Open in app

Sign in

Write

Sign in

Adding Application Load Balancer (ALB) with Content Delivery Network (CND) on Managed Instance Group (MIG) in Google Cloud Platform (GCP)

Anup Kumar Panwar
6 min readFeb 14, 2024

--

Glossary

First of all, keep these abbreviations in mind so that you don’t jump back to Google search results and look for another easier blog.

  1. GCP — Google Cloud Platform, a versatile cloud computing service provider.
  2. VM — Virtual Machine, a simulated computer system.
  3. ALB — Application Load Balancer, efficiently distributes incoming application traffic.
  4. MIG — Managed Instance Group, enables easy management of a group of virtual machine instances.
  5. CDN — Content Delivery Network, optimizes the delivery of web content to users globally.

Backstory

Initially, I operated a single instance of a Virtual Machine (VM) within my Google Cloud Compute Engine. Seeking automated scalability in response to fluctuating loads, I established a Managed Instance Group (MIG). To efficiently manage incoming traffic across these instances, I integrated an Application Load Balancer (ALB) with the MIG. Additionally, to optimize resource utilization like alleviating strain on the database, I aimed to implement caching mechanisms via CDN for response and static files, thereby reducing the necessity for frequent database accesses.

1. Create a Managed Instance Group

1.1 Create a Disk Image

Select Disks from the left side menu in the Compute Engine Section. Find the disk that is connected to your VM that you want to auto-scale. Click on the actions and choose Create image. You may want to stop the VM before creating the image.

Give a name to your image and select the location. I’ve kept it in the Delhi Region. Leave Encryption to the default ie, “Google-managed encryption key”. Then click the Create button.

My disk size was 25 GB and it took around 4 minutes to create its image.

1.2 Create an Instance Template

Once your disk image is ready, go to Instance Templates and click on Create Instance Template.

Give a name and select a region for your template. Again I have kept it Delhi. Next, select machine configuration and machine type based on your requirements.

Scroll down to Boot disk and click change. In the menu that appears, select Custom Images and select the image that you just created. For example, “prod-disk-image” in my case.

In Access scopes select “Allow full access to all Cloud APIs” and in Firewall check all the options and click the Create Button.

1.3 Finally create the Instance Group

Go to Instance Groups and hit the Create Instance Group button.

Since we are running an API server on the VMs, there is no persistent data. So from the left panel select “New managed instance group (stateless)”.

Give a name to the Instance Group. Select the instance template that we just created in the previous step. Configure the Minimum number of instances and Maximum number of instances based on your requirements. I’ve kept it 2 and 5 respectively.

Now scroll down to “Health Check”. We need to make sure that if an instance goes down then a new instance is automatically created maintaining the minimum number of instances configured.

So click on Health Check and Create a Health Check.

How the health check works is, that it hits a given endpoint at regular intervals and checks if the response is successful (200) or not. So in my API server, I have implemented a /ping endpoint that returns “pong” with HTTP status code 200.

So here’s the health check configuration for that.

Save the Health Check.

Keeping other configurations as default, click the Create button on Instance Group.

Within a few minutes, the Instance group should be up and running with the minimum number of VMs as provided in the configuration.

2. Create an Application Load Balancer

2.1 Create a Backend Service

Search for Load Balancing in the GCP console. Select the Backends tab on the page and click Create Backend Service. Use CDN option is available only in the Global backend service so we will select that option.

Give a name to your backend service, select HTTPS in the Protocol options, and keep the named port as default (http).

In the Backends section select the instance group that you created in the previous step. Put 80 and 443 in port numbers for HTTP and HTTPS respectively.

Scroll down to Cloud CDN and enable it. We would force cache all content keeping our TTLs to 5 min.

In the Health Check select the health check that you previously created and click the Create button.

2.2 Create a Load Balancer

Now move to the Load Balancer Tab and click Create Load Balancer. Choose “Application load balancer (HTTP/S)” from the options.

We will keep our ALB as a Global external application load balancer.

Give a name to your ALB.

2.2.1 Frontend Configuration

Here frontend means the public IP address that is accessible via the internet which is independent of the IP addresses of your VMs.

Add Frontend config for HTTPS. For this first select the protocol as HTTP and in the IP address click Create IP address. Reserve a new static IP address for your frontend.

Add frontend IP and port and add the config for HTTPS. It will ask you to add Certificate. So click on Create a Certificate. Since I used Certbot with Nginx for HTTPS, I will select the option Upload my certificate.

To find the certificates and the keys, SSH into one of your running VM instances and check the Nginx config.

cd /etc/nginx/sites-enabled/

Find the active Nginx config for your domain. There you will see the path for ssl_certificate and ssl_certificate_key. Copy the content of these files in the Certificate and Private Key fields respectively.

Uncheck Enable HTTP to HTTPS redirect and press Done.

2.2.2 Backend Configuration

In the backend configuration select the backend that you created in previous steps.

Leave other configs as it is and click Create.

You might need to restart your MIG instances to see the changes.

3. Configure the DNS

Now you can pick up the Frontend IP address that you reserved and put it in the DNS record so that your domain hits at this IP address.

4. (Optional) Testing

Try hitting your domain https://example.com repeatedly. If you get an error like

upstream connect error or disconnect/reset before headers. 
reset reason: remote connection failure, 
transport failure reason: TLS_error:|268435703:SSL 
routines:OPENSSL_internal:WRONG_VERSION_NUMBER:TLS_error_end:TLS_error_end

Then edit your backend service. Change the Named port to https . Remove 80 from Port numbers.

Gcp
Load Balancing
Unlisted

--

--

Anup Kumar Panwar
Anup Kumar Panwar

Written by Anup Kumar Panwar

173 Followers
72 Following

Engineer @ Zepto | Ex-Gojek | Founder at The Algorithms | GSoC’18 @ FOSSASIA | And lots of Music & Football

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams