# google-cloud


12/18/2023, 11:02 PM
hi All I could use some guidance on dns subdomain stuff. Roughly, I have a bunch of gcp projects each of which represent an environment. Within each project I have 2 frontend cdns (hosting application builds, representing 2 different apps) and a cloudrun service which is the api backing. Id like to set up something like gcp project 1 --> application cdn1 --> application cdn2 ---> cloudrun service gcp project 2 --> application cdn1 --> application cdn2 ---> cloudrun service etc using tls and google managed certs.
going to try using dns authorization, then use certificate manager to generate a certificate and then add load balancer with that certificate in front of the cloudrun and update the cdns to use the generated certificate
Got this working properly after a lot of trial and error, reviewing docs, and reading a lot of source code (thank goodness it's all open source). The gist to pull this off is: • create dns authorizations • create one or more certificates from those authorizations • Then use the certificates in a certificate map passed into a load balancer ◦ url maps ◦ http proxy which forwards to https ◦ https proxy ◦ public ip address and a couple of global forwarding rules For the cdns, use a backing bucket and for cloudrun or cloudfunction use a backend service. Finally, add the dns authorization cnames to your dns provider.