10. Cloud LB / Cloud DNS
GCP のグローバルロードバランサ Cloud Load Balancer、DNS の Cloud DNS、TLS 証明書の Managed SSL Certificate。AWS の CloudFront + ALB + Route 53 + ACM 相当。
Cloud LB の構成要素
Cloud LB は レイヤーが多い ので最初は戸惑います。最小でも 5-6 リソースが必要。
[クライアント]
│ 公開 IP
↓
[Global Forwarding Rule] ← IP + ポート受け
↓
[Target HTTPS Proxy] ← TLS 終端、証明書を持つ
↓
[URL Map] ← パスや host で振り分け
↓
[Backend Service] ← バックエンドのグループ
↓
[NEG / MIG] (Cloud Run / VM) ← 実際のターゲットCloud DNS
resource "google_dns_managed_zone" "main" {
name = "myapp-com"
dns_name = "myapp.com." # 末尾ドットに注意
description = "myapp.com main zone"
visibility = "public"
dnssec_config {
state = "on"
}
}
# A レコード(Cloud LB の IP を指す)
resource "google_dns_record_set" "apex" {
name = google_dns_managed_zone.main.dns_name
managed_zone = google_dns_managed_zone.main.name
type = "A"
ttl = 300
rrdatas = [google_compute_global_address.lb.address]
}
resource "google_dns_record_set" "www" {
name = "www.${google_dns_managed_zone.main.dns_name}"
managed_zone = google_dns_managed_zone.main.name
type = "A"
ttl = 300
rrdatas = [google_compute_global_address.lb.address]
}
output "name_servers" {
value = google_dns_managed_zone.main.name_servers # ドメインレジストラに登録
}Managed SSL Certificate
resource "google_compute_managed_ssl_certificate" "main" {
name = "cert-myapp-com"
managed {
domains = ["myapp.com", "www.myapp.com"]
}
}Google が自動で証明書を発行・更新。ドメインの所有確認は「DNS が LB の IP を向いていること」で判定するので、DNS レコードを先に作っておく必要があります。
静的サイト + Cloud Run 公開
このサイト (hcl-guide.com) と同等構成を GCP で組むなら:
# 1. 公開 IP を予約
resource "google_compute_global_address" "lb" {
name = "ip-myapp-lb"
}
# 2. Cloud Run 用の Network Endpoint Group (Serverless NEG)
resource "google_compute_region_network_endpoint_group" "api" {
name = "neg-api"
region = "asia-northeast1"
network_endpoint_type = "SERVERLESS"
cloud_run {
service = google_cloud_run_v2_service.api.name
}
}
# 3. Backend Service
resource "google_compute_backend_service" "api" {
name = "bs-api"
protocol = "HTTPS"
load_balancing_scheme = "EXTERNAL_MANAGED"
backend {
group = google_compute_region_network_endpoint_group.api.id
}
log_config {
enable = true
sample_rate = 1.0
}
enable_cdn = true # ← Cloud CDN 有効化
cdn_policy {
cache_mode = "CACHE_ALL_STATIC"
default_ttl = 3600
max_ttl = 86400
}
}
# 4. Cloud Storage 用 Backend Bucket(静的ファイル)
resource "google_compute_backend_bucket" "static" {
name = "bb-static"
bucket_name = google_storage_bucket.site.name
enable_cdn = true
}
# 5. URL Map(パス振り分け)
resource "google_compute_url_map" "main" {
name = "urlmap-myapp"
default_service = google_compute_backend_bucket.static.id
host_rule {
hosts = ["myapp.com", "www.myapp.com"]
path_matcher = "main"
}
path_matcher {
name = "main"
default_service = google_compute_backend_bucket.static.id
path_rule {
paths = ["/api/*"]
service = google_compute_backend_service.api.id
}
}
}
# 6. HTTPS Proxy
resource "google_compute_target_https_proxy" "main" {
name = "proxy-https"
url_map = google_compute_url_map.main.id
ssl_certificates = [google_compute_managed_ssl_certificate.main.id]
}
# 7. Forwarding Rule(IP:443 → Proxy)
resource "google_compute_global_forwarding_rule" "https" {
name = "fr-https"
target = google_compute_target_https_proxy.main.id
port_range = "443"
ip_address = google_compute_global_address.lb.id
load_balancing_scheme = "EXTERNAL_MANAGED"
}
# 8. HTTP → HTTPS リダイレクト
resource "google_compute_url_map" "http_redirect" {
name = "urlmap-http-redirect"
default_url_redirect {
https_redirect = true
strip_query = false
redirect_response_code = "MOVED_PERMANENTLY_DEFAULT"
}
}
resource "google_compute_target_http_proxy" "http" {
name = "proxy-http"
url_map = google_compute_url_map.http_redirect.id
}
resource "google_compute_global_forwarding_rule" "http" {
name = "fr-http"
target = google_compute_target_http_proxy.http.id
port_range = "80"
ip_address = google_compute_global_address.lb.id
load_balancing_scheme = "EXTERNAL_MANAGED"
}
最低 7-8 リソース
GCP のグローバル LB は AWS よりリソース数が多い。公式 module を使うと楽できる場合あり。
Cloud CDN
Backend Service / Backend Bucket に enable_cdn = true を付けるだけで CDN として配信。AWS の CloudFront のような独立サービスではなく、LB の機能の一部 として実装されています。