Container native load balancing allows an HTTPS load balancer to distribute traffic directly to pods running in GKE clusters as opposed to used instance groups. Please read the Google documentation links below.
It turns out this is not a feasible option since it creates a new HTTPS global load balancer for each region. However, the goal is to have a single GLB for all GKE clusters. I also attempted to modify the existing HTTPS LB with the backend created from the other region, but it does not behave as expected.
- If you add a backend service from another region then you also have to specify the host and route, which is where the problem arises. You have to specify a different route for each backend service.
- i.e.
/
maps tous-east-be
and/*
maps tous-central-be
- i.e.
- However, it does handle load balancing across zones and keeps the NEG updated if you scale your service up or down.
gcloud container clusters create neg-demo-cluster-uscentral \
--enable-ip-alias \
--create-subnetwork="" \
--network=default \
--zone=us-central1-a
gcloud container clusters create neg-demo-cluster-useast \
--enable-ip-alias \
--create-subnetwork="" \
--network=default \
--zone=us-east1-b
export GCP_PROJECT=$(gcloud config get-value project)
export ZONE="us-central1-a"
export CLUSTER="neg-demo-cluster-uscentral"
gcloud container clusters get-credentials ${CLUSTER} --zone ${ZONE}
Deploy the app and find and replace the values in the
cat app/deployment/hello-deployment.yaml | sed 's/\$GCP_PROJECT'"/$GCP_PROJECT/g" \
| sed 's/\$REGION'"/$ZONE/g" | kubectl apply -f -
Deploy to the east zone.
export ZONE="us-east1-b"
export CLUSTER="neg-demo-cluster-useast"
gcloud container clusters get-credentials ${CLUSTER} --zone ${ZONE}
cat app/deployment/hello-deployment.yaml | sed 's/\$GCP_PROJECT'"/$GCP_PROJECT/g" \
| sed 's/\$REGION'"/$ZONE/g" | kubectl apply -f -
export ZONE="us-central1-a"
export CLUSTER="neg-demo-cluster-uscentral"
gcloud container clusters get-credentials ${CLUSTER} --zone ${ZONE}
kubectl apply -f app/deployment/hello-service.yaml
export ZONE="us-east1-b"
export CLUSTER="neg-demo-cluster-useast"
gcloud container clusters get-credentials ${CLUSTER} --zone ${ZONE}
kubectl apply -f app/deployment/hello-service.yaml
This create the Global HTTPS LB with east as the backend.
kubectl apply -f app/deployment/hello-ingress.yaml
The problem with this approach is that is creates a new Global HTTPS LB, but I want one Global LB for all NEGs.
export ZONE="us-central1-a"
export CLUSTER="neg-demo-cluster-uscentral"
gcloud container clusters get-credentials ${CLUSTER} --zone ${ZONE}
kubectl apply -f app/deployment/hello-ingress.yaml
This is my attempt to create all the components for this to work (NEG, Backends, etc.), but this is more complicated and I did not complete all the steps for it to work correctly.
Get the subnetwork name
export ZONE="us-central1-a"
export CLUSTER="neg-demo-cluster-uscentral"
gcloud container clusters get-credentials ${CLUSTER} --zone ${ZONE}
Create the NEG for central region.
gcloud compute network-endpoint-groups create neg-uscentral \
--network=default \
--default-port=80 \
--subnet=$(gcloud container clusters describe neg-demo-cluster-uscentral --format='value[](subnetwork)') \
--zone=us-central1-a
kubectl describe ingress apigee-hello-neg-ingress
kubectl get ingress apigee-hello-neg-ingress
gcloud container clusters delete neg-demo-cluster-uscentral --region=us-central1-a
gcloud container clusters delete neg-demo-cluster-useast --region=us-east1-b
export ZONE="us-central1-a"
export CLUSTER="neg-demo-cluster-uscentral"
gcloud container clusters get-credentials ${CLUSTER} --zone ${ZONE}
kubectl delete ingress apigee-hello-neg-ingress
export ZONE="us-east1-b"
export CLUSTER="neg-demo-cluster-useast"
gcloud container clusters get-credentials ${CLUSTER} --zone ${ZONE}
kubectl delete ingress apigee-hello-neg-ingress