Edge
EdgeCacheService defines the IP addresses, protocols, security policies, cache policies and routing configuration.
Warning: These resources require allow-listing to use, and are not openly available to all Cloud customers. Engage with your Cloud account team to discuss how to onboard.
Example Usage
Network Services Edge Cache Service Basic
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.storage.Bucket;
import com.pulumi.gcp.storage.BucketArgs;
import com.pulumi.gcp.networkservices.EdgeCacheOrigin;
import com.pulumi.gcp.networkservices.EdgeCacheOriginArgs;
import com.pulumi.gcp.networkservices.inputs.EdgeCacheOriginTimeoutArgs;
import com.pulumi.gcp.networkservices.EdgeCacheService;
import com.pulumi.gcp.networkservices.EdgeCacheServiceArgs;
import com.pulumi.gcp.networkservices.inputs.EdgeCacheServiceRoutingArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var dest = new Bucket("dest", BucketArgs.builder()
.location("US")
.forceDestroy(true)
.build());
var instanceEdgeCacheOrigin = new EdgeCacheOrigin("instanceEdgeCacheOrigin", EdgeCacheOriginArgs.builder()
.originAddress(dest.url())
.description("The default bucket for media edge test")
.maxAttempts(2)
.timeout(EdgeCacheOriginTimeoutArgs.builder()
.connectTimeout("10s")
.build())
.build());
var instanceEdgeCacheService = new EdgeCacheService("instanceEdgeCacheService", EdgeCacheServiceArgs.builder()
.description("some description")
.routing(EdgeCacheServiceRoutingArgs.builder()
.hostRules(EdgeCacheServiceRoutingHostRuleArgs.builder()
.description("host rule description")
.hosts("sslcert.tf-test.club")
.pathMatcher("routes")
.build())
.pathMatchers(EdgeCacheServiceRoutingPathMatcherArgs.builder()
.name("routes")
.routeRules(EdgeCacheServiceRoutingPathMatcherRouteRuleArgs.builder()
.description("a route rule to match against")
.priority(1)
.matchRules(EdgeCacheServiceRoutingPathMatcherRouteRuleMatchRuleArgs.builder()
.prefixMatch("/")
.build())
.origin(instanceEdgeCacheOrigin.name())
.routeAction(EdgeCacheServiceRoutingPathMatcherRouteRuleRouteActionArgs.builder()
.cdnPolicy(EdgeCacheServiceRoutingPathMatcherRouteRuleRouteActionCdnPolicyArgs.builder()
.cacheMode("CACHE_ALL_STATIC")
.defaultTtl("3600s")
.build())
.build())
.headerAction(EdgeCacheServiceRoutingPathMatcherRouteRuleHeaderActionArgs.builder()
.responseHeaderToAdds(EdgeCacheServiceRoutingPathMatcherRouteRuleHeaderActionResponseHeaderToAddArgs.builder()
.headerName("x-cache-status")
.headerValue("{cdn_cache_status}")
.build())
.build())
.build())
.build())
.build())
.build());
}
}Content copied to clipboard
Network Services Edge Cache Service Advanced
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.storage.Bucket;
import com.pulumi.gcp.storage.BucketArgs;
import com.pulumi.gcp.networkservices.EdgeCacheOrigin;
import com.pulumi.gcp.networkservices.EdgeCacheOriginArgs;
import com.pulumi.gcp.networkservices.inputs.EdgeCacheOriginTimeoutArgs;
import com.pulumi.gcp.networkservices.EdgeCacheService;
import com.pulumi.gcp.networkservices.EdgeCacheServiceArgs;
import com.pulumi.gcp.networkservices.inputs.EdgeCacheServiceRoutingArgs;
import com.pulumi.gcp.networkservices.inputs.EdgeCacheServiceLogConfigArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var dest = new Bucket("dest", BucketArgs.builder()
.location("US")
.forceDestroy(true)
.build());
var google = new EdgeCacheOrigin("google", EdgeCacheOriginArgs.builder()
.originAddress("google.com")
.description("The default bucket for media edge test")
.maxAttempts(2)
.timeout(EdgeCacheOriginTimeoutArgs.builder()
.connectTimeout("10s")
.build())
.build());
var instanceEdgeCacheOrigin = new EdgeCacheOrigin("instanceEdgeCacheOrigin", EdgeCacheOriginArgs.builder()
.originAddress(dest.url())
.description("The default bucket for media edge test")
.maxAttempts(2)
.timeout(EdgeCacheOriginTimeoutArgs.builder()
.connectTimeout("10s")
.build())
.build());
var instanceEdgeCacheService = new EdgeCacheService("instanceEdgeCacheService", EdgeCacheServiceArgs.builder()
.description("some description")
.disableQuic(true)
.disableHttp2(true)
.labels(Map.of("a", "b"))
.routing(EdgeCacheServiceRoutingArgs.builder()
.hostRules(
EdgeCacheServiceRoutingHostRuleArgs.builder()
.description("host rule description")
.hosts("sslcert.tf-test.club")
.pathMatcher("routes")
.build(),
EdgeCacheServiceRoutingHostRuleArgs.builder()
.description("host rule2")
.hosts("sslcert.tf-test2.club")
.pathMatcher("routes")
.build(),
EdgeCacheServiceRoutingHostRuleArgs.builder()
.description("host rule3")
.hosts("sslcert.tf-test3.club")
.pathMatcher("routesAdvanced")
.build())
.pathMatchers(
EdgeCacheServiceRoutingPathMatcherArgs.builder()
.name("routes")
.routeRules(EdgeCacheServiceRoutingPathMatcherRouteRuleArgs.builder()
.description("a route rule to match against")
.priority(1)
.matchRules(EdgeCacheServiceRoutingPathMatcherRouteRuleMatchRuleArgs.builder()
.prefixMatch("/")
.build())
.origin(instanceEdgeCacheOrigin.name())
.routeAction(EdgeCacheServiceRoutingPathMatcherRouteRuleRouteActionArgs.builder()
.cdnPolicy(EdgeCacheServiceRoutingPathMatcherRouteRuleRouteActionCdnPolicyArgs.builder()
.cacheMode("CACHE_ALL_STATIC")
.defaultTtl("3600s")
.build())
.build())
.headerAction(EdgeCacheServiceRoutingPathMatcherRouteRuleHeaderActionArgs.builder()
.responseHeaderToAdds(EdgeCacheServiceRoutingPathMatcherRouteRuleHeaderActionResponseHeaderToAddArgs.builder()
.headerName("x-cache-status")
.headerValue("{cdn_cache_status}")
.build())
.build())
.build())
.build(),
EdgeCacheServiceRoutingPathMatcherArgs.builder()
.name("routesAdvanced")
.description("an advanced ruleset")
.routeRules(
EdgeCacheServiceRoutingPathMatcherRouteRuleArgs.builder()
.description("an advanced route rule to match against")
.priority(1)
.matchRules(
EdgeCacheServiceRoutingPathMatcherRouteRuleMatchRuleArgs.builder()
.prefixMatch("/potato/")
.queryParameterMatches(
EdgeCacheServiceRoutingPathMatcherRouteRuleMatchRuleQueryParameterMatchArgs.builder()
.name("debug")
.presentMatch(true)
.build(),
EdgeCacheServiceRoutingPathMatcherRouteRuleMatchRuleQueryParameterMatchArgs.builder()
.name("state")
.exactMatch("debug")
.build())
.build(),
EdgeCacheServiceRoutingPathMatcherRouteRuleMatchRuleArgs.builder()
.fullPathMatch("/apple")
.build())
.headerAction(EdgeCacheServiceRoutingPathMatcherRouteRuleHeaderActionArgs.builder()
.requestHeaderToAdds(
EdgeCacheServiceRoutingPathMatcherRouteRuleHeaderActionRequestHeaderToAddArgs.builder()
.headerName("debug")
.headerValue("true")
.replace(true)
.build(),
EdgeCacheServiceRoutingPathMatcherRouteRuleHeaderActionRequestHeaderToAddArgs.builder()
.headerName("potato")
.headerValue("plant")
.build())
.responseHeaderToAdds(EdgeCacheServiceRoutingPathMatcherRouteRuleHeaderActionResponseHeaderToAddArgs.builder()
.headerName("potato")
.headerValue("plant")
.replace(true)
.build())
.requestHeaderToRemoves(EdgeCacheServiceRoutingPathMatcherRouteRuleHeaderActionRequestHeaderToRemoveArgs.builder()
.headerName("prod")
.build())
.responseHeaderToRemoves(EdgeCacheServiceRoutingPathMatcherRouteRuleHeaderActionResponseHeaderToRemoveArgs.builder()
.headerName("prod")
.build())
.build())
.origin(instanceEdgeCacheOrigin.name())
.routeAction(EdgeCacheServiceRoutingPathMatcherRouteRuleRouteActionArgs.builder()
.cdnPolicy(EdgeCacheServiceRoutingPathMatcherRouteRuleRouteActionCdnPolicyArgs.builder()
.cacheMode("CACHE_ALL_STATIC")
.defaultTtl("3800s")
.clientTtl("3600s")
.maxTtl("9000s")
.cacheKeyPolicy(EdgeCacheServiceRoutingPathMatcherRouteRuleRouteActionCdnPolicyCacheKeyPolicyArgs.builder()
.includeProtocol(true)
.excludeHost(true)
.includedQueryParameters(
"apple",
"dev",
"santa",
"claus")
.includedHeaderNames("banana")
.includedCookieNames("orange")
.build())
.negativeCaching(true)
.signedRequestMode("DISABLED")
.negativeCachingPolicy(Map.of("500", "3000s"))
.build())
.urlRewrite(EdgeCacheServiceRoutingPathMatcherRouteRuleRouteActionUrlRewriteArgs.builder()
.pathPrefixRewrite("/dev")
.hostRewrite("dev.club")
.build())
.corsPolicy(EdgeCacheServiceRoutingPathMatcherRouteRuleRouteActionCorsPolicyArgs.builder()
.maxAge("2500s")
.allowCredentials(true)
.allowOrigins("*")
.allowMethods("GET")
.allowHeaders("dev")
.exposeHeaders("prod")
.build())
.build())
.build(),
EdgeCacheServiceRoutingPathMatcherRouteRuleArgs.builder()
.description("a second route rule to match against")
.priority(2)
.matchRules(EdgeCacheServiceRoutingPathMatcherRouteRuleMatchRuleArgs.builder()
.fullPathMatch("/yay")
.build())
.origin(instanceEdgeCacheOrigin.name())
.routeAction(EdgeCacheServiceRoutingPathMatcherRouteRuleRouteActionArgs.builder()
.cdnPolicy(EdgeCacheServiceRoutingPathMatcherRouteRuleRouteActionCdnPolicyArgs.builder()
.cacheMode("CACHE_ALL_STATIC")
.defaultTtl("3600s")
.cacheKeyPolicy(EdgeCacheServiceRoutingPathMatcherRouteRuleRouteActionCdnPolicyCacheKeyPolicyArgs.builder()
.excludedQueryParameters("dev")
.build())
.build())
.corsPolicy(EdgeCacheServiceRoutingPathMatcherRouteRuleRouteActionCorsPolicyArgs.builder()
.maxAge("3000s")
.allowHeaders("dev")
.disabled(true)
.build())
.build())
.build())
.build())
.build())
.logConfig(EdgeCacheServiceLogConfigArgs.builder()
.enable(true)
.sampleRate(0.01)
.build())
.build());
}
}Content copied to clipboard
Network Services Edge Cache Service Dual Token
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.secretmanager.Secret;
import com.pulumi.gcp.secretmanager.SecretArgs;
import com.pulumi.gcp.secretmanager.inputs.SecretReplicationArgs;
import com.pulumi.gcp.secretmanager.inputs.SecretReplicationAutoArgs;
import com.pulumi.gcp.secretmanager.SecretVersion;
import com.pulumi.gcp.secretmanager.SecretVersionArgs;
import com.pulumi.gcp.networkservices.EdgeCacheKeyset;
import com.pulumi.gcp.networkservices.EdgeCacheKeysetArgs;
import com.pulumi.gcp.networkservices.inputs.EdgeCacheKeysetPublicKeyArgs;
import com.pulumi.gcp.networkservices.inputs.EdgeCacheKeysetValidationSharedKeyArgs;
import com.pulumi.gcp.networkservices.EdgeCacheOrigin;
import com.pulumi.gcp.networkservices.EdgeCacheOriginArgs;
import com.pulumi.gcp.networkservices.EdgeCacheService;
import com.pulumi.gcp.networkservices.EdgeCacheServiceArgs;
import com.pulumi.gcp.networkservices.inputs.EdgeCacheServiceRoutingArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var secret_basic = new Secret("secret-basic", SecretArgs.builder()
.secretId("secret-name")
.replication(SecretReplicationArgs.builder()
.auto()
.build())
.build());
var secret_version_basic = new SecretVersion("secret-version-basic", SecretVersionArgs.builder()
.secret(secret_basic.id())
.secretData("secret-data")
.build());
var keyset = new EdgeCacheKeyset("keyset", EdgeCacheKeysetArgs.builder()
.description("The default keyset")
.publicKeys(EdgeCacheKeysetPublicKeyArgs.builder()
.id("my-public-key")
.managed(true)
.build())
.validationSharedKeys(EdgeCacheKeysetValidationSharedKeyArgs.builder()
.secretVersion(secret_version_basic.id())
.build())
.build());
var instanceEdgeCacheOrigin = new EdgeCacheOrigin("instanceEdgeCacheOrigin", EdgeCacheOriginArgs.builder()
.originAddress("gs://media-edge-default")
.description("The default bucket for media edge test")
.build());
var instanceEdgeCacheService = new EdgeCacheService("instanceEdgeCacheService", EdgeCacheServiceArgs.builder()
.description("some description")
.routing(EdgeCacheServiceRoutingArgs.builder()
.hostRules(EdgeCacheServiceRoutingHostRuleArgs.builder()
.description("host rule description")
.hosts("sslcert.tf-test.club")
.pathMatcher("routes")
.build())
.pathMatchers(EdgeCacheServiceRoutingPathMatcherArgs.builder()
.name("routes")
.routeRules(
EdgeCacheServiceRoutingPathMatcherRouteRuleArgs.builder()
.description("a route rule to match against master playlist")
.priority(1)
.matchRules(EdgeCacheServiceRoutingPathMatcherRouteRuleMatchRuleArgs.builder()
.pathTemplateMatch("/master.m3u8")
.build())
.origin(instanceEdgeCacheOrigin.name())
.routeAction(EdgeCacheServiceRoutingPathMatcherRouteRuleRouteActionArgs.builder()
.cdnPolicy(EdgeCacheServiceRoutingPathMatcherRouteRuleRouteActionCdnPolicyArgs.builder()
.signedRequestMode("REQUIRE_TOKENS")
.signedRequestKeyset(keyset.id())
.signedTokenOptions(EdgeCacheServiceRoutingPathMatcherRouteRuleRouteActionCdnPolicySignedTokenOptionsArgs.builder()
.tokenQueryParameter("edge-cache-token")
.build())
.signedRequestMaximumExpirationTtl("600s")
.addSignatures(EdgeCacheServiceRoutingPathMatcherRouteRuleRouteActionCdnPolicyAddSignaturesArgs.builder()
.actions("GENERATE_COOKIE")
.keyset(keyset.id())
.copiedParameters(
"PathGlobs",
"SessionID")
.build())
.build())
.build())
.build(),
EdgeCacheServiceRoutingPathMatcherRouteRuleArgs.builder()
.description("a route rule to match against all playlists")
.priority(2)
.matchRules(EdgeCacheServiceRoutingPathMatcherRouteRuleMatchRuleArgs.builder()
.pathTemplateMatch("/*.m3u8")
.build())
.origin(instanceEdgeCacheOrigin.name())
.routeAction(EdgeCacheServiceRoutingPathMatcherRouteRuleRouteActionArgs.builder()
.cdnPolicy(EdgeCacheServiceRoutingPathMatcherRouteRuleRouteActionCdnPolicyArgs.builder()
.signedRequestMode("REQUIRE_TOKENS")
.signedRequestKeyset(keyset.id())
.signedTokenOptions(EdgeCacheServiceRoutingPathMatcherRouteRuleRouteActionCdnPolicySignedTokenOptionsArgs.builder()
.tokenQueryParameter("hdnts")
.allowedSignatureAlgorithms(
"ED25519",
"HMAC_SHA_256",
"HMAC_SHA1")
.build())
.addSignatures(EdgeCacheServiceRoutingPathMatcherRouteRuleRouteActionCdnPolicyAddSignaturesArgs.builder()
.actions("GENERATE_TOKEN_HLS_COOKIELESS")
.keyset(keyset.id())
.tokenTtl("1200s")
.tokenQueryParameter("hdntl")
.copiedParameters("URLPrefix")
.build())
.build())
.build())
.build(),
EdgeCacheServiceRoutingPathMatcherRouteRuleArgs.builder()
.description("a route rule to match against")
.priority(3)
.matchRules(EdgeCacheServiceRoutingPathMatcherRouteRuleMatchRuleArgs.builder()
.pathTemplateMatch("/**.m3u8")
.build())
.origin(instanceEdgeCacheOrigin.name())
.routeAction(EdgeCacheServiceRoutingPathMatcherRouteRuleRouteActionArgs.builder()
.cdnPolicy(EdgeCacheServiceRoutingPathMatcherRouteRuleRouteActionCdnPolicyArgs.builder()
.signedRequestMode("REQUIRE_TOKENS")
.signedRequestKeyset(keyset.id())
.signedTokenOptions(EdgeCacheServiceRoutingPathMatcherRouteRuleRouteActionCdnPolicySignedTokenOptionsArgs.builder()
.tokenQueryParameter("hdntl")
.build())
.addSignatures(EdgeCacheServiceRoutingPathMatcherRouteRuleRouteActionCdnPolicyAddSignaturesArgs.builder()
.actions("PROPAGATE_TOKEN_HLS_COOKIELESS")
.tokenQueryParameter("hdntl")
.build())
.build())
.build())
.build())
.build())
.build())
.build());
}
}Content copied to clipboard
Import
EdgeCacheService can be imported using any of these accepted formats
$ pulumi import gcp:networkservices/edgeCacheService:EdgeCacheService default projects/{{project}}/locations/global/edgeCacheServices/{{name}}Content copied to clipboard
$ pulumi import gcp:networkservices/edgeCacheService:EdgeCacheService default {{project}}/{{name}}Content copied to clipboard
$ pulumi import gcp:networkservices/edgeCacheService:EdgeCacheService default {{name}}Content copied to clipboard
//
Properties
Link copied to clipboard
Disables HTTP/2. HTTP/2 (h2) is enabled by default and recommended for performance. HTTP/2 improves connection re-use and reduces connection setup overhead by sending multiple streams over the same connection. Some legacy HTTP clients may have issues with HTTP/2 connections due to broken HTTP/2 implementations. Setting this to true will prevent HTTP/2 from being advertised and negotiated.
Link copied to clipboard