Create GCP Internal TCP Proxy LB

Create GCP Internal TCP Proxy LB

-> Currently, it can only be created through the gcloud CLI, not in the GCP console.

 

 

https://cloud.google.com/load-balancing/docs/tcp/set-up-int-tcp-proxy-zonal#configure-the-load-balancer

 

https://registry.terraform.io/providers/hashicorp/google-beta/latest/docs/resources/compute_forwarding_rule

 

 

# Create a subnet dedicated to regional proxy

 

Migrate an existing http proxy-only subnet to a regional proxy-only subnet

https://cloud.google.com/load-balancing/docs/proxy-only-subnets#migrate-purpose

 

gcloud compute networks subnets create internal-regional-lb-proxy-subnet \
   --purpose=REGIONAL_MANAGED_PROXY \
   --role=ACTIVE \
   --region=asia-northeast3 \
   --network=test-network \
   --range=10.20.0.0/23 \
   --project=my-project

 

 

# create neg

 

gcloud compute network-endpoint-groups create my-test-service-a \
   --network-endpoint-type=GCE_VM_IP_PORT \
   --zone=asia-northeast3-a \
   --network=test-network \
   --subnet=test-subnet \
   --project=my-project

gcloud compute network-endpoint-groups update my-test-service-a \
   --zone=asia-northeast3-a \
   --add-endpoint='instance=my-test-service,ip=10.0.0.9,port=443' \
   --project=my-project

gcloud compute network-endpoint-groups create my-test-service-b \
   --network-endpoint-type=GCE_VM_IP_PORT \
   --zone=asia-northeast3-b \
   --network=test-network \
   --subnet=test-subnet \
   --project=my-project

gcloud compute network-endpoint-groups update my-test-service-b \
   --zone=asia-northeast3-b \
   --add-endpoint='instance=my-test-service-2,ip=10.0.0.10,port=443' \
   --project=my-project

 

 

# Create health check

 

gcloud compute health-checks create tcp my-test-service \
   --region=asia-northeast3 \
   --use-serving-port \
   --project=my-project

 

 

# Create backend service

 

gcloud beta compute backend-services create my-test-service \
   --load-balancing-scheme=INTERNAL_MANAGED \
   --protocol=TCP \
   --region=asia-northeast3 \
   --health-checks=my-test-service \
   --health-checks-region=asia-northeast3 \
   --session-affinity=CLIENT_IP \
   --project=my-project

gcloud beta compute backend-services add-backend my-test-service \
   --network-endpoint-group=my-test-service-a \
   --network-endpoint-group-zone=asia-northeast3-a \
   --balancing-mode=CONNECTION \
   --max-connections-per-endpoint=100 \
   --region=asia-northeast3 \
   --project=my-project

gcloud beta compute backend-services add-backend my-test-service \
   --network-endpoint-group=my-test-service-b \
   --network-endpoint-group-zone=asia-northeast3-b \
   --balancing-mode=CONNECTION \
   --max-connections-per-endpoint=100 \
   --region=asia-northeast3 \
   --project=my-project

 

 

# Create target tcp proxy

 

gcloud beta compute target-tcp-proxies create my-test-service \
   --backend-service=my-test-service \
   --region=asia-northeast3 \
   --project=my-project

 

 

# Create forwarding rule

 

gcloud beta compute forwarding-rules create my-test-service \
   --load-balancing-scheme=INTERNAL_MANAGED \
   --network=test-network \
   --subnet=test-subnet \
   --address=my-test-service-ip-1 \
   --ports=443 \
   --region=asia-northeast3 \
   --target-tcp-proxy=my-test-service \
   --target-tcp-proxy-region=asia-northeast3 \
   --project=my-project