Cloud
Monitor GCP Cert Rotations with Cloud Monitoring Runbooks
A cert rotation that you can’t see coming is a cert rotation that will page you at 3am…
Series: GCP Certificate, DNS & Traffic Consolidation
Cloud
Build a Zero-Incident Cert Rotation Demo on GCP
Every article in this series has delivered one piece: the DNSSEC-signed delegated zone, the wildcard cert, the shared…
Cloud
Enforce GCP Cert Consolidation with Terraform and ArgoCD
Consolidation patterns that depend on good intentions decay fast. One PR at 5pm on a Friday that adds…
Cloud
Implement SPKI Cert Pinning for GCP Private CA
SPKI pinning is one of the few certificate-layer controls where the public-CA wildcard pattern from the rest of…
Cloud
Deploy GCP Private CA for Financial Service Certs
The whole consolidation story so far collapses toward one wildcard cert on a shared LB. For most services…
Cloud
Choose GCP Regional vs Global External ALB
The default advice for new HTTPS services on GCP is “use a Global External ALB.” It’s usually right.…
Containers
Migrate GKE Ingress to Gateway API with Cert Manager
On GKE, per-service Ingress plus per-service ManagedCertificate is the path of least resistance. It also scales badly: every…
Cloud
Consolidate GCP Certs on a Shared LB with Cert Maps
Per-service ManagedCertificate attached to a per-service target HTTPS proxy is why you have 120 forwarding rules across 4…
Cloud
Issue GCP Wildcard Certs with DNS Authorization (Terraform)
A single wildcard cert covering every service on a shared LB is what turns cert sprawl from a…
Cloud
Configure Cloud DNS DNSSEC and CAA on GCP (Terraform)
Cert sprawl starts with DNS. If the zone you issue certs against isn’t locked down first, every cert…
GCP
Audit GCP Certificate Sprawl on Per-Service ManagedCertificate
Reproduce the per-service ManagedCertificate sprawl pattern on GKE Autopilot with three live services, real cost math, and the…