This content provides a step-by-step guide on how to set up an internal load balancer on Google Cloud Platform, detailing the creation of necessary network infrastructure and resources from scratch.
Mind Map
Expand करने के लिए click करें
पूरा interactive mind map देखने के लिए click करें
Welcome back and in this chapter we are
going to talk about how to set up your
internal load balancer onto the Google
cloud. Here onto the screen you can see
the targeted architecture which we are
going to implement inside the demo. So
let's take a look onto the components
one by one. But don't worry we are going
to build everything from the scratch. So
we will start from the clean slate where
we will be creating our VPC subnet and
then gradually we will be adding more
component to build our internal load
balancer. But before that let's take a
look onto this architectural diagram and
under understand what are the different
resources which we will be needing to
implement the internal load balancer.
Let's start with our first component
which is our VPC. So first of all we
will be creating the VPC. After that we
will be focusing on to the subnet. Here
you can see this is our external subnet
where our bastion machine or a jump host
will reside. After that we will be
creating our internal or a private
subnet where our virtual machines will
reside which are private virtual machine
which will only be accessible through
our internal load balancer. So these two
virtual machine we will be spinning up
inside our private subnet. And the whole
purpose of our internal uh load balancer
is that this particular load balancer
will be used within this particular VPC.
So that this particular load balancer is
not accessible from outside of this
internal or this particular VPC. So for
example, if I am sitting over here
somewhere in the uh world sitting from
some remote location and if I try to
access this particular internal load
balancer then I should not be allowed to
access because I am outside of the VPC
and the whole purpose of this internal
load balancer is that it is only
accessible within this particular VPC.
Uh this red boundary which you see which
I have pointed with the dotted marks. So
this is only visible inside this
particular VPC parameter. So again we
will be setting up the VPC. We will be
setting up the public subnet where we
will be installing our bastion or a jump
host. So that a user who is sitting
outside of this particular Google cloud
first get into this bastion host or a
jump host. After that that particular
user will be accessing our internal load
balancer from here. So first of all user
should enter into the VPC using this
bastion virtual machine and this bastion
virtual machine will be into our public
subnet that's where this particular
virtual machine will have a public IP
which is accessible by this particular
user and once the user able to access
this bastion machine then he or she can
easily access this internal load
balancer and this internal load balancer
will have a front end it will have a
back end and in the back end it will
have a instance group and in this
instance group these virtual machines
will be mapped over here. So the same
virtual machine which is running into
the private subnet which doesn't have a
access to the internet any I mean this
person cannot access this particular
person cannot access this virtual
machine which because it is running into
the private subnet. So these virtual
machines will be mapped to this instance
group and then this internal load
balancer will eventually be forwarding
all the internal requests to this
particular instance group which will be
load load balanced on these virtual
machine. So this is how this whole setup
is going to work and also we will be
needing a NAT gateway so that these
virtual machine can download certain
internet packages which is needed to
install enginix server because as a
sample application we will be running an
engineix application inside these
virtual machine. So remember that these
particular virtual machines will not be
accessible from here from outside of our
Google or Google VPC or because here
this is the person who is sitting
somewhere in the world. But to download
certain packages we will be needing a
NAT gateway. So this virtual machine can
make a request go out but from here here
request will go out but outside request
like this will not be possible. So this
particular thing will never ever be
possible. So that's why we always always
call this kind of a virtual machine as a
internal machine or a private machines
which is only accessible within this
particular uh VPC. And to load balance
this kind of a private virtual machine
running into your private subnet we need
internal load balancer. All right. So
now we know why we need internal load
balancer. So let's start from our very
basic element which is VPC. So here onto
the slide you can see I have wiped out
all the component and which we are going
to build one by one. So the first
component which we are going to build is
the VPC. So let's jump back to our
Google cloud console and start setting
up the VPC first. Here is my Google
cloud console homepage and in the search
box you can just type VPC and click on
the VPC networks over here. Here you
will find the option to create a VPC
network. So just click on this
particular VPC network over here. Here
you can just type in the name of my VPC.
After that if you go further then check
all the settings which are over here are
the default settings. So I'm not going
to modify any of these settings. Let's
continue. So here there is a subnet. So
let's delete this one. And here you can
see there are no subnets. So right now
we have assigned the name for our VPC
which you can see over here from my
diagram. So this part we have done it.
The next component which you will see
onto our uh uh VPC homepage is the
subnet. If you scroll down further then
we need to create a subnet. And if I
show you the diagram of my architecture
then the next component which we are
also going to create is the subnet. So
there are two things to it. So one is
the name which is fine and second is the
IP ranges. So this is the IP range which
we are going to assign to our private
subnet. Okay. So let me copy the private
subnet name from my notepad and then
also I'm going to assign the cider
ranges. So here click on the add subnet.
Here assign the name and here we need to
choose the region. So region I'm going
to use which is nearest to me which is
going to be Europe 2. Uh which is going
to be my Stockholm region. Uh let me
search it once again with the Stockholm.
And here you can see this is the region.
After that you will find the option for
a IP range. So here you need to assign
the IP range which is this particular IP
range which you need to assign. Okay. So
here let's get back to my console and
here I'm going to copy and paste my IP
range from my notepad. So this is going
to be the IP range for my private subnet
After that I'm going to go further down
and I'm going to add one more subnet.
I'm going to show you over here. So here
uh so far what we have done we have
created a VPC. We have created our
private subnet. Now let's take a look
what is the next component which we are
going to create. So here you can see
this is the next component which is
going to be our external or public
subnet. Okay. So I will copy the
external public subnet name from my
notepad. Go back to my subnet section.
Here click on add subnet. Name the
subnet which is external. Here region
I'm going to again choose the Stockholm
region. Select that one. And then here I
need to assign the IP range. So I'm
going to copy the IP range and this IP
range is ending with the 10.00.2.0.
And the private if I if you can see over
here 1000.1.0.
So that's the key differentiator between
the public and the private subnet IP
ranges. Once it is assigned then if you
go at the bottom then what you need to
do is simply just click on create over
here. Hit the create button
and it will take uh like a few minutes
and then after your VPC along with the
subnets will be created. So here you can
see the work is in progress. So I'll be
back once the VPC and subnets are
created. So after a minute you can see
that my VPC has been created and let me
show you the subnet within that
particular VPC. So click on this
particular VPC and here click on this
subnets tab over here. So once you click
this particular subnets tab then here
you can see both the subnets which is
our public uh and private which I call
it as external and internal subnets are
ready with their IP ranges. So this is
the IP range which I have assigned.
Okay. Now after that let's get back to
our diagram. So here the next thing
which we need to see what is the next
component which we are going to create.
So after the VPC subnet the next
component which we are going to create
is the NAD gateway. And why we need a
NAD gateway because this particular
private subnet which is this particular
one. It doesn't have a access to
internet. So anyone from outside cannot
access any resource present into this
particular private subnet. Okay. And
that is how I want it. I don't want this
to be exposed from internet. So from
here I don't want this exposed. Okay.
But if a virtual machine sitting over
here wants to download some packages for
example if you want to install engineix
Apache or some any other web application
and that needs a upgrade then if it
doesn't have a internet then it cannot
download anything. So to solve that part
what we need to do is we need to set a
net gateway. So here this virtual
machine will be using a n gateway and
then the request will go out in internet
to download those packages but that's a
outgoing request and that's how it is
going to access the internet but no
incoming request like from this user it
cannot be possible so this nad gad
gateway is a one way out but other way
around is not possible so that way you
secure your private subnet all right and
for that reason we will be setting up a
net gateway way. Okay. Now, how to set
up a NAD gateway? To set up a NAD
gateway, what you need to do, you just
need to go back to your Google Cloud
home console. And here on the search
box, you can type uh let me remove this
one. And here you can type NAT. And here
it will find the option for a cloudnat.
And this is the homepage of our
cloudnat. Now to create a cloudnat, you
just need to click on get started over
here. Here you need to enter the NAT
name. So here I'm just going to copy the
name of my cloudnat. So here I'm just
going to paste it over here. So CL NAT
gateway internal LB. After that network.
So here we need to choose the same VPC.
So here if you see in the drop-down we
have a default VPC sandbox and CLVPC
internal LB and we are working onto the
internal LB VPC. Select that particular
one. And here it will ask for a region
and remember I have only chosen the
Stockholm region. So I'm going to select
that one over here. And here we need to
choose the cloud router. So if you
select on drop-down then here you can
see there is no cloud router I have
created. So we need to create a cloud
router for our NAT gateway. So click on
create cloud router. Here enter the name
of cloud router. So let me copy the name
of my cloud router
and paste it over here. here the keep
alive session. So default one is 20. So
I would recommend to stuck stick with
20. Don't change anything over here.
Click on create and here you can see our
cloud router has been created. Now after
that you can if you go further then you
don't need to change these settings over
here because you just want a simplistic
cloudnet gateway for your virtual
machine sitting into your private
subnet. After that click on create over here.
here.
And again it will take a few seconds to
create your cloudnet gateway. So here
you can see my net gateway is up and
running. So now if I take a look onto
this particular diagram once again. So I
have set up this component. Now once I
will spin up this virtual machine into
this particular internal or a private
subnet then it can easily access this
nad gateway and from here it can easily
download packages. So that's why we need
a net gateway. Moving further after
setting up the cloudnat gateway, the
next thing which we need to create is
our virtual machine within our private
subnet. So this is the virtual machine
which I'm going to provision inside my
internal or my private subnet. Remember
internal and private subnets are the
same terms which I will be using
throughout this tutorial. And here
external or a public subnet then I'm
referring to this particular subnet.
Okay. Now let's create this internal
virtual machine or a private virtual
machine inside our internal uh subnet.
To do that let's get back to our virt uh
Google cloud console and here in the
search box type VM instances. So here
you will find the option for a VM instances
instances
and here click on create instance button
over here and here I'm just going to
copy the name of my virtual machine. So
let me copy my first virtual machine
name. So here just paste this particular
name. So here I'm using CL internal load
balancer VM. VM is the virtual machine
and 01 is my first virtual machine. And
I am working into the Stockholm region.
So I will be using the same Stockholm
region over here. So select that one.
Zone. I'm going to keep any zone which
is available. After that I'm going to
choose E2 because this is a demo. So I'm
using the least uh like costing machine
for this particular demo. If you go
further then here you can customize and
choose E2 small if you're using it for
demo or practice purposes.
After that uh on the left hand side you
will find some options. So we are going
to take a look on all these options. So
first of all let's click on this OS and
storage and here we are going to use the
Debian which is our Linux Debian based
virtual machine. You can choose any
Debian or any other Linux flavor which
you want to have it with your virtual
machine. Okay. After that data
protection I'm not going to change
anything over here. The next thing which
we need to take a look is the networking
which is crucial. So remember that we
are working onto this particular
internal VPC. This is the VPC. So every
resource which we are going to provision
we are going to provision within this
particular VPC. Okay. So let's get back
and here uh what we need to do network
tag let's leave it. Host name let's
leave it. And here network interfaces.
So this is the one here you can see it
has already assigned the default network
interface. But we don't want that
default network interface with our
virtual machine. But instead we want our
own virtual interface. So let's delete
this one. Then click on add network
interface. And here in the network
default choose the internal VPC LB
because this is the VPC where we are
working. Now the subnet uh so here you
can see we are going to provision into
the internal one. All right. So we have
already chosen the VPC. Now let's choose
this internal subnet. So here let's get
back and from the drop-down choose
internal. Okay. After that uh we are
going to choose the IP stack as it is.
We are not going to change anything
external IP address. So here this is
important since it's a private virtual
machine. So we don't need any external
IP assigned to it. Okay. So here let's
get back and choose to none over here.
All right. After that I think let's
verify the settings. Okay. So that looks
good. Everything looks good over here.
Now next to the observability we don't
need to change anything over here. After
that there's a one more thing which
comes as a security. So this security is
important because we are going to set up
the SSH key for this particular virtual
machine so that we can access this
particular virtual machine. Okay. So
here if you go onto the manage access
section. So that's where we need to uh
copy and paste our SSH public key. I'm
going to show you how to work with that.
So let's open this particular one. And
here you will find the SSH keys. So here
you can see add manually generated SSH
keys. So here what you need to do, you
just need to click on add item. I'm
going to show you how you can generate
the SSH key. But first of all, let's
copy and paste the public SSH key. First
of all, don't worry after this I'm going
to show you how to generate your private
and public SSH keys. So here first of
all let me copy my SSH key public part.
So let me copy and paste my public key
over here and after that go to advance
and here uh we need to choose and the
engineix installation script. So this is
a user data section where we are going
to uh write some instructions so that
which installs the engineix server onto
our virtual machine so that we will be
able to test the homepage of that
particular server with the help of
internal load balancer. Don't worry here
onto the next step which you can see
this is the installation script which I
have already written which I will post
into the description section. So this
particular GitHub repository which you
can use to copy these instructions and
along with that here is also a terapform
code of the similar setups which I have
been doing into the demos. Don't worry
uh these all are things are available uh
but this terapform sections are
available only for my private YouTube
members. So if you are interested then
please go and check out the YouTube uh
membership program for this particular
YouTube channel and also this course
will be available onto the Udemy. So you
can check that one also in upcoming
weeks. But anyway, let's copy this
particular script for engineix server.
And this is a very simple script
actually. This is just going to install
the engineix server and in it is going
to enable the basic http htt html page
for that engine server. So copy this
script from here and go to your uh
virtual machine and paste it over here.
Okay. So here you can see this script
has been pasted. So all the things are
available over here. Okay. After that
just click on create uh this particular
virtual machine. And here it is going to
ask me for authentication. So I'll be
back after authenticating this
particular uh sign up uh which is need
not sign up but it is authentication
which I need to do in between whenever
I'm performing these kind of a uh setup.
Now you can see that my virtual machine
is up and running and uh it also got a
private IP within my private subnet. It
doesn't have a external IP which quite
obvious because we are trying to do the
internal load balancer demo. All right.
So now my virtual machine is up and
running and I promise to show you the
SSH key gen part how I have generated my
SSH key. So here you can see that if I'm
sitting over here for example then this
is me and this is my virtual machine
over here. So I need uh two key one is
the I will call it as a uh like a public
key which I will be uploading over here
and here I will have my private key. So
I will put uh like a private and key.
Sorry I'm typing it from my mouse so
that's why it is not so fancy. So this
is my private key and here I have uh
like I can say the public key which is
available onto my virtual machine. So
that I need to supply so that I can
authenticate onto this particular
virtual machine. Although this is a
private machine so I should not be
authenticating directly but this is just
an idea which I'm just going to show to
you. So this works anywhere. So for
example, if I have a virtual machine
into the public subnet, then again it
will be the same thing. So here I need
to upload the public key and after that
here I need to keep private key onto my
laptop. So it with that I will be able
to do the SSH and I don't need to supply
any password for authentication or
accessing my virtual machine. Okay. Now
how to do that? So to do that what you
need to do just open you just need to
open the terminal over here and here you
just need to type in the key uh uh
gen. So this is the command which you
need to run and then here it is going to
ask like where you want to save your key
pair. So here you are going to if you
don't assign any location then it is
going to create your SSH keys over here. >> [snorts]
>> [snorts]
>> So here once you hit enter then it is
going to uh like ask for a passphrase.
You can keep any password if you would
like to keep and then keep on hitting
the enter and it is going to create the
SSH keys. So here I'm going to show you
my SSH keys which has been generated. So
here you can see uh this is the first
key and this is the second key. All
right. So here if you see carefully then
it is ending with pub which means it is
public key and here this is our private
key which is sitting onto my local
machine. All right. So when I created
the virtual machine then I have only
copied the content of this particular
public key inside my SSH keys. All
right. So here if I could show you uh then
then
dop then here you can see. So this is
the content which I copied from here and
when I created my virtual machine so I
have pasted over there. So that's how I
have created my uh virtual machine and
assigned the SSH keys over there. So
just follow these steps and you should
be able to create your own SSH keys. Now
I have created my uh virtual machine
inside my private subnet. So let's take
a look what is the next resource which
we need to create. So here I'm telling
you that we need to create one more
virtual machine. But here you can see
although I have kept the name as 01. So
that was a typo. So here it will be
virtual machine 02. But let's let's do
that second virtual machine creation
later or maybe you can do it by yourself
because uh that is just exactly the same
step which I have followed over here
needs to be performed over here. All
right. So it will be repetitive. So
that's why I'm skipping. Maybe on later
when I get a time I'll create that one.
But let's just focus on the next
component. So after that uh what we need
to do is we just need to create uh one
more virtual machine which is our
bastion or a jump host. If you don't
know what is jump host then I have
already created a video on my this
particular uh Google cloud series then
please go and check that particular
bastion host virtual machine. But again
this is a virtual machine which is again
a same virtual machine setup which I'm
going to show to you. Um but this
virtual machine like will be accessible
from outside. So this is me. So this
virtual machine will have a public IP
this particular one. If it have a public
IP then I can access this particular
virtual machine. And once I'm able to
access this particular virtual machine
then I am into this VPC. And if I'm into
this VPC then I can easily access this
particular virtual machine. Okay. So
that's why we we need a bastion host
because the direct access to this
particular virtual machine is not
possible because we are into private
subnet. All right. So let's start
setting up this particular bastion host
onto our public or external subnet. To
do that, let's get back to our uh
virtual machine homepage. Click on
create virtual machine. And here I'm
just going to copy the name. So let's
copy the name of my virtual machine.
paste it over here. Choose the region.
So I'm going to choose Europe North to
Stockholm zone any here I'm going to
choose E2. Here I'm going to choose
small. After that let's go to OS. Here
I'm going to choose the Debian. I'm
going to keep it as it is. Go to data
protection. Keep everything same.
Networking. This is important. So here
if you go down then here you will find a
network interface. delete one because we
need to set up our own network
interface. Click on add network and the
VPC which is going to be internal load
balancer VPC and the subnet here we need
to choose external which is this one
external EU north 2. So if I show you
the diagram then here you can see this
is the one. Okay.
After that let's go further and here we
need to assign the external IP. So here
just choose the external IP if ephemeral
then it will going to assign the
external IP address. Okay. After that we
just need to go to uh let's go to
observability. We don't need to change
anything. Security. Yes the same SSH key
which I just explained. Go to manage
access and here add item and go back to
our notepad. Type on cl demo and public
key. Copy the content from here. this
go to SSH key and then click on I think
we have just added this one and after
that go to advance script automation
script no we don't need any automation
script because we will be just doing the
SSH or login into this particular
bastion machine after that then uh just
go and click on create and this is going
to create our bastion virtual machine so
here it is getting created which you can
see over here
and after that uh we will have
this virtual machine and we will have
this virtual machine. Okay. Uh let's go
back over here. Let me go back.
Yeah, here. So here this is virtual
machine and this virtual machine. Okay.
So let's see if that virtual machine has
been created. So here you can see the
virtual machine has been created. Now
let's try to access this particular
virtual machine first of all. Now before
we access this particular virtual
machine I I need to show you something.
So let's get back to our diagram. So
here you can see this is the virtual
machine we need to now access. But
before we access there there is a
firewall rule which we need to create.
So this firewall rule is sitting
somewhere here. So this is the firewall
which will be blocking our accesses
because these firewall rules which tell
us that which port uh we are going to
access and from where we are going to
access. So we are sitting outside over here
here
which means we are somewhere in the
internet. So if we are onto the internet
then we should have this IP range with
us. This is the default IP range which
is assigned for anyone who is sitting
outside 0.0.0.0/z.
So if any requests coming uh from
internet then it should be the source
should be this. And here we need to SSH
into this particular virtual machine. So
for that we have a port 22. So this
particular port and firewall which we
need to open so that we can this
particular user or me can access this
particular virtual machine and that we
need to set up into the firewall rules.
Okay. So here let's get back to our
Google cloud uh console here. Type in uh
the firewall rules.
Click on firewall over here and here you
will find a option to create a firewall
rule. So click on this firewall rule
over here and let's create the firewall
rule for a bastion. So here I'm just
going to create a firewall rule name
and after that here we need to choose
the network. So here I'm going to choose
again the internal load balancer uh
network. After that uh priority 1,000
that's okay. And here we just need to
keep in mind one more thing. We need to
create uh the network tags. So here you
will find a targeted tax.
Wait I'll start from once again. So here
we have assigned the name for our
firewall. We have chosen the network
over here. Then we need to also choose
the source from where it will be
originating. So it will be originating
from our 0.0.0.0 0 which is internet. So
here in the source IP range you can type 0.0.0.0/z
because it can be originating from
anywhere in the internet. So I'm using
this one. Now this is a network tag
which is important. So this firewall
rule we are assigned we are going to
assign a network tag so that we can
identify that this network tag is
belonging to this firewall rule and that
network tag we are going to assign to
the virtual machine. Don't worry I'm
going to show you. So first assign a
network tag over here and then here just
assign this one. After that we also need
to make sure which port we want. So we
want couple of ports. So I want a 22
port for SSH. After that uh we also need
uh another protocol for ping which is MP
so that we can ping the virtual machine.
Okay. Now let's create this particular
firewall rule.
It will take a minute or so. Uh let's
type uh here I'm going to search it. So
I'm going to choose the network and here
I will be working on to just a minute.
I just need to copy the name. So I will
yeah let's see. So yeah here you can see
this is the firewall rule which we have
just created and that is up and running.
All right. And if I open this one then
what is the network tag which I have
created? So this is the network tag
which I have created. Okay. Now let's
And here this is the public IP which you
can see. So let me copy this public IP
and go to my terminal. Clear the screen.
Try to ping it. Here you can see the
ping is not going at all over here.
Okay. So why it is not going? Because we
have created this network rule, this
network tag but we have not assigned to
this particular virtual machine with the
public IP over here. Okay. So we need to
assign this tag. So go to this virtual
machine over here. Go to edit.
And here you will find option for uh
network tax. This is the one. Okay. So
here, copy this network tag from here.
Go to this tab. Assign it. And now you
have assigned the network tag for this
virtual machine. Which means now it is
allowing the resource or request coming
from anywhere. And it is allowing the
two protocol 22 and ping. Okay. Now
let's save this rule over here.
It will take a minute or so and after
that this rule will be active
and after that we should be able to ping
this particular virtual machine because
now we are allowing the ICMP as well as
port 22. So both of should work. So now
this machine has been updated. So let's
get back over here and then again try to
ping it. And here you can see we are
able to ping this particular virtual
machine. Now let's try to access this
virtual machine which we have just
provisioned. So this is me outside of uh
this particular whole Google cloud or
VPC. I'm trying to access this
particular virtual machine with the
public IP. And now I have enabled the 22
port so that I can SSH into this
particular virtual machine. So let's
let's try to copy the public IP. So this
is the public IP which I have already
copied and I will go to my uh terminal.
So here you can see this is the command
which I'm going to use. I I'm going to
explain this command to you. So here SSH
I I and after that here we need to
specify the private key which is onto my
same machine. After that the username
and then this is the public key. Okay.
After that just hit enter. Type yes to
and here you can see I'm able to access
my public virtual machine. So now I'm
sitting inside the VPC. So here you can
see onto the diagram. So now I came
inside this particular VPC over here. So
now once I'm inside this particular VPC
using this bastion host. So I should be
able to ping this one and I should be
able to access these virtual machine as
well. But that's not the motive. We need
to set our internal load balancer. Okay.
And for that let's take a look what is
the next component which we need to test
create. So here we are going to set up
our internal load balancer. So here
again the same diagram I have expanded
this whole area to get a little bit more
uh like a screen real estate. Now start
setting up our internal load balancer.
To do that what you need to do you just
need to go back and here onto the search
box just type uh load balancer. Here you
will find the option for a load
balancing. Click on it.
Here click on create load balancer which
you can see over here. Click on create
load balancer.
Here you will find a application load
balancer and a network load balancer. So
here we need to choose the application
load balancer. Click next. Here you need
a public or internal. So we are going to
go with the internal load balancer.
After that click next over here. Then
best for cross region workload or best
for regional. I need a cross region
workload to make uh provide a maximum availability.
availability.
After that click on next over here and
then click on configure. And now you
should be able to start setting up your
internal load balancer. Okay. So here
let's first put the name of the load
balancer. So I'm going to copy the
internal load balancer name. So here I'm
just going to copy the name which is CL
internal LB north 2 network. I'm going
to choose VPC internal LB where we are working.
working.
After that we just need to configure the
front end. Don't worry I'm just going to
show you how it works. So here let's
take a look onto the diagram. So here
onto the network section uh internal
load balancer section we are in. So the
next component which we need over here
is the front end. So here and then the
back end. But let's take a step back. So
we are now configuring the front end. So
here if you take a look then here we are
started to set up this front end, back
end and routing rule. And now we are
into the front end section over here.
And we are configuring these front end
details over here. Let's start filling
up the front end details. So here uh I
just need to put in the details. So I'm
going to put front end over here. The
protocol is going to be the HTTP over
here because we have not enabled the
HTTPS. So let's keep it simple. The subn
network region. So here we are going to
choose the uh Stockholm region once
again. So let's get back to Stockholm
region. Proxy subnet. So this is
important because if you are trying to
set up your internal load balancer then
the Google cloud is going to create a
noy proxy. You don't need to put too
much brain into it. But this is a NY
proxy which needs a IP range. Okay. And
this NY proxy is very robust, high
performing which is used by Google cloud
also for internal load balancing. And so
to deploy that NY proxy, we just need to
small is assign a very small IP range so
that uh Google cloud can spin up that
particular envy proxy which is needed to
set up our internal load balancer. So
click on reserve over here and here you
just need to assign the name. So let me
copy that particular name and the cider
ranges. So here uh this is the IP uh
this is the name of my NY proxy and here
we need to assign the IP range. So I'm
going to assign this particular IP range
to my NY proxy. Okay. Click on add over
here. it will take a few second and
after that this proxy range uh will be
assigned to my internal load balancer
front end. Okay. So here it's just
taking a few more minutes. Uh let's
check. So here you can see you can the
status is ongoing and now it has been
created. Okay. After that uh here we
need to choose the subn network and now
we are creating this particular uh like
uh internal load balancer for my private
subnet. So here just go and choose the
internal subnet or the private subnet
which I called uh because it's internal.
So here choose this one and the port
which is going to be the AT80. All
right. After that you can just click on
simply done and that means your front
end configuration has been finished. Now
let's take a look onto the diagram once
again. So we have created the internal
load balancer name. We have configured
the front- end configuration. So the
next thing which we need to do is the
backend configuration. Okay. So let me
show you that one also over here. So
let's get back. So click on this backend
configuration and here you can see uh we
have a drop-down. Select that one. And
now we need to create your backend
configuration because there is no
previous backend configuration which
exists. Click on this one. Here you can
enter the name. So here I'm going to
sorry not this one. So let me copy the
backend configuration name. So here just
copy the backend configuration name. The
instance group. Yes, we need to keep it
as instance group. Protocol HTTP uh
timeout 30. All good. Health check. So
let's see. We have a health checks. No,
we don't have a health check. So let's
create a health check for this one. So
here uh let's put uh LB
health check TCP port 80 all good uh
proxy protocol all good we don't need to
change anything uh all good so
everything looking good because we are
checking the health check on port 80
click on create over here and now we uh
our health check uh should be created in
a few second so here you can see uh so
our backend configuration our health
check has been defined Now the next
thing is we need to set up our instance
group over here. Okay, let me show you
that one onto the diagram. So here you
can see now our front end is there,
backend configuration is there, health
checks are there and if I go further
then here you will see that we just need
to set up our instance group. Okay. So
here this is the instance group which we
need to create and this instance group
here we need to map our virtual machine
over here. Okay. So these virtual
machines will be mapped into this
instance group. So let's go and create
our instance group. So here you will
find Okay. So here I already created a
one instance group but let's try to
create our fresh instance group and
first delete this one. Okay. So here uh
There is one, but let's delete that one.
We don't need it.
Okay, so this instance group will be
deleted. So in the meantime, let's start
setting up our own new fresh instance
group. Uh let me refresh this page over here.
here.
Okay, so the instance group has been
deleted which you can see. Let's create
an instance group
and here on the left hand side we just
need to choose unmanage instance group.
Select that one here uh sorry first
select this one and then uh look here
you need to assign the name of the
instance group location here you need to
choose the north two. So on the left
hand side you can just go and choose the
same Stockholm uh zone. Uh let's see uh
what zone we have provision our first
virtual machine. I'm I mean to say uh
this virtual machine I'm not sure which
region because I have specified any
Europe north to re uh region. So it
could be a b or c. So we just need to
find it out which where it is. So here
uh on the network so choose the same VPC
here choose the network. So here we are
going to choose internal and here there
are no VMs. So here just change the
region to B and see if there are any
VMs. So here you can see the VMs are
available. Select that VM. Click okay.
And now we are mapping. So if you see
over here so now we are creating and
mapping this virtual machine over here.
And as I told you, I'm only creating one
virtual machine. I have not created
this. The only one is visible right now.
Okay. Now let's get back and at the
bottom just go and then click on create
over here. So let's create this instance
group. Okay. Click on create and this
will create our instance group. So let's
wait for a minute or so and after that
uh this will be created. All right. So
here you can see our instance group has
been created and let's get back to our
load balancer setup. So we were
configuring the back end. So here uh
like again I just I'll just recclick on
the back end configuration because we
were stuck onto the instance group but
rest of the settings are already there.
We just don't need to create everything
from the scratch. So here you can see
the back end name. I will put it
instance group. I just need to select
it. And here health check we have
already created. So this is the healthy
check we have created.
After that here in the instance group,
so go and select the instance group
which we have recently created. Port is
going to be 80. We don't need to change
it. And then click on uh create over
here. And after that click on okay over
here. Okay. After that go to the routing
rule here. We don't need to change
anything. We just need to keep the
things very simple. Simple host and path
rules over here. Okay. After that uh
just simply go and click on create and
this is going to create and deploy your
internal load balancer.
Here you can see this internal load
balancer is going to be deployed for the
first time. So it is going to take uh at
least couple of minutes to get it
deployed. Once it is deployed I'll be
back and checking the status of this
particular internal load balancer. But
keep in mind the health check of this
internal load balancer will be uh like
warning or it will not go green because
we still need to set up some firewall
rules to make this internal load
balancer work. All right. So here you
can see our internal load balancer has
been set up and as I told you the
backend services are not coming green
because we still need to set up some
firewall rules so that this whole load
balancer works. Okay. So let me show you
the diagram and then it will make sense.
So first of all uh this subnet is done
but here we are having this particular
firewall and this firewall is blocking
and this is the firewall sitting over
here and this firewall is blocking this
whole load balancer setup which we have
done. So this load balancer is not able
to redirect this request because we have
not set up this firewall rules over
here. Okay. And there was one more proxy
network which we have set up. If you
remember that is starting with a 10 dot
uh uh like here uh 100
and dot uh 3 dot
dot
here and uh that is starting with the
26. So this is the one more IP range
which we have not allowed for in the
firewall rule. So this is the one IP
range and this is the second IP range we
have not allowed yet. So these are the
two IP ranges firewall rules which we
need to enable into this firewall
because our request will be coming from
here to here. I'm already logged in into
this fashion machine and from here it
will just try to access this load
balancer and this load balancer should
redirect this request over here through
the firewall rule and then it should
land on to load balance these virtual
machines. So this is how it should work.
Okay. So now let's try to set up the
firewall rules for this. So let's get
back to our uh Google cloud console. In
the search box, type firewall.
Sorry, I just uh need to type the
spelling correct firewall. Click on
firewall over here and here click on the
create firewall rules. Here we need to
enter the firewall rule name. So here
let me copy the firewall rule name. So
I'm going to copy the firewall rule name
as this one.
Okay. After that network. So I'm going
to choose the network as a internal LB.
Priority 100. Keep it sorry 1,000. Keep
it as it is. Uh target tag. So here
let's first create a tag so that we can
associate later on this particular tag
to our virtual machine
and as well as to our yeah to the
virtual machine actually. Okay, after
that we just need to specify the source
from which source we are expecting the I
uh traffic. So first source is going to
be this one 1000.200
1000.200 10.200.1.0
10.200.1.0 okay/24.
okay/24.
So first of all let's put 10 dot
[clears throat] what is it? 200 sorry.
sorry.
So this is going to be the first IP
range. Okay. So from this bastion host
we will be accessing this virtual
machine. All right. After that there
will be uh one more uh which is going to
be our proxy. So this is the proxy range
which I have specified which is this
one. Okay. So these are the two ranges
which we need to enable. After that we
also need to specify the port. So here
I'm going to specify the port which is
80. After that 22 these are the two port
80 where I'm going to access my engineic
server and after that I'm just going to
specify another protocol which is MP.
Okay. After that I just need to set
click on this create rule over here. So
we have specified port 80 port 22 and
the MP port. Click on create over here.
And this will create our firewall rule.
Okay. So here uh in the network let's
try to search this particular one. Network
sorry let me type the filter once again.
So here it is going to be
yeah internal LP network. So here you
can see and this is the internal rule
which is this one
here. This is the tag. So let's copy
this tag and then go to our let's go to
virtual machine instances.
Go to our internal virtual machine. And
now we are going and here we are going
to in this firewall rule we have already
created this firewall rule over here and
this firewall rule tag we are going to
assign it to this virtual machine. Okay.
So let's get back and here click on edit.
edit.
Go further down and here you will find a
network tag. So just paste it over here.
Okay. After that click on save over here
and it will take a minute or so and
after that we are going to check the
same load balancer status and it should
go green. Let me see the load balancer
and I think the load balancer is still
not coming up. So I think I need to
check the firewall rules once again. So
here let's open this internal firewall
rule once again and check the IP range.
So here I see I I think I made a typo.
So instead of 200 it should be 100.
Okay. So here I will just click on edit
and here uh let's try to remove this
one. So instead of that 1000
uh dot uh 1 dot no sorry it should be uh
let me check it should be 1.0 no it
should be 2.0 actually sorry I I made a
typo on my diagram. Let's check the
subnet range once again. So go to VPC
VPC networks
go to internal subnets. So here we will
be putting the request from external. So
it should be this IP range 10.00.2.0.
Sorry this is the uh like a typo which I
made and in the diagram uh also this is
2.0 zero. I should make a correction
over here. Okay. So, let's get back and
uh click on save over here
and let's wait for a minute or so. I'll
be back once this whole rule is saved
and it is activated. And here you can
see my load balancer is green and my
service is up and running. And uh if I
take a look onto the load balancer IP.
So if you click on this one then the
load balancer IP is this one which is 1000.1.4.80
1000.1.4.80
80 is the port but this is the internal
IP of my internal load balancer. So
let's try to access this particular
internal load balancer and see if it is
returning the results or not. So here
I'll go back to my bastion machine. So
here this is you can see this is my
bastion machine. All right which means
that I am uh let me show you. So I am
sitting over here into this vial machine
and here from here I'm just trying to
access on the IP address of my internal
load balancer which is 1000.1.4.
So let me show you the internal IP which
is this one. Okay. So let's try to curl
that particular page. So here I'm going
and then IP uh the port number. And here
you can see the response is returned
back. So here you can see I'm able to
access my internal load balancer through
my bastion machine within my VPC. And
just to clarify a bit more and if I try
to access through virtual machine
then I can also verify the same page
with directly accessing the virtual
machine. But that's not the point I
wanted to prove. Here you can see 1.2.
So it should also result but here I'm
trying to access the direct virtual
machine. So here I put it and then 80
and here you can see the same web page
but the thing is uh I'm I wanted to
verify it with the
private load balancer or the internal
load balancer and it is redirecting me
to the same page which means my internal
load balancer is working and with the
help of my bastion host I am able to
access this internal load balancer and
this is routing the request to this
instance group and here it is pointing
to this virtual machine and now in this
instance instance group. I can keep on
adding further more groups and it will
keep on load balancing the request to
that particular instance group. So this
is how you can set up your internal load
balancer and just play around with your
internal load balancer. Please check out
the previous chapter where I have ex
explained the external load balancer our
bastion host the subnet VPC setup as
well and also please check out the UDMI
courses which I'm going to soon update
Video के उस moment पर जाने के लिए कोई भी text या timestamp click करें
Share करें:
ज्यादातर transcripts 5 सेकंड से कम में तैयार
एक Click में Copy125+ भाषाएंContent Search करेंTimestamps पर जाएं
YouTube URL Paste करें
कोई भी YouTube video link डालें और पूरा transcript पाएं
Transcript निकालें
ज्यादातर transcripts 5 सेकंड से कम में तैयार
हमारा Chrome Extension लें
YouTube छोड़े बिना transcript तुरंत पाएं। हमारा Chrome extension install करें और watch page पर ही किसी भी video का transcript one-click में access करें।
