Part-72: To Create a Zonal MIG's and Implement a Regional External Load balancer in GCP Cloud

Create a Zonal Managed Instance Group (MIGs)

In Google Cloud Platform (GCP), a Managed Instance Group (MIG) is a collection of identical virtual machine (VM) instances managed as a single entity.

When we say zonal managed instance group, it means:

• The instances in the group are all created within a single zone (e.g., us-central1-a).
• The group is tied to that zone, so all resources (VMs, disks, etc.) belong there.
• If that zone has an outage, all VMs in the MIG will be affected.

Step-01: Introduction

1. Create Regional Health check
2. Create Firewall rule
3. Create Instance Template
4. Create Zonal Managed Instance Group

Step-02: Create Regional Health Check - TCP

# Create Regional Health Check gcloud compute health-checks create tcp regional-tcp-health-check \ --port=80 \ --region=us-central1 

Step-03: Create Firewwall Rules

# Firewall Rule-1: Ingress rule that allows traffic from the Google Cloud health checking systems (130.211.0.0/22 and 35.191.0.0/16). gcloud compute firewall-rules create vpc3-custom-allow-health-check \ --network=vpc3-custom \ --description=Allows\ traffic\ from\ Google\ Cloud\ health\ checking\ systems \ --direction=ingress \ --source-ranges=130.211.0.0/22,35.191.0.0/16 \ --action=allow \ --rules=tcp:80 

Step-04: Create Instance Template

Make ensure the nginx-webserver.sh file should available in Gcloud shell

#!/bin/bash sudo apt install -y telnet sudo apt install -y nginx sudo systemctl enable nginx sudo chmod -R 755 /var/www/html HOSTNAME=$(hostname) sudo echo "<!DOCTYPE html> <html> <body style='background-color:rgb(250, 210, 210);'> <h1>Welcome to Latchu@DevOps - WebVM App1 </h1> <p><strong>VM Hostname:</strong> $HOSTNAME</p> <p><strong>VM IP Address:</strong> $(hostname -I)</p> <p><strong>Application Version:</strong> V1</p> <p>Google Cloud Platform - Demos</p> </body></html>" | sudo tee /var/www/html/index.htm 

Create a Instance Template

# us-central1: Create Instance Template gcloud compute instance-templates create it-rlbdemo-us-central1 \ --region=us-central1 \ --network=vpc3-custom \ --subnet=us-central1-subnet \ --tags=lb-tag \ --machine-type=e2-micro \ --metadata-from-file=startup-script=nginx-webserver.sh 

Step-05: Create Zonal Managed Instance Groups

# Zone: us-central1-a: Create Managed Instance Groups in the Zone gcloud compute instance-groups managed create zmig-us-1 \ --zone us-central1-a \ --size 2 \ --template it-rlbdemo-us-central1 # Zone: us-central1-c: Create Managed Instance Groups in the Zone gcloud compute instance-groups managed create zmig-us-2 \ --zone us-central1-c \ --size 2 \ --template it-rlbdemo-us-central1 

Create a Google Cloud - Regional Application Load Balancer HTTP

Step-01: Introduction

• Pre-requisite-1: Create Instance Templates, Create Managed Instance Groups - We created already
• Create Regional Application Load Balancer - HTTP

Step-02: Pre-requisite-2: Reserve proxy-only subnet exclusively for regional load balancing proxies.

• Goto VPC Networks -> vpc3-custom -> SUBNETS -> ADD SUBNET
• Name: lb-subnet-proxyonly-us-central1
• Description: lb-subnet-proxyonly-us-central1
• Region: us-central1
• Purpose: Regional Managed Proxy
• Role: Active
• IPv4 Range: 10.129.0.0/23
• Click on ADD

Step-03: Pre-requisite-3: Create Firewall rule

fw-allow-proxy-only-subnet: An ingress rule that allows connections from the proxy-only subnet to reach the backends.

# Firewall Rule: Allow connections from Proxy Only Subnets for All Instances in the network gcloud compute firewall-rules create vpc3-custom-allow-proxy-only-subnet \ --network=vpc3-custom \ --action=allow \ --direction=ingress \ --source-ranges=10.129.0.0/23 \ --rules=tcp:80,tcp:443,tcp:8080 

Step-04: Pre-requisite-4: Create Regional Health Check - HTTP

# Create Regional Health Check gcloud compute health-checks create http regional-http-health-check --port=80 --region=us-central1 

Step-05: Create Regional Application Load Balancer - HTTP

• Go to Network Services -> Load Balancing -> CREATE LOAD BALANCER
• Select Application Load Balancer (HTTP/S): START CONFIGURATION
• Internet facing or internal only: From Internet to my VMs or serverless services
• Global or Regional: Regional external Application Load Balancer
• Load Balancer name: regional-lb-external-http
• Region: us-central1
• Network: vpc3-custom

Frontend Configuration

• Click on ADD FRONTEND IP AND PORT
• Name: frontend-http
• Description: frontend-http
• Protocol: HTTP
• IP Version: IPv4
• IP Address: regional-lb-ip1 CREATE NEW EXTERNAL STATCI IP
• Port: 80
• Click on DONE

Backend Configuration

• CLick on CREATE A BACKEND SERVICE
• Name: regional-mybackend-svc1
• Description: regional-mybackend-svc1
• Backend type: Instance Group
• Protocol: HTTP
• Named Port: webserver80 (AUTO-POPULATED WHEN BACKEND IS SELECTED AS mig1-lbdemo)
• Timeout: 30
• BACKENDS

Instance Group: zmig-us-1 Port Numbers: 80 REST ALL LEAVE TO DEFAULTS Click on DONE Instance Group: zmig-us-2 Port Numbers: 80 REST ALL LEAVE TO DEFAULTS Click on DONE 

• Health Check: regional-http-health-check
• Security: Cloud Armor backend security policy: NONE
• Click on CREATE

Routing Rules

• Mode: Simple host and path rule
• REST ALL LEAVE TO DEFAULTS

Review and Finalize

• Review all settings
• Click on CREATE

Step-06: Verify Load Balancer

• Go to Network Services -> Load Balancing -> global-lb-external-http
• Review the Tabs

LOAD BALANCERS BACKENDS FRONTENDS 

Step-07: Access Application using LB IP on browser

Important Note: WAIT FOR 3 to 5 Minutes before Load Balancer is fully operational

http://34.135.38.113/ 

Step-08: Delete the Loadbalancer

• Delete the Load balancer
• Don't delete the backend service and health check as we are going to use upcoming demo

🌟 Thanks for reading! If this post added value, a like ❤️, follow, or share would encourage me to keep creating more content.

— Latchu | Senior DevOps & Cloud Engineer

☁️ AWS | GCP | ☸️ Kubernetes | 🔐 Security | ⚡ Automation
📌 Sharing hands-on guides, best practices & real-world cloud solutions