GCP HTTPS Load Balancer

this topic explains how to use an gcp https load balancer (layer 7) for your swimlane web ui deployment architecture diagram limitations due to the limit of ports that may be used with a gcp https load balancer, this type of load balancer may only be used to load balance the traffic of the swimlane web ui a separate tcp load balancer must be used to load balance the other necessary ports for the swimlane platform installer(spi) console and kubernetes api create an unmanaged instance group to create an unmanaged instance group https //cloud google com/compute/docs/instance groups?hl=en set a name for the instance group set the region and the zone to where the swimlane vm instances live set the port name mapping name to swimlane and the port number to 4443 set the network to where the swimlane vm instances live add your first swimlane primary in the vm instances drop down load balancer for swimlane web ui create an https load balancer to create an https load balancer https //cloud google com/load balancing/docs/https for internet facing or internal only select from internet to my vms backend configuration either select an existing backend service or select create a backend service for backend type select instance group for protocol select https for named port select swimlane set a name for the instance group and set port numbers to 4443 under the health check drop down select an existing health check or create another health check set a name for the health check set the protocol to https set the port to 4443 unless needed per your organization's requirements, leave the defaults for the remaining settings host and path rules may be left in the simple host and path rule configuration front end configuration set a name for the new frontend ip and port set the protocol to https(includes http/2) set the ip address to an existing one or select create ip address set the certificates to an existing one or select create a new certificate select the enable http to https redirect option to redirect basic http (port 80) traffic to https (port 443) load balancer for spi console access and internal cluster traffic create a tcp load balancer to create a tcp load balancer https //cloud google com/load balancing/docs/network for internet facing or internal only set from internet to my vms for multiple regions or single region set single region only for backend type set backend service create a backend configuration set the region to where the swimlane instances live select your instance group that contains the first swimlane spi vm under the health check drop down select an existing health check or create another health check set a name for the health check set the protocol to tcp set the port to 6443 unless needed per your organization's requirements, leave the defaults for the remaining settings create a frontend configuration set the network service tier per your requirements create a new reserved ip address or use an existing one set ports to multiple set the port to 6443,8800 create the load balancer after swimlane has been installed on the additional nodes they need to be added to this target group notes after the initial install is done, you will need to join any additional primaries to the swimlane cluster before adding them to the instance group in use by your load balancer to ensure the join script runs successfully if you want a multi zonal deployment, you can create additional unmanaged instance groups and put your other swimlane primaries in them adding backend configuration for nodeport services due to gcp's workaround for hairpinning, traffic may blackhole when attempting to access nodeports through the load balancer this is because gcp automatically routes traffic destined for the load balancer to the loopback address of the vm the request was forwarded to, and kube proxy does not listen on localhost to workaround this and successfully access nodeports through the load balancer, you will need to create an alias for the primary network interface that resolves to the load balancer's ip address e g , ifconfig eth0 0 \<lb ip> netmask 255 255 255 255 up on each node in the swimlane cluster to persist these changes you will need to add them to your network interfaces configuration file firewall rules for gcp load balancers, ingress port access is defined in the firewall section of your gcp project's vpc network for more information about the port requirements see the external access section of the system requirements for an embedded cluster install docid\ ld6yzgax gpbbdt2c1h3s swimlane configuration be sure to enable the expose the swimlane web service externally option on the swimlane platform installer ui config tab