Skip to content

Latest commit

 

History

History
82 lines (58 loc) · 2.41 KB

03-domain-configuration.md

File metadata and controls

82 lines (58 loc) · 2.41 KB
Raw

Domain configuration

Now that are instances are running, lets grab the external IP's and set up domains.

📝 A cheap temp domain can be grabbed from Google Cloud Domains. Just type in random, nonsensical string and you should easily be able to get a domain for $1. There are also lots of other providers. Use whatever works for you.

Configuration

rekor.example.com

Grab your external / public IP

$ gcloud compute instances describe sigstore-rekor \
  --format='get(networkInterfaces[0].accessConfigs[0].natIP)'

You now want to make an "A Record" to a subdomain or "rekor" and to your external IP from the above command

To create resource records on Google,

  1. Go to Google Domains
  2. Click on your domain from the homepage
  3. DNS > Manage Custom Records

If you're using GCP as the DNS provider this can be done as follows

$ gcloud dns record-sets create rekor.example.com. \
  --rrdatas=$(gcloud compute instances describe sigstore-rekor --format='get(networkInterfaces[0].accessConfigs[0].natIP)') \
  --type=A --ttl=60 --zone=example-com
Type Host Value
A Record rekor x.x.x.x

fulcio.example.com

Now repeat the same for fulcio, and dex

$ gcloud compute instances describe sigstore-fulcio \
  --format='get(networkInterfaces[0].accessConfigs[0].natIP)'

If you're using GCP as the DNS provider this can be done as follows

$ gcloud dns record-sets create fulcio.example.com. \
  --rrdatas=$(gcloud compute instances describe sigstore-fulcio --format='get(networkInterfaces[0].accessConfigs[0].natIP)') \
  --type=A --ttl=60 --zone=example-com
Type Host Value
A Record fulcio x.x.x.x

oauth2.example.com

$ gcloud compute instances describe sigstore-oauth2 \
  --format='get(networkInterfaces[0].accessConfigs[0].natIP)'

If you're using GCP as the DNS provider this can be done as follows

$ gcloud dns record-sets create oauth2.example.com. \
  --rrdatas=$(gcloud compute instances describe sigstore-oauth2 --format='get(networkInterfaces[0].accessConfigs[0].natIP)') \
  --type=A --ttl=60 --zone=example-com
Type Host Value
A Record oauth2 x.x.x.x

📝 We do not need a domain for the certificate transparency log. This only communicate over a private network to Fulcio.

Next: Rekor