The LoadBalancer needs to bind both my-http-backend-service and my-tomcat-backend-service. In this scenario, only /examples and /examples/* will be traffic forwarded to my-tomcat-backend-service. Other than that, every URI forwards traffic to my-http-backend-service:
//create load balancer(url-map) to associate my-http-backend-service as default
$ gcloud compute url-maps create my-loadbalancer --default-service my-http-backend-service
//add /examples and /examples/* mapping to my-tomcat-backend-service
$ gcloud compute url-maps add-path-matcher my-loadbalancer --default-service my-http-backend-service --path-matcher-name tomcat-map --path-rules /examples=my-tomcat-backend-service,/examples/*=my-tomcat-backend-service
//create target-http-proxy that associate to load balancer(url-map) $ gcloud compute target-http-proxies create my-target-http-proxy --url-map=my-loadbalancer
//allocate static global ip address and check assigned address
$ gcloud compute addresses create my-loadbalancer-ip --global
$ gcloud compute addresses describe my-loadbalancer-ip --global
address: 35.186.192.6
creationTimestamp: '2018-12-08T13:40:16.661-08:00'
...
...
//create forwarding rule that associate static IP to target-http-proxy
$ gcloud compute forwarding-rules create my-frontend-rule --global --target-http-proxy my-target-http-proxy --address 35.186.192.6 --ports 80
Finally, the LoadBalancer has been created. However, one missing configuration remains. Private hosts don't have any firewall rules to allow Tomcat traffic (8080/tcp). This is why, when you see the LoadBalancer status, a healthy status of my-tomcat-backend-service is kept down (0):
In this case, you need to add one more firewall rule that allows connection from LoadBalancer to a private subnet (use the private network tag for this). According to the GCP documentation (https://cloud.google.com/compute/docs/load-balancing/health-checks#https_ssl_proxy_tcp_proxy_and_internal_load_balancing), the health check heart-beat will come from the address range 35.191.0.0/16 to 130.211.0.0/22:
//add one more Firewall Rule that allow Load Balancer to Tomcat (8080/tcp)
$ gcloud compute firewall-rules create private-tomcat --network=my-custom-network --source-ranges 35.191.0.0/16,130.211.0.0/22 --target-tags private --allow tcp:8080
After a few minutes, the my-tomcat-backend-service healthy status will be up to (1); now you can access the LoadBalancer from a web browser. When accessing /, it should route to my-http-backend-service, which has the nginx application on public hosts:
On the other hand, if you access the /examples/ URL with the same LoadBalancer IP address, it will route to my-tomcat-backend-service, which is a Tomcat application on a private host, as shown in the following screenshot:
Overall, there are some steps that need to be performed in order to set up a LoadBalancer, but it's useful to integrate different HTTP applications onto a single LoadBalancer to deliver your service efficiently with minimal resources.