Versions Compared

Old Version 5

changes.mady.by.user Sarabjeet Kaur

Saved on

compared with

New Version Current

changes.mady.by.user Sarabjeet Kaur

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

...

  1. Rule to allow Google health check to the Virtual Machine.

    1. Target: Service Account which is used by Kyvos VMs

    2. Source IP Ranges: 35.191.0.0/16, 130.211.0.0/22

    3. Protocol: tcp -> TCP ports 8443 and 9443
      For TLS Port, use 8443 and 9443. For non-TLS ports, use 8081 and 8080

      image-20240125-131100.pngimage-20240125-130949.png

  2. Rule to allow access to selected ports from load balancer to Virtual Machine Target:

    1. Service Account which is used by Kyvos VMs

    2. Source IP Ranges: CIDR of the Proxy only Subnet

    3. Protocol: tcp ports: 8443 and 9443 (TLS Ports). For non-TLS ports, use 8081 and 8080

      image-20240125-131100.png

...

Creating instance group
Anchor
Creatinginstancegroup
Creatinginstancegroup

  1. Select the preferred project.

  2. Create an instance group.
    To do this, search Instance Group in the Search box and . The Instance groups page is displayed. On the page, click the Create Instance Group option.

    Image Removedimage-20240418-110913.pngImage Added

  3. Click the New unmanaged instance group.

    image-20240125-093235.pngImage Removedimage-20240418-111035.pngImage Added

  4. On the page, provide the following details:

    1. Type a Name to your instance group. For example, kyvos-instancegroup.

    2. From the Network and Instances list, select the Networks shared with me option.

    3. From the shared subnetwork list, select the required option.

    4. From the VM Instances list, select the VMs on which you want to use this backend service.
      You must select the VMs used for the Kyvos Webserver node.
      For Kyvos reporting node deployment, select Kyvos Reporting

    5. In the Port Mapping area, click Add Port.

      1. Port name as km-https and Port number as 9443

      2. Port name as kyvos-https and Port number as 8443
        NOTE: For TLS Ports, use 8443 and 9443. For non-TLS ports, use 8081 and 8080

...

      1. image-20240418-111410.pngImage Added

  2. Click Create. The Instance group has created.

Creating a load balancer

  1. Select the preferred project.

  2. On the navigation pane, in the Networking section, select Network services.

    Image Removed

  3. In the Network Services list, select the Load balancing option.

    image-20240125-094224.pngImage Removed

  4. Search bar, type load balancing and select it. The Load Balancing page is displayed.

  5. On the Load balancing page, click Create Load Balancer.  

    Image Removedimage-20240419-075135.pngImage Added

  6. In the Create a load balancer section, click the HTTP(S) Application Load Balancing option

  7. Click the Start Configuration link provided at the bottom of the page.

    Image Removed

  8. In the Internet facing or internal only section, select the From internet to my VMs or serverless services option.

  9. In the Global or Regional section, select the Global HTTP(S) Load Balancer (classic) option.

  10. Click Continue.

    image-20240125-094300.pngImage Removed

...

  1. . It is selected by default.

    image-20240419-075406.pngImage Added

  2. Click Next. In the Public facing or Internal section, select the Public facing option. It is selected by default. Click Next.

    image-20240419-075846.pngImage Added

  3. In the Global or Single region deployment section, select the Best for regional workloads (single region) option. Click Next.

    image-20240419-080101.pngImage Added

  4. The Create a load balancer section is displayed.

    image-20240419-080342.pngImage Added

  5. Click Configure. The Create global external Application Load Balancer page is displayed.

    image-20240419-101819.pngImage Added

  6. Click Frontend Configuration.

    On the page, enter details as:

    1. Provide a name to the frontend configuration, such as frontendwebserverhttps.

    2. In the Protocol list,select the HTTPS option.
      NOTE: For non-TLS, select HTTP.

    3. Select IP version as IPv4 and IP Address as Ephemeral.

    4. Enter port as 443

    5. From the Certificate list, select the appropriateoption.

  7. Click Done

    .image-20240125-125203.pngImage Removedimage-20240125-125725.pngImage Removed

Configuring backend services

  1. Switch to the Backend tab. The Backend configuration section is displayed. 

  2. Click Create a Backend Service.

    image-20240419-102152.pngImage Added

  3. For Kyvos Manager: Provide a Name to create a backend service—for example, backendservicekmhttps.

    1. Backend Type: Instance Group

    2. Protocol: For TLS, use HTTPS. For non-TLS, use HTTP.

    3. Use the default value for Timeout.

    4. Named Port: km-https

      image-20240125-125857.pngImage Removedimage-20240419-080748.pngImage Added

  4. For Kyvos: Provide a Name to create a backend service—for example, backendservicekyvoshttps.

    1. Backend Type: Instance Group

    2. Protocol: For TLS, use HTTPS. For non-TLS, use HTTP.

    3. Instance Group that you have created.

    4. Named Port: kyvos-https

      image-20240125-125950.pngImage Removed

    5. Click Use Selected Named Port. The Port for that instance group will be auto-populated.

      image-20240419-102709.pngImage Added

  5. Scroll down and click Advanced configurations.

  6. In the Health check section, click the Create a Health Check option.

    image-20240419-081316.pngImage Added

    1. For Kyvos Manager: Provide a Name, such as kyvosmanagerhealthcheck.

      1. Path: /kyvosmanager/

      2. Protocol: For TLS, use HTTPS. For non-TLS, use HTTP.

      3. Port: 9443
        For TLS ports, use 9443. For non-TLS ports, use 8080.

        image-20240125-130057.pngimage-20240125-130152.png

    2. For Kyvos: Provide a Name, such as kyvoshealthcheck.

      1. Path: /kyvos/

      2. Protocol: For TLS, use HTTPS. For non-TLS, use HTTP.

      3. Port: 8443
        For TLS ports, use 8443. For non-TLS ports, use 8081.

        image-20240125-130321.png

  7. Click the Save button.

  8. Scroll down and expand the Advanced Configurations section, and then select the Client IP option from the Session Affinity list and click Create

    image-20240125-130415.png

  9. Provide a Name, such as httpskyvoswebserver. Click Create. The Backend Configuration is completed.

  10. Enter Click Routing Rules and enter Host and Path rules.

    image-20240125-130720.pngImage Removedimage-20240419-083219.pngImage Added

  11. Click UpdateReview and Finalize.

    image-20240125-130804.pngImage Removed

    image-20240419-083334.pngImage Added

    After reviewing the fields, click Create.

    The load balancer is created with requisite configurations.

...