From af7dff60846ec9cb2e4cbbf7a12ad25058a8743b Mon Sep 17 00:00:00 2001 From: Heschi Kreinick Date: Thu, 21 Oct 2021 14:16:39 -0400 Subject: [PATCH] devapp: enable IAP on test site Experiment with per-path IAP backends. Change-Id: Ic25460e9a7af230035303af55ba94e5b453451f6 Reviewed-on: https://go-review.googlesource.com/c/build/+/357754 Trust: Heschi Kreinick Run-TryBot: Heschi Kreinick TryBot-Result: Go Bot Reviewed-by: Carlos Amedee --- deploy/build-ingress.yaml | 20 +++++++++++++++++++- devapp/deployment-prod.yaml | 16 ++++++++++++++++ 2 files changed, 35 insertions(+), 1 deletion(-) diff --git a/deploy/build-ingress.yaml b/deploy/build-ingress.yaml index 945d4c17..776e9177 100644 --- a/deploy/build-ingress.yaml +++ b/deploy/build-ingress.yaml @@ -15,6 +15,13 @@ spec: - host: dev-test.golang.org http: paths: + - pathType: ImplementationSpecific + path: /owners + backend: + service: + name: devapp-internal-iap + port: + number: 80 - pathType: ImplementationSpecific path: /* backend: @@ -59,7 +66,7 @@ spec: path: /* backend: service: - name: maintner-internal + name: maintnerd-internal port: number: 80 --- @@ -73,6 +80,17 @@ spec: enabled: true responseCodeName: FOUND --- +apiVersion: cloud.google.com/v1 +kind: BackendConfig +metadata: + namespace: prod + name: build-ingress-iap-backend +spec: + iap: + enabled: true + oauthclientCredentials: + secretName: iap-oauth +--- apiVersion: networking.gke.io/v1 kind: ManagedCertificate metadata: diff --git a/devapp/deployment-prod.yaml b/devapp/deployment-prod.yaml index a0c197e8..0b050d5d 100644 --- a/devapp/deployment-prod.yaml +++ b/devapp/deployment-prod.yaml @@ -58,6 +58,22 @@ spec: --- apiVersion: v1 kind: Service +metadata: + namespace: prod + name: devapp-internal-iap + annotations: + beta.cloud.google.com/backend-config: '{"default": "build-ingress-iap-backend"}' +spec: + ports: + - port: 80 + targetPort: 80 + name: http + selector: + app: devapp + type: ClusterIP +--- +apiVersion: v1 +kind: Service metadata: namespace: prod name: devapp-internal