From 381b1bf1a60cf56656b2c80d6cef18a2c7b23490 Mon Sep 17 00:00:00 2001
From: Mikhail Goncharov <goncharov.mikhail@gmail.com>
Date: Tue, 29 Sep 2020 11:44:12 +0200
Subject: [PATCH] Update nginx configuration to capture all traffic to the
 static IP

Right now we have only one service we need to serve.

I kept cert manager config for now in the case we want to get a hostname
in the near future.

Updated doc + minor doc / setup fixes.

fixes #242
---
 README.md                                 |  4 +++-
 docs/development.md                       | 25 ++++++++++-------------
 kubernetes/phabricator-proxy/Ingress.yaml | 11 +++-------
 local_setup.sh                            |  2 +-
 4 files changed, 18 insertions(+), 24 deletions(-)

diff --git a/README.md b/README.md
index dbc07d2..49cfc8f 100644
--- a/README.md
+++ b/README.md
@@ -1,6 +1,8 @@
 # Status
 
-:exclamation: We have ongoing [issue](https://github.com/google/llvm-premerge-checks/issues/243) with windows build taking more that 2 hours to complete.
+:exclamation: We have ongoing [issue](
+https://github.com/google/llvm-premerge-checks/issues/243) with windows build
+taking more that 2 hours to complete.
 That also causes follow up builds to fail. Thus **windows builds are temporary disabled**.
 
 # Overview
diff --git a/docs/development.md b/docs/development.md
index 2f2faef..9678743 100644
--- a/docs/development.md
+++ b/docs/development.md
@@ -90,23 +90,20 @@ combined result to Phabricator.
 
 ## Ingress and public addresses
 
-https://build.llvm-merge-guard.org/ URL points to [phabricator
-proxy](../phabricator-proxy) application.
+We use NGINX ingress for Kubernetes. Right now it's only used to provide basic
+HTTP authentication and forwards all requests from load balancer to
+[phabricator proxy](../phabricator-proxy) application.
 
-We use NGINX ingress for Kubernetes and Let's Encrypt certificate manager.
 Follow up to date docs to install [reverse
-proxy](https://kubernetes.github.io/ingress-nginx/deploy/#gce-gke) and
-[certificate
-manager](http://docs.cert-manager.io/en/latest/getting-started/install/kubernetes.html).
+proxy](https://kubernetes.github.io/ingress-nginx/deploy/#gce-gke).
+ 
+We also have [certificate manager](
+http://docs.cert-manager.io/en/latest/getting-started/install/kubernetes.html) and 
+[lets-encrypt configuration](../kubernetes/cert-issuer.yaml) in place, but they are
+not used at the moment and should be removed if we decide to live with static IP.
 
-[lets-encrypt configuration](../kubernetes/cert-issuer.yaml).
-
-Access to the service is restricted with basic HTTP auth. It's configured with
-k8s secret 'http-auth' in 'buildkite' namespace (see [how to update
-auth](playbooks.md#update-http-auth-credentials))
-
-llvm-merge-guard.org domain is managed by [Google
-Domains](https://domains.google.com/).
+HTTP auth is configured with k8s secret 'http-auth' in 'buildkite' namespace 
+(see [how to update auth](playbooks.md#update-http-auth-credentials)).
 
 ## Linux agents
 
diff --git a/kubernetes/phabricator-proxy/Ingress.yaml b/kubernetes/phabricator-proxy/Ingress.yaml
index 26aece0..11203f2 100644
--- a/kubernetes/phabricator-proxy/Ingress.yaml
+++ b/kubernetes/phabricator-proxy/Ingress.yaml
@@ -1,23 +1,18 @@
+# This ingress matches ALL requests to nginx.
 apiVersion: extensions/v1beta1
 kind: Ingress
 metadata:
-  name: nginx-ingress-build
+  name: nginx-ingress-all
   namespace: buildkite
   annotations:
     kubernetes.io/ingress.global-static-ip-name: "web-static-ip"
     kubernetes.io/ingress.class: "nginx"
-    cert-manager.io/cluster-issuer: "letsencrypt-prod"
     nginx.ingress.kubernetes.io/auth-type: basic
     nginx.ingress.kubernetes.io/auth-secret: http-auth
     nginx.ingress.kubernetes.io/auth-realm: "LLVM pre-merge checks"
 spec:
-  tls:
-  - secretName: build-prod-tls
-    hosts:
-    - build.llvm-merge-guard.org
   rules:
-  - host: build.llvm-merge-guard.org
-    http:
+  - http:
       paths:
       - backend:
           serviceName: phabricator-proxy
diff --git a/local_setup.sh b/local_setup.sh
index 1c38ea7..23d9c97 100755
--- a/local_setup.sh
+++ b/local_setup.sh
@@ -24,9 +24,9 @@ sudo apt install -y google-cloud-sdk kubectl docker
 
 # configure gCloud
 source "${ROOT_DIR}/k8s_config"
+gcloud auth login
 gcloud config set project ${GCP_PROJECT}
 gcloud config set compute/zone ${GCP_ZONE}
-
 # setup docker for pushing containers
 gcloud auth configure-docker
 gcloud container clusters get-credentials $GCP_CLUSTER
\ No newline at end of file