From 8727b9380f416f2456f9dea283a9e7289ab17a3b Mon Sep 17 00:00:00 2001 From: Mikhail Goncharov Date: Fri, 23 Sep 2022 18:45:33 +0200 Subject: [PATCH] re-configure ingress / services --- kubernetes/cert-issuer.yaml | 23 ++++++++--- kubernetes/ingress.yaml | 39 +++++++++++++++++++ kubernetes/phabricator-proxy/Ingress.yaml | 29 -------------- .../{Deployment.yaml => deployment.yaml} | 2 +- .../{Services.yaml => service.yaml} | 3 +- 5 files changed, 58 insertions(+), 38 deletions(-) create mode 100644 kubernetes/ingress.yaml delete mode 100644 kubernetes/phabricator-proxy/Ingress.yaml rename kubernetes/phabricator-proxy/{Deployment.yaml => deployment.yaml} (98%) rename kubernetes/phabricator-proxy/{Services.yaml => service.yaml} (94%) diff --git a/kubernetes/cert-issuer.yaml b/kubernetes/cert-issuer.yaml index ac46ee1..d76e2e4 100644 --- a/kubernetes/cert-issuer.yaml +++ b/kubernetes/cert-issuer.yaml @@ -26,9 +26,14 @@ spec: privateKeySecretRef: name: letsencrypt-staging solvers: - - http01: - ingress: - class: nginx + - dns01: + cloudDNS: + # The ID of the GCP project + project: "llvm-premerge-checks" + # This is the secret used to access the service account + serviceAccountSecretRef: + name: clouddns-dns01-solver-svc-acct + key: key.json --- apiVersion: cert-manager.io/v1 kind: ClusterIssuer @@ -41,6 +46,12 @@ spec: privateKeySecretRef: name: letsencrypt-prod solvers: - - http01: - ingress: - class: nginx \ No newline at end of file + - dns01: + cloudDNS: + project: "llvm-premerge-checks" + serviceAccountSecretRef: + name: clouddns-dns01-solver-svc-acct + key: key.json + # - http01: + # ingress: + # class: gce \ No newline at end of file diff --git a/kubernetes/ingress.yaml b/kubernetes/ingress.yaml new file mode 100644 index 0000000..5a04c8c --- /dev/null +++ b/kubernetes/ingress.yaml @@ -0,0 +1,39 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: ingress-llvm-premerge + annotations: + # nginx.ingress.kubernetes.io/auth-type: basic + # nginx.ingress.kubernetes.io/auth-secret: http-auth + # nginx.ingress.kubernetes.io/auth-realm: "LLVM pre-merge checks" + # nginx.ingress.kubernetes.io/ssl-redirect: "true" + kubernetes.io/ingress.class: "nginx" + # cert-manager + cert-manager.io/cluster-issuer: "letsencrypt-prod" + # kubernetes.io/ingress.global-static-ip-name: "llvm-premerge" + acme.cert-manager.io/http01-edit-in-place: "true" + # ^ cert-manager +spec: + ingressClassName: nginx + # cert-manager + tls: + - hosts: + - llvm-premerge.org + secretName: llvm-premerge-org-cert + # ^ cert-manager + defaultBackend: + service: + name: phabricator-proxy + port: + number: 8080 + rules: + - host: llvm-premerge.org + http: + paths: + - pathType: Prefix + path: / + backend: + service: + name: phabricator-proxy + port: + number: 8080 \ No newline at end of file diff --git a/kubernetes/phabricator-proxy/Ingress.yaml b/kubernetes/phabricator-proxy/Ingress.yaml deleted file mode 100644 index e0f3997..0000000 --- a/kubernetes/phabricator-proxy/Ingress.yaml +++ /dev/null @@ -1,29 +0,0 @@ -# This ingress matches ALL requests to nginx. -apiVersion: networking.k8s.io/v1beta1 -kind: Ingress -metadata: - name: nginx-ingress-all - namespace: buildkite - annotations: - kubernetes.io/ingress.global-static-ip-name: "web-static-ip" - kubernetes.io/ingress.class: "nginx" - nginx.ingress.kubernetes.io/auth-type: basic - nginx.ingress.kubernetes.io/auth-secret: http-auth - nginx.ingress.kubernetes.io/auth-realm: "LLVM pre-merge checks" - # cert-manager - cert-manager.io/cluster-issuer: letsencrypt-staging - acme.cert-manager.io/http01-edit-in-place: "true" - # ^ cert-manager -spec: - # cert-manager - tls: - - secretName: llvm-premerge-staging-cert - hosts: - - llvm-premerge.org - # ^ cert-manager - rules: - - http: - paths: - - backend: - serviceName: phabricator-proxy - servicePort: 8080 \ No newline at end of file diff --git a/kubernetes/phabricator-proxy/Deployment.yaml b/kubernetes/phabricator-proxy/deployment.yaml similarity index 98% rename from kubernetes/phabricator-proxy/Deployment.yaml rename to kubernetes/phabricator-proxy/deployment.yaml index ff773c4..0029212 100644 --- a/kubernetes/phabricator-proxy/Deployment.yaml +++ b/kubernetes/phabricator-proxy/deployment.yaml @@ -16,7 +16,6 @@ apiVersion: apps/v1 kind: Deployment metadata: name: phabricator-proxy - namespace: buildkite spec: selector: matchLabels: @@ -32,6 +31,7 @@ spec: image: gcr.io/llvm-premerge-checks/phabricator-proxy:latest ports: - containerPort: 8080 + protocol: TCP env: - name: BUILDKITE_API_TOKEN valueFrom: diff --git a/kubernetes/phabricator-proxy/Services.yaml b/kubernetes/phabricator-proxy/service.yaml similarity index 94% rename from kubernetes/phabricator-proxy/Services.yaml rename to kubernetes/phabricator-proxy/service.yaml index f4e7177..746ef06 100644 --- a/kubernetes/phabricator-proxy/Services.yaml +++ b/kubernetes/phabricator-proxy/service.yaml @@ -16,11 +16,10 @@ kind: Service apiVersion: v1 metadata: name: phabricator-proxy - namespace: buildkite spec: selector: app: phabricator-proxy ports: - protocol: TCP port: 8080 - targetPort: 8080 + targetPort: 8080 \ No newline at end of file