Deploying the Application — Google Cloud Platform (Public/Private Subnets)

  1. Deploy application on instances running in private subnet ,
  2. LoadBalancer running in public subnet (Internet-facing)
  3. NAT Instance running in Public subnet so that instances running in private subnet can access internet through NAT instance.
Google network daigram
  1. Create 2 subnets in different regions .
Public Subnet
Private Subnet
gcloud compute firewall-rules create demo-vpc-allow-ssh --allow tcp:22 --network demo-vpc
gcloud compute firewall-rules create demo-vpc-allow-internal-network --allow tcp:1-65535,udp:1-65535,icmp --source-ranges 10.0.0.0/16 --network demo-vpc
gcloud compute instances create nat-gateway --network gce-network --can-ip-forward \
--zone us-central1-a \
--image-family debian-8 \
--image-project debian-cloud \
--tags nat-instance
gcloud compute instances create example-instance --network demo-vpc-manual-vpc --no-address \
--zone us-east1-b \
--image-family debian-8 \
--subnet demo-vpc-manual-vpc-subnet-a \
--image-project debian-cloud \
--tags private-instance
gcloud compute routes create demo-vpc-no-ip-internet-route --network demo-vpc-manual-vpc \
--destination-range 0.0.0.0/0 \
--next-hop-instance nat-gateway \
--next-hop-instance-zone us-east1-b \
--tags private-instance --priority 800
On your NAT instance, configure iptables:Below command tells the kernel that you want to allow IP forwarding

sudo sysctl -w net.ipv4.ip_forward=1
Below command masquerades packets received from internal instances as if they were sent from the NAT gateway instance

sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
sudo apt-get update -ysudo apt-get install apache2 -y
Refer below steps to Launch LoadBalancer:Go to Console -> Network Services -> Load Balancing -> Create LoadBalancer -> Choose (TCP Load Balancing) -> Select (From Internet to my VMs) , (Single region only),No (TCP)  

1. Backend configuration -> Select Region (Region in which your VMs are launched)-> Select existing VMs - Add nstances

2. Front-end configuration -> Port (80) Provide port on which you want to access your application over internet.

--

--

--

Trying new things. Breaking stuff. Likes open source | DevOps | Find me on LinkedIn 🔎. https://www.linkedin.com/in/manoj-bhagwat-73045082/

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Invisible Cloak using python and Opencv

Alexa Becomes a Chatbot — You Can Now Talk to Alexa by Typing

Learn to code by making a 2D space shooter game.

Admin App: Agile, flexible and secure cloud data management

App Maker Review: Microsoft PowerApps vs. AppSheet

Deploying to Microk8s with Anthos Config Management

High Level Design showing workstation and Microk8s instances

Drive service adoption through targeted end-user training

Aligning SAM Services and Microsoft Azure Expert MSP Accreditation to Deliver more Value to…

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Manoj Bhagwat

Manoj Bhagwat

Trying new things. Breaking stuff. Likes open source | DevOps | Find me on LinkedIn 🔎. https://www.linkedin.com/in/manoj-bhagwat-73045082/

More from Medium

Cloud Custodian 101 with GCP

Migrating to GCVE with VMware HCX — Part 2

IAC with Google Cloud Monitoring

Set up and Configure a Cloud Environment