I have an existing service running in Google Cloud run. At some point in the past, someone else mapped a domain to that service. Let's call it foo.somecompany.com. Now, I want to put that existing service behind a GCP load balancer. It seems like the easiest way to do this would be to use domain mapping in GCP, but I'm running into an issue with Google generating the SSL certificate.
To explain, I have the Cloud Run service, which looks like this in the GCP:
If I click into the service I can see the google-generated URL for the service and an "i" icon in the header:
If I click that "i" icon, I am shown a list of custom domains:
And, by clicking on the Manage Custom Domains, I am taken to Cloud Run Domain mappings. I'm not aware of any other way to get to this list. Anyhow, on this view I see the custom domain for this app, which was created by someone else a couple years ago:
As far as I can tell, the indicated person created this domain mapping in 2022. Creating the mapping gives you a set of IP addresses to use when configuring DNS. I'm not sure how the SSL certificate for the app was generated or assigned, but the app does use SSL. The certificate is presumably managed by GCP as I've never renewed it manually and, at this point, I'm the only person managing the app in GCP.
So, on this screen I can click the Add Mapping button, which shows me a menu where I can click to create a custom domain with GCP Load Balancing:
Cutting to the chase, I've walked through the process of creating the Load Balancer. I've set the domain to be the same domain already in use (foo.somecompany.com) and pointed it to the Cloud Run app. Google has gone off and created all the needed resources, but it's stuck generating the SSL certificate. This is what I'm seeing:
I think it's stuck generating the SSL certificate because DNS for foo.somecompany.com hasn't been updated to point at the specified IP address for the load balancer. But, that leaves me stuck, doesn't it? I don't want to update DNS yet, since the load balancer isn't live. But I can't make the load balancer live until DNS points at it. And, if I do that, then the app will be down for however long it takes Google to provision the SSL certificate.
I don't own the somecompany.com domain and don't want anyone (especially me) to be responsible for remembering to renew the SSL cert, so I very much want this to be managed by Google.
Is there any way to get the load balancer running in front of my app and then move DNS?
