feat(k8s): Configure HTTPS ingress for the blog

Uses Google-managed certificates and an Ingress resource to set up an
HTTPS load-balancer.

This probably won't be the final version as the GKE Ingress is very
limited and can not do things like redirect URLs, which I need to
decommission the old setup.
This commit is contained in:
Vincent Ambo 2019-08-27 12:44:37 +01:00
parent cae99692de
commit a58af3e371
3 changed files with 29 additions and 0 deletions

View file

@ -0,0 +1,15 @@
# This resource configures the HTTPS load balancer that is used as the
# entrypoint to all HTTPS services running in the cluster.
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: https-ingress
annotations:
networking.gke.io/managed-certificates: tazj-in, www-tazj-in
spec:
# Default traffic is routed to the blog, in case people go to
# peculiar hostnames.
backend:
serviceName: tazblog
servicePort: 8000

View file

@ -22,3 +22,4 @@ include:
account: nixery@tazjins-infrastructure.iam.gserviceaccount.com account: nixery@tazjins-infrastructure.iam.gserviceaccount.com
repo: ssh://source.developers.google.com:2022/p/tazjins-infrastructure/r/monorepo repo: ssh://source.developers.google.com:2022/p/tazjins-infrastructure/r/monorepo
- name: tazblog - name: tazblog
- name: https-lb

View file

@ -19,3 +19,16 @@ spec:
- name: tazblog - name: tazblog
image: nixery.local/shell/tazjin.blog:{{ gitHEAD }} image: nixery.local/shell/tazjin.blog:{{ gitHEAD }}
command: [ "tazblog" ] command: [ "tazblog" ]
---
apiVersion: v1
kind: Service
metadata:
name: tazblog
spec:
type: NodePort
selector:
app: tazblog
ports:
- protocol: TCP
port: 8000
targetPort: 8000