问题描述
场景:我有一个Google Compute Engine实例,该实例通过HTTP端口80公开了一个Web应用程序,我可以使用外部IP地址直接访问它.
Scenario:I have a Google Compute Engine instance exposing a web application via HTTP port 80 and I can access it directly using an external IP address.
然后,我添加了带有运行状况检查的HTTP负载平衡器,然后,我可以通过负载平衡器访问Web应用程序而没有任何问题.
Then, I added a HTTP load balancer with a health check and afterwards, I could access the web application via the load balancer without any problem.
现在,如果我删除了计算实例的外部IP地址,则负载均衡器的运行状况检查将开始失败.我阅读了[1]并添加了防火墙规则,以允许运行状况检查探针来自地址范围为130.211.0.0/22和35.191.0.0/16的地址,但运行状况检查仍然失败.
Now, if I remove the external IP address of the compute instance, the health check of the load balancer starts failing. I read [1] and added a firewall rule to allow health check probes coming from addresses in the ranges 130.211.0.0/22 and 35.191.0.0/16 but still the health check is failing.
如果我将外部IP地址添加回计算实例,则运行状况检查将变为活动状态.我需要的是删除计算实例的公共IP地址,而仅将负载平衡器IP地址公开给Internet.
If I add the external IP address back to the compute instance, health check becomes active. What I require here is to remove the public IP address of the compute instance and only expose the load balancer IP address to the internet.
问题:是否必须在Google Cloud Compute Engine实例上具有外部IP地址,才能通过Google Cloud HTTP负载均衡器路由流量?如果不是,我是否可以知道如何使用HTTP负载平衡器将HTTP流量路由到计算实例,而无需在计算实例上使用外部IP地址?赞赏您对此的想法.
Question:Is it mandatory to have an external IP address on Google Cloud Compute Engine Instances for routing traffic via a Google Cloud HTTP load balancer? If not, may I know how to route HTTP traffic to compute instances using a HTTP load balancer without having external IP address on the compute instances? Appreciate your thoughts on this.
[1] https://cloud.google.com/compute /docs/load-balancing/health-checks
推荐答案
我与此事联系了Google Cloud支持团队,发现将HTTP流量从HTTP负载平衡器路由到Compute Engine实例时需要外部IP地址.
I contacted Google Cloud support team on this matter and found that external IP addresses are required for routing HTTP traffic from the HTTP load balancer to the Compute Engine instances.
这里唯一可行的解决方案可能是根据当前设计应用防火墙规则并阻止对VM的直接访问.
The only possible solution here might be to apply firewall rules and block direct access to VMs according to the current design.
这篇关于没有外部IP的Google Cloud HTTP负载均衡器运行状况检查失败的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!