feat(k8s): Configure HTTPS ingress for the blog
Uses Google-managed certificates and an Ingress resource to set up an HTTPS load-balancer. This probably won't be the final version as the GKE Ingress is very limited and can not do things like redirect URLs, which I need to decommission the old setup.
This commit is contained in:
parent
cae99692de
commit
a58af3e371
3 changed files with 29 additions and 0 deletions
15
infra/kubernetes/https-lb/ingress.yaml
Normal file
15
infra/kubernetes/https-lb/ingress.yaml
Normal file
|
@ -0,0 +1,15 @@
|
||||||
|
# This resource configures the HTTPS load balancer that is used as the
|
||||||
|
# entrypoint to all HTTPS services running in the cluster.
|
||||||
|
---
|
||||||
|
apiVersion: extensions/v1beta1
|
||||||
|
kind: Ingress
|
||||||
|
metadata:
|
||||||
|
name: https-ingress
|
||||||
|
annotations:
|
||||||
|
networking.gke.io/managed-certificates: tazj-in, www-tazj-in
|
||||||
|
spec:
|
||||||
|
# Default traffic is routed to the blog, in case people go to
|
||||||
|
# peculiar hostnames.
|
||||||
|
backend:
|
||||||
|
serviceName: tazblog
|
||||||
|
servicePort: 8000
|
|
@ -22,3 +22,4 @@ include:
|
||||||
account: nixery@tazjins-infrastructure.iam.gserviceaccount.com
|
account: nixery@tazjins-infrastructure.iam.gserviceaccount.com
|
||||||
repo: ssh://source.developers.google.com:2022/p/tazjins-infrastructure/r/monorepo
|
repo: ssh://source.developers.google.com:2022/p/tazjins-infrastructure/r/monorepo
|
||||||
- name: tazblog
|
- name: tazblog
|
||||||
|
- name: https-lb
|
||||||
|
|
|
@ -19,3 +19,16 @@ spec:
|
||||||
- name: tazblog
|
- name: tazblog
|
||||||
image: nixery.local/shell/tazjin.blog:{{ gitHEAD }}
|
image: nixery.local/shell/tazjin.blog:{{ gitHEAD }}
|
||||||
command: [ "tazblog" ]
|
command: [ "tazblog" ]
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Service
|
||||||
|
metadata:
|
||||||
|
name: tazblog
|
||||||
|
spec:
|
||||||
|
type: NodePort
|
||||||
|
selector:
|
||||||
|
app: tazblog
|
||||||
|
ports:
|
||||||
|
- protocol: TCP
|
||||||
|
port: 8000
|
||||||
|
targetPort: 8000
|
||||||
|
|
Loading…
Reference in a new issue