Let's take an example where we create two VMs in different regions with the same tag, and test them for HTTP(S) load balancing:
- Use the following command to create a VM and allow HTTP(S) traffic to it. Here, we are installing Debian on the VM and running commands such as updating it, installing Apache on it, and hosting a simple web page on it. You can name these instances sequentially for convenience, for example, www-1, www-2, and so on:
gcloud compute instances create <<<first-instance-name>>>
--image-family debian-8
--image-project debian-cloud
--zone us-central1-b
--tags https-tag
--metadata startup-script="#! /bin/bash /
sudo apt-get update /
sudo apt-get install apache2 -y /
sudo a2ensite default-ssl /
sudo a2enmod ssl /
sudo service apache2 restart /
echo '<!doctype / /html><html><body><h1>instance-1-name</h1></body></html>’ | tee / var/www/html/index.html /
EOF”
gcloud compute instances create <<<second-instance-name>>>
--image-family debian-8
--image-project debian-cloud
--zone us-central1-b
--tags https-tag
--metadata startup-script="#! /bin/bash /
sudo apt-get update /
sudo apt-get install apache2 -y /
sudo a2ensite default-ssl /
sudo a2enmod ssl /
sudo service apache2 restart /
echo '<!doctype / /html><html><body><h1>instance-2-name</h1></body></html>’ | tee / var/www/html/index.html /
EOF”
gcloud compute instances create <<<third-instance-name>>>
--image-family debian-8
--image-project debian-cloud
--zone europe-west1-b
--tags https-tag
--metadata startup-script="#! /bin/bash /
sudo apt-get update /
sudo apt-get install apache2 -y /
sudo a2ensite default-ssl /
sudo a2enmod ssl /
sudo service apache2 restart /
echo '<!doctype / /html><html><body><h1>instance-3-name</h1></body></html>’ | tee / var/www/html/index.html /
EOF"
- Now, we will create a firewall rule which will allow external traffic to our instances. Notice the HTTPS tags, which specify it to allow HTTPS traffic and use port 443 for this:
gcloud compute firewall-rules create www-firewall --target-tags https-tag --allow tcp:443
- Now, to verify that our instances are running smoothly, list them and note their external IP. We can try to access them with a curl command and notice their response:
gcloud compute instances list curl -k https:<<<//IP_ADDRESS>>>
- Since our instances are running well, let us configure load balancers for them. This starts with providing IPv4 and IPv6 global static external IP addresses:
gcloud compute addresses create lb-ip-cr
--ip-version=IPV4
--global gcloud compute addresses create lb-ipv6-cr
--ip-version=IPV6
--global
- Now, let's create an instance group for each zone. Repeat this command for the Europe zone as well:
gcloud compute instance-groups <<<group name>>> create
us-resources-s --zone us-central1-b
- Now let’s add our instances to their respective instance groups according to their zones. Repeat the command for Europe zone:
gcloud compute instance-groups <<group_name>>> add-instances
us-resources-s --instances wwws-1,wwws-2 --zone us-central1-b
- Let's get a health check:
gcloud compute health-checks create https https-basic-check --port 443
- Now, let's create a backend service for each content provider. In this case, we will set the protocol as HTTPS and use the health check that we created earlier:
gcloud compute backend-services create <<<service name>>> --protocol HTTPS --health-checks <<<health-check-name>>> --global
- Now, let's add the instance group that we created as the backend. As you may have guessed, repeat the command for europe’s zone:
gcloud compute backend-services add-backend
web-map-backend-service --balancing-mode UTILIZATION --max-utilization 0.8 --capacity-scaler 1 --instance-group us-resources-s --instance-group-zone us-central1-b --global
- Now, let's create a URL map which directs all incoming requests to our instances:
gcloud compute url-maps create <<<map name>>>
--default-service <<<service name>>>
- To manage HTTPS requirements, let's create an SSL certificate for the HTTPS proxy and add an SSL policy for it. Finally, we will create a target proxy and global forwarding rule by using the following commands:
gcloud compute ssl-certificates create <<<certificate name>>> --certificate <<<CRT_FILE_PATH>>> --private-key <<<KEY_FILE_PATH>>> gcloud compute ssl-policies create cr_ssl_policy --profile MODERN --min-tls-version 1.0 gcloud compute target-https-proxies create https-lb-proxy
--url-map web-map --ssl-certificates <<<cert name>>> gcloud compute forwarding-rules create <<<Rule name>>>
--address <<<LB_IP_ADDRESS>>>
--global
--target-https-proxy <<<proxy name>>
--ports 443
- Now, our load balancing is configured. Let's guide traffic to it. First of all, let's find the IP address for our global forwarding rule:
gcloud compute forwarding-rules list
- Finally, let's use the curl command and get our response:
curl https://<<<IPv4_ADDRESS>>>