HTTP(s) load balancer on GCP cloud

by Jason Tzu-Cheng Chuang 2022-10-06

You must have a valid Google account and log in to Google Cloud Console. https://console.cloud.google.com/

  • Click “Activate Cloud Shell” icon at the top of the Google Cloud console.
  • Click “Continue”.
  • (Optional) You can list the active account name with this command:
    gcloud auth list
    
  • (Optional) You can list the project ID with this command:
    gcloud config list project
    
  • In Cloud Shell, set the default zone, default region:
    gcloud config set compute/zone asia-east1-a
    gcloud config set compute/region asia-east1
    

Layer 7 HTTP(s) Load Balancer

To set up a load balancer with a Compute Engine backend, your VMs need to be in an instance group. The managed instance group provides VMs running the backend servers of an external HTTP load balancer. For this lab, backends serve their own hostnames.

First, create the load balancer template:

gcloud compute instance-templates create lb-backend-template \
   --region=asia-east1 \
   --network=default \
   --subnet=default \
   --tags=allow-health-check \
   --machine-type=e2-medium \
   --image-family=debian-11 \
   --image-project=debian-cloud \
   --metadata=startup-script='#!/bin/bash
     apt-get update
     apt-get install apache2 -y
     a2ensite default-ssl
     a2enmod ssl
     vm_hostname="$(curl -H "Metadata-Flavor:Google" \
     http://169.254.169.254/computeMetadata/v1/instance/name)"
     echo "Page served from: $vm_hostname" | \
     tee /var/www/html/index.html
     systemctl restart apache2'

Create a managed instance group based on the template:

gcloud compute instance-groups managed create lb-backend-group \
   --template=lb-backend-template --size=2 --zone=asia-east1-a

Create the fw-allow-health-check firewall rule.

gcloud compute firewall-rules create fw-allow-health-check \
  --network=default \
  --action=allow \
  --direction=ingress \
  --source-ranges=130.211.0.0/22,35.191.0.0/16 \
  --target-tags=allow-health-check \
  --rules=tcp:80

Now that the instances are up and running, set up a global static external IP address that your customers use to reach your load balancer:

gcloud compute addresses create lb-ipv4-1 \
  --ip-version=IPV4 \
  --global

Note the IPv4 address that was reserved:

gcloud compute addresses describe lb-ipv4-1 \
  --format="get(address)" \
  --global

Create a health check for the load balancer:

gcloud compute health-checks create http http-basic-check \
  --port 80

Create a backend service:

gcloud compute backend-services create web-backend-service \
  --protocol=HTTP \
  --port-name=http \
  --health-checks=http-basic-check \
  --global

Add your instance group as the backend to the backend service:

gcloud compute backend-services add-backend web-backend-service \
  --instance-group=lb-backend-group \
  --instance-group-zone=asia-east1-a \
  --global

Create a URL map to route the incoming requests to the default backend service:

gcloud compute url-maps create web-map-http \
    --default-service web-backend-service

Create a target HTTP proxy to route requests to your URL map:

gcloud compute target-http-proxies create http-lb-proxy \
    --url-map web-map-http

Create a global forwarding rule to route incoming requests to the proxy:

gcloud compute forwarding-rules create http-content-rule \
    --address=lb-ipv4-1\
    --global \
    --target-http-proxy=http-lb-proxy \
    --ports=80

Testing traffic sent to your instances

In the Cloud Console, from the Navigation menu, go to Network services > Load balancing.

Click on the load balancer that you just created (web-map-http).
layer7-http-load-balancer
Then open browser and type in the IP address