How to use a wildcard subdomain with static subdomains with Google Cloud services?

Let's assume we own the domain example.com. In Google Cloud, I would like to achieve the following setup.

There are two Cloud Run services available at api-a.example.com and api-b.example.com.

There is a third backend service running in App Engine available at api-c.example.com.

There are is a dockerized Nginx container with a frontend deployed to App Engine at frontend-a.example.com. This is the frontend for an internal application used by the employees of our company.

The last service is another dockerized Nginx. It should be available at a wildcard subdomain *.example.com. If none of the subdomains mentioned above match, the request should land here. We offer a SaaS and each customer has their own subdomain such as client-1.example.com. These subdomains are indefinite and ever-changing, hence we would like to use a wildcard.

The domain example.com without subdomain is not used.

Is this possible and if so, how?


Solution 1:

It is possible, and you can follow these steps to achieve that:

  1. Create a managed zone: (In this example, a private zone was created, but it is the same procedure for a public one)
gcloud dns managed-zones create private-domain \
    --description=private-domain-example \
    --dns-name=example.com \
    --visibility=private
  1. Create the individual records, including the wildcard pointing to your dockerized Nginx service: (Note the trailing dot in the wildcard record name)
gcloud dns record-sets transaction start \
   --zone=private-domain

gcloud dns record-sets transaction add 10.10.3.2 \
   --name=*.example.com. \
   --ttl=86400 \
   --type=A \
   --zone=private-domain

gcloud dns record-sets transaction add 10.10.1.2 \
   --name=api-a.example.com \
   --ttl=86400 \
   --type=A \
   --zone=private-domain

gcloud dns record-sets transaction add 10.10.1.3 \
   --name=api-b.example.com \
   --ttl=86400 \
   --type=A \
   --zone=private-domain

gcloud dns record-sets transaction add 10.10.2.2 \
   --name=api-c.example.com \
   --ttl=86400 \
   --type=A \
   --zone=private-domain

gcloud dns record-sets transaction add 10.10.2.3 \
   --name=frontend-a.example.com \
   --ttl=86400 \
   --type=A \
   --zone=private-domain

gcloud dns record-sets transaction execute \
   --zone=private-domain

With this setup, any request for the example.com domain that is not explicitly defined will go to the Nginx service which is the wildcard record. You can find the complete documentation about Cloud DNS, including how to manage records, in this document 1.

Note: The scenario was recreated using VM instances in GCP, and therefore the IP addresses at the RR_DATA field in the records, to create a DNS record for App Engine services; you need to follow this how-to guide 2.