hi All I could use some guidance on dns subdomain ...
# google-cloudc
colossal-tailor-72573
12/18/2023, 11:02 PMhi All I could use some guidance on dns subdomain stuff. Roughly, I have a bunch of gcp projects each of which represent an environment. Within each project I have 2 frontend cdns (hosting application builds, representing 2 different apps) and a cloudrun service which is the api backing. Id like to set up something like
gcp project 1
app1.env1.domain.com --> application cdn1
app2.env1.domain.com --> application cdn2
api.env1.domain.com ---> cloudrun service
gcp project 2
app1.env2.domain.com --> application cdn1
app2.env2.domain.com --> application cdn2
api.env2.domain.com ---> cloudrun service
etc
using tls and google managed certs.
colossal-tailor-72573
12/26/2023, 7:15 PMgoing to try using dns authorization, then use certificate manager to generate a certificate and then add load balancer with that certificate in front of the cloudrun and update the cdns to use the generated certificate
colossal-tailor-72573
12/30/2023, 2:44 AMGot this working properly after a lot of trial and error, reviewing docs, and reading a lot of source code (thank goodness it's all open source).
The gist to pull this off is:
• create dns authorizations
• create one or more certificates from those authorizations
• Then use the certificates in a certificate map passed into a load balancer
◦ url maps
◦ http proxy which forwards to https
◦ https proxy
◦ public ip address and a couple of global forwarding rules
For the cdns, use a backing bucket and for cloudrun or cloudfunction use a backend service.
Finally, add the dns authorization cnames to your dns provider.