GCP managed certificate per project¶
Imported from Confluence
Content may be outdated. Verify before following any procedures. View original | Last updated: October 2024
From now on we can create multiple google managed wildcard certificates for the same domain in google across different GCP projects. We have created a reusable terraform deployment here, where we can configure per-project DNS authorizations or single project one as well.
In the variable type we can define this value (default is FIXED_RECORD).
variable "type" {
description = "The type of DNS authorization(FIXED_RECORD or PER_PROJECT_RECORD)"
type = string
default = "FIXED_RECORD"
}
Now we can use the above deployment in our projects to provision per projects wildcard certificates for the same domain ( like *.fyber.com).
Example: We want to create a certificate for growth-dev project for the domain *.fyber.com.We create a folder like gcp-certificate-fyberand add terragrunt file in the directory as our conventional way.
After running terragrunt apply command we have to manually add the CNAME record in domain provider app (in our case DNS made easy)
We can verify dns-auth with the command below:
Now we will add the CNAME entry in DNS made easy
After few minutes, the certificate will be successfully created.
Info
$ gcloud certificate-manager certificates list --project=agp-growth-dev-fm
NAME SUBJECT_ALTERNATIVE_NAMES DESCRIPTION SCOPE EXPIRE_TIME CREATE_TIME UPDATE_TIME
fyber-grwoth-dev-cert fyber.com The wildcard cert 2024-08-22 09:43:40 +00:00 2024-05-24 09:43:38 +00:00 2024-05-24 09:43:40 +00:00
*.fyber.com
Now can easily add this certificate in our gateway api via:
After finally apply gateway-api chart with above annotations, we will see the the Target Proxy point to this certificate map and all associated route url will use the google managed certificates.
You will find whole process example MR here .