Single GCP external load balancer using shared VPC

0
votes

I have few projects in GCP using a shared VPC. e.g.

project-shared
project1-api
project2-api

project-shared has managed services such as databases etc which are used by project1 / project2. Project1 and Project2 have VMs which expose APIs.

I want to create a single load balancer in project-shared that can be used to route to project1-api or project2-api vms using different paths. I tried creating the instance group in project shared but I could not see the project1/2-api VMs listed. I then tried to the create the instance groups in the individual projects but then could not see the instance groups when I tried to create the backend service in the project-shared.

I would prefer to have single load balancer, is this possible or would I have to create one per project.

2
google-cloud-platformload-balancinggcp-load-balancer

2 Answers

0
votes

The best set-up would be 3 load balancers, one in each project so that you can leverage the load balancer's ability to hide your resources behind a single ip-address. You can create one load balancer in project-shared which will direct traffic to ip address of load balancer in project 1 and that of project 2. The load balancers in project 1 and project 2 will handle the traffic among resources in repective projects.

0
votes

As per my understanding you want to use load balancer with instance group as a backend service for your service projects (project1 and Project2).

Yes it is possible to use load balancer with an instance group as a backend service. Here I consider setting up an internal HTTP(S) load balancer for Shared VPC as it requires some up-front setup and provisioning by an administrator. Once this is done, a service project owner can deploy the load balancer and backends using the resources provisioned by the administrator.

For the internal HTTP(S) load balancer's networking resources such as the proxy-only subnet, the subnet for the backend instances and firewall rules for the backend services are created in the host project (project-shared).

The load balancer's forwarding rule, target proxy, URL map, backend service, and backend instances are created in the service projects (project1-api & project2-api).

For configuring the load balancer with Shared VPC, please follow the links below:

https://cloud.google.com/load-balancing/docs/l7-internal/l7-internal-shared-vpc