revi-archive/llvm-premerge-checks
1
0
Fork 0
Code Activity

re-configure ingress / services

Browse source
This commit is contained in:
Mikhail Goncharov 2022-09-23 18:45:33 +02:00
parent ed757c3d37
commit 8727b9380f
5 changed files with 58 additions and 38 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

23
kubernetes/cert-issuer.yaml
View file

@ -26,9 +26,14 @@ spec:
privateKeySecretRef: privateKeySecretRef:
name: letsencrypt-staging name: letsencrypt-staging
solvers: solvers:
- http01: - dns01:
ingress: cloudDNS:
class: nginx # The ID of the GCP project
project: "llvm-premerge-checks"
# This is the secret used to access the service account
serviceAccountSecretRef:
name: clouddns-dns01-solver-svc-acct
key: key.json
--- ---
apiVersion: cert-manager.io/v1 apiVersion: cert-manager.io/v1
kind: ClusterIssuer kind: ClusterIssuer
@ -41,6 +46,12 @@ spec:
privateKeySecretRef: privateKeySecretRef:
name: letsencrypt-prod name: letsencrypt-prod
solvers: solvers:
- http01: - dns01:
ingress: cloudDNS:
class: nginx project: "llvm-premerge-checks"
serviceAccountSecretRef:
name: clouddns-dns01-solver-svc-acct
key: key.json
# - http01:
# ingress:
# class: gce

39
kubernetes/ingress.yaml Normal file
View file

@ -0,0 +1,39 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ingress-llvm-premerge
annotations:
# nginx.ingress.kubernetes.io/auth-type: basic
# nginx.ingress.kubernetes.io/auth-secret: http-auth
# nginx.ingress.kubernetes.io/auth-realm: "LLVM pre-merge checks"
# nginx.ingress.kubernetes.io/ssl-redirect: "true"
kubernetes.io/ingress.class: "nginx"
# cert-manager
cert-manager.io/cluster-issuer: "letsencrypt-prod"
# kubernetes.io/ingress.global-static-ip-name: "llvm-premerge"
acme.cert-manager.io/http01-edit-in-place: "true"
# ^ cert-manager
spec:
ingressClassName: nginx
# cert-manager
tls:
- hosts:
- llvm-premerge.org
secretName: llvm-premerge-org-cert
# ^ cert-manager
defaultBackend:
service:
name: phabricator-proxy
port:
number: 8080
rules:
- host: llvm-premerge.org
http:
paths:
- pathType: Prefix
path: /
backend:
service:
name: phabricator-proxy
port:
number: 8080

29
kubernetes/phabricator-proxy/Ingress.yaml
View file

@ -1,29 +0,0 @@
# This ingress matches ALL requests to nginx.
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: nginx-ingress-all
namespace: buildkite
annotations:
kubernetes.io/ingress.global-static-ip-name: "web-static-ip"
kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/auth-type: basic
nginx.ingress.kubernetes.io/auth-secret: http-auth
nginx.ingress.kubernetes.io/auth-realm: "LLVM pre-merge checks"
# cert-manager
cert-manager.io/cluster-issuer: letsencrypt-staging
acme.cert-manager.io/http01-edit-in-place: "true"
# ^ cert-manager
spec:
# cert-manager
tls:
- secretName: llvm-premerge-staging-cert
hosts:
- llvm-premerge.org
# ^ cert-manager
rules:
- http:
paths:
- backend:
serviceName: phabricator-proxy
servicePort: 8080

2
kubernetes/phabricator-proxy/Deployment.yaml → kubernetes/phabricator-proxy/deployment.yaml
View file

@ -16,7 +16,6 @@ apiVersion: apps/v1
kind: Deployment kind: Deployment
metadata: metadata:
name: phabricator-proxy name: phabricator-proxy
namespace: buildkite
spec: spec:
selector: selector:
matchLabels: matchLabels:
@ -32,6 +31,7 @@ spec:
image: gcr.io/llvm-premerge-checks/phabricator-proxy:latest image: gcr.io/llvm-premerge-checks/phabricator-proxy:latest
ports: ports:
- containerPort: 8080 - containerPort: 8080
protocol: TCP
env: env:
- name: BUILDKITE_API_TOKEN - name: BUILDKITE_API_TOKEN
valueFrom: valueFrom:

1
kubernetes/phabricator-proxy/Services.yaml → kubernetes/phabricator-proxy/service.yaml
View file

@ -16,7 +16,6 @@ kind: Service
apiVersion: v1 apiVersion: v1
metadata: metadata:
name: phabricator-proxy name: phabricator-proxy
namespace: buildkite
spec: spec:
selector: selector:
app: phabricator-proxy app: phabricator-proxy