Versions Compared

Old Version 2

changes.mady.by.user Sarabjeet Kaur

Saved on

compared with

New Version 3

changes.mady.by.user Sarabjeet Kaur

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • Reserve a static IP address for the load balancer. See Google documentation for more details.

  • Create a Proxy-only subnet in the VPC you are using. See Google documentation for more details.

  • SSL or TLS enabled on Kyvos and Kyvos Manager

Firewall Rules

  1. Rule to allow Google health check to the Virtual Machine.

    1. Target: Service Account which is used by Kyvos VMs

    2. Source IP Ranges: 35.191.0.0/16, 130.211.0.0/22

    3. Protocol: tcp -> ports 8443 and 9443
      For TLS Port, use 8443 and 9443. For non-TLS ports, use 8081 and 8080

      image-20240125-131100.pngimage-20240125-130949.png

  2. Rule to allow access to selected ports from load balancer to Virtual Machine Target:

    1. Service Account which is used by Kyvos VMs

    2. Source IP Ranges: CIDR of the Proxy only Subnet

    3. Protocol: tcp ports: 8443 and 9443 (TLS Ports). For non-TLS ports, use 8081 and 8080

      image-20240125-131100.png

...

  1. Click Frontend Configuration.

  2. On the page, enter details as:

    1. Provide a name to the frontend configuration, such as frontendwebserverhttps.

    2. In the Protocol list,select the HTTPS option.
      NOTE: For non-TLS, select HTTP.

    3. From the Certificate list, select the appropriateoption.

    4. Click Done.

      image-20240125-125203.pngimage-20240125-125725.png

...

  1. Switch to the Backend tab. The Backend configuration section is displayed. 

  2. Click Create a Backend Service.

    1. For Kyvos Manager: Provide a Name to create a backend service—for example, backendservicekmhttps.

      1. Backend Type: Instance Group

      2. Protocol: For TLS, use HTTPS and for non-TLS, use HTTP.

      3. Named Port: km-https

        image-20240125-125857.png

    2. For Kyvos: Provide a Name to create a backend service—for example, backendservicekyvoshttps.

      1. Backend Type: Instance Group

      2. Protocol: For TLS, use HTTPS and for non-TLS, use HTTP

      3. Named Port: kyvos-https

        image-20240125-125950.png

  3. In the Health check section, click the Create a Health Check option.

    1. For Kyvos Manager: Provide a Name, such as kyvosmanagerhealthcheck.

      1. Path: /kyvosmanager/

      2. Protocol: For TLS, use HTTPS. For non-TLS, use HTTP.

      3. Port: 9443
        For TLS ports, use 9443. For non-TLS ports, use 8080.

        image-20240125-130057.pngimage-20240125-130152.png

    2. For Kyvos: Provide a Name, such as kyvoshealthcheck.

      1. Path: /kyvos/

      2. Protocol: For TLS, use HTTPS. For non-TLS, use HTTP.

      3. Port: 8443
        For TLS ports, use 8443. For non-TLS ports, use 8081.

        image-20240125-130321.png

  4. Click the Save button.

  5. Scroll down and expand the Advanced Configurations section, and then select the Client IP option from the Session Affinity list and click Create

    image-20240125-130415.png

  6. Provide a Name, such as httpskyvoswebserver.

  7. Enter Host and Path rules.

    image-20240125-130720.png

  8. Click Update.

    image-20240125-130804.png

    The load balancer is created with requisite configurations.

...