This page provides information about how to configure an external TCP/UDP load balancer (after this referred to as network load balancer) so that it is automatically registered in Service Directory.
When you create your load balancer, you can register it as an endpoint in an existing Service Directory namespace and service of your choice. Client applications can then use Service Directory (using HTTP or gRPC) to resolve the address of the network load balancer service and connect to it directly.
Permissions required for this task
To perform this task, you must have been granted the following permissions and IAM roles.
Service Directory integration with network load balancer has the following limitations:
- Automatic registration only supports external Layer 4 load balancers. You can register Google Kubernetes Engine load balancing services using the GKE integration. You can register other external load balancers, global load balancers, and Google Kubernetes Engine ingresses and gateways by calling the Service Directory API.
- You can use automatic registration only at the time of forwarding rule creation. Automatic registration using Google Cloud CLI update for an already existing forwarding rule is not available.
- Service Directory does not provide connectivity, which means that although Service Directory stores the virtual IP address of the network load balancer, looking up the network load balancer in Service Directory does not guarantee that you can connect to the virtual IP address.
Before you begin
These instructions require the following:
You must already have a Service Directory namespace and service in place. If you do not, create a namespace and service using the procedure in Configure Service Directory.
The Service Directory namespace and service must be in the same project and region as the network load balancer forwarding rule that you are creating.
You must already have set up the necessary resources to create a network load balancer forwarding rule.
For information about how to create a network load balancer, see Setting up a network load balancer.
Set up forwarding rules to register a network load balancer in Service Directory
You must set up a forwarding rule to register the network load balancer in Service Directory. To register a network load balancer, see the following section.
Register a network load balancer
To register a network load balancer, run the
gcloud compute forwarding-rules
create command and
gcloud beta compute forwarding-rules create FORWARDING_RULE_NAME \ --region=REGION \ --load-balancing-scheme=EXTERNAL \ --address=RESERVED_IP_ADDRESS \ --ip-protocol=PROTOCOL_TYPE \ --ports=PORT_NUMBER \ --backend-service=BACKEND_SERVICE_NAME \ --backend-service-region=REGION \ --service-directory-registration=SD_SERVICE_NAME
Replace the following:
FORWARDING_RULE_NAME: a name for the forwarding rule that you want to create
REGION: the region to create the forwarding rule in
RESERVED_IP_ADDRESS: the IP address that the forwarding rule serves
PROTOCOL_TYPE: the IP protocol that the rule will serve
PORT_NUMBER: a list of comma-separated ports
BACKEND_SERVICE_NAME: target backend service that receives the traffic
SD_SERVICE_NAME: the fully qualified name of the Service Directory service where you want to register the endpoint. It must live in the same project and region as the forwarding rule being created. For example: projects/
Verify the endpoint
The Service Directory endpoints that are created when you register a network load balancer have the following characteristics:
- The endpoint has the same name as the name of the forwarding rule with the
specified port number (
<forwarding rule name>-<port>). For example, if you create a forwarding rule
--port=8080, you get an endpoint called
RULE-8080. For the same rule, if you specified two ports
--port=8080, 8081, you get two endpoints,
RULE-8081. If you specify
--port=ALL, the Service Directory endpoint is registered with port
0. If you are the owner of the network load balancer, you must ensure that the API caller knows what port to connect on.
- You cannot modify or delete the endpoint using the public Service Directory API. Only when you delete the forwarding rule does the endpoint get automatically deleted. This means that you cannot delete the service and namespace that the endpoint resides in while the forwarding rule exists.
- The endpoint itself is not billed, although normal pricing details apply to any API calls to the endpoint.
To confirm that the endpoint is created, resolve the service in Service Directory. You should see an endpoint with the same name as the name of the forwarding rule with the specified port number.
To resolve the service in Service Directory, run the
gcloud service-directory services resolve SD_SERVICE_NAME \ --namespace=SD_NAMESPACE_NAME \ --location=REGION
Replace the following:
SD_SERVICE_NAME: the name of the Service Directory service to resolve. It must live in the Service Directory namespace name.
SD_NAMESPACE_NAME: the name that you gave the namespace containing your service.
REGION: the Google Cloud region containing the namespace. This should be the same as the region that you created the forwarding rule in.
To delete the resources that you created, follow these steps.
To delete the forwarding rule, run the
gcloud compute forwarding-rules deletecommand:
gcloud compute forwarding-rules delete FORWARDING_RULE_NAME \ --region=REGION
Replace the following:
FORWARDING_RULE_NAME: the name of the forwarding rule that you created
REGION: the region for the forwarding rule
For further details, see Deleting a forwarding rule.
To confirm that deleting the forwarding rule has automatically deleted the endpoint from Service Directory, run the
gcloud service-directory services resolvecommand described in Verify the endpoint section on your Service Directory service.
To delete the Service Directory namespace and service, see Delete resources.
- To get an overview of Service Directory, see the Service Directory overview.
- To find solutions for common issues that you might encounter when using Service Directory, see Troubleshooting.