Menu
Scenario: I have a Google Compute Engine instance exposing a web application via HTTP port 80 and I can access it directly using an external IP address.
Then, I added a HTTP load balancer with a health check and afterwards, I could access the web application via the load balancer without any problem.
Now, if I remove the external IP address of the compute instance, the health check of the load balancer starts failing. I read [1] and added a firewall rule to allow health check probes coming from addresses in the ranges 130.211.0.0/22 and 35.191.0.0/16 but still the health check is failing.
If I add the external IP address back to the compute instance, health check becomes active. What I require here is to remove the public IP address of the compute instance and only expose the load balancer IP address to the internet.
Question: Is it mandatory to have an external IP address on Google Cloud Compute Engine Instances for routing traffic via a Google Cloud HTTP load balancer? If not, may I know how to route HTTP traffic to compute instances using a HTTP load balancer without having external IP address on the compute instances? Appreciate your thoughts on this.
[1] https://cloud.google.com/compute/docs/load-balancing/health-checks
786
I contacted Google Cloud support team on this matter and found that external IP addresses are required for routing HTTP traffic from the HTTP load balancer to the Compute Engine instances.
The only possible solution here might be to apply firewall rules and block direct access to VMs according to the current design.
79
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
