0

So I just need help weeding out the best scenario for my architecture.

I currently have a cloud run instance that is using my custom domain: www.example.com. To utilize this custom domain i've chosen a global external load balancer to handle that.

And now I need to connect to a compute vm instance to access and utilize elasticsearch running within that vm.

I've tried creating a serverless VPC and a neg backend within the context of the load balancer (which handles my custom domain) but I don't think I can do that since it is not a global load balancer with an internal ip.

Should I run two load balancers for the site, one for custom domain and the other for my internal vm? Can I do that even? They are within the same region, I just can't conceive of how this will all play out. Any advice would be greatly appreciated.

The compute vm is running elasticsearch and kibana and is deployed and active. but just can't get any thing to work with curl calls from command line.

curl https://www.example.com:9200 command times out eventually. Not sure what to try next.

note: "network.host: 0.0.0.0" was added to my elasticsearch.yml

Teoman Kirac
  • 748
  • 3
  • 8
  • 16
  • Have you tried to create a firewall rule to open the desired port that you want to use? – Yvan G. May 02 '23 at 23:40
  • If you intend to keep the Elasticsearch instance from external access, then you can create a separate Internal Load Balancer for it. Otherwise, you can use the same Global External Load Balancer that the Cloud Run instance is using, and create a separate backend (unmanaged/managed instance group) so both of them can be accessed using the same LB IP – James S May 04 '23 at 20:28

1 Answers1

0

If you intend to keep the Elasticsearch instance from external access, then you can create a separate Internal Load Balancer for it. Otherwise, you can use the same Global External Load Balancer that the Cloud Run instance is using, and create a separate backend (unmanaged/managed instance group) so both of them can be accessed using the same LB IP.

Regarding the connection timeouts that you are getting when curling the Elasticsearch instance, please make sure that you have a firewall rule for the VPC network (associated with the instance) that allows port 9200. Also make sure that the service within the instance is listening to the same port. Start by doing a port scan through the instance's external IP (if it has one) to see if port 9200 is open and active within the instance. Then check if there is a firewall rule that allows port 9200 in the VPC network where the instance is associated with.
James S
  • 1,181
  • 1
  • 7