Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 5 Next »

Applies to: (tick) Kyvos Enterprise  (error) Kyvos Cloud (SaaS on AWS) (tick) Kyvos AWS Marketplace

(tick) Kyvos Azure Marketplace   (tick) Kyvos GCP Marketplace (error) Kyvos Single Node Installation (Kyvos SNI)


Note

While configuring an external load balancer for GCP, ensure that the frontend and backend certificates are in the same format.

Prerequisites

Firewall Rules

  1. Rule to allow Google health check to the Virtual Machine.

    1. Target: Service Account which is used by Kyvos VMs

    2. Source IP Ranges: 35.191.0.0/16, 130.211.0.0/22

    3. Protocol: tcp -> ports 8443 and 9443
      For TLS Port, use 8443 and 9443. For non-TLS ports, use 8081 and 8080

      image-20240125-131100.pngimage-20240125-130949.png
  2. Rule to allow access to selected ports from load balancer to Virtual Machine Target:

    1. Service Account which is used by Kyvos VMs

    2. Source IP Ranges: CIDR of the Proxy only Subnet

    3. Protocol: tcp ports: 8443 and 9443 (TLS Ports). For non-TLS ports, use 8081 and 8080

      image-20240125-131100.png

Note:

Without source filter as Proxy-only subnet you will get the upstream request timeout while browsing the Application Load Balancer URL.

Creating and configuring a load balancer

Creating instance group

  1. Create an instance group.
    To do this, search Instance Group in the Search box and click the Create Instance Group option.

  2. Click the New unmanaged instance group.

    image-20240125-093235.png
  1. On the page, provide the following details:

    1. Type a Name to your instance group. For example, kyvos-instancegroup.

    2. From the Network and Instances list, select the Networks shared with me option.

    3. From the shared subnetwork list, select the required option.

    4. From the VM Instances list, select the VMs on which you want to use this backend service.
      You must select the VMs used for the Kyvos Webserver node.

    5. In the Port Mapping area,

      1. Port name as km-https and Port number as 9443

      2. Port name as kyvos-https and Port number as 8443
        NOTE: For TLS Ports, use 8443 and 9443. For non-TLS ports, use 8081 and 8080

        image-20240125-125028.png
  2. Click Create.

Creating a load balancer

  1. Select the preferred project.

  2. On the navigation pane, in the Networking section, select Network services.

  3. In the Network Services list, select the Load balancing option.

    image-20240125-094224.png
  4. On the Load balancing page, click Create Load Balancer.  

  5. In the Create a load balancer section, click the HTTP(S) Load Balancing option. 

  6. Click the Start Configuration link provided at the bottom of the page.

  7. In the Internet facing or internal only section, select the From internet to my VMs or serverless services option.

  8. In the Global or Regional section, select the Global HTTP(S) Load Balancer (classic) option.

  9. Click Continue.

    image-20240125-094300.png

Configuring frontend services

  1. Click Frontend Configuration.

  2. On the page, enter details as:

    1. Provide a name to the frontend configuration, such as frontendwebserverhttps.

    2. In the Protocol list, select the HTTPS option.
      NOTE: For non-TLS, select HTTP.

    3. From the Certificate list, select the appropriate option.

    4. Click Done.

      image-20240125-125203.pngimage-20240125-125725.png

Configuring backend services

  1. Switch to the Backend tab. The Backend configuration section is displayed. 

  2. Click Create a Backend Service.

    1. For Kyvos Manager: Provide a Name to create a backend service—for example, backendservicekmhttps.

      1. Backend Type: Instance Group

      2. Protocol: For TLS, use HTTPS. For non-TLS, use HTTP.

      3. Named Port: km-https

        image-20240125-125857.png
    2. For Kyvos: Provide a Name to create a backend service—for example, backendservicekyvoshttps.

      1. Backend Type: Instance Group

      2. Protocol: For TLS, use HTTPS. For non-TLS, use HTTP.

      3. Named Port: kyvos-https

        image-20240125-125950.png
  3. In the Health check section, click the Create a Health Check option.

    1. For Kyvos Manager: Provide a Name, such as kyvosmanagerhealthcheck.

      1. Path: /kyvosmanager/

      2. Protocol: For TLS, use HTTPS. For non-TLS, use HTTP.

      3. Port: 9443
        For TLS ports, use 9443. For non-TLS ports, use 8080.

        image-20240125-130057.pngimage-20240125-130152.png
    2. For Kyvos: Provide a Name, such as kyvoshealthcheck.

      1. Path: /kyvos/

      2. Protocol: For TLS, use HTTPS. For non-TLS, use HTTP.

      3. Port: 8443
        For TLS ports, use 8443. For non-TLS ports, use 8081.

        image-20240125-130321.png
  4. Click the Save button.

  5. Scroll down and expand the Advanced Configurations section, and then select the Client IP option from the Session Affinity list and click Create

    image-20240125-130415.png
  6. Provide a Name, such as httpskyvoswebserver.

  7. Enter Host and Path rules.

    image-20240125-130720.png
  8. Click Update.

    image-20240125-130804.png

    The load balancer is created with requisite configurations.

  • No labels