Cloud
Platform Engineering
Internal HTTPS Load Balancing for Cloud Run via Terraform
Architecting a secure, multi-environment routing layer for serverless AI services using GCP Load Balancers and Terraform.
•
10 min read
Architecture Overview
Modular Terraform
To securely route traffic to multiple Cloud Run services from internal VPC clients, an Internal HTTPS Load Balancer is required. This involves Forwarding Rules, Target Proxies, URL Maps, and Serverless Network Endpoint Groups (NEGs).
Load Balancer Architecture
flowchart LR
Client[Internal Client] --> FWD[Forwarding Rule]
FWD --> Proxy[HTTPS Proxy]
Proxy --> URLMap[URL Map]
URLMap -- "Host: agent.*" --> Backend[Backend Service]
Backend --> NEG[Serverless NEG]
NEG --> CR[Cloud Run Service]
By defining host rules and path matchers in environment-specific variables, the same Terraform codebase can provision DEV, UAT, and PROD environments seamlessly.
hcl
backend_services = {
"agent-backend" = {
cloud_run_service = "aix-service-agent"
}
}
host_rules = {
"agent-dev" = "agent-matcher"
}