我一直在使用 Pulumi 部署的 Google 负载均衡器的证书,但证书似乎需要是 FQDN 地址,并且不支持通配符子域。理想情况下,如果我能获得示例 Pulumi 代码那就太好了。
我尝试寻找解决方案,但找不到任何示例代码。
找到这些文章后
我能够制作等效的 Pulumi 代码,如下(发布以与其他人分享):
// DNS authorization cert
const ingressDnsAuthorization = new gcp.certificatemanager.DnsAuthorization(
`prod-ingress-dns-auth`,
{
description: `prod wildcard ingress dns authorization`,
domain: `foo-prod.exampledomain.com`, // root subdomain to be wildcard-ed
}
);
export const ingressDnsAuth = ingressDnsAuthorization.dnsResourceRecords;
const ingressCert = new gcp.certificatemanager.Certificate(
`prod-ingress-cert`,
{
description: `prod wildcard ingress cert`,
scope: "DEFAULT",
managed: {
domains: [
pulumi.interpolate`*.${ingressDnsAuthorization.domain}`, // wildcard subdomain
ingressDnsAuthorization.domain, // root subdomain
],
dnsAuthorizations: [ingressDnsAuthorization.id],
},
}
);
const ingressCertMap = new gcp.certificatemanager.CertificateMap(
`prod-ingress-cert-map`,
{
description: `prod cert map`,
}
);
const ingressCertMapEntry = new gcp.certificatemanager.CertificateMapEntry(
`prod-ingress-cert-map-entry`,
{
description: `prod cert map entry`,
map: ingressCertMap.name,
certificates: [ingressCert.id],
matcher: "PRIMARY",
}
);
// ingress Https Proxy
const ingressHttpsProxy = new gcp.compute.TargetHttpsProxy(
`prod-example-domain-ingress-https-proxy`,
{
urlMap: ingressLbUrlmap.id,
certificateMap: pulumi.interpolate`//certificatemanager.googleapis.com/${ingressCertMap.id}`,
}
);
// ingress GLB Fwd Rule (FrontEnd)
const ingressIP = new gcp.compute.GlobalAddress(
`${env}-example-domain-ingress-lb-ip`,
{}
);
const ingressGlbFwdRule = new gcp.compute.GlobalForwardingRule(
`${env}-example-domain-ingress-glb-fwd-rule`,
{
target: ingressHttpsProxy.id,
portRange: "443",
ipAddress: ingressIP.address,
ipProtocol: "TCP",
loadBalancingScheme: "EXTERNAL",
}
);