Managed instance group autohealing without external IP

Question

I can not seem to find any information on this topic, auto-healing health checks is performed by instances in a google external IP range of 130.211.0.0/22, 35.191.0.0/16.

I'm using a Cloud NAT setup and my instance group contains instances without external IP's.

Is there no way to enable auto-healing in the instance group with this kind of setup?

Answer 1

You can use Autohealing with managed instance group with instances that don't have external IPs. To achieve this goal you should whitelist access to your service from subnets 130.211.0.0/22, 35.191.0.0/16 as it mentioned in the documentation. If you concerned that your instances don't have external IPs there's nothing to worry about - requests from health check will be routed internally to your instances from health check subnets.

I successfully tried it on my test project, for test service on my instances (without external IPs) I decided to run web server Apache. Please find my steps below:

1. create custom VPC
2. create subnet
3. create external static IP
4. create router
5. create nat
6. create instance
7. install Apache web server to instance
8. create custom disk image
9. create instance template
10. create managed instance group template
11. create managed instance group without health check
12. allow connection to port 80 from subnets 130.211.0.0/22, 35.191.0.0/16 at firewall
13. edit managed instance group and add health check (port 80)
14. check status of managed instance group
15. shut down Apache2 on 2 instances
16. check status of managed instance group
17. wait a few minutes for Autohealing
18. check status of managed instance group

So, as you can see, two new instances were created and replaced two instances with stopped Apache.