forked from pivotal-cf/docs-pks
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathgcp-api-load-balancer.html.md.erb
128 lines (88 loc) · 6.02 KB
/
gcp-api-load-balancer.html.md.erb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
---
title: Creating a GCP Load Balancer for the PKS API
owner: PKS
---
<strong><%= modified_date %></strong>
This topic describes how to create a load balancer for the PKS API using Google Cloud Platform (GCP).
Before you install PKS, you must configure an external TCP load balancer to access the PKS API from outside the network.
You can use any external TCP load balancer of your choice.
Refer to the procedures in this topic to create a load balancer using GCP.
If you choose to use a different load balancer, use the configuration in this topic as a guide.
<p class="note"><strong>Note</strong>: This procedure uses example commands which you should modify to represent the details of your PKS installation.</p>
## <a id='create-lb'></a>Step 1: Create a Load Balancer
To create a load balancer using GCP, perform the following steps:
1. In a browser, navigate to the [GCP console](https://console.cloud.google.com).
1. Navigate to **Network Services > Load balancing** and click **CREATE LOAD BALANCER**.
1. Under **TCP Load Balancing**, click **Start configuration**.
1. Under **Internet facing or internal only**, select **From Internet to my VMs**.
1. Under **Multiple regions or single region**, select **Single region only**.
1. Click **Continue**.
1. Name your load balancer. Pivotal recommends naming your load balancer `pks-api`.
1. Select **Backend configuration**.
* Under **Region**, select the region where you deployed Ops Manager.
* Under **Backends**, select **Select existing instances**. This will be automatically configured when updating the Resource Config section of the PKS tile.
* (Optional) Under **Backup pool**, select a backup pool. If you select a backup pool, set a **Failover ratio**.
* (Optional) Under **Health check**, select whether or not you want to create a health check.
* Under **Session affinity**, select a session affinity configuration.
* (Optional) Select **Advanced configurations** to configure the **Connection draining timeout**.
1. Select **Frontend configuration**.
* (Optional) Name your frontend.
* (Optional) Click **Add a description** and provide a description.
* Select **Create IP address** to reserve an IP address for the PKS API endpoint.
1. Enter a name for your reserved IP address. For example, `pks-api-ip`. GCP assigns a static IP address that appears next to the name.
1. (Optional) Enter a description.
1. Click **Reserve**.
* Under **Port**, enter `9021`. Your external load balancer forwards traffic to the PKS control plane VM using the UAA endpoint on port 8443 and the PKS API endpoint on port 9021.
* Click **Done**.
* Click **New Frontend IP and Port**.
1. Enter a name for the frontend IP-port mapping, such as `pks-api-uaa`.
1. (Optional) Add a description.
1. Under **IP** select the same static IP address that GCP assigned in the previous step.
1. Under **Port**, enter `8443`.
1. Click **Done**.
1. Click **Review and finalize** to review your load balancer configuration.
1. Click **Create**.
## <a id='firewall-rule'></a>Step 2: Create a Firewall Rule
To create a firewall rule that allows traffic between the load balancer and the PKS API VM, do the following:
1. From the GCP console, navigate to **VPC Network > Firewall rules** and click **CREATE FIREWALL RULE**.
1. Configure the following:
* Name your firewall rule.
* (Optional) Provide a description for your firewall rule.
* Under **Network**, select the VPC network you created in the [Create a GCP Network with Subnets](https://docs.pivotal.io/pcf/om/2-3/gcp/prepare-env-manual.html#create_network) step of _Preparing GCP_.
* Under **Priority**, enter a priority number between `0` and `65535`.
* Under **Direction of traffic**, select **Ingress**.
* Under **Action on match**, select **Allow**.
* Under **Targets**, select **Specified target tags**.
* Under **Target tags**, enter `pks-api`.
* Under **Source filter**, select **IP ranges**.
* Under **Source IP ranges**, enter `0.0.0.0/0`.
* Under **Protocols and ports**, select **Specified protocols and ports** and enter `tcp:8443,9021`.
1. Click **Create**.
## <a id='install'></a>Step 3: Install PKS
Follow the instructions in [Installing PKS on GCP](installing-pks-gcp.html) to deploy PKS.
After you finish installing PKS, continue to the following sections to complete the PKS API load balancer configuration.
## <a id='tag'></a>Step 4: Create a Network Tag for the Firewall Rule
To apply the firewall rule to the VM that hosts the PKS API, the VM must have the `pks-api` tag in GCP. Do the following:
1. From the GCP console, navigate to **Compute Engine** > **VM instances**.
1. Locate the your PKS control plane VM.
1. Click the name of the VM to open the **VM instance details** menu.
1. Click **Edit**.
1. Verify that the **Network tags** field contains the `pks-api` tag. Add the tag if it does not appear in the field.
1. Scroll to the bottom of the screen and click **Save**.
## <a id='wildcard-dns-entry'></a>Step 5: Create a Wildcard DNS Entry
To create a wildcard DNS entry in GCP for your PKS API domain, do the following:
1. From the GCP console, navigate to **Network Services > Cloud DNS**.
1. If you do not already have a DNS zone, click **Create zone**.
* Provide a **Zone name** and a **DNS name**.
* Specify whether the **DNSSEC** state of the zone is **Off**, **On**, or **Transfer**.
* (Optional) Enter a **Description**.
* Click **Create**.
1. Click **Add record set**.
1. Under **DNS Name**, enter a subdomain for the load balancer. For example, to use `pks-api.example.com` as your PKS API hostname, enter `pks-api` in this field.
1. Under **Resource Record Type**, select **A** to create a DNS address record.
1. Enter a value for **TTL** and select a **TTL Unit**.
1. Enter the static IP address that GCP assigned when you created the load balancer in [Create a Load Balancer](#create-lb).
1. Click **Create**.
## <a id='next-steps'></a> Next Steps
After you complete this procedure, follow the instructions in
[Installing PKS on GCP](installing-pks-gcp.html).