[英]Compute Engine and IAP without load balancer
I would like to put one Compute Engine instance behind IAP.我想在 IAP 后面放置一个Compute Engine 实例。
I have read the official literature that states that a load balancer needs to be created. 我已阅读官方文献,其中指出需要创建负载均衡器。
Since I only have one instance to protect, and no autoscaling (ie there will always be an instance of one), the perspective of having to set-up a load balancer is not frankly exciting as that will incur costs that I would prefer to avoid.由于我只有一个实例需要保护,并且没有自动缩放(即总会有一个实例),因此必须设置负载均衡器的观点并不令人兴奋,因为这会产生我希望避免的成本.
I have tried implementing a lightweight version of the official guide by simply creating a new firewall rule with the following configuration:我尝试通过简单地使用以下配置创建一个新的防火墙规则来实现官方指南的轻量级版本:
And apply to my instance (target tag).并适用于我的实例(目标标签)。 IE, in this config, there is no LB, nor MIG.
IE,在这个配置中,没有 LB,也没有 MIG。 But a valid SSL cert and domain.
但是有效的 SSL 证书和域。
This however, even while authenticated, does not allow me to access my instance.但是,即使经过身份验证,这也不允许我访问我的实例。
My 2 questions:我的2个问题:
Thanks,谢谢,
There is a few literature (or nothing) on the Google Cloud architecture.有一些关于 Google Cloud 架构的文献(或没有)。 But by speaking and speaking with Google, you start to understand things.
但是通过与谷歌交谈和交谈,你开始理解事情。
In fact, IAP is a feature, a special config that you can deploy on Google Front End network element.实际上,IAP 是一项功能,一种可以部署在 Google 前端网络元素上的特殊配置。 That element is exposed to the internet.
该元素暴露在互联网上。 You can mainly configure a Load Balancer on it, and then activate features: IAP or Cloud Armors for instance.
您主要可以在其上配置负载均衡器,然后激活功能:例如 IAP 或 Cloud Armors。
Because of that, you must use a Load Balancer to interact with Google Front End and therefore use IAP on top of it.因此,您必须使用负载均衡器与 Google 前端交互,因此在其之上使用 IAP。
If you extrapolate my explanation, you have to understand that Google Front End is an internet facing network element.如果您推断我的解释,您必须了解 Google 前端是面向互联网的网络元素。 And so, if you create an internal load balancer, ie not exposed to the internet, you can't deploy CLoud Armor or IAP on top on it.
因此,如果您创建一个内部负载均衡器,即不暴露在互联网上,您就无法在其上部署 CLoud Armor 或 IAP。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.