This guide was compiled from the following references:
- Set up a global external Application Load Balancer with Cloud Run, App Engine, or Cloud Functions
- Migrate an App Engine custom domain to Cloud Load Balancing
gcloud certificate-manager dns-authorizations create AUTHORIZATION_NAME \
--domain="DOMAIN_NAME"
gcloud certificate-manager certificates describe AUTHORIZATION_NAME
gcloud certificate-manager certificates create CERTIFICATE_NAME \
--domains=DOMAIN_NAME --dns-authorizations=AUTHORIZATION_NAME
gcloud certificate-manager certificates describe CERTIFICATE_NAME
gcloud certificate-manager maps create CERTIFICATE_MAP_NAME
gcloud certificate-manager maps entries create CERTIFICATE_MAP_ENTRY_NAME \
--map=CERTIFICATE_MAP_NAME \
--certificates=CERTIFICATE_NAME \
--hostname=DOMAIN_NAME
gcloud certificate-manager maps entries describe CERTIFICATE_MAP_ENTRY_NAME \
--map=CERTIFICATE_MAP_NAME
gcloud compute addresses create EXTERNAL_IP_NAME \
--network-tier=PREMIUM \
--ip-version=IPV4 \
--global
gcloud compute backend-services create BACKEND_NAME \
--load-balancing-scheme=EXTERNAL_MANAGED \
--timeout=70 \
--global
gcloud compute network-endpoint-groups create NEG_NAME \
--region=us-central1 \
--network-endpoint-type=serverless \
--cloud-run-service=SERVICE_NAME
gcloud compute backend-services add-backend BACKEND_NAME \
--network-endpoint-group=NEG_NAME \
--network-endpoint-group-region=us-central1 \
--global
gcloud compute url-maps create LB_NAME \
--default-service BACKEND_NAME
gcloud compute target-https-proxies create TARGET_HTTPS_PROXY_NAME \
--certificate-map=CERTIFICATE_MAP_NAME \
--url-map=LB_NAME
gcloud compute forwarding-rules create HTTPS_FORWARDING_RULE_NAME \
--load-balancing-scheme=EXTERNAL_MANAGED \
--network-tier=PREMIUM \
--address=EXTERNAL_IP_NAME \
--target-https-proxy=TARGET_HTTPS_PROXY_NAME \
--global \
--ports=443
gcloud compute target-https-proxies update TARGET_HTTPS_PROXY_NAME \
--ssl-policy=modern-default
gcloud compute target-https-proxies update TARGET_HTTPS_PROXY_NAME \
--clear-ssl-policy