Now that are instances are running, lets grab the external IP's and set up domains.
📝 A cheap temp domain can be grabbed from Google Cloud Domains. Just type in random, nonsensical string and you should easily be able to get a domain for $1. There are also lots of other providers. Use whatever works for you.
Grab your external / public IP
$ gcloud compute instances describe sigstore-rekor \
--format='get(networkInterfaces[0].accessConfigs[0].natIP)'
You now want to make an "A Record" to a subdomain or "rekor" and to your external IP from the above command
To create resource records on Google,
- Go to Google Domains
- Click on your domain from the homepage
- DNS > Manage Custom Records
If you're using GCP as the DNS provider this can be done as follows
$ gcloud dns record-sets create rekor.example.com. \
--rrdatas=$(gcloud compute instances describe sigstore-rekor --format='get(networkInterfaces[0].accessConfigs[0].natIP)') \
--type=A --ttl=60 --zone=example-com
Type | Host | Value |
---|---|---|
A Record | rekor | x.x.x.x |
Now repeat the same for fulcio, and dex
$ gcloud compute instances describe sigstore-fulcio \
--format='get(networkInterfaces[0].accessConfigs[0].natIP)'
If you're using GCP as the DNS provider this can be done as follows
$ gcloud dns record-sets create fulcio.example.com. \
--rrdatas=$(gcloud compute instances describe sigstore-fulcio --format='get(networkInterfaces[0].accessConfigs[0].natIP)') \
--type=A --ttl=60 --zone=example-com
Type | Host | Value |
---|---|---|
A Record | fulcio | x.x.x.x |
$ gcloud compute instances describe sigstore-oauth2 \
--format='get(networkInterfaces[0].accessConfigs[0].natIP)'
If you're using GCP as the DNS provider this can be done as follows
$ gcloud dns record-sets create oauth2.example.com. \
--rrdatas=$(gcloud compute instances describe sigstore-oauth2 --format='get(networkInterfaces[0].accessConfigs[0].natIP)') \
--type=A --ttl=60 --zone=example-com
Type | Host | Value |
---|---|---|
A Record | oauth2 | x.x.x.x |
📝 We do not need a domain for the certificate transparency log. This only communicate over a private network to Fulcio.
Next: Rekor