Google 域 .dev 域不适用于计算虚拟机实例

Question

我使用 google 域名注册了一个域名。

mycompany.dev

。我有一个运行在 VM 实例上的开发服务器，该实例部署了 ruby on Rails 8 应用程序，当使用 IP 地址通过 http 访问它时，它运行得非常好。

我采取了下一步，打开 Kamal 的 ssl 终止代理层

myapp-development.mycompany.dev

我为该域设置了云 dns，并且在云 DNS 中我为该域设置了一个 DNS 区域 1myapp-development.mycompany.dev`，其 A 名称记录指向我的 VM 实例的 IP。除了域名注册本身之外的所有事情都是用 terraform 完成的。

我一生都无法收到通过域名访问该服务器的请求。我不知道它可能是什么（除非我认为它是一个子域，但我真的不需要 TLD 来做任何事情）。 Chrome 提供

DNS_PROBE_FINISHED_NXDOMAIN

下面提供了 Terraform 代码。我不确定会出什么问题。

provider "google" {
  project = "my-project"
  region  = "us-central1"
  zone    = "us-central1-c"
}

#########################################
# Networking
#########################################
# VPC
resource "google_compute_network" "vpc" {
    name                    = "myapp-development-vpc"
    auto_create_subnetworks = false
}

# Subnet
resource "google_compute_subnetwork" "subnet" {
  name          = "myapp-development-subnet"
  region        = "us-central1"
  network       = google_compute_network.vpc.id
  ip_cidr_range = "10.0.10.0/24"
}

resource "google_compute_firewall" "default" {
  name    = "myapp-development-firewall"
  network = google_compute_network.vpc.name
  direction = "INGRESS"
  description = "Firewall which allows only HTTP, HTTPS and SSH traffic"
  
  # TODO: Take out port 80 for production
  allow {
    protocol = "tcp"
    ports    = [80, 443, 22]
  }

  # TODO: Switch to IAP for SSH access
  source_ranges = ["0.0.0.0/0"]
}

resource "google_compute_address" "static_ip" {
  name         = "myapp-development-static-ip"
  region       = "us-central1"  # Specify the region
  address_type = "EXTERNAL"     # For an external static IP. You can use INTERNAL if needed.
}

#########################################
# DNS
#########################################

resource "google_dns_managed_zone" "dns_zone" {
    name        = "${var.subdomain_name}-dns-zone"
    dns_name    = "${var.subdomain_name}.mycompany.dev."
    description = "DNS managed zone for ${var.subdomain_name}"
}

resource "google_dns_record_set" "a" {
    name            = google_dns_managed_zone.dns_zone.dns_name
    managed_zone    = google_dns_managed_zone.dns_zone.name
    type            = "A"
    ttl             = 300
    rrdatas         = [google_compute_instance.myapp_development_n1.network_interface.0.access_config.0.nat_ip]
}


#########################################
# Docker Repository
#########################################
resource "google_artifact_registry_repository" "myapp_development" {
  location      = "us-central1"
  repository_id = "myapp-development"
  description   = "Mycompany myapp docker repository"
  format        = "DOCKER"

  docker_config {
    immutable_tags = false
  }
}

resource "google_service_account" "artifact_registry_sa" {
  account_id   = "myapp-artifact-registry-sa"
  display_name = "Custom SA for Artifact Registry"
}

# Grant Artifact Registry Reader permission to the service account
resource "google_project_iam_binding" "artifact_registry_reader" {
  project = "my-project"
  role    = "roles/artifactregistry.reader"
  members = [
    "serviceAccount:${google_service_account.artifact_registry_sa.email}"
  ]
}

# Grant Artifact Registry Writer permission to the service account
resource "google_project_iam_binding" "artifact_registry_writer" {
  project = "my-project"
  role    = "roles/artifactregistry.writer"
  members = [
    "serviceAccount:${google_service_account.artifact_registry_sa.email}"
  ]
}

#########################################
# Compute VM Instances
#########################################

resource "google_compute_instance" "myapp_development_n1" {
  description  = "App Node 1"
  name         = "myapp-n1"
  machine_type = "e2-medium"
  zone         = "us-central1-a"
  allow_stopping_for_update = true

  tags = ["web", "worker"]

  boot_disk {
    initialize_params {
      image = "debian-cloud/debian-11"
    }
  }

  network_interface {
    subnetwork = google_compute_subnetwork.subnet.name 
    access_config {
      nat_ip = google_compute_address.static_ip.address
    }
  }

  metadata = {
    ssh-keys = "${var.ssh_host_user}:${var.ssh_key}"
  }


  metadata_startup_script = "echo hi > /test.txt"

  service_account {
    # Google recommends custom service accounts that have cloud-platform scope and permissions granted via IAM Roles.
    email  = google_service_account.myapp_account.email
    scopes = ["cloud-platform"]
  }
}

resource "google_service_account" "myapp_account" {
  account_id   = "myapp-service-account"
  display_name = "Custom SA for VM Instance"
}

#########################################
# Secrets
#########################################

resource "google_secret_manager_secret" "pg_password" {
  secret_id = "myapp-development-pg-password"

  replication {
    auto {}
  }
}

resource "google_secret_manager_secret" "artifact_repository_key" {
  secret_id = "myapp-development-artifact-repository-key"

  replication {
    auto {}
  }
}

resource "google_secret_manager_secret" "rails_master_key" {
  secret_id = "myapp-development-rails-master-key"

  replication {
    auto {}
  }
}

Answer 1

在本例中，创建域会自动为 mycompany.dev 创建一个 dns 托管区域。因此，myapp.mnycompany.dev 的托管区域从未解析，因为它曾经查看过更高的优先级。

我更改了 terraform 代码，不创建托管区域，只是将子域记录添加到该域的主托管区域

resource "google_dns_record_set" "a" {
    name            = "${var.subdomain_name}.mycompany.dev."
    managed_zone    = "mycompany-dev"
    type            = "A"
    ttl             = 300
    rrdatas         = [google_compute_instance.myapp_development_n1.network_interface.0.access_config.0.nat_ip]
}

这立即开始起作用。我怀疑删除父管理区域也可以。

Google 域 .dev 域不适用于计算虚拟机实例

问题描述投票：0回答：1

1个回答

最新问题

Google 域 .dev 域不适用于计算虚拟机实例

问题描述 投票：0回答：1

1个回答

最新问题

问题描述投票：0回答：1