Set up DNS

Platform Admin Duration: 5 min | Persona: Platform Admin

In this section, you will set up a dedicated DNS with Cloud Endpoints you will use later for the Bank of Anthos app.

Initialize variables:

WORK_DIR=~/
source ${WORK_DIR}acm-workshop-variables.sh
echo "export BANK_OF_ANTHOS_INGRESS_GATEWAY_HOST_NAME='bankofanthos.endpoints.${TENANT_PROJECT_ID}.cloud.goog'" >> ${WORK_DIR}acm-workshop-variables.sh
source ${WORK_DIR}acm-workshop-variables.sh

Create FQDN

Create an FQDN with Cloud Endpoints for Bank of Anthos:

cat <<EOF > ${WORK_DIR}dns-spec.yaml
swagger: "2.0"
info:
  description: "Bank of Anthos Cloud Endpoints DNS"
  title: "Bank of Anthos Cloud Endpoints DNS"
  version: "1.0.0"
paths: {}
host: "${BANK_OF_ANTHOS_INGRESS_GATEWAY_HOST_NAME}"
x-google-endpoints:
- name: "${BANK_OF_ANTHOS_INGRESS_GATEWAY_HOST_NAME}"
  target: "${INGRESS_GATEWAY_PUBLIC_IP}"
EOF
gcloud endpoints services deploy ${WORK_DIR}dns-spec.yaml \
    --project ${TENANT_PROJECT_ID}
rm ${WORK_DIR}dns-spec.yaml

Define ManagedCertificate resource

Define the ManagedCertificate for Bank of Anthos in the Ingress Gateway namespace:

cat <<EOF > ${WORK_DIR}$GKE_CONFIGS_DIR_NAME/$INGRESS_GATEWAY_NAMESPACE/managedcertificate-bankofanthos.yaml
apiVersion: networking.gke.io/v1
kind: ManagedCertificate
metadata:
  name: bankofanthos
  namespace: ${INGRESS_GATEWAY_NAMESPACE}
spec:
  domains:
    - "${BANK_OF_ANTHOS_INGRESS_GATEWAY_HOST_NAME}"
EOF

Update Ingress

Configure Bank of Anthos ManagedCertificate on the Ingress Gateway’s Ingress resource:

cd ${WORK_DIR}$GKE_CONFIGS_DIR_NAME/$INGRESS_GATEWAY_NAMESPACE
kpt fn eval . \
    -i set-annotations:v0.1 \
    --match-kind Ingress \
    -- networking.gke.io/managed-certificates=whereami,onlineboutique,bankofanthos
Note

The networking.gke.io/managed-certificates annotation has 3 values, whereami and onlineboutique configured previously and the new bankofanthos we are configuring with this page. Very important to keep both here.

Deploy Kubernetes manifests

cd ${WORK_DIR}$GKE_CONFIGS_DIR_NAME/
git add . && git commit -m "Bank of Anthos ManagedCertificate" && git push origin main

Check deployments

List the Kubernetes resources managed by Config Sync in GKE cluster for the GKE cluster configs repository:

gcloud alpha anthos config sync repo describe \
    --project $TENANT_PROJECT_ID \
    --managed-resources all \
    --sync-name root-sync \
    --sync-namespace config-management-system

Wait and re-run this command above until you see "status": "SYNCED".

Alternatively, you could also see this from within the Cloud Console, by clicking on this link:

echo -e "https://console.cloud.google.com/kubernetes/config_management/status?clusterName=${GKE_NAME}&id=${GKE_NAME}&project=${TENANT_PROJECT_ID}"

Wait until you see the Sync status column as SYNCED. And then you can also click on View resources to see the details.

List the GitHub runs for the GKE cluster configs repository:

cd ${WORK_DIR}$GKE_CONFIGS_DIR_NAME && gh run list

List the Google Cloud resources created:

gcloud endpoints services list \
    --project $TENANT_PROJECT_ID
gcloud compute ssl-certificates list \
    --project $TENANT_PROJECT_ID
Note

Wait for the ManagedCertificate to be provisioned. This usually takes about 30 minutes.