Domains in Google Cloud infrastructure

If you add a new domain, you also want to have this domain available on Google Cloud. This article describes how to perform such changes.

To pass traffic through domain name you need to modify ingress.yml and webserver-php-fpm.yml which serves as webserver and listens on domain names.

Adding a new domain

Let's say we want to listen to a new domain name.

Open ingress.yml file and add new domain block into spec -> rules:

// kubernetes/ingress.yml

rules:
    -   host: ~
        http:
            paths:
            -   path: /
                backend:
                    serviceName: webserver-php-fpm
                    servicePort: 8080

Create secrets from SSL certificate in ingress-patch.yaml in kubernetes/kustomize/overlays/production/ingress-patch.yaml:

// kubernetes/kustomize/overlays/production/ingress-patch.yaml

- name: domain-${DOMAIN_NUMBER}-ssl-certificates
  commands:
    tls.key: "cat ${ANOTHER_DOMAIN_SSL_DIRECTORY}/tls.key"
    tls.crt: "cat ${ANOTHER_DOMAIN_SSL_DIRECTORY}/tls.crt"
    ca.crt: "cat ${ANOTHER_DOMAIN_SSL_DIRECTORY}/ca.crt"

Note

Replace ${DOMAIN_NUMBER} with a number of a domain

Next, add SSL certificates for new domain:

spec:
    tls:
    -   hosts:
        secretName: domain-${DOMAIN_NUMBER}-ssl-certificates

Open .ci/deploy-to-google-cloud.sh file and set your new domain host to ingress.yml and webserver-php-fpm.yml host name:

// .ci/deploy-to-google-cloud.sh

NEW_DOMAIN_HOST=${NEW_DOMAIN_HOST}
yq write --inplace kubernetes/ingress.yml spec.rules[${DOMAIN_INDEX}].host ${NEW_DOMAIN_NAME}
yq write --inplace kubernetes/deployments/webserver-php-fpm.yml spec.template.spec.hostAliases[0].hostnames[+] ${NEW_DOMAIN_NAME}

Do not forget to pass NEW_DOMAIN_HOST and ANOTHER_DOMAIN_SSL_DIRECTORY to shopsys/kubernetes-buildpack as ENV variable.

Now you need to add volume with your certificates in execution of deploy-to-google-cloud.sh script

docker run \
    -v $WORKSPACE:/tmp \
    -v /var/run/docker.sock:/var/run/docker.sock \
    -v ~/google-cloud/.terraform/tfstate:/tmp/infrastructure/google-cloud/tfstate \
    -v ~/google-cloud/service-account.json:/tmp/infrastructure/google-cloud/service-account.json \
    -v ~/path/to/certificates-1:$FIRST_DOMAIN_SSL_DIRECTORY \
    -v ~/path/to/certificates-2:$SECOND_DOMAIN_SSL_DIRECTORY \
+   -v ~/path/to/certificates-3:$THIRD_DOMAIN_SSL_DIRECTORY
    -e DOCKER_USERNAME \
    -e DOCKER_PASSWORD \
    -e GIT_COMMIT \
    -e FIRST_DOMAIN_HOSTNAME \
    -e SECOND_DOMAIN_HOSTNAME \
    -e PROJECT_ID \
    -e FIRST_DOMAIN_SSL_DIRECTORY \
    -e SECOND_DOMAIN_SSL_DIRECTORY \
    --rm \
    shopsys/kubernetes-buildpack:0.2.0 \
    .ci/deploy-to-google-cloud.sh

After executing this, changes will be applied and the new domain is up and running now.