google · google-oss-robot · Oct 6, 2020 · Oct 6, 2020
@@ -146,9 +146,9 @@ Terraform module.
           # Cloud Monitoring
           # monitoring-host-project = "example"
 
-          adminapi-host  = "adminapi.example.org"
-          apiserver-host = "apiserver.example.org"
-          server-host    = "example.org"
+          adminapi_hosts  = ["adminapi.example.org"]
+          apiserver_hosts = ["apiserver.example.org"]
+          server_hosts    = ["example.org"]
 
           notification-email = "example+alert@google.com"
       }
@@ -241,6 +241,14 @@ database_max_connections = 256
 
 ### Debugging
 
+#### Custom hosts
+
+Using custom hosts (domains) for the services requires a manual step of updating
+DNS entries. Run Terraform once and get the `lb_ip` entry. Then, update your DNS
+provider to point the A records to that IP address. Give DNS time to propagate
+and then re-apply Terraform. DNS must be working for the certificates to
+provision.
+
 #### Cannot find firebase provider
 
 If you're getting an error like:

@@ -15,7 +15,7 @@
 resource "google_monitoring_uptime_check_config" "https" {
   project = local.monitoring-host-project
 
-  for_each = toset(compact(concat([var.server-host, var.apiserver-host, var.adminapi-host], var.extra-hosts)))
+  for_each = toset(compact(concat(var.server_hosts, var.apiserver_hosts, var.adminapi_hosts, var.extra-hosts)))
 
   display_name = each.key
   timeout      = "3s"

@@ -15,22 +15,19 @@ variable "notification-email" {
   description = "Email address for alerts to go to."
 }
 
-variable "server-host" {
-  type        = string
-  default     = ""
-  description = "Domain web ui is hosted on."
+variable "server_hosts" {
+  type        = list(string)
+  description = "List of domains upon which the web ui is served."
 }
 
-variable "apiserver-host" {
-  type        = string
-  default     = ""
-  description = "Domain apiserver is hosted on."
+variable "apiserver_hosts" {
+  type        = list(string)
+  description = "List of domains upon which the apiserver is served."
 }
 
-variable "adminapi-host" {
-  type        = string
-  default     = ""
-  description = "Domain adminapi is hosted on."
+variable "adminapi_hosts" {
+  type        = list(string)
+  description = "List of domains upon which the adminapi is served."
 }
 
 variable "extra-hosts" {

@@ -165,6 +165,8 @@ resource "google_cloud_run_service" "adminapi" {
 }
 
 resource "google_compute_region_network_endpoint_group" "adminapi" {
+  count = length(var.adminapi_hosts) > 0 ? 1 : 0
+
   name     = "adminapi"
   provider = google-beta
   project  = var.project
@@ -178,35 +180,14 @@ resource "google_compute_region_network_endpoint_group" "adminapi" {
 }
 
 resource "google_compute_backend_service" "adminapi" {
-  count    = local.enable_lb ? 1 : 0
+  count = length(var.adminapi_hosts) > 0 ? 1 : 0
+
   provider = google-beta
   name     = "adminapi"
   project  = var.project
 
   backend {
-    group = google_compute_region_network_endpoint_group.adminapi.id
-  }
-}
-
-resource "google_cloud_run_domain_mapping" "adminapi" {
-  for_each = var.adminapi_custom_domains
-
-  location = var.cloudrun_location
-  name     = each.key
-
-  metadata {
-    namespace = var.project
-  }
-
-  spec {
-    route_name     = google_cloud_run_service.adminapi.name
-    force_override = true
-  }
-
-  lifecycle {
-    ignore_changes = [
-      spec[0].force_override
-    ]
+    group = google_compute_region_network_endpoint_group.adminapi[0].id
   }
 }
 
@@ -218,6 +199,6 @@ resource "google_cloud_run_service_iam_member" "adminapi-public" {
   member   = "allUsers"
 }
 
-output "adminapi_url" {
-  value = google_cloud_run_service.adminapi.status.0.url
+output "adminapi_urls" {
+  value = concat([google_cloud_run_service.adminapi.status.0.url], formatlist("https://%s", var.adminapi_hosts))
 }
@@ -173,6 +173,8 @@ resource "google_cloud_run_service" "apiserver" {
 }
 
 resource "google_compute_region_network_endpoint_group" "apiserver" {
+  count = length(var.apiserver_hosts) > 0 ? 1 : 0
+
   name     = "apiserver"
   provider = google-beta
   project  = var.project
@@ -186,35 +188,14 @@ resource "google_compute_region_network_endpoint_group" "apiserver" {
 }
 
 resource "google_compute_backend_service" "apiserver" {
-  count    = local.enable_lb ? 1 : 0
+  count = length(var.apiserver_hosts) > 0 ? 1 : 0
+
   provider = google-beta
   name     = "apiserver"
   project  = var.project
 
   backend {
-    group = google_compute_region_network_endpoint_group.apiserver.id
-  }
-}
-
-resource "google_cloud_run_domain_mapping" "apiserver" {
-  for_each = var.apiserver_custom_domains
-
-  location = var.cloudrun_location
-  name     = each.key
-
-  metadata {
-    namespace = var.project
-  }
-
-  spec {
-    route_name     = google_cloud_run_service.apiserver.name
-    force_override = true
-  }
-
-  lifecycle {
-    ignore_changes = [
-      spec[0].force_override
-    ]
+    group = google_compute_region_network_endpoint_group.apiserver[0].id
   }
 }
 
@@ -226,6 +207,6 @@ resource "google_cloud_run_service_iam_member" "apiserver-public" {
   member   = "allUsers"
 }
 
-output "apiserver_url" {
-  value = google_cloud_run_service.apiserver.status.0.url
+output "apiserver_urls" {
+  value = concat([google_cloud_run_service.apiserver.status.0.url], formatlist("https://%s", var.apiserver_hosts))
 }
@@ -212,6 +212,8 @@ resource "google_cloud_run_service" "server" {
 }
 
 resource "google_compute_region_network_endpoint_group" "server" {
+  count = length(var.server_hosts) > 0 ? 1 : 0
+
   name     = "server"
   provider = google-beta
   project  = var.project
@@ -225,35 +227,14 @@ resource "google_compute_region_network_endpoint_group" "server" {
 }
 
 resource "google_compute_backend_service" "server" {
-  count    = local.enable_lb ? 1 : 0
+  count = length(var.server_hosts) > 0 ? 1 : 0
+
   provider = google-beta
   name     = "server"
   project  = var.project
 
   backend {
-    group = google_compute_region_network_endpoint_group.server.id
-  }
-}
-
-resource "google_cloud_run_domain_mapping" "server" {
-  for_each = var.server_custom_domains
-
-  location = var.cloudrun_location
-  name     = each.key
-
-  metadata {
-    namespace = var.project
-  }
-
-  spec {
-    route_name     = google_cloud_run_service.server.name
-    force_override = true
-  }
-
-  lifecycle {
-    ignore_changes = [
-      spec[0].force_override
-    ]
+    group = google_compute_region_network_endpoint_group.server[0].id
   }
 }
 
@@ -265,6 +246,6 @@ resource "google_cloud_run_service_iam_member" "server-public" {
   member   = "allUsers"
 }
 
-output "server_url" {
-  value = google_cloud_run_service.server.status.0.url
+output "server_urls" {
+  value = concat([google_cloud_run_service.server.status.0.url], formatlist("https://%s", var.server_hosts))
 }
@@ -139,43 +139,25 @@ variable "redis_cache_size" {
   description = "Size of the Redis instance in GB."
 }
 
-variable "adminapi_custom_domains" {
-  type    = set(string)
+variable "server_hosts" {
+  type    = list(string)
   default = []
 
-  description = "Custom domains to map for adminapi. These domains must already be verified by Google, and you must have a DNS CNAME record pointing to ghs.googlehosted.com in advance."
+  description = "List of domains upon which the web ui is served."
 }
 
-variable "apiserver_custom_domains" {
-  type    = set(string)
+variable "apiserver_hosts" {
+  type    = list(string)
   default = []
 
-  description = "Custom domains to map for apiserver. These domains must already be verified by Google, and you must have a DNS CNAME record pointing to ghs.googlehosted.com in advance."
+  description = "List of domains upon which the apiserver is served."
 }
 
-variable "server_custom_domains" {
-  type    = set(string)
+variable "adminapi_hosts" {
+  type    = list(string)
   default = []
 
-  description = "Custom domains to map for server. These domains must already be verified by Google, and you must have a DNS CNAME record pointing to ghs.googlehosted.com in advance."
-}
-
-variable "server-host" {
-  type        = string
-  default     = ""
-  description = "Domain web ui is hosted on."
-}
-
-variable "apiserver-host" {
-  type        = string
-  default     = ""
-  description = "Domain apiserver is hosted on."
-}
-
-variable "adminapi-host" {
-  type        = string
-  default     = ""
-  description = "Domain adminapi is hosted on."
+  description = "List of domains upon which the adminapi is served."
 }
 
 variable "enx_redirect_domain" {