I am working on setting up a load balancer and cloud armor. When setting up cloud armor, the load balancer backend service does not show up as a target. So unable to choose a target for the cloud armor policy.
I have followed all the steps as per this:
https://cloud.google.com/iap/docs/load-balancer-howto#mig
The steps are:
create a instance group (has 2 VMs, autoscaling off, all VM in same region, zone)
added health check to the instance group (http, status shows green/healthy)
create a regional load balancer - https on the front end, http for backend services
In cloud armor, in "Apply policy to new target" - in the drop down, do NOT see the backend service associated with the load balancer that was created successfully. so unable to select a target.
any help on the above would be much appreciated.
#laks :
As of today, Google Cloud Armor is supported only for Global Loadbalancers.
Check the load balancer you're using, I strongly feel that you're using a regional load balancer, that's why it's not showing you on the targets.
Prefer using GLB and that should be the fix.
Thanks
Manoj Pachigolla
Related
I have created 2 load balancers (for http and https) and they are connected to a backend storage. Now when I check the Infrastructure summary in the monitoring tab, I could see 2 different vms running. Do the cost for load balancer is related to these vms?
I have read the load balancer documentation and it was not clear how the LB's works internally.
It depends on what type of Load Balancer you're running, but basically it is all running and managed by the internal infrastructure of Google.
The HTTPS/HTTP are managed by the GFE and Andromeda which are the software-defined networks build by Google. You can read about this in the following documentation.
About the cost of the Load Balancer, it depends on the architecture of your environment. For this reason, I suggest you to check the following documentation which explains on detail the Load Balancer's pricing. In summary you will be charged depending on the traffic that goes trough the LB. This can be stimated using the GCP calculator.
I am trying to add a simple HTTP to HTTPS redirect using AWS Application Load Balancer but it seems that all tutorials are out to date:
https://aws.amazon.com/premiumsupport/knowledge-center/elb-redirect-http-to-https-using-alb/
https://docs.amazonaws.cn/en_us/elasticbeanstalk/latest/dg/configuring-https-elb.html
I didn't see any option to add Rules under the load balance console, I also checked for this option on AWS CDK and haven't find anything.
The Load Balancer was created by an Elastic Beanstalk app, so I assume that it's an Application Load Balance.
I've seen a lot of tutorials and remind myself of doing same thing last year but now I don't see any option to set rules/redirects using the new AWS Console.
Redirecting EC2 Elastic Load Balancer from HTTP to HTTPS
This is the only option I am seeing available at the console under listener sections:
The Load Balancer was created by an Elastic Beanstalk app, so I assume that it's an Application Load Balance
Actually, it's a Classic load balancer. You can tell because the listener config specifies the load balancer point and the instance port. For an Application load balancer, the instance configuration is part of the target group.
So, turns out that ELB allows setting Load balance type only at the creation time. In my case, I created my stack as a single instance and add a load balance latter, so AWS automatically sets the default load balancer as the CLASSIC one instead of the application load balance (where we can use targets, rules, etc).
So I had to recreate my environment setting the correct load balancer type.
I'm trying to create a multi-region Google Cloud Run setup and can't find any documentation.
My goal is creating an Google HTTPS Load Balancer and map the targets as my 3 Google Cloud Run instances.
https://lb.test.com/ >
eu.test.com > Europe Cloud Run
na.test.com > North America Cloud Run
sa.test.com > South America Cloud Run
Problem is, I can't find the option of mapping my HTTPS load balancer into my Cloud Run instances.
If this is not possible yet, can I use an external DNS LB such as AWS Route 53?
Thanks!
Mapping load balancer to cloud run is possible now. This can be achieved by creating NEGs (Network Endpoint Groups) which points to a cloud run service.
I have implemented this today, and came across this thread. To find out how to implement this follow instructions in
https://cloud.google.com/load-balancing/docs/negs/setting-up-serverless-negs#creating_the
I have recently published a guide on this on our official documentation: http://cloud.google.com/run/docs/multiple-regions
The solution involves adding the newly introduced "Serverless Network Endpoint Groups" as backends to your load balancer.
I do not think you can use a Google HTTPS Load Balancer to make cloud run service multiregional (HTTPS Load Balancer supports only compute engine vm as backend). Your question was very interesting and I did some research.
The only useful documents I found about this topic:
Running Multi-Region Apps on Google Cloud (Cloud Next '19).
Going Multi-Regional in Google Cloud Platform
They are explaining how you can make a cloud service multiregional using Apigee (some proxy servers HA Proxy, Nginx).
I configured a Cloud Armor policy however when I try to apply the policy to a new target the '+Add Target' button is disabled.
I understand that you can't apply the policy to a new target.
This should be related to your HTTP(S) Load Balancer, because Cloud Armor is used in conjunction with HTTP(S) Load balancer. See the below link for more details:
https://cloud.google.com/armor/docs/security-policy-concepts
Once you have a healthy load balancer, it should be available to be added to your cloud armor policy. Also, make sure that the Load balancer is not using CDN there are some limitations. Cloud Armor Security Policies and IP blacklist/whitelist are not supported for Cloud CDN in the Beta release. If you try to associate a Cloud Armor Security Policy for a backend service and Cloud CDN is enabled, the config will be rejected. Targets are Google Cloud Platform resources that you want to control access to. For the Beta release, you can only use non-CDN HTTP(S) load balancer backend services as targets.
Also, you can try to apply the policy using the gcloud command line tool, and check if it is working or not. See the link below for more insight on gcloud command line tool.
https://cloud.google.com/kubernetes-engine/docs/how-to/cloud-armor-backendconfig
So I Install and set up new a WordPress installation via Google Cloud. I Also set up HTTP/s Load Balancer for cloud CDN. The LB is now working. Please help on how I can connect this too? so that my site will run with the cloud CDN. Thanks in advance
Since you would like to setup HTTP(S) Load Balancer for Cloud CDN, you need to configure at least Backend and Frontend configuration at “HTTP(S) Load Balancing”.
In Load Balancing Backend configuration you have the option of selecting Instance Group. So before creating “backend service” you need to create a instance group. Since you already created WordPress VM instance, you should create a unmanaged instances group. In Backend configuration then you will have the option of Enable Cloud CDN and selecting Health Check. So along with Instance Group please also create a Health Check following this documentation.
After completing Backend configuration you will have to configure the Frontend which is very straight forward.The front end is your virtual IP (VIP) or called anycast IP in GCP. One front end can service multiple regions (backends). In most cases you would want a static or reserved IP and not the default ephemeral. This way you can easily point an a-record on your Cloud DNS zone file to your load balancer IP.