Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Google Cloud HTTP Load Balancer Health Check Fails Without An External IP

Scenario: I have a Google Compute Engine instance exposing a web application via HTTP port 80 and I can access it directly using an external IP address.

Then, I added a HTTP load balancer with a health check and afterwards, I could access the web application via the load balancer without any problem.

Now, if I remove the external IP address of the compute instance, the health check of the load balancer starts failing. I read [1] and added a firewall rule to allow health check probes coming from addresses in the ranges 130.211.0.0/22 and 35.191.0.0/16 but still the health check is failing.

If I add the external IP address back to the compute instance, health check becomes active. What I require here is to remove the public IP address of the compute instance and only expose the load balancer IP address to the internet.

Question: Is it mandatory to have an external IP address on Google Cloud Compute Engine Instances for routing traffic via a Google Cloud HTTP load balancer? If not, may I know how to route HTTP traffic to compute instances using a HTTP load balancer without having external IP address on the compute instances? Appreciate your thoughts on this.

[1] https://cloud.google.com/compute/docs/load-balancing/health-checks

like image 786
imesh Avatar asked Jun 11 '18 10:06

imesh


1 Answers

I contacted Google Cloud support team on this matter and found that external IP addresses are required for routing HTTP traffic from the HTTP load balancer to the Compute Engine instances.

The only possible solution here might be to apply firewall rules and block direct access to VMs according to the current design.

like image 79
imesh Avatar answered Sep 30 '22 05:09

imesh