Saat membuat load balancer, Anda dapat mendaftarkannya sebagai endpoint di
namespace Direktori Layanan yang ada dan layanan pilihan Anda. Aplikasi
klien kemudian dapat menggunakan Direktori Layanan (menggunakan HTTP atau gRPC) untuk me-resolve
alamat layanan Load Balancer Jaringan passthrough eksternal dan terhubung ke layanan tersebut
secara langsung.
Izin yang diperlukan untuk langkah ini
Untuk melakukan tugas ini, Anda harus diberi izin berikut
dan peran IAM.
Izin
servicedirectory.endpoints.create
servicedirectory.endpoints.delete
Peran
roles/compute.networkAdmin
roles/compute.securityAdmin
roles/compute.instanceAdmin
Batasan
Integrasi Direktori Layanan dengan Load Balancer Jaringan passthrough eksternal memiliki batasan
berikut:
Pendaftaran otomatis hanya mendukung load balancer Lapisan 4 eksternal. Anda dapat mendaftarkan layanan load balancing Google Kubernetes Engine menggunakan integrasi GKE. Anda dapat mendaftarkan load balancer eksternal, load balancer global, serta gateway dan ingress Google Kubernetes Engine lainnya dengan memanggil Service Directory API.
Anda hanya dapat menggunakan pendaftaran otomatis pada saat pembuatan aturan
pengalihan. Pendaftaran otomatis menggunakan update Google Cloud CLI untuk aturan penerusan yang sudah ada tidak tersedia.
Service Directory tidak menyediakan konektivitas, yang berarti meskipun
Service Directory menyimpan alamat IP virtual Load Balancer Jaringan passthrough eksternal,
mencari Load Balancer Jaringan passthrough eksternal di Service Directory tidak menjamin
bahwa Anda dapat terhubung ke alamat IP virtual.
Sebelum memulai
Petunjuk ini memerlukan hal berikut:
Anda harus sudah memiliki namespace dan layanan Direktori Layanan.
Jika tidak, buat namespace dan layanan menggunakan
prosedur di Mengonfigurasi Direktori Layanan.
Namespace dan layanan Direktori Layanan harus berada di
project dan region yang sama dengan aturan penerusan Load Balancer Jaringan passthrough eksternal yang
Anda buat.
Anda harus sudah menyiapkan resource yang diperlukan untuk membuat aturan penerusan Load Balancer Jaringan passthrough eksternal.
Menyiapkan aturan penerusan untuk mendaftarkan Load Balancer Jaringan passthrough eksternal di Direktori Layanan
Anda harus menyiapkan aturan penerusan untuk mendaftarkan Load Balancer Jaringan passthrough eksternal di Direktori Layanan. Untuk mendaftarkan Load Balancer Jaringan passthrough eksternal, lihat bagian berikut.
Mendaftarkan Load Balancer Jaringan passthrough eksternal
FORWARDING_RULE_NAME: nama untuk aturan penerusan
yang ingin Anda buat
REGION: region tempat membuat aturan penerusan
RESERVED_IP_ADDRESS: alamat IP yang ditayangkan oleh aturan penerusan
PROTOCOL_TYPE: protokol IP yang akan ditayangkan oleh aturan
PORT_NUMBER: daftar port yang dipisahkan koma
BACKEND_SERVICE_NAME: layanan backend target yang menerima traffic
SD_SERVICE_NAME: nama layanan Direktori Layanan yang sepenuhnya memenuhi syarat tempat Anda ingin mendaftarkan endpoint. Layanan ini harus berada di project dan region yang sama dengan aturan penerusan yang dibuat.
Misalnya:
projects/PROJECT/locations/REGION/namespaces/NAMESPACE_NAME/services/SERVICE_NAME.
Memverifikasi endpoint
Endpoint Direktori Layanan yang dibuat saat Anda mendaftarkan Load Balancer Jaringan passthrough eksternal memiliki karakteristik berikut:
Endpoint memiliki nama yang sama dengan nama aturan penerusan dengan
nomor port yang ditentukan (<forwarding rule name>-<port>). Misalnya, jika Anda
membuat aturan penerusan RULE dengan --port=8080, Anda akan mendapatkan endpoint yang disebut
RULE-8080. Untuk aturan yang sama, jika Anda menentukan dua port --port=8080, 8081,
Anda akan mendapatkan dua endpoint, RULE-8080 dan RULE-8081. Jika Anda menentukan --port=ALL,
endpoint Direktori Layanan akan terdaftar dengan port 0. Jika Anda adalah pemilik Load Balancer Jaringan passthrough eksternal, Anda harus memastikan bahwa pemanggil API mengetahui port yang akan dihubungkan.
Anda tidak dapat mengubah atau menghapus endpoint menggunakan Service Directory API publik. Endpoint hanya akan dihapus secara otomatis saat Anda menghapus aturan penerusan. Artinya, Anda tidak dapat menghapus layanan dan
namespace tempat endpoint berada saat aturan penerusan ada.
Endpoint itu sendiri tidak ditagih, meskipun detail harga normal berlaku untuk
panggilan API apa pun ke endpoint.
Untuk mengonfirmasi bahwa endpoint telah dibuat, selesaikan layanan di Direktori Layanan.
Anda akan melihat endpoint dengan nama yang sama dengan nama
aturan penerusan dengan nomor port yang ditentukan.
Untuk mengonfirmasi bahwa penghapusan aturan penerusan telah otomatis menghapus
endpoint dari Direktori Layanan, jalankan perintah gcloud service-directory
services resolve
yang dijelaskan di bagian Memverifikasi endpoint
di layanan Direktori Layanan Anda.
Untuk menghapus namespace dan layanan Direktori Layanan, lihat Menghapus resource.
[[["Mudah dipahami","easyToUnderstand","thumb-up"],["Memecahkan masalah saya","solvedMyProblem","thumb-up"],["Lainnya","otherUp","thumb-up"]],[["Sulit dipahami","hardToUnderstand","thumb-down"],["Informasi atau kode contoh salah","incorrectInformationOrSampleCode","thumb-down"],["Informasi/contoh yang saya butuhkan tidak ada","missingTheInformationSamplesINeed","thumb-down"],["Masalah terjemahan","translationIssue","thumb-down"],["Lainnya","otherDown","thumb-down"]],["Terakhir diperbarui pada 2025-09-04 UTC."],[],[],null,["# Register an external passthrough Network Load Balancer\n\nThis page provides information about how to configure an\n[external passthrough Network Load Balancer](/load-balancing/docs/network) so that it is automatically\nregistered in Service Directory.\n\nWhen you create your load balancer, you can register it as an endpoint in an\nexisting Service Directory namespace and service of your choice. Client\napplications can then use Service Directory (using HTTP or gRPC) to resolve\nthe address of the external passthrough Network Load Balancer service and connect to it\ndirectly.\n\n#### Permissions required for this task\n\nTo perform this task, you must have been granted the following permissions\n*and* IAM roles.\n\n**Permissions**\n\n- `servicedirectory.endpoints.create`\n- `servicedirectory.endpoints.delete`\n\n**Roles**\n\n- `roles/compute.networkAdmin`\n- `roles/compute.securityAdmin`\n- `roles/compute.instanceAdmin`\n\nLimitations\n-----------\n\nService Directory integration with external passthrough Network Load Balancers has the following\nlimitations:\n\n- Automatic registration only supports external Layer 4 load balancers. You can register Google Kubernetes Engine load balancing services using the [GKE\n integration](/service-directory/docs/configuring-sd-for-gke). You can register other external load balancers, global load balancers, and Google Kubernetes Engine ingresses and gateways by calling the [Service Directory\n API](/service-directory/docs/apis).\n- You can use automatic registration only at the time of forwarding rule creation. Automatic registration using Google Cloud CLI update for an already existing forwarding rule is not available.\n- Service Directory does not provide connectivity, which means that although Service Directory stores the virtual IP address of the external passthrough Network Load Balancer, looking up the external passthrough Network Load Balancer in Service Directory does not guarantee that you can connect to the virtual IP address.\n\nBefore you begin\n----------------\n\nThese instructions require the following:\n\n- You must already have a Service Directory namespace and service in place.\n If you do not, create a namespace and service using\n the procedure in [Configure Service Directory](/service-directory/docs/configuring-service-directory).\n\n The Service Directory namespace and service must be in the\n same project and region as the external passthrough Network Load Balancer forwarding rule that\n you are creating.\n- You must already have set up the necessary\n resources to create an external passthrough Network Load Balancer forwarding rule.\n\n For information about how to create an external passthrough Network Load Balancer, see [Setting up a\n external passthrough Network Load Balancer](/load-balancing/docs/network/setting-up-network-backend-service).\n\nSet up forwarding rules to register an external passthrough Network Load Balancer in Service Directory\n------------------------------------------------------------------------------------------------------\n\nYou must set up a forwarding rule to register the external passthrough Network Load Balancer in\nService Directory. To register an external passthrough Network Load Balancer, see the following section.\n\n### Register an external passthrough Network Load Balancer\n\nTo register an external passthrough Network Load Balancer, run the [`gcloud compute forwarding-rules\ncreate` command](/sdk/gcloud/reference/compute/forwarding-rules/create) and\nset the `service-directory-registration` flag: \n\n```\ngcloud beta compute forwarding-rules create FORWARDING_RULE_NAME \\\n --region=REGION \\\n --load-balancing-scheme=EXTERNAL \\\n --address=RESERVED_IP_ADDRESS \\\n --ip-protocol=PROTOCOL_TYPE \\\n --ports=PORT_NUMBER \\\n --backend-service=BACKEND_SERVICE_NAME \\\n --backend-service-region=REGION \\\n --service-directory-registration=SD_SERVICE_NAME\n```\n\nReplace the following:\n\n- \u003cvar translate=\"no\"\u003eFORWARDING_RULE_NAME\u003c/var\u003e: a name for the forwarding rule that you want to create\n- \u003cvar translate=\"no\"\u003eREGION\u003c/var\u003e: the region to create the forwarding rule in\n- \u003cvar translate=\"no\"\u003eRESERVED_IP_ADDRESS\u003c/var\u003e: the IP address that the forwarding rule serves\n- \u003cvar translate=\"no\"\u003ePROTOCOL_TYPE\u003c/var\u003e: the IP protocol that the rule is to serve\n- \u003cvar translate=\"no\"\u003ePORT_NUMBER\u003c/var\u003e: a list of comma-separated ports\n- \u003cvar translate=\"no\"\u003eBACKEND_SERVICE_NAME\u003c/var\u003e: the target backend service that receives the traffic\n- \u003cvar translate=\"no\"\u003eSD_SERVICE_NAME\u003c/var\u003e: the fully qualified name of the Service Directory service where you want to register the endpoint. This service must be in the same project and region as the forwarding rule being created. For example: projects/\u003cvar translate=\"no\"\u003ePROJECT\u003c/var\u003e/locations/\u003cvar translate=\"no\"\u003eREGION\u003c/var\u003e/namespaces/\u003cvar translate=\"no\"\u003eNAMESPACE_NAME\u003c/var\u003e/services/\u003cvar translate=\"no\"\u003eSERVICE_NAME\u003c/var\u003e.\n\n### Verify the endpoint\n\nThe Service Directory endpoints that are created when you register\nan external passthrough Network Load Balancer have the following characteristics:\n\n- The endpoint has the same name as the name of the forwarding rule with the specified port number (`\u003cforwarding rule name\u003e-\u003cport\u003e`). For example, if you create a forwarding rule `RULE` with `--port=8080`, you get an endpoint called `RULE-8080`. For the same rule, if you specified two ports `--port=8080, 8081`, you get two endpoints, `RULE-8080` and `RULE-8081`. If you specify `--port=ALL`, the Service Directory endpoint is registered with port `0`. If you are the owner of the external passthrough Network Load Balancer, you must ensure that the API caller knows what port to connect on.\n- You cannot modify or delete the endpoint using the public Service Directory API. Only when you delete the forwarding rule does the endpoint get automatically deleted. This means that you cannot delete the service and namespace that the endpoint resides in while the forwarding rule exists.\n- The endpoint itself is not billed, although normal pricing details apply to any API calls to the endpoint.\n\nTo confirm that the endpoint is created, resolve the service in Service Directory.\nYou should see an endpoint with the same name as the name of the\nforwarding rule with the specified port number.\n\nTo resolve the service in Service Directory, run the [`gcloud service-directory\nservices resolve`](/sdk/gcloud/reference/service-directory/services/resolve)\ncommand: \n\n```\ngcloud service-directory services resolve SD_SERVICE_NAME \\\n --namespace=SD_NAMESPACE_NAME \\\n --location=REGION\n```\n\nReplace the following:\n\n- \u003cvar translate=\"no\"\u003eSD_SERVICE_NAME\u003c/var\u003e: the name of the Service Directory service to resolve. It must live in the Service Directory namespace name.\n- \u003cvar translate=\"no\"\u003eSD_NAMESPACE_NAME\u003c/var\u003e: the name that you gave the namespace containing your service.\n- \u003cvar translate=\"no\"\u003eREGION\u003c/var\u003e: the Google Cloud region containing the namespace. This should be the same as the region that you created the forwarding rule in.\n\nCleanup\n-------\n\nTo delete the resources that you created, follow these steps.\n\n1. To delete the forwarding rule, run the [`gcloud compute forwarding-rules\n delete`](/sdk/gcloud/reference/compute/forwarding-rules/delete)\n command:\n\n ```\n gcloud compute forwarding-rules delete FORWARDING_RULE_NAME \\\n --region=REGION\n ```\n\n Replace the following:\n - \u003cvar translate=\"no\"\u003eFORWARDING_RULE_NAME\u003c/var\u003e: the name of the forwarding rule that you created\n - \u003cvar translate=\"no\"\u003eREGION\u003c/var\u003e: the region for the forwarding rule\n\n For further details, see [Deleting a forwarding\n rule](/load-balancing/docs/using-forwarding-rules#deleting-fr).\n\n To confirm that deleting the forwarding rule has automatically deleted the\n endpoint from Service Directory, run the [`gcloud service-directory\n services resolve`](/sdk/gcloud/reference/service-directory/services/resolve)\n command described in [Verify the endpoint](#verify-endpoint)\n section on your Service Directory service.\n2. To delete the Service Directory namespace and service, see [Delete\n resources](/service-directory/docs/configuring-service-directory#delete_resources).\n\nWhat's next\n-----------\n\n- To get an overview of Service Directory, see the [Service Directory overview](/service-directory/docs/overview).\n- To find solutions for common issues that you might encounter when using Service Directory, see [Troubleshooting](/service-directory/docs/troubleshooting)."]]