- NAME
-
- gcloud compute network-endpoint-groups update - update a Compute Engine network endpoint group
- SYNOPSIS
-
-
gcloud compute network-endpoint-groups updateNAME(--add-endpoint=[client-destination-port=CLIENT-DESTINATION-PORT], [fqdn=FQDN], [instance=INSTANCE], [ip=IP], [ipv6=IPV6], [port=PORT] |--remove-endpoint=[client-destination-port=CLIENT-DESTINATION-PORT], [fqdn=FQDN], [instance=INSTANCE], [ip=IP], [ipv6=IPV6], [port=PORT]) [--global|--region=REGION|--zone=ZONE] [GCLOUD_WIDE_FLAG …]
-
- DESCRIPTION
- Update a Compute Engine network endpoint group.
- EXAMPLES
- To add two endpoints to a network endpoint group:
gcloud compute network-endpoint-groups update my-neg --zone = us-central1-a --add-endpoint = instance = my-instance1,ip = 127 .0.0.1,port = 1234 --add-endpoint = instance = my-instance2To remove two endpoints from a network endpoint group:
gcloud compute network-endpoint-groups update my-neg --zone = us-central1-a --remove-endpoint = instance = my-instance1,ip = 127 .0.0.1,port = 1234 --remove-endpoint = instance = my-instance2 - POSITIONAL ARGUMENTS
-
-
NAME - Name of the network endpoint group to operate on.
-
- REQUIRED FLAGS
-
- These flags can be specified multiple times to add/remove multiple endpoints.
Exactly one of these must be specified:
-
--add-endpoint=[client-destination-port=CLIENT-DESTINATION-PORT],[fqdn=FQDN],[instance=INSTANCE],[ip=IP],[ipv6=IPV6],[port=PORT] - The network endpoint to add to the network endpoint group. Keys used depend on
the endpoint type of the NEG.
gce-vm-ip-port*instance* - Name of instance in same zone as the network endpoint group.
The VM instance must belong to the network / subnetwork associated with the network endpoint group. If the VM instance is deleted, then any network endpoint group that has a reference to it is updated.
*ip* - Optional IP address of the network endpoint. The IP address must belong to a VM in compute engine ( either the primary IP or as part of an aliased IP range ) . If the IP address is not specified, then the primary IP address for the VM instance in the network that the network endpoint group belongs to is used.
*ipv6* - Optional IPv6 address of the network endpoint. The IPv6 address must belong to a VM in compute engine ( either the internal or external IPv6 address ) .
*port* - Required endpoint port unless NEG default port is set.
*client-destination-port* - Required endpoint client destination port only for the port mapping NEG.
internet-ip-port*ip* - Required IPv4 address of the endpoint to attach. Must be publicly routable.
*port* - Optional port of the endpoint to attach. If unspecified, the NEG default port is set. If no default port is set, the well-known port for the backend protocol is used instead ( 80 for HTTP, 443 for HTTPS ) .
internet-fqdn-port*fqdn* - Required fully qualified domain name to use to look up an external endpoint. Must be resolvable to a public IP address via public DNS.
*port* - Optional port of the endpoint to attach. If unspecified, the NEG default port is set. If no default port is set, the well-known port for the backend protocol is used instead ( 80 for HTTP, 443 for HTTPS or HTTP2 ) .
Example: ` --add-endpoint = "fqdn=backend.example.com,port=443" `
non-gcp-private-ip-port*ip* - Required IPv4 address of the network endpoint to attach. The IP address must belong to a VM not in Compute Engine and must be routable using a Cloud Router over VPN or an Interconnect connection.
*port* - Required port of the network endpoint to attach unless the NEG default port is set.
gce-vm-ip*instance* - Required instance name in same zone as the network endpoint group.
The VM instance must belong to the network / subnetwork associated with the network endpoint group. If the VM instance is deleted, then any network endpoint group that has a reference to it is updated.
*ip* - Optional IP address of the network endpoint to attach. The IP address must be the VM ' s network interface address. If not specified, the primary NIC address is used.
-
--remove-endpoint=[client-destination-port=CLIENT-DESTINATION-PORT],[fqdn=FQDN],[instance=INSTANCE],[ip=IP],[ipv6=IPV6],[port=PORT] - The network endpoint to detach from the network endpoint group. Keys used depend
on the endpoint type of the NEG.
gce-vm-ip-port*instance* - Required name of instance whose endpoint ( s ) to detach. If the IP address is unset, all endpoints for the instance in the NEG are detached.
*ip* - Optional IPv4 address of the network endpoint to detach. If specified port must be provided as well.
*ipv6* - Optional IPv6 address of the network endpoint to detach. If specified port must be provided as well.
*port* - Optional port of the network endpoint to detach.
*client-destination-port* - Optional client destination port, only for port mapping NEGs.
internet-ip-port*ip* - Required IPv4 address of the network endpoint to detach.
*port* - Optional port of the network endpoint to detach if the endpoint has a port specified.
internet-fqdn-port*fqdn* - Required fully qualified domain name of the endpoint to detach.
*port* - Optional port of the network endpoint to detach if the endpoint has a port specified.
non-gcp-private-ip-port*ip* - Required IPv4 address of the network endpoint to detach.
*port* - Required port of the network endpoint to detach unless NEG default port is set.
gce-vm-ip*instance* - Required name of instance with endpoints to detach. If the IP address is unset, all endpoints for the instance in the NEG are detached.
*ip* - Optional IP address of the network endpoint to attach. The IP address must be the VM 's network interface' s primary IP address. If not specified, the primary NIC address is used.
-
- These flags can be specified multiple times to add/remove multiple endpoints.
- OPTIONAL FLAGS
-
- At most one of these can be specified:
-
--global - If set, the network endpoint group is global.
-
--region=REGION - Region of the network endpoint group to operate on. If not specified, you might
be prompted to select a region (interactive mode only).
To avoid prompting when this flag is omitted, you can set the
compute/regiongcloud config set compute/region REGIONA list of regions can be fetched by running:
gcloud compute regions listTo unset the property, run:
gcloud config unset compute/regionAlternatively, the region can be stored in the environment variable
CLOUDSDK_COMPUTE_REGION -
--zone=ZONE - Zone of the network endpoint group to operate on. If not specified and the
compute/zoneTo avoid prompting when this flag is omitted, you can set the
compute/zonegcloud config set compute/zone ZONEA list of zones can be fetched by running:
gcloud compute zones listTo unset the property, run:
gcloud config unset compute/zoneAlternatively, the zone can be stored in the environment variable
CLOUDSDK_COMPUTE_ZONE
-
- At most one of these can be specified:
- GCLOUD WIDE FLAGS
- These flags are available to all commands:
--access-token-file,--account,--billing-project,--configuration,--flags-file,--flatten,--format,--help,--impersonate-service-account,--log-http,--project,--quiet,--trace-token,--user-output-enabled,--verbosity.Run
$ gcloud helpfor details. - NOTES
- These variants are also available:
gcloud alpha compute network-endpoint-groups updategcloud beta compute network-endpoint-groups updategcloud preview compute network-endpoint-groups update
gcloud compute network-endpoint-groups update
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License , and code samples are licensed under the Apache 2.0 License . For details, see the Google Developers Site Policies . Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2026-05-27 UTC.
