How to deploy an Internal HTTP(S) LoadBalancer using Google Deployment Manager (Python + YAML)?

Question

I'm implementing IaC for a web application consisting of monoliths and microservices. I want to place an internal HTTP load balancer in front of all our microservices and have not found any example for that yet. I looked at Cloud Foundation Toolkit. The Internal Load Balancer here supports only TCP / UDP Internal LoadBalancer. Google's deploymentmanager-samples has no mention of it at all!! At this moment, it seems like the only option is to build the python template from scratch.

Before I jump into that rabbit hole, wanted check if any working sample or example is available on this.

Answer 1

According to some Google document, You just need to modify some values in the internal TCP LB template.

Below is regionBackendService of internal TCP LB sample code.

{
      'name': loadbalancer_name,
      'type': 'compute.v1.regionBackendService',
      'properties': {
          'region': properties['region'],
          'network': properties['network'],
          'healthChecks': ['$(ref.' + healthcheck_name + '.selfLink)'],
          'backends': properties['instance-groups'],
          'protocol': 'TCP',
          'loadBalancingScheme': 'INTERNAL',
      }
  }

And this is compute.v1.regionBackendService reference at Google document.

protocol

Possible values are HTTP, HTTPS, HTTP2, TCP, SSL, UDP or GRPC. depending on the chosen load balancer or Traffic Director configuration. Refer to the documentation for the load balancer or for Traffic Director for more information.

loadBalancingScheme

Choose INTERNAL_MANAGED for Internal HTTP(S) Load Balancing.

So you need to modify 'protocol':'TCP' to 'protocol':'HTTP' or HTTPS, and 'loadBalancingScheme': 'INTERNAL' to 'loadBalancingScheme': 'INTERNAL_MANAGED'.

Below is forwardingRule of TCP intenal LB code.

{
      'name': forwardingrule_name,
      'type': 'compute.v1.forwardingRule',
      'properties': {
          'ports': [80],
          'network': properties['network'],
          'subnetwork': properties['subnet'],
          'region': properties['region'],
          'backendService': '$(ref.' + loadbalancer_name + '.selfLink)',
          'loadBalancingScheme': 'INTERNAL',
      }
  }

And you can find reference about this resource too.

loadBalancingScheme

INTERNAL_MANAGED is used for: Internal HTTP(S) Load Balancing

IPProtocol

Internal HTTP(S) Load Balancing: The load balancing scheme is INTERNAL_MANAGED, and only TCP is valid.

As a result, You need to modify loadBalancingScheme value from INTERNAL to INTERNAL_MANAGED. Or you maybe need to add the IPProtocol value to your forwardingrule.

Lastly, below is healthcheck of TCP internal LB code.

{
      'name': healthcheck_name,
      'type': 'compute.v1.healthCheck',
      'properties': {
          'type': 'TCP',
          'tcpHealthCheck': {
              'port': 80
          },
      }
  }

As i found in document, You must use a 'regionhealthcheck' instead 'healthcheck' for http(s) internal LB .

So you need to modify resource type to compute.v1.regionHealthChecks

I'm not completely sure for my description, but you can create your own HTTP(S) internal LB enough through referring to the Google documentation and sample code.