GCP: Add DNS, SSL, and Ingress support

[lukeweber]

What problem are you facing?

Integration of dns, ssl, and ingress in crossplane. I've added these as one ticket as they are often related.

If I configure the dns, I can provision certs with a major provider, and by extension I can associate those certs with a load balancer.

Although this can be supported somewhat with self-service by applying externaldns, and cert-manager to a kubernetes target cluster with workload, it moves this out of the control of Crossplane and has downsides. Cert-manager can be less than ideal in some cases like a zero downtime migration to a different cluster, you don't get certs on cluster until the dns resolves to the new cluster, which is whatever the delay is for the dns migration.

As part of this story, full automation makes for a great demo, but we would likely also want to allow users to set a private key and ca and allow crossplane to associate this cert to any load balancer in the major providers.

How could Crossplane help solve your problem?

Example flow with GCP cloud DNS + AWS EKS to setup SSL, DNS, Ingress:

1. Want to deploy app in a target EKS cluster behind https://myhost.com
2. AWS ACM - Request Cert
3. Create a DNS entry in Cloud DNS on GCP to verify control of domain
4. Associate ACM Cert with EKS ALB
5. Point Cloud DNS and AWS ALB

Further related reading: GCP K8s multi-cluster ingress google managed certs google pre-shared certs Import external cert to AWS ACM Static IPs for ALBs

[riveryc]

Why don't you just simply use route53 as your DNS management instead of Cloud DNS? I'm bit confused here...

[o6uoq]

Why don't you just simply use route53 as your DNS management instead of Cloud DNS? I'm bit confused here...

Route 53 = AWS Cloud DNS = GCP

I'm assuming the OP would like to be able to control DNS via GCP, and not AWS.