Reputation: 1406
How to switch from cloud run domain mappings to custom domains google cloud load balancer
My cloud run instance is currenlty managed by cloud run domain mappings, I was hoping to switch this over to custom domain google cloud load balancer. I went through the steps and added the integration in my cloud run instance and everything seemed to work, However the SSL certificate status is PROVISIONING and when I look up certificate details under Load Balancing it states it is FAILED_NOT_VISIBLE for the domain. I created an A record in my DNS for the new load balancer but did not touch the existing 4 DNS A records previously created by cloud run domain mappings which had me add 4 A and 4 AAAA records to my DNS. Do I need to delete these records in my DNS management in order for the new load balancer to work? Also is there a way I can do this without downtime for my application by possibly using a subdomain and somehow point the load balancer to use that first? I'm not sure any help is appreciated.
On this documentation page it states
DNS must not resolve to any other IP address than the load balancer's. For example, if an A record resolves to the correct load balancer, but the AAAA resolves to something else, the domain status is FAILED_NOT_VISIBLE.
Does this mean I need to delete the existing A and AAAA records in my DNS? also the load balancer only had me create and A record and not a AAAA record
Upvotes: 1
Views: 294
Answers (1)
Reputation: 1406
Well, this was a frustrating process but was able to get load balancer working essentially by deleting the existing integration and deleting the custom run domain mappings and starting over. Steps I took were to create a new cloud run Integration Custom domains - Google Cloud Load Balancing and when that was provisioning it game me an IP address to update my Domain Registrar and so I needed to delete all other A and AAAA records, essentially brining my site down but it didn't take that long to provision a new certificate about an hour so I did late at night
On my first attempt - I had already deleted all A and AAAA records and was waiting for it to retry provisioning the certificate because like I said it was still provisioning but had a FAILED_NOT_VISIBLE status - but it didn't seem to try re-provisioning which was frustrating as I couldn't tell what it was doing. I waited two hours and nothing happened.
I even tried after about an hour creating a need certificate within the load balancing console but since I had no control over the original certificate (meaning I could not delete) I don't think it like having two certificates with the same domain. I had some success updating a subdomain on my registrar and creating a certificate for that subdomain in the load balancer and then routing all traffic back to that subdomain, but I couldn't figure out how to exactly switch from subdomain to regular domain easily in the same load balancer. Sigh so in total of 3 hours the site was down.
I'm exactly not sure like a commentator mentioned if it's possible to switch without any any downtime, so my recommendation if you're going to do this is to expect downtime and you can start the integration but make sure you immediately update your DNS records as soon as the load balancer integration gives you your new IP address. It seemed to update within an hour from updating my DNS records.
Thanks to all who commented and made suggestions appreciate the feedback.
Upvotes: 1
Related Questions
- Google Cloud Run - Domain Mapping stuck at Certificate Provisioning
- Configuring google Cloud Load balancer and managed SSL without downtime
- 'FAILED_NOT_VISIBLE' domain status on GCP load balancer
- Migrating App Engine use Google Cloud Load Balancer cause ~1hr of downtime
- How to make my Google Cloud Load Balancer work?