re-configure ingress / services

kubernetes/cert-issuer.yaml

@@ -26,9 +26,14 @@ spec:
     privateKeySecretRef:
       name: letsencrypt-staging
     solvers:
-    - http01:
-        ingress:
-          class: nginx
+    - dns01:
+        cloudDNS:
+          # The ID of the GCP project
+          project: "llvm-premerge-checks"
+          # This is the secret used to access the service account
+          serviceAccountSecretRef:
+            name: clouddns-dns01-solver-svc-acct
+            key: key.json
 ---
 apiVersion: cert-manager.io/v1
 kind: ClusterIssuer
@@ -41,6 +46,12 @@ spec:
     privateKeySecretRef:
       name: letsencrypt-prod
     solvers:
-    - http01:
-        ingress:
-          class: nginx
+    - dns01:
+        cloudDNS:
+          project: "llvm-premerge-checks"
+          serviceAccountSecretRef:
+            name: clouddns-dns01-solver-svc-acct
+            key: key.json
+    # - http01:
+    #     ingress:
+    #       class: gce

kubernetes/ingress.yaml

@@ -0,0 +1,39 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: ingress-llvm-premerge
+  annotations:    
+    # nginx.ingress.kubernetes.io/auth-type: basic
+    # nginx.ingress.kubernetes.io/auth-secret: http-auth
+    # nginx.ingress.kubernetes.io/auth-realm: "LLVM pre-merge checks"
+    # nginx.ingress.kubernetes.io/ssl-redirect: "true"    
+    kubernetes.io/ingress.class: "nginx"
+    # cert-manager
+    cert-manager.io/cluster-issuer: "letsencrypt-prod"
+    # kubernetes.io/ingress.global-static-ip-name: "llvm-premerge"    
+    acme.cert-manager.io/http01-edit-in-place: "true"
+    # ^ cert-manager
+spec:
+  ingressClassName: nginx
+  # cert-manager
+  tls:
+  - hosts:
+    - llvm-premerge.org
+    secretName: llvm-premerge-org-cert
+  # ^ cert-manager
+  defaultBackend:
+    service:
+      name: phabricator-proxy
+      port:
+        number: 8080
+  rules:
+  - host: llvm-premerge.org
+    http:  
+      paths:
+      - pathType: Prefix
+        path: /
+        backend:
+          service:
+            name: phabricator-proxy
+            port:
+              number: 8080

kubernetes/phabricator-proxy/Ingress.yaml

@@ -1,29 +0,0 @@
-# This ingress matches ALL requests to nginx.
-apiVersion: networking.k8s.io/v1beta1
-kind: Ingress
-metadata:
-  name: nginx-ingress-all
-  namespace: buildkite
-  annotations:
-    kubernetes.io/ingress.global-static-ip-name: "web-static-ip"
-    kubernetes.io/ingress.class: "nginx"
-    nginx.ingress.kubernetes.io/auth-type: basic
-    nginx.ingress.kubernetes.io/auth-secret: http-auth
-    nginx.ingress.kubernetes.io/auth-realm: "LLVM pre-merge checks"
-    # cert-manager
-    cert-manager.io/cluster-issuer: letsencrypt-staging
-    acme.cert-manager.io/http01-edit-in-place: "true"
-    # ^ cert-manager
-spec:
-  # cert-manager
-  tls:
-  - secretName: llvm-premerge-staging-cert
-    hosts:
-    - llvm-premerge.org
-  # ^ cert-manager
-  rules:
-  - http:
-      paths:
-      - backend:
-          serviceName: phabricator-proxy
-          servicePort: 8080

kubernetes/phabricator-proxy/deployment.yaml

@@ -16,7 +16,6 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: phabricator-proxy
-  namespace: buildkite
 spec:
   selector:
     matchLabels:
@@ -32,6 +31,7 @@ spec:
         image: gcr.io/llvm-premerge-checks/phabricator-proxy:latest
         ports:
         - containerPort: 8080
+          protocol: TCP
         env:
         - name: BUILDKITE_API_TOKEN
           valueFrom:

kubernetes/phabricator-proxy/service.yaml

@@ -16,11 +16,10 @@ kind: Service
 apiVersion: v1
 metadata:
   name: phabricator-proxy
-  namespace: buildkite
 spec:
   selector:
     app: phabricator-proxy
   ports:
     - protocol: TCP
       port: 8080
-      targetPort: 8080
+      targetPort: 8080