Update nginx configuration to capture all traffic to the static IP

Right now we have only one service we need to serve.

I kept cert manager config for now in the case we want to get a hostname
in the near future.

Updated doc + minor doc / setup fixes.

fixes #242

README.md

@@ -1,6 +1,8 @@
 # Status
 
-:exclamation: We have ongoing [issue](https://github.com/google/llvm-premerge-checks/issues/243) with windows build taking more that 2 hours to complete.
+:exclamation: We have ongoing [issue](
+https://github.com/google/llvm-premerge-checks/issues/243) with windows build
+taking more that 2 hours to complete.
 That also causes follow up builds to fail. Thus **windows builds are temporary disabled**.
 
 # Overview

docs/development.md

@@ -90,23 +90,20 @@ combined result to Phabricator.
 
 ## Ingress and public addresses
 
-https://build.llvm-merge-guard.org/ URL points to [phabricator
+We use NGINX ingress for Kubernetes. Right now it's only used to provide basic
-proxy](../phabricator-proxy) application.
+HTTP authentication and forwards all requests from load balancer to
+[phabricator proxy](../phabricator-proxy) application.
 
-We use NGINX ingress for Kubernetes and Let's Encrypt certificate manager.
 Follow up to date docs to install [reverse
-proxy](https://kubernetes.github.io/ingress-nginx/deploy/#gce-gke) and
+proxy](https://kubernetes.github.io/ingress-nginx/deploy/#gce-gke).
-[certificate
+ 
-manager](http://docs.cert-manager.io/en/latest/getting-started/install/kubernetes.html).
+We also have [certificate manager](
+http://docs.cert-manager.io/en/latest/getting-started/install/kubernetes.html) and 
+[lets-encrypt configuration](../kubernetes/cert-issuer.yaml) in place, but they are
+not used at the moment and should be removed if we decide to live with static IP.
 
-[lets-encrypt configuration](../kubernetes/cert-issuer.yaml).
+HTTP auth is configured with k8s secret 'http-auth' in 'buildkite' namespace 
-
+(see [how to update auth](playbooks.md#update-http-auth-credentials)).
-Access to the service is restricted with basic HTTP auth. It's configured with
-k8s secret 'http-auth' in 'buildkite' namespace (see [how to update
-auth](playbooks.md#update-http-auth-credentials))
-
-llvm-merge-guard.org domain is managed by [Google
-Domains](https://domains.google.com/).
 
 ## Linux agents
 

kubernetes/phabricator-proxy/Ingress.yaml

@@ -1,23 +1,18 @@
+# This ingress matches ALL requests to nginx.
 apiVersion: extensions/v1beta1
 kind: Ingress
 metadata:
-  name: nginx-ingress-build
+  name: nginx-ingress-all
   namespace: buildkite
   annotations:
     kubernetes.io/ingress.global-static-ip-name: "web-static-ip"
     kubernetes.io/ingress.class: "nginx"
-    cert-manager.io/cluster-issuer: "letsencrypt-prod"
     nginx.ingress.kubernetes.io/auth-type: basic
     nginx.ingress.kubernetes.io/auth-secret: http-auth
     nginx.ingress.kubernetes.io/auth-realm: "LLVM pre-merge checks"
 spec:
-  tls:
-  - secretName: build-prod-tls
-    hosts:
-    - build.llvm-merge-guard.org
   rules:
-  - host: build.llvm-merge-guard.org
+  - http:
-    http:
       paths:
       - backend:
           serviceName: phabricator-proxy

local_setup.sh

@@ -24,9 +24,9 @@ sudo apt install -y google-cloud-sdk kubectl docker
 
 # configure gCloud
 source "${ROOT_DIR}/k8s_config"
+gcloud auth login
 gcloud config set project ${GCP_PROJECT}
 gcloud config set compute/zone ${GCP_ZONE}
-
 # setup docker for pushing containers
 gcloud auth configure-docker
 gcloud container clusters get-credentials $GCP_CLUSTER