| title | description |
|---|---|
GCP Google Cloud Platform - Regional Application Load Balancer with MIG Private using Terraform |
Learn Regional Application Load Balancer with MIG Private using Terraform on Google Cloud Platform |
- Remove Public IPs for VMs (Comment instace template access_config attribute)
- Create Health Check Firewall for GCP to perform health checks
- Reference Health check firewall in Instance Template
- Create CLOUD NAT, CLOUD ROUTER
- google_compute_router resource "google_compute_router_nat" "cloud_nat" {
- google_compute_router_nat
- Comment access_config block
# Google Compute Engine: Regional Instance Template
resource "google_compute_region_instance_template" "myapp1" {
name = "${local.name}-myapp1-template"
description = "This template is used to create MyApp1 server instances."
tags = [tolist(google_compute_firewall.fw_ssh.target_tags)[0], tolist(google_compute_firewall.fw_http.target_tags)[0]]
instance_description = "MyApp1 VM Instances"
machine_type = var.machine_type
scheduling {
automatic_restart = true
on_host_maintenance = "MIGRATE"
}
# Create a new boot disk from an image
disk {
#source_image = "debian-cloud/debian-12"
source_image = data.google_compute_image.my_image.self_link
auto_delete = true
boot = true
}
# Network Info
network_interface {
subnetwork = google_compute_subnetwork.mysubnet.id
/*access_config {
# Include this section to give the VM an external IP address
} */
}
# Install Webserver
metadata_startup_script = file("${path.module}/app1-webserver-install.sh")
labels = {
environment = local.environment
}
metadata = {
environment = local.environment
}
}# Firewall rule: Allow Health checks
resource "google_compute_firewall" "fw_health_checks" {
name = "fwrule-allow-health-checks"
network = google_compute_network.myvpc.id
allow {
protocol = "tcp"
ports = ["80"]
}
source_ranges = [
"35.191.0.0/16",
"130.211.0.0/22"
]
target_tags = ["allow-health-checks"]
}# Comment Old one
#tags = [tolist(google_compute_firewall.fw_ssh.target_tags)[0], tolist(google_compute_firewall.fw_http.target_tags)[0]]
# Add new one
tags = [tolist(google_compute_firewall.fw_ssh.target_tags)[0], tolist(google_compute_firewall.fw_http.target_tags)[0], tolist(google_compute_firewall.fw_health_checks.target_tags)[0]]- google_compute_router resource "google_compute_router_nat" "cloud_nat" {
- google_compute_router_nat
# Resource: Cloud Router
resource "google_compute_router" "cloud_router" {
name = "${local.name}-${var.gcp_region1}-cloud-router"
network = google_compute_network.myvpc.id
region = var.gcp_region1
}
# Resource: Cloud NAT
resource "google_compute_router_nat" "cloud_nat" {
name = "${local.name}-${var.gcp_region1}-cloud-nat"
router = google_compute_router.cloud_router.name
region = google_compute_router.cloud_router.region
nat_ip_allocate_option = "AUTO_ONLY"
source_subnetwork_ip_ranges_to_nat = "ALL_SUBNETWORKS_ALL_IP_RANGES"
log_config {
enable = true
filter = "ALL"
}
}# Terraform Initialize
terraform init
# Terraform Validate
terraform validate
# Terraform Plan
terraform plan
# Terraform Apply
terraform apply- Static IP
- Load Balancer
- MIG
- VM Instnaces (Should not have external ip assigned)
- Curl Test
# Curl test
curl <http://LOAD-BALANCER-IP>
curl 146.148.91.239
while true; do curl 146.148.91.239; sleep 1; done# Terraform Destroy
terraform destroy -auto-approve