Create a Zonal Managed Instance Group (MIGs)
In Google Cloud Platform (GCP), a Managed Instance Group (MIG) is a collection of identical virtual machine (VM) instances managed as a single entity.
When we say zonal managed instance group, it means:
- The instances in the group are all created within a single zone (e.g., us-central1-a).
- The group is tied to that zone, so all resources (VMs, disks, etc.) belong there.
- If that zone has an outage, all VMs in the MIG will be affected.
Step-01: Introduction
- Create Regional Health check
- Create Firewall rule
- Create Instance Template
- Create Zonal Managed Instance Group
Step-02: Create Regional Health Check - TCP
# Create Regional Health Check
gcloud compute health-checks create tcp regional-tcp-health-check \
--port=80 \
--region=us-central1
Step-03: Create Firewwall Rules
# Firewall Rule-1: Ingress rule that allows traffic from the Google Cloud health checking systems (130.211.0.0/22 and 35.191.0.0/16).
gcloud compute firewall-rules create vpc3-custom-allow-health-check \
--network=vpc3-custom \
--description=Allows\ traffic\ from\ Google\ Cloud\ health\ checking\ systems \
--direction=ingress \
--source-ranges=130.211.0.0/22,35.191.0.0/16 \
--action=allow \
--rules=tcp:80
Step-04: Create Instance Template
Make ensure the nginx-webserver.sh file should available in Gcloud shell
#!/bin/bash
sudo apt install -y telnet
sudo apt install -y nginx
sudo systemctl enable nginx
sudo chmod -R 755 /var/www/html
HOSTNAME=$(hostname)
sudo echo "<!DOCTYPE html> <html>
<body style='background-color:rgb(250, 210, 210);'>
<h1>Welcome to Latchu@DevOps - WebVM App1 </h1>
<p><strong>VM Hostname:</strong> $HOSTNAME</p>
<p><strong>VM IP Address:</strong> $(hostname -I)</p>
<p><strong>Application Version:</strong> V1</p>
<p>Google Cloud Platform - Demos</p>
</body></html>" | sudo tee /var/www/html/index.htm
Create a Instance Template
# us-central1: Create Instance Template
gcloud compute instance-templates create it-rlbdemo-us-central1 \
--region=us-central1 \
--network=vpc3-custom \
--subnet=us-central1-subnet \
--tags=lb-tag \
--machine-type=e2-micro \
--metadata-from-file=startup-script=nginx-webserver.sh
Step-05: Create Zonal Managed Instance Groups
# Zone: us-central1-a: Create Managed Instance Groups in the Zone
gcloud compute instance-groups managed create zmig-us-1 \
--zone us-central1-a \
--size 2 \
--template it-rlbdemo-us-central1
# Zone: us-central1-c: Create Managed Instance Groups in the Zone
gcloud compute instance-groups managed create zmig-us-2 \
--zone us-central1-c \
--size 2 \
--template it-rlbdemo-us-central1
Create a Google Cloud - Regional Application Load Balancer HTTP
Step-01: Introduction
- Pre-requisite-1: Create Instance Templates, Create Managed Instance Groups - We created already
- Create Regional Application Load Balancer - HTTP
Step-02: Pre-requisite-2: Reserve proxy-only subnet exclusively for regional load balancing proxies.
- Goto VPC Networks -> vpc3-custom -> SUBNETS -> ADD SUBNET
- Name: lb-subnet-proxyonly-us-central1
- Description: lb-subnet-proxyonly-us-central1
- Region: us-central1
- Purpose: Regional Managed Proxy
- Role: Active
- IPv4 Range: 10.129.0.0/23
- Click on ADD
Step-03: Pre-requisite-3: Create Firewall rule
fw-allow-proxy-only-subnet: An ingress rule that allows connections from the proxy-only subnet to reach the backends.
# Firewall Rule: Allow connections from Proxy Only Subnets for All Instances in the network
gcloud compute firewall-rules create vpc3-custom-allow-proxy-only-subnet \
--network=vpc3-custom \
--action=allow \
--direction=ingress \
--source-ranges=10.129.0.0/23 \
--rules=tcp:80,tcp:443,tcp:8080
Step-04: Pre-requisite-4: Create Regional Health Check - HTTP
# Create Regional Health Check
gcloud compute health-checks create http regional-http-health-check --port=80 --region=us-central1
Step-05: Create Regional Application Load Balancer - HTTP
- Go to Network Services -> Load Balancing -> CREATE LOAD BALANCER
- Select Application Load Balancer (HTTP/S): START CONFIGURATION
- Internet facing or internal only: From Internet to my VMs or serverless services
- Global or Regional: Regional external Application Load Balancer
- Load Balancer name: regional-lb-external-http
- Region: us-central1
- Network: vpc3-custom
Frontend Configuration
- Click on ADD FRONTEND IP AND PORT
- Name: frontend-http
- Description: frontend-http
- Protocol: HTTP
- IP Version: IPv4
- IP Address: regional-lb-ip1 CREATE NEW EXTERNAL STATCI IP
- Port: 80
- Click on DONE
Backend Configuration
- CLick on CREATE A BACKEND SERVICE
- Name: regional-mybackend-svc1
- Description: regional-mybackend-svc1
- Backend type: Instance Group
- Protocol: HTTP
- Named Port: webserver80 (AUTO-POPULATED WHEN BACKEND IS SELECTED AS mig1-lbdemo)
- Timeout: 30
- BACKENDS
Instance Group: zmig-us-1
Port Numbers: 80
REST ALL LEAVE TO DEFAULTS
Click on DONE
Instance Group: zmig-us-2
Port Numbers: 80
REST ALL LEAVE TO DEFAULTS
Click on DONE
- Health Check: regional-http-health-check
- Security: Cloud Armor backend security policy: NONE
- Click on CREATE
Routing Rules
- Mode: Simple host and path rule
- REST ALL LEAVE TO DEFAULTS
Review and Finalize
- Review all settings
- Click on CREATE
Step-06: Verify Load Balancer
- Go to Network Services -> Load Balancing -> global-lb-external-http
- Review the Tabs
LOAD BALANCERS
BACKENDS
FRONTENDS
Step-07: Access Application using LB IP on browser
Important Note: WAIT FOR 3 to 5 Minutes before Load Balancer is fully operational
http://34.135.38.113/
Step-08: Delete the Loadbalancer
- Delete the Load balancer
- Don't delete the backend service and health check as we are going to use upcoming demo
🌟 Thanks for reading! If this post added value, a like ❤️, follow, or share would encourage me to keep creating more content.
— Latchu | Senior DevOps & Cloud Engineer
☁️ AWS | GCP | ☸️ Kubernetes | 🔐 Security | ⚡ Automation
📌 Sharing hands-on guides, best practices & real-world cloud solutions
Top comments (0)