Load Balancers

Creating a Load balancer using GCP in DuploCloud

All containers run inside a private network and cannot be accessed from an external network. To make them accessible from an external network, create a Load Balancer.

Creating a GKE Ingress

If you need to create an Ingress Load Balancer, refer to the GKE Ingress page in the DuploCloud Kubernetes User Guide.

Adding a Load Balancer Listener

See the GCP Quick Start for an end-to-end example of deploying an application using a GCP Service.

In the DuploCloud Portal, navigate to Kubernetes -> Services.
On the Services page, select the Service name in the Name column.
Click the Load Balancers tab.
If no Load Balancers exist, click the Configure Load Balancer link. If other Load Balancers exist, click Add in the LB listeners card. The Add Load Balancer Listener pane displays.
From the Select Type list box, select a Load Balancer Listener type based on your Load Balancer.
Complete other fields as required and click Add to add the Load Balancer Listener.

DuploCloud allows no more than one (0 or 1) Load Balancer per DuploCloud Service.

Adding a certificate for an internal Load Balancer in GCP

For internal Load Balancers, you cannot use Google Managed Certificates. You can import a certificate from somewhere else or use a self-signed certificate. We recommend using the self-signed certificate option for internal Load Balancers because you control authentication at the IP level.

Here's an example Terraform code snippet to create a self-signed certificate for an internal Load Balancer in DuploCloud:

resource "tls_private_key" "self_signed_key" {
  algorithm = "RSA"
  rsa_bits  = 2048
}

resource "tls_self_signed_cert" "self_signed_cert" {
  key_algorithm   = "RSA"
  private_key_pem = tls_private_key.self_signed_key.private_key_pem

  subject {
    common_name  = "internal.example.com"
    organization = "DuploCloud"
  }

  validity_period_hours = 8760 # 1 year

  allowed_uses = [
    "key_encipherment",
    "digital_signature",
    "server_auth",
  ]
}

resource "duplo_load_balancer" "internal_lb" {
  name        = "internal-lb"
  type        = "internal"
  certificate = tls_self_signed_cert.self_signed_cert.cert_pem
  private_key = tls_private_key.self_signed_key.private_key_pem
}

Restricting Open Access to Public Load Balancers

Restrict open access to your public Load Balancers by enforcing controlled access policies.

From the DuploCloud Portal, navigate to Administrator -> System Settings.
Select the System Config tab, and click Add. The Add Config pane displays.

From the Config Type list box, select Flags.
From the Key list box, select Deny Open Access To Public LB.
In the Value list box, select True.
Click Submit. Open access to public Load Balancers is restricted.

PreviousManaged Redis NextCloud Armour

Last updated 2 months ago

Was this helpful?

Adding a Load Balancer Listener

See the GCP Quick Start for an end-to-end example of deploying an application using a GCP Service.

In the DuploCloud Portal, navigate to Kubernetes -> Services.

On the Services page, select the Service name in the Name column.

Click the Load Balancers tab.

If no Load Balancers exist, click the Configure Load Balancer link. If other Load Balancers exist, click Add in the LB listeners card. The Add Load Balancer Listener pane displays.

From the Select Type list box, select a Load Balancer Listener type based on your Load Balancer.

Complete other fields as required and click Add to add the Load Balancer Listener.

DuploCloud allows no more than one (0 or 1) Load Balancer per DuploCloud Service.

Adding a certificate for an internal Load Balancer in GCP

Here's an example Terraform code snippet to create a self-signed certificate for an internal Load Balancer in DuploCloud:

resource "tls_private_key" "self_signed_key" {
  algorithm = "RSA"
  rsa_bits  = 2048
}

resource "tls_self_signed_cert" "self_signed_cert" {
  key_algorithm   = "RSA"
  private_key_pem = tls_private_key.self_signed_key.private_key_pem

  subject {
    common_name  = "internal.example.com"
    organization = "DuploCloud"
  }

  validity_period_hours = 8760 # 1 year

  allowed_uses = [
    "key_encipherment",
    "digital_signature",
    "server_auth",
  ]
}

resource "duplo_load_balancer" "internal_lb" {
  name        = "internal-lb"
  type        = "internal"
  certificate = tls_self_signed_cert.self_signed_cert.cert_pem
  private_key = tls_private_key.self_signed_key.private_key_pem
}

Restricting Open Access to Public Load Balancers

Restrict open access to your public Load Balancers by enforcing controlled access policies.

From the DuploCloud Portal, navigate to Administrator -> System Settings.

Select the System Config tab, and click Add. The Add Config pane displays.

From the Config Type list box, select Flags.

From the Key list box, select Deny Open Access To Public LB.

In the Value list box, select True.

Click Submit. Open access to public Load Balancers is restricted.