GCP health check for internal load balancer

Question

I set up own Elasticsearch cluster in the GCP. The cluster is up and running fine.

The cluster contains two client nodes which I am able to access internally and pass a health check for both of them using http://IP:9200/ and /http://IP:9200/_cluster/health. All nodes have only private IPs.

I added:

• internal load balancer which spans client nodes only,

• firewall rule whitelisting both: 130.211.0.0/22, 35.191.0.0/16 google health check IP ranges with the proper tag,

• proper tag for the above rule to the client hosts,

• google health check if service is available,

• backend and instance groups.

The problem is all client hosts are added to the load balancer but any is marked as healthy.

Can you please advise if I am missing something?

Is it possible to pass a health check on the instance which doesn't have a public IP?

Thanks, Karol

Answer 1

Apparently, even Google is wrong with his documentation and external IP is needed.

https://cloud.google.com/load-balancing/docs/https/cross-region-example#optional_removing_external_ips_except_for_a_bastion_host

Answer 2

External or public IP is not a requirement to pass a health check.Since health checks are failing for Internal load balancer, I would recommend to check the following:

• Clients should be in the same region but can be located in different subnet.
• Make sure that service is not bind to any specific IP rather bind to all IP addresses i.e 0.0.0.0/0.