feat(k8s): Configure HTTPS ingress for the blog

Uses Google-managed certificates and an Ingress resource to set up an
HTTPS load-balancer.

This probably won't be the final version as the GKE Ingress is very
limited and can not do things like redirect URLs, which I need to
decommission the old setup.

infra/kubernetes/https-lb/ingress.yaml

@@ -0,0 +1,15 @@
+# This resource configures the HTTPS load balancer that is used as the
+# entrypoint to all HTTPS services running in the cluster.
+---
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  name: https-ingress
+  annotations:
+    networking.gke.io/managed-certificates: tazj-in, www-tazj-in
+spec:
+  # Default traffic is routed to the blog, in case people go to
+  # peculiar hostnames.
+  backend:
+    serviceName: tazblog
+    servicePort: 8000

infra/kubernetes/primary-cluster.yaml

@@ -22,3 +22,4 @@ include:
       account: nixery@tazjins-infrastructure.iam.gserviceaccount.com
       repo: ssh://source.developers.google.com:2022/p/tazjins-infrastructure/r/monorepo
   - name: tazblog
+  - name: https-lb

infra/kubernetes/tazblog/config.yaml

@@ -19,3 +19,16 @@ spec:
       - name: tazblog
         image: nixery.local/shell/tazjin.blog:{{ gitHEAD }}
         command: [ "tazblog" ]
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: tazblog
+spec:
+  type: NodePort
+  selector:
+    app: tazblog
+  ports:
+    - protocol: TCP
+      port: 8000
+      targetPort: 8000