DEV Community

Cover image for Part-71: Implement a Global External Network Load balancer with SSL Proxy in GCP Cloud
Latchu@DevOps
Latchu@DevOps

Posted on

Part-71: Implement a Global External Network Load balancer with SSL Proxy in GCP Cloud

#googlecloud #cloud #learning #devops

Cloud Load Balancing - Network Load Balancer (TCP/TLS) with SSL Proxy

l0

Step-01: Introduction

  • Pre-requisite-1: Create Instance Templates, Create Managed Instance Groups as part of below demo 
https://dev.to/latchudevops/part-67-mastering-google-cloud-global-load-balancers-regional-mig-global-http-demo-n98
Enter fullscreen mode Exit fullscreen mode
  • Create Global External Network Load Balancer - SSL Proxy

Step-02: Create Health check - TCP

# Create a health check -  TCP
gcloud compute health-checks create tcp tcp-health-check --port 80
Enter fullscreen mode Exit fullscreen mode

l1

Step-03: Create Global External Network Load Balancer

l2

  • Go to Network Services -> Load Balancing -> CREATE LOAD BALANCER
  • Network Load Balancer (TCP/SSL): START CONFIGURATION
  • Internet facing or internal only: From Internet to my VMs
  • Multiple regions or single region: Multiple regions (or not sure yet)
  • Classic or advanced traffic management: Advanced traffic management
  • Load Balancer name: global-lb-external-ssl

Backend Configuration

  • CLick on CREATE A BACKEND SERVICE
  • Name: global-lb-external-tcp
  • Description: global-lb-external-ssl
  • Backend type: Instance Group
  • Protocol: TCP
  • Named Port: webserver80 (AUTO-POPULATED WHEN BACKEND IS SELECTED AS mig1-lbdemo)
  • Timeout: 30
  • IP address selection policy: Only IPv4
  • BACKENDS

l3

IP stack type: IPv4 (single stack)
Instance Group: mig1-us-central1
Port Numbers: 80
REST ALL LEAVE TO DEFAULTS
Click on DONE
Instance Group: mig1-us-east1
Port Numbers: 80
REST ALL LEAVE TO DEFAULTS
Click on DONE
Enter fullscreen mode Exit fullscreen mode
  • Health Check: tcp-health-check

Frontend Configuration

l4

  • Click on ADD FRONTEND IP AND PORT
  • Name: frontend-ssl
  • Description: frontend-ssl
  • Protocol: SSL
  • Network Service Tier: Premium (Current project-level tier, change)
  • IP Version: IPv4
  • IP Address: global-lb-ip3 CREATE NEW EXTERNAL STATCI IP
  • Port: 443
  • Proxy protocol: OFF
  • Certificate: app1-google-managed (CREATE NEW GOOGLE MANAGED SSL CERTIFICATE)
  • Review and Finalize
  • Review all settings
  • Click on CREATE

l5

Step-04: Verify Load Balancer

  • Go to Network Services -> Load Balancing -> global-lb-external-tcp
  • Review the Tabs 
LOAD BALANCERS
BACKENDS
FRONTENDS
Enter fullscreen mode Exit fullscreen mode

l7

Step-05: Verify SSL Certificate in Certificate Manager

Goto Security -> Certificate Manager -> Data Protection
Click on CLASSIC CERTIFICATES -> app1-google-managed

l6

Step-06: Add DNS Recordset in your desired Domain Provider

  • Create LB IP as A record in your DNS Provider

Step-07: Access Application using LB IP on browser

  • Important Note: WAIT FOR 3 to 5 Minutes before Load Balancer is fully operational

l8

Step-08: Test multi-region functionality (Send traffic to region closest to client)

To simulate a user in a different geography, you can connect to one of your virtual machine instances in a different region, and then run a curl command from that instance to see the request go to an instance in the region closest to it.

Step-09: Delete Load Balancer

  • Delete the Load balancer created as part of this demo.

l9

🌟 Thanks for reading! If this post added value, a like ❤️, follow, or share would encourage me to keep creating more content.

— Latchu | Senior DevOps & Cloud Engineer

☁️ AWS | GCP | ☸️ Kubernetes | 🔐 Security | ⚡ Automation
📌 Sharing hands-on guides, best practices & real-world cloud solutions

Top comments (0)