You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: content/en/security/application_security/threats/setup/threat_detection/gcp-service-extensions.md
+22-17Lines changed: 22 additions & 17 deletions
Original file line number
Diff line number
Diff line change
@@ -50,30 +50,35 @@ and [create a Service Extension as a traffic extension][5].
50
50
51
51
To integrate a Service Extension with ASM using the Google Cloud Console, complete the following steps:
52
52
53
-
1.**Create a VM Compute instance** using the Datadog Service Extensions Docker image. The image is available on the [Datadog Go tracer GitHub Registry][1].
53
+
1.**Create a VM Compute instance** using the Datadog ASM Service Extensions Docker image. The image is available on the [Datadog Go tracer GitHub Registry][1].
54
54
55
-
See the [Configuration](#configuration) section below for available environment variables when setting up your VM instance.
55
+
See the [Configuration](#configuration) section below for available environment variables when setting up your VM instance.
56
56
57
-
2.**Add the VM to an unmanaged instance group**
57
+
<divclass="alert alert-info">
58
+
<strong>Note:</strong> Be sure to update accordingly your Firewall rules to allow the Load Balancer to communicate with the Callout VM instance. The same also applies to the Datadog Agent.
59
+
</div>
60
+
61
+
2.**Add the VM to an unmanaged instance group**
62
+
58
63
Specify `http:80` and `grpc:443` (or your configured values) for the port mappings of the instance group.
59
64
60
-
3.**Create a backend service and add your instance group**
65
+
3.**Create a backend service and add your instance group**
61
66
62
-
Create a callout backend service with the following settings:
63
-
- Protocol: `HTTP2`
64
-
- Port name: `grpc`
65
-
- Region: Select your region
66
-
- Health check port number: `80` (or your configured value)
67
+
Create a callout backend service with the following settings:
68
+
- Protocol: `HTTP2`
69
+
- Port name: `grpc`
70
+
- Region: Select your region
71
+
- Health check port number: `80` (or your configured value)
72
+
Add the instance group with the service extension VM as a backend to this backend service.
67
73
68
-
Add the instance group with the service extension VM as a backend to this backend service.
74
+
4.**Configure the Traffic Service Extension callout**
69
75
70
-
4.**Configure the Traffic Service Extension callout**
76
+
1. In the Google Cloud console, go to **Service Extensions** and create a new Service Extension
77
+
2. Select your load balancer type
78
+
3. Select `Traffic extensions` as the type
79
+
4. Select your forwarding rules
80
+
<br><br>
71
81
72
-
1. In the Google Cloud console, go to **Service Extensions** and create a new Service Extension
73
-
2. Select your load balancer type
74
-
3. Select `Traffic extensions` as the type
75
-
4. Select your forwarding rules
76
-
<br>
77
82
78
83
5.**Create an Extension Chain**
79
84
@@ -107,7 +112,7 @@ You can use Terraform to automate the deployment of the ASM GCP Service Extensio
107
112
You can import the following module to your project. It's installing a the service extension on a **Global External Load Balancer**:
0 commit comments