hi All I could use some guidance on dns subdomain stuff. Roughly, I have a bunch of gcp projects each of which represent an environment. Within each project I have 2 frontend cdns (hosting application builds, representing 2 different apps) and a cloudrun service which is the api backing. Id like to set up something like
gcp project 1
app1.env1.domain.com --> application cdn1
app2.env1.domain.com --> application cdn2
api.env1.domain.com ---> cloudrun service
gcp project 2
app1.env2.domain.com --> application cdn1
app2.env2.domain.com --> application cdn2
api.env2.domain.com ---> cloudrun service
using tls and google managed certs.
going to try using dns authorization, then use certificate manager to generate a certificate and then add load balancer with that certificate in front of the cloudrun and update the cdns to use the generated certificate
Got this working properly after a lot of trial and error, reviewing docs, and reading a lot of source code (thank goodness it's all open source).
The gist to pull this off is:
• create dns authorizations
• create one or more certificates from those authorizations
• Then use the certificates in a certificate map passed into a load balancer
◦ url maps
◦ http proxy which forwards to https
◦ https proxy
◦ public ip address and a couple of global forwarding rules
For the cdns, use a backing bucket and for cloudrun or cloudfunction use a backend service.
Finally, add the dns authorization cnames to your dns provider.