Skip to content

Instantly share code, notes, and snippets.

@silashansen

silashansen/create_gcp_lb.md

Last active October 9, 2023 20:53
Show Gist options
  • Save silashansen/a43acaac482cc239ae049e012ac7cc2c to your computer and use it in GitHub Desktop.
Save silashansen/a43acaac482cc239ae049e012ac7cc2c to your computer and use it in GitHub Desktop.
Download ZIP
Create Google Loadbalancer from CLI
Raw
create_gcp_lb.md

Global Load Balancer to Managed Instance Group

Create the Global Load Balancer

Setup some variables first

export PROJECT_ID=$(gcloud config get-value project)
export REGION=europe-west3 # should be the same as your mig
export MIG_NAME=service-x-mig # or whatever you already have
export VPC_NAME=default # or whatever you already have
export VPC_SUBNET=default # or whatever you already have
export CERTIFICATE_NAME=my-ssl-certificate
export PUBLIC_IP_NAME=service-x-proxy-ip
export HEALTH_CHECK_NAME=service-x-health-check
export PROXY_BACKEND_NAME=service-x-proxy-backend
export MIG_PROXY_MAP_NAME=service-x-proxy-map
export MIG_HTTPS_PROXY_NAME=service-x-https-proxy
export FORWARDING_RULE_NAME=service-x-forwarding-rule
export FIREWALL_RULE_NAME=service-x-glb-firewall-rule

Create health check for the load balancer

gcloud compute health-checks create https $HEALTH_CHECK_NAME \
  --project $PROJECT_ID --port 443 --global \
  --request-path /healthz/ingress

Create a backend service that points to the instance group

gcloud compute backend-services create $PROXY_BACKEND_NAME \
  --project $PROJECT_ID \
  --protocol HTTPS \
  --health-checks $HEALTH_CHECK_NAME \
  --port-name https \
  --timeout 302s \
  --connection-draining-timeout 300s \
  --global

Add the instance group to the backend service

gcloud compute backend-services add-backend $PROXY_BACKEND_NAME \
  --project $PROJECT_ID --instance-group $MIG_NAME \
  --instance-group-region $REGION \
  --balancing-mode UTILIZATION --max-utilization 0.8 --global

Create the parts that make up the load balancer

Create the URL map

gcloud compute url-maps create $MIG_PROXY_MAP_NAME \
  --project $PROJECT_ID --default-service $PROXY_BACKEND_NAME

Create the target proxy

gcloud compute target-https-proxies create $MIG_HTTPS_PROXY_NAME \
  --project $PROJECT_ID --url-map $MIG_PROXY_MAP_NAME \
  --ssl-certificates $CERTIFICATE_NAME

Reserve an IP address for the load balancer

gcloud compute addresses create $PUBLIC_IP_NAME \
  --project $PROJECT_ID \
  --ip-version=IPV4 \
  --global

(Optional) View the reserved IP address

gcloud compute addresses describe $PUBLIC_IP_NAME \
  --project $PROJECT_ID --global

Create forwarder rule

gcloud compute forwarding-rules create $FORWARDING_RULE_NAME \
  --project $PROJECT_ID --address $PUBLIC_IP_NAME --global \
  --target-https-proxy $MIG_HTTPS_PROXY_NAME --ports 443

Allow the load balancer to access the instance group

NOTE: The range shown below is the default range for Google Load Balancers

gcloud compute firewall-rules create $FIREWALL_RULE_NAME \
  --description "Allow incoming from GLB on TCP port 443 to service-x Proxy" \
  --project $PROJECT_ID --network $VPC_NAME --allow=tcp:443 \
  --source-ranges=130.211.0.0/22,35.191.0.0/16 --target-tags=gke-service-x-proxy
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment