devapp: enable IAP on test site

Experiment with per-path IAP backends. Change-Id: Ic25460e9a7af230035303af55ba94e5b453451f6 Reviewed-on: https://go-review.googlesource.com/c/build/+/357754 Trust: Heschi Kreinick <heschi@google.com> Run-TryBot: Heschi Kreinick <heschi@google.com> TryBot-Result: Go Bot <gobot@golang.org> Reviewed-by: Carlos Amedee <carlos@golang.org>
2021-10-21 14:16:39 -04:00 · 2021-10-21 14:16:39 -04:00 · af7dff6084
--- a/deploy/build-ingress.yaml
+++ b/deploy/build-ingress.yaml
@ -15,6 +15,13 @@ spec:
  - host: dev-test.golang.org
    http:
      paths:
+      - pathType: ImplementationSpecific
+        path: /owners
+        backend:
+          service:
+            name: devapp-internal-iap
+            port:
+              number: 80
      - pathType: ImplementationSpecific
        path: /*
        backend:
@ -59,7 +66,7 @@ spec:
        path: /*
        backend:
          service:
-            name: maintner-internal
+            name: maintnerd-internal
            port:
              number: 80
 ---
@ -73,6 +80,17 @@ spec:
    enabled: true
    responseCodeName: FOUND
 ---
+apiVersion: cloud.google.com/v1
+kind: BackendConfig
+metadata:
+  namespace: prod
+  name: build-ingress-iap-backend
+spec:
+  iap:
+    enabled: true
+    oauthclientCredentials:
+      secretName: iap-oauth
+---
 apiVersion: networking.gke.io/v1
 kind: ManagedCertificate
 metadata:
--- a/devapp/deployment-prod.yaml
+++ b/devapp/deployment-prod.yaml
@ -58,6 +58,22 @@ spec:
 ---
 apiVersion: v1
 kind: Service
+metadata:
+  namespace: prod
+  name: devapp-internal-iap
+  annotations:
+    beta.cloud.google.com/backend-config: '{"default": "build-ingress-iap-backend"}'
+spec:
+  ports:
+    - port: 80
+      targetPort: 80
+      name: http
+  selector:
+    app: devapp
+  type: ClusterIP
+---
+apiVersion: v1
+kind: Service
 metadata:
  namespace: prod
  name: devapp-internal