堆栈内存溢出
  简体   繁体   English

没有负载平衡器的 Compute Engine 和 IAP

[英]Compute Engine and IAP without load balancer

 原文  2022-09-14 10:30:02       google-cloud-platform/ google-compute-engine/ google-iap

问题描述

I would like to put one Compute Engine instance behind IAP.我想在 IAP 后面放置一个Compute Engine 实例。

I have read the official literature that states that a load balancer needs to be created. 我已阅读官方文献,其中指出需要创建负载均衡器。

Since I only have one instance to protect, and no autoscaling (ie there will always be an instance of one), the perspective of having to set-up a load balancer is not frankly exciting as that will incur costs that I would prefer to avoid.由于我只有一个实例需要保护,并且没有自动缩放(即总会有一个实例),因此必须设置负载均衡器的观点并不令人兴奋,因为这会产生我希望避免的成本.

I have tried implementing a lightweight version of the official guide by simply creating a new firewall rule with the following configuration:我尝试通过简单地使用以下配置创建一个新的防火墙规则来实现官方指南的轻量级版本:

在此处输入图像描述

And apply to my instance (target tag).并适用于我的实例(目标标签)。 IE, in this config, there is no LB, nor MIG. IE,在这个配置中,没有 LB,也没有 MIG。 But a valid SSL cert and domain.但是有效的 SSL 证书和域。

This however, even while authenticated, does not allow me to access my instance.但是,即使经过身份验证,这也不允许我访问我的实例。

My 2 questions:我的2个问题:

  • Why is a LB required?为什么需要 LB?
  • Is there a way to use IAP to protect one instance without LB, MIG etc.?有没有办法使用 IAP 来保护一个没有 LB、MIG 等的实例?

Thanks,谢谢,

1 个解决方案

解决方案1
 0  2022-09-14 14:28:49

There is a few literature (or nothing) on the Google Cloud architecture.有一些关于 Google Cloud 架构的文献(或没有)。 But by speaking and speaking with Google, you start to understand things.但是通过与谷歌交谈和交谈,你开始理解事情。

In fact, IAP is a feature, a special config that you can deploy on Google Front End network element.实际上,IAP 是一项功能,一种可以部署在 Google 前端网络元素上的特殊配置。 That element is exposed to the internet.该元素暴露在互联网上。 You can mainly configure a Load Balancer on it, and then activate features: IAP or Cloud Armors for instance.您主要可以在其上配置负载均衡器,然后激活功能:例如 IAP 或 Cloud Armors。

Because of that, you must use a Load Balancer to interact with Google Front End and therefore use IAP on top of it.因此,您必须使用负载均衡器与 Google 前端交互,因此在其之上使用 IAP。

If you extrapolate my explanation, you have to understand that Google Front End is an internet facing network element.如果您推断我的解释,您必须了解 Google 前端是面向互联网的网络元素。 And so, if you create an internal load balancer, ie not exposed to the internet, you can't deploy CLoud Armor or IAP on top on it.因此,如果您创建一个内部负载均衡器,即不暴露在互联网上,您就无法在其上部署 CLoud Armor 或 IAP。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 负载均衡器是否在 gcp 的计算引擎内运行? - Do load balancer run inside a compute engine in gcp? IAP 为 App Engine 和 Compute Engine 访问打开两个会话 - IAP opens two sessions for App Engine and Compute Engine access 更新 VPC 子网后连接到 Compute Engine 的问题 - Cloud IAP 到 TCP 网络块到 SSH - 防火墙规则? - Issue connecting to Compute Engine after updating VPC subnet - Cloud IAP to TCP netblock to SSH - firewall rule? 如何在没有负载均衡器的情况下访问 ECS 服务? - How to reach an ECS Service without a load balancer? GCP 中没有负载均衡器的自动缩放 - Auto Scaling Without Load Balancer in GCP Google App Engine 和 GCP Load Balancer 请求检查 - Google App Engine and GCP Load Balancer request inspection 如何为 App Engine 和云运行创建负载均衡器 - how to create a load balancer for app engine and cloud run 从负载均衡器重定向到 url 没有 CORS 错误 - Redirect to url from load balancer without CORS error 应用程序负载均衡器与网络负载均衡器 - Application load balancer vs network load balancer 网络负载均衡器前面的应用程序负载均衡器 - Application Load Balancer in front of Network Load Balancer
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM