 minutes.update
- Default is 30 minutes.delete
- Default is 30 minutes.EndpointPolicy can be imported using any of these accepted formats:
projects/{{project}}/locations/global/endpointPolicies/{{name}}
{{project}}/{{name}}
{{name}}
In Terraform v1.5.0 and later, use an import
block to import EndpointPolicy using one of the formats above. For example:
import {
id = "projects/{{project}}/locations/global/endpointPolicies/{{name}}"
to = google_network_services_endpoint_policy.default
}
When using the terraform import
command, EndpointPolicy can be imported using one of the formats above. For example:
$ terraform import google_network_services_endpoint_policy.default projects/{{project}}/locations/global/endpointPolicies/{{name}}
$ terraform import google_network_services_endpoint_policy.default {{project}}/{{name}}
$ terraform import google_network_services_endpoint_policy.default {{name}}
This resource supports User Project Overrides.