I have a managed instance group in google cloud with one instance. I use a container image for my app. I have HTTP(S) traffic disallowed. A load balancer is pointing to it. I have setup a health check, when I SSH into the instance and do curl localhost:80/health
I get a response, so the container boots up correctly. However the load balancer shows the instance to be unhealthy. I have also setup an ingress firewall rule for the appropriate ip ranges (130.211.0.0/22, 35.191.0.0/16) and port (tcp:80).
I create the instance from a template that is created with this command:
gcloud compute instance-templates create-with-container magnificent-monolith-try4 --project=my-proj --machine-type=e2-micro --network-interface=network=default,network-tier=PREMIUM --region=europe-west1 --maintenance-policy=MIGRATE --service-account=XXXXX-compute@developer.gserviceaccount.com --scopes=https://www.googleapis.com/auth/cloud-platform --tags=lb-health-check,allow-health-check --container-image=europe-west1-docker.pkg.dev/my-proj/docker-repository/magnificent-monolith:010c59f2ad7a3a6ff86339cc320785bd9cc41615 --container-restart-policy=always --container-env=end=dev --no-shielded-secure-boot --boot-disk-auto-delete --boot-disk-size=10 --create-disk=auto-delete=yes,mode=rw,name=try-disk,image=projects/cos-cloud/global/images/cos-stable-109-17800-147-60 --shielded-vtpm --shielded-integrity-monitoring
For whatever reason when I create an instance-template manually it seems to work. The only difference is under "image" for the manually created template it shows cos-stable-109-17800-147-60
and for the cli create template it shows cos-stable-113-18244-1-37
, but I dont understand how that can make a difference for the health check accessibility..
Edit: My actual goal is to deploy a new docker-image when my app updates. Is the recommended way to achieve this to:
So my question in that case would be: how does a minimal command look to create an appropriate instance template?
To answer your actual question: your instance template create script seems reasonable and relatively minimal. You can also use the gcloud compute instance-groups managed set-instance-template
command to perform the rollout from the command line once the instance template is created.
As for your question about the container version, there is an issue with the specific version you listed cos-stable-113-18244-1-37
. You can search for that specific version online to find various threads complaining about it. I would recommend manually setting the image to a cos-stable-109
version, since if you do not set a version Google may push you another broken container version.