Home » Security Bloggers Network » Creating CNAME for Google Cloud Run Service Functions

Creating CNAME for Google Cloud Run Service Functions

by Abhiram on January 23, 2023

In this blog, we will create a CNAME for our cloudrun service function with path matchers. We will be using the load balancer method to create a CNAME. We will create three path matchers for three separate cloudrun services.

How to create a CNAME for Google cloud run service functions

Firstly we have to create a domain name in any domain registrar of your choice like Cloudflare. For example mysamplefunctions.com
To use this method we need a project owner or project editor role or the following permissions

Network Admin

Compute Instance Admin

Security Admin

Network Admin

Compute Instance Admin

Security Admin

We need to set up a global IP address to reach the load balancer
Run the following command

				
					gcloud compute addresses create function-ip \
    --network-tier=PREMIUM \
    --ip-version=IPV4 \
    --global

gcloud compute addresses describe function-ip \
    --format="get(address)" \
    --global

Console

Create a serverless NEG (network endpoint group) for your first cloudrun service let’s say. Image processor. The --cloud-run-serive should be the name that you see for the cloud run service in the cloud console

				
					gcloud compute network-endpoint-groups create imageprocessorneg \
            --region=us-central1 \
            --network-endpoint-type=serverless  \
            --cloud-run-service=imageprocessor

Console

Add the FQDN keep the other fields as is

Create a backend service for the same.

				
					gcloud compute backend-services create imageprocessorservice \
             --load-balancing-scheme=EXTERNAL \
             --global

You cannot create global backend service from console. To create regional backend service

Specify the network enpoint group name created in the previous step in the below drop down menu.

Add the serverless NEG as a backend to backend service

				
					gcloud compute backend-services add-backend imageprocessorservice \
             --global \
             --network-endpoint-group=imageprocessorneg \
             --network-endpoint-group-region=us-central1

Create a NEG for your second cloudrun service let’s say video processor.The --cloud-run-service should be the name that you see for the cloudrun service in the cloud console

				
					gcloud compute network-endpoint-groups create videoprocessorneg \
            --region=us-central1 \
            --network-endpoint-type=serverless  \
            --cloud-run-service=videoprocessor

Create backend service for same.

				
					gcloud compute backend-services create videoprocessorservice \
             --load-balancing-scheme=EXTERNAL \
             --global

Add serverless NEG as backend to backend service.

				
					gcloud compute backend-services add-backend videoprocessorservice \
             --global \
             --network-endpoint-group=videoprocessorneg \
             --network-endpoint-group-region=us-central1

Create a NEG for your third cloudrun service let’s say audio processor.The –cloud-run-service should be the name that you see for the cloudrun service in the cloud console

				
					gcloud compute network-endpoint-groups create audioprocessorneg \
            --region=us-central1 \
            --network-endpoint-type=serverless  \
            --cloud-run-service=audioprocessor

Create backend service for same.

				
					gcloud compute backend-services create audioprocessorservice \
             --load-balancing-scheme=EXTERNAL \
             --global

Add serverless NEG as backend to backend service.

				
					gcloud compute backend-services add-backend audioprocessorservice \
             --global \
             --network-endpoint-group=audioprocessorneg \
             --network-endpoint-group-region=us-central1

Create a URL map to route incoming requests to the backend service.

				
					gcloud compute url-maps create myurlmap \
             --default-service imageprocessorservice

The --default-service will be used if no path is specified in the url.

Create path matchers for all the services.

				
					gcloud compute url-maps add-path-matcher myurlmap \
    --path-matcher-name=service-matcher \
		--new-hosts=mysamplefunctions.com \
    --default-service=imageprocessorservice \
    --backend-service-path-rules='/image=imageprocessorservice,/video=videoprocessorservice,/audio=audioprocessorservice'

Create a target HTTP(S) proxy to route requests to your URL map.

				
					gcloud compute target-http-proxies create myhttpproxy \
            --url-map=myurlmap

Console steps 13, 14, and 15:
a. Create a http load balancer

b. Create a URL map to route incoming requests to the backend service.

c. Create a URL map to route incoming requests to the backend service.

d. Click Create

Create a global forwarding rule to route incoming requests to the proxy.

				
					gcloud compute forwarding-rules create myhttpforwadingrule \
          --load-balancing-scheme=EXTERNAL \
          --network-tier=PREMIUM \
          --address=function-ip \
          --target-http-proxy=myhttpproxy \
          --global \
          --ports=80

After the load balancer is created, note the IP address that is associated with the load balancer: for example, 30.90.80.100. To point your domain to your load balancer, create an A record using your domain registration service.
Make sure that proxy is disabled in the domain registrar like Cloudflare so the traffic is routed to the load balancer.
So you can now access the functions in the following manner.
– For image processor
mysamplefucntions.com/image– For video processor.
mysamplefucntions.com/video– For Audio processor.
myaudioprocessor.com/audio