POSITIONAL ARGUMENTS

BACKEND_SERVICE_NAME

Name of the backend service to create.

FLAGS

--affinity-cookie-ttl=AFFINITY_COOKIE_TTL

If session-affinity is set to "generated_cookie", this flag sets the TTL, in seconds, of the resulting cookie. A setting of 0 indicates that the cookie should be transient. See $ gcloud topic datetimes for information on duration formats.

--cache-key-include-host

Enable including host in cache key. If enabled, requests to different hosts will be cached separately. Can only be applied for global resources. Enabled by default, use --no-cache-key-include-host to disable.

--cache-key-include-protocol

Enable including protocol in cache key. If enabled, http and https requests will be cached separately. Can only be applied for global resources. Enabled by default, use --no-cache-key-include-protocol to disable.

--cache-key-include-query-string

Enable including query string in cache key. If enabled, the query string parameters will be included according to --cache-key-query-string-whitelist and --cache-key-query-string-blacklist. If neither is set, the entire query string will be included. If disabled, then the entire query string will be excluded. Can only be applied for global resources. Enabled by default, use --no-cache-key-include-query-string to disable.

--connection-drain-on-failover

Connection drain is enabled by default and on failover or failback connections will be drained. If connection drain is disabled, the existing connection state will be cleared immediately on a best effort basis on failover or failback, all connections will then be served by the active pool of instances. Not compatible with the --global flag, load balancing scheme must be INTERNAL, and the protocol must be TCP.

--connection-draining-timeout=CONNECTION_DRAINING_TIMEOUT

Connection draining timeout to be used during removal of VMs from instance groups. This guarantees that for the specified time all existing connections to a VM will remain untouched, but no new connections will be accepted. Set timeout to zero to disable connection draining. Enable feature by specifying a timeout of up to one hour. If the flag is omitted API default value (0s) will be used. See $ gcloud topic datetimes for information on duration formats.

--custom-request-header=CUSTOM_REQUEST_HEADER

Specifies a HTTP Header to be added by your load balancer. This flag can be repeated to specify multiple headers. For example:

$ gcloud alpha compute backend-services create NAME \
    --custom-request-header "header-name: value"             \
    --custom-request-header "another-header:"

--description=DESCRIPTION

An optional, textual description for the backend service.

--drop-traffic-if-unhealthy

Enable dropping of traffic if there are no healthy VMs detected in both the primary and backup instance groups. Not compatible with the --global flag and load balancing scheme must be INTERNAL.

--enable-cdn

Enable Cloud CDN for the backend service. Cloud CDN can cache HTTP responses from a backend service at the edge of the network, close to users. Cloud CDN is disabled by default.

--failover-ratio=FAILOVER_RATIO

If the ratio of the healthy VMs in the primary backend is at or below this number, traffic arriving at the load-balanced IP will be directed to the failover backend(s). Not compatible with the --global flag.

--health-checks=HEALTH_CHECK,[...]

Specifies a list of health check objects for checking the health of the backend service. Currently at most one health check can be specified. Health checks need not be for the same protocol as that of the backend service.

--http-health-checks=HTTP_HEALTH_CHECK,[...]

Specifies a list of legacy HTTP health check objects for checking the health of the backend service.
Legacy health checks are not recommended for backend services. It is possible to use a legacy health check on a backend service for a HTTP(S) load balancer if that backend service uses instance groups. For more information, see this guide: cloud.google.com/load-balancing/docs/health-check-concepts#lb_guide

--https-health-checks=HTTPS_HEALTH_CHECK,[...]

Specifies a list of legacy HTTPS health check objects for checking the health of the backend service.
Legacy health checks are not recommended for backend services. It is possible to use a legacy health check on a backend service for a HTTP(S) load balancer if that backend service uses instance groups. For more information, see this guide: cloud.google.com/load-balancing/docs/health-check-concepts#lb_guide

--iap=disabled|enabled,[oauth2-client-id=OAUTH2-CLIENT-ID,oauth2-client-secret=OAUTH2-CLIENT-SECRET]

Configure Identity Aware Proxy (IAP) service. You can configure IAP to be 'enabled' or 'disabled' (default). If it is enabled you can provide values for 'oauth2-client-id' and 'oauth2-client-secret'. For example, '--iap=enabled,oauth2-client-id=foo,oauth2-client-secret=bar' will turn IAP on, and '--iap=disabled' will turn it off. See cloud.google.com/iap for more information about this feature.

--load-balancing-scheme=LOAD_BALANCING_SCHEME; default="EXTERNAL"

Specifies if this is internal or external load balancer. LOAD_BALANCING_SCHEME must be one of: INTERNAL, EXTERNAL, INTERNAL_MANAGED, INTERNAL_SELF_MANAGED.

--port-name=PORT_NAME

The name of a service that has been added to an instance group in this backend. Instance group services map a name to a port number which is used by the load balancing service. Only one port-name may be added to a backend service, and that name must exist as a service on all instance groups that are a part of this backend service. The port number associated with the name may differ between instances. If you do not specify this flag, your instance groups must have a service named http configured. See also gcloud compute instance-groups set-named-ports --help. The port-name parameter cannot be set if the load-balancing-scheme is INTERNAL.

--protocol=PROTOCOL

Protocol for incoming requests.
If the load-balancing-scheme is INTERNAL, the protocol must be one of: TCP, UDP.
If the load-balancing-scheme is EXTERNAL, the protocol must be one of: HTTP, HTTPS, HTTP2, SSL, TCP.

--session-affinity=SESSION_AFFINITY

The type of TCP session affinity to use. Not supported for UDP. SESSION_AFFINITY must be one of:

CLIENT_IP

Route requests to instances based on the hash of the client's IP address.

CLIENT_IP_PORT_PROTO

(Applicable if load-balancing scheme is internal) Connections from the same client IP with the same IP protocol and port will go to the same VM in the backend while that VM remains healthy.

CLIENT_IP_PROTO

(Applicable if load-balancing scheme is internal) Connections from the same client IP with the same IP protocol will go to the same VM in the pool while that VM remains healthy.

GENERATED_COOKIE

(Applicable if load-balancing scheme is external) Route requests to instances based on the contents of the "GCLB" cookie set by the load balancer.

NONE

Session affinity is disabled.

--signed-url-cache-max-age=SIGNED_URL_CACHE_MAX_AGE

The amount of time up to which the response to a signed URL request will be cached in the CDN. After this time period, the Signed URL will be revalidated before being served. Cloud CDN will internally act as though all responses from this backend had a Cache-Control: public, max-age=[TTL] header, regardless of any existing Cache-Control header. The actual headers served in responses will not be altered. If unspecified, the default value is 3600s.
For example, specifying 12h will cause the responses to signed URL requests to be cached in the CDN up to 12 hours. See $ gcloud topic datetimes for information on duration formats.
This flag only affects signed URL requests.

--timeout=TIMEOUT; default="30s"

Only applicable to HTTP(S), SSL Proxy, and TCP Proxy load balancers: The amount of time to wait for a backend to return a full response for the request and for the load balancer to proxy the response to the client before considering the request failed.
For example, specifying 10s gives instances 10 seconds to respond to requests. The load balancer will retry GET requests once if the backend closes the connection or times out before sending response headers to the proxy. If the backend produces any response headers, the load balancer does not retry. If the backend does not reply at all, the load balancer returns a 502 Bad Gateway error to the client. See $ gcloud topic datetimes for information on duration formats.
This parameter has no effect if the load-balancing-scheme is INTERNAL.

At most one of these may be specified:

--cache-key-query-string-blacklist=[QUERY_STRING,...]

Specifies a comma separated list of query string parameters to exclude in cache keys. All other parameters will be included. Either specify --cache-key-query-string-whitelist or --cache-key-query-string-blacklist, not both. '&' and '=' will be percent encoded and not treated as delimiters. Can only be applied for global resources.

--cache-key-query-string-whitelist=QUERY_STRING,[...]

Specifies a comma separated list of query string parameters to include in cache keys. All other parameters will be excluded. Either specify --cache-key-query-string-whitelist or --cache-key-query-string-blacklist, not both. '&' and '=' will be percent encoded and not treated as delimiters. Can only be applied for global resources.

At most one of these may be specified:

--global

If set, the backend service is global.

--region=REGION

Region of the backend service to create. Overrides the default compute/region property value for this command invocation.

At most one of these may be specified:

--global-health-checks

If set, the health checks are global.

--health-checks-region=HEALTH_CHECKS_REGION

Region of the health checks to operate on. If not specified, you may be prompted to select a region.
To avoid prompting when this flag is omitted, you can set the compute/region property:

$ gcloud config set compute/region REGION

A list of regions can be fetched by running:

$ gcloud compute regions list

To unset the property, run:

$ gcloud config unset compute/region

Alternatively, the region can be stored in the environment variable CLOUDSDK_COMPUTE_REGION.

GCLOUD WIDE FLAGS

NOTES

$ gcloud compute backend-services create $ gcloud beta compute backend-services create