Configuring HTTP(S) load balancing

Let's take an example where we create two VMs in different regions with the same tag, and test them for HTTP(S) load balancing:

  1. Use the following command to create a VM and allow HTTP(S) traffic to it. Here, we are installing Debian on the VM and running commands such as updating it, installing Apache on it, and hosting a simple web page on it. You can name these instances sequentially for convenience, for example, www-1, www-2, and so on:
gcloud compute instances create <<<first-instance-name>>>  
    --image-family debian-8 
    --image-project debian-cloud 
    --zone us-central1-b 
    --tags https-tag 
    --metadata startup-script="#! /bin/bash /
sudo apt-get update /
sudo apt-get install apache2 -y /
sudo a2ensite default-ssl /
sudo a2enmod ssl /
sudo service apache2 restart /
echo '<!doctype  / /html><html><body><h1>instance-1-name</h1></body></html>’ | tee / var/www/html/index.html /
      EOF”

gcloud compute instances create <<<second-instance-name>>>  
    --image-family debian-8 
    --image-project debian-cloud 
    --zone us-central1-b 
    --tags https-tag 
    --metadata startup-script="#! /bin/bash /
sudo apt-get update /
sudo apt-get install apache2 -y /
sudo a2ensite default-ssl /
sudo a2enmod ssl /
sudo service apache2 restart /
echo '<!doctype  / /html><html><body><h1>instance-2-name</h1></body></html>’ | tee / var/www/html/index.html /
EOF”

gcloud compute instances create <<<third-instance-name>>>  
    --image-family debian-8 
    --image-project debian-cloud 
    --zone europe-west1-b 
    --tags https-tag 
    --metadata startup-script="#! /bin/bash /
sudo apt-get update /
sudo apt-get install apache2 -y /
sudo a2ensite default-ssl /
sudo a2enmod ssl /
sudo service apache2 restart /
echo '<!doctype  / /html><html><body><h1>instance-3-name</h1></body></html>’ | tee / var/www/html/index.html /
EOF"
  1. Now, we will create a firewall rule which will allow external traffic to our instances. Notice the HTTPS tags, which specify it to allow HTTPS traffic and use port 443 for this:
    gcloud compute firewall-rules create www-firewall 
        --target-tags https-tag --allow tcp:443
  1. Now, to verify that our instances are running smoothly, list them and note their external IP. We can try to access them with a curl command and notice their response:
    gcloud compute instances list
    curl -k https:<<<//IP_ADDRESS>>>
  1. Since our instances are running well, let us configure load balancers for them. This starts with providing IPv4 and IPv6 global static external IP addresses:
    gcloud compute addresses create lb-ip-cr 
     --ip-version=IPV4 
     --global 
    gcloud compute addresses create lb-ipv6-cr 
     --ip-version=IPV6 
     --global
  1. Now, let's create an instance group for each zone. Repeat this command for the Europe zone as well:
    gcloud compute instance-groups <<<group name>>> create 
     us-resources-s --zone us-central1-b
  1. Now let’s add our instances to their respective instance groups according to their zones. Repeat the command for Europe zone:
    gcloud compute instance-groups <<group_name>>> add-instances 
      us-resources-s 
        --instances wwws-1,wwws-2 
        --zone us-central1-b
  1. Let's get a health check:
    gcloud compute health-checks create https https-basic-check 
        --port 443
  1. Now, let's create a backend service for each content provider. In this case, we will set the protocol as HTTPS and use the health check that we created earlier:
    gcloud compute backend-services create <<<service name>>> 
        --protocol HTTPS 
        --health-checks <<<health-check-name>>> 
        --global
  1. Now, let's add the instance group that we created as the backend. As you may have guessed, repeat the command for europe’s zone:
    gcloud compute backend-services add-backend  
      web-map-backend-service 
        --balancing-mode UTILIZATION 
        --max-utilization 0.8 
        --capacity-scaler 1 
        --instance-group us-resources-s 
        --instance-group-zone us-central1-b 
        --global
  1. Now, let's create a URL map which directs all incoming requests to our instances:
    gcloud compute url-maps create <<<map name>>> 
      --default-service  <<<service name>>>
  1. To manage HTTPS requirements, let's create an SSL certificate for the HTTPS proxy and add an SSL policy for it. Finally, we will create a target proxy and global forwarding rule by using the following commands:
    gcloud compute ssl-certificates create <<<certificate name>>> 
        --certificate <<<CRT_FILE_PATH>>> 
        --private-key <<<KEY_FILE_PATH>>> 
    gcloud compute ssl-policies create cr_ssl_policy 
    --profile MODERN --min-tls-version 1.0 
    gcloud compute target-https-proxies create https-lb-proxy 
     --url-map web-map --ssl-certificates <<<cert name>>> 
    gcloud compute forwarding-rules create <<<Rule name>>> 
     --address <<<LB_IP_ADDRESS>>> 
     --global 
     --target-https-proxy <<<proxy name>> 
     --ports 443
  1. Now, our load balancing is configured. Let's guide traffic to it. First of all, let's find the IP address for our global forwarding rule:
    gcloud compute forwarding-rules list
  1. Finally, let's use the curl command and get our response:
    curl https://<<<IPv4_ADDRESS>>>
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.145.149.253