Set up DNS
Duration: 5 min | Persona: Platform Admin
In this section, you will set up a dedicated DNS with Cloud Endpoints you will use later for the Online Boutique app.
Initialize variables:
WORK_DIR=~/
source ${WORK_DIR}acm-workshop-variables.sh
echo "export ONLINE_BOUTIQUE_INGRESS_GATEWAY_HOST_NAME='onlineboutique.endpoints.${TENANT_PROJECT_ID}.cloud.goog'" >> ${WORK_DIR}acm-workshop-variables.sh
source ${WORK_DIR}acm-workshop-variables.sh
Create FQDN
Create an FQDN with Cloud Endpoints for Online Boutique:
cat <<EOF > ${WORK_DIR}dns-spec.yaml
swagger: "2.0"
info:
description: "Online Boutique Cloud Endpoints DNS"
title: "Online Boutique Cloud Endpoints DNS"
version: "1.0.0"
paths: {}
host: "${ONLINE_BOUTIQUE_INGRESS_GATEWAY_HOST_NAME}"
x-google-endpoints:
- name: "${ONLINE_BOUTIQUE_INGRESS_GATEWAY_HOST_NAME}"
target: "${INGRESS_GATEWAY_PUBLIC_IP}"
EOF
gcloud endpoints services deploy ${WORK_DIR}dns-spec.yaml \
--project ${TENANT_PROJECT_ID}
rm ${WORK_DIR}dns-spec.yaml
Define ManagedCertificate resource
Define the ManagedCertificate
for Online Boutique in the Ingress Gateway namespace:
cat <<EOF > ${WORK_DIR}$GKE_CONFIGS_DIR_NAME/$INGRESS_GATEWAY_NAMESPACE/managedcertificate-onlineboutique.yaml
apiVersion: networking.gke.io/v1
kind: ManagedCertificate
metadata:
name: onlineboutique
namespace: ${INGRESS_GATEWAY_NAMESPACE}
spec:
domains:
- "${ONLINE_BOUTIQUE_INGRESS_GATEWAY_HOST_NAME}"
EOF
Update Ingress
Configure Online Boutique ManagedCertificate
on the Ingress Gateway’s Ingress
resource:
cd ${WORK_DIR}$GKE_CONFIGS_DIR_NAME/$INGRESS_GATEWAY_NAMESPACE
kpt fn eval . \
-i set-annotations:v0.1 \
--match-kind Ingress \
-- networking.gke.io/managed-certificates=whereami,onlineboutique
The networking.gke.io/managed-certificates
annotation has 2 values, whereami
configured previously and the new onlineboutique
we are configuring with this page. Very important to keep both here.
Deploy Kubernetes manifests
cd ${WORK_DIR}$GKE_CONFIGS_DIR_NAME/
git add . && git commit -m "Online Boutique ManagedCertificate" && git push origin main
Check deployments
List the Kubernetes resources managed by Config Sync in GKE cluster for the GKE cluster configs repository:
Run this command and click on this link:
echo -e "https://console.cloud.google.com/kubernetes/config_management/packages?project=${TENANT_PROJECT_ID}"
Wait until you see the Sync status
column as Synced
and the Reconcile status
column as Current
.
Run this command:
gcloud alpha anthos config sync repo describe \
--project $TENANT_PROJECT_ID \
--managed-resources all \
--sync-name root-sync \
--sync-namespace config-management-system
Wait and re-run this command above until you see "status": "SYNCED"
.
List the GitHub runs for the GKE cluster configs repository:
cd ${WORK_DIR}$GKE_CONFIGS_DIR_NAME && gh run list
List the Google Cloud resources created:
gcloud endpoints services list \
--project $TENANT_PROJECT_ID
gcloud compute ssl-certificates list \
--project $TENANT_PROJECT_ID
Wait for the ManagedCertificate
to be provisioned. This usually takes about 30 minutes.