Skip to main content

Domain Mapping For QA and Production

The app.archipelo.com domain is registered under Dom Sagolla account and because of that, extra steps needs to be taken in order to allow modification of the domain mappings to the Terraform Cloud during the environment setup. When creating a new environment or recreating one of the already created, such as production or qa the terraform-cloud@archipelo[prod|qa].iam.gserviceaccount.com needs to be added as the owner of the domain (the related Terraform). This may also be needed if Terraform Cloud for production or qa returns an error like this:

Error: Error waiting to create DomainMapping: resource is in failed state "Ready:False",
message: Caller is not authorized to administer the domain 'qa.app.archipelo.com'. If you
own 'qa.app.archipelo.com', you can obtain authorization by verifying ownership of the domain,
or any of its parent domains, via the Webmaster Central portal:
https://www.google.com/webmasters/verification/verification?domain=qa.app.archipelo.com. We
recommend verifying ownership of the largest scope you wish to use with subdomains
(eg. verify 'example.com' if you wish to map 'subdomain.example.com').

with google_cloud_run_domain_mapping.arweb,
│   on arweb.tf line 297, in resource "google_cloud_run_domain_mapping" "arweb":
297: resource "google_cloud_run_domain_mapping" "arweb" {

The procedure is as follows and must be done by @Dom Sagolla on his account:

  1. Go to https://www.google.com/webmasters/verification/details?hl=en&domain=app.archipelo.com
  2. Add terraform-cloud@archipelo-[prod|qa].iam.gserviceaccount.com as an owner

Once that is done, Terraform Cloud should have the necessary permissions to handle domain mapping changes for Cloud Run.

After domain mapping is created GCP needs to have a DNS entry to actually enable internal name resolution. Here are steps to configure this:

  1. Go to Cloud Run Domain Mappings https://console.cloud.google.com/run/domains?project=archipelo-prod
  2. For the created domain mapping click the “Actions” button and select “DNS Records”
  3. GCP will list the necessary DNS records that need to be created on the DNS side
  4. Go to Cloudflare: https://dash.cloudflare.com/1496d9232f5b3b66edba7e171094367f/app.archipelo.com/dns
  5. Create the necessary DNS records - make sure that they are “DNS-only” type (you can change it after GCP will finish with domain mapping)
  6. Wait 🙂 GCP docs say that it takes up to 24 hours to finish the configuration, but from experience, it takes up to 1 hour.