This change adds the Kubernetes configuration changes necessary
for the gomote server to be deployed in the cluster. It creates
a new ingress for the gomote server. It also adds an external
IP address for the gomote ssh functionality.
Updates golang/go#61912
For golang/go#61772
Change-Id: If821ff368bbd025a566b04f2d9779f2a12ff4cb2
Reviewed-on: https://go-review.googlesource.com/c/build/+/520695
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Heschi Kreinick <heschi@google.com>
Run-TryBot: Carlos Amedee <carlos@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Replace "Go Authors" with "The Go Authors." to be consistent with the
standard copyright header at https://go.dev/doc/contribute#copyright.
There were also a couple instances of a double space and double "the".
Change-Id: Ife7a80dd40f1a760ba85cbfee270356d46cfc53f
Reviewed-on: https://go-review.googlesource.com/c/build/+/472376
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Ian Lance Taylor <iant@google.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Run-TryBot: Dmitri Shuralyov <dmitshur@golang.org>
Auto-Submit: Dmitri Shuralyov <dmitshur@golang.org>
CL 454935 broke the Kubernetes ingress by requiring IAP on health
checks. Move /healthz handling into internal/https, where it
automatically bypasses authentication and removes some duplicate trivial
implementations.
Unfortunately, GKE is not capable of inferring health check parameters
from a multi-container pod like relui, so we have to change our
BackendConfig. That sets off a yak shave -- I made the questionable
decision to use the same backend for all our IAP services, and the
coordinator doesn't currently support /healthz. Split all them up and
delete the devapp configuration I was using for testing way back in the
day.
Change-Id: I45e866d30508a07e9a805de70af731dd64c22d7f
Reviewed-on: https://go-review.googlesource.com/c/build/+/455215
Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>
Auto-Submit: Heschi Kreinick <heschi@google.com>
Run-TryBot: Heschi Kreinick <heschi@google.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Connections connected for long than the timeout are automatically closed
by the load balancer. gomote create (CreateInstance) and gomote run
(ExecuteCommand) are implemented as single, long-running gRPC calls.
Currently, if one of these exceeds 2 hours, the connection is closed and
the call fails.
Increase the limit to 24 hr as a mitigation to give long-running
commands more time to complete. As noted at
https://cloud.google.com/load-balancing/docs/https#timeouts_and_retries,
these connections are still at risk of reset due to restarts of the load
balance itself, so ideally gomote eventually migrates to RPCs that
support retry/continue.
For golang/go#56423.
Change-Id: Ia10faea1ca8558373d2d6b45abcf99c476317270
Reviewed-on: https://go-review.googlesource.com/c/build/+/445435
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Carlos Amedee <carlos@golang.org>
Run-TryBot: Michael Pratt <mpratt@google.com>
Reviewed-by: Heschi Kreinick <heschi@google.com>
This makes the release server accessible via build.golang.org.
Updates golang/go#53632Fixesgolang/go#54303
Change-Id: I7628ef8f46b52ce27a0b41ce4e85108388cf64e9
Reviewed-on: https://go-review.googlesource.com/c/build/+/424915
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Run-TryBot: Carlos Amedee <carlos@golang.org>
Reviewed-by: Joedian Reid <joedian@golang.org>
As mentioned in GKE docs¹, the default is 30 seconds, which is too short
for the /logs endpoint to serve a 304 while long-polling during periods
of low corpus activity. Use a minute, since that worked okay before.
While here, update other YAML files to use the non-beta annotation for
the backend config, since we're using a new enough Kubernetes by now.
¹ https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-features#timeoutFixesgolang/go#53569.
Change-Id: If35ac2b30a8fcb1740d0597afd3e4cda4fe0cea1
Reviewed-on: https://go-review.googlesource.com/c/build/+/415354
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Run-TryBot: Dmitri Shuralyov <dmitshur@golang.org>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Carlos Amedee <carlos@golang.org>
Auto-Submit: Dmitri Shuralyov <dmitshur@golang.org>
This change adds license headers to files which are missing them.
A modified version of the addlicense tool was used to add these headers:
https://github.com/google/addlicense
The command issued was:
addlicense -c "Go Authors" -l bsd *
Change-Id: Id6fd17c587f99b3ff0ef5f5f35befcfe5aaeef72
Reviewed-on: https://go-review.googlesource.com/c/build/+/409614
Run-TryBot: Carlos Amedee <carlos@golang.org>
Auto-Submit: Carlos Amedee <carlos@golang.org>
Reviewed-by: Carlos Amedee <carlos@golang.org>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Alex Rakoczy <alex@golang.org>
This change updates the backend service timeout config and sets the
timeout to 2 hours. The default timeout is 30 seconds. This is
currently a problem when we issue a gomote create that takes more than
30 seconds to allocate a gomote instance. This timeout will be
encountered in other remote buidlet operations that follow the new path.
Updated golang/go#47521
Change-Id: Id88b0e1263a088f4841371cb37ff8c931580b109
Reviewed-on: https://go-review.googlesource.com/c/build/+/406334
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Heschi Kreinick <heschi@google.com>
Auto-Submit: Carlos Amedee <carlos@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Run-TryBot: Carlos Amedee <carlos@golang.org>
App Engine only supports Go 1.16 and we'd like to use newer features, so
convert this application to build as a standard container-based server
that we can deploy to Kubernetes.
Very little has to change. We have a new entrypoint that serves with
internal/https, and we use go:embed to store the template files.
For golang/go#48803.
Change-Id: I7f33f3421b6d405e111ec7ea716809a0a0f0cff6
Reviewed-on: https://go-review.googlesource.com/c/build/+/399042
Reviewed-by: Heschi Kreinick <heschi@google.com>
Trust: Michael Pratt <mpratt@google.com>
Run-TryBot: Michael Pratt <mpratt@google.com>
Auto-Submit: Michael Pratt <mpratt@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
This change mounts the gomote and coordinator servers in the proper
locations.
Updates golang/go#47521
Updates golang/go#49191
Change-Id: I7c0054028fa928ba025b3c511701512e183894fd
Reviewed-on: https://go-review.googlesource.com/c/build/+/365735
Trust: Carlos Amedee <carlos@golang.org>
Run-TryBot: Carlos Amedee <carlos@golang.org>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>
Reviewed-by: Heschi Kreinick <heschi@google.com>
Reviewed-by: Alexander Rakoczy <alex@golang.org>
Otherwise, the strict match will not match endpoints other than the
home, which redirects.
For golang/go#47401
Change-Id: I1317e6c097374a40be69481a5b36934bb15e5b81
Reviewed-on: https://go-review.googlesource.com/c/build/+/363979
Trust: Alexander Rakoczy <alex@golang.org>
Run-TryBot: Alexander Rakoczy <alex@golang.org>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Heschi Kreinick <heschi@google.com>
Reviewed-by: Carlos Amedee <carlos@golang.org>
Order matters for path matching.
For golang/go#47401
Change-Id: I92f5fb716b1d893313a7d2883f8de63cb8278156
Reviewed-on: https://go-review.googlesource.com/c/build/+/363697
Trust: Alexander Rakoczy <alex@golang.org>
Run-TryBot: Alexander Rakoczy <alex@golang.org>
Reviewed-by: Heschi Kreinick <heschi@google.com>
TryBot-Result: Go Bot <gobot@golang.org>
This mounts relui to the appropriate locaiton.
For golang/go#47401
Change-Id: I247ac925b47206acc2a6b4a109da003645af3a68
Reviewed-on: https://go-review.googlesource.com/c/build/+/363696
Trust: Alexander Rakoczy <alex@golang.org>
Run-TryBot: Alexander Rakoczy <alex@golang.org>
Reviewed-by: Heschi Kreinick <heschi@google.com>
TryBot-Result: Go Bot <gobot@golang.org>
Also disassociate LE certs we don't need any more.
For golang/go#49191.
Change-Id: I74acf2f2f52fbf91670d27d91112136450f81944
Reviewed-on: https://go-review.googlesource.com/c/build/+/359479
Trust: Heschi Kreinick <heschi@google.com>
Run-TryBot: Heschi Kreinick <heschi@google.com>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Carlos Amedee <carlos@golang.org>
Enable self-signed HTTPS, and configure the Service and Ingress to do
HTTP/2 over that port.
Also fix various silly mistakes and typos that I discovered while
rolling out the previous change.
For #49191.
Change-Id: If4f308d0e79a94a480ba97b27b5a503cf2aeff2e
Reviewed-on: https://go-review.googlesource.com/c/build/+/358914
Trust: Heschi Kreinick <heschi@google.com>
Reviewed-by: Carlos Amedee <carlos@golang.org>
Reviewed-by: Alexander Rakoczy <alex@golang.org>
Following:
https://cloud.google.com/kubernetes-engine/docs/concepts/ingresshttps://cloud.google.com/kubernetes-engine/docs/how-to/managed-certs
Create an Ingress with HTTPS redirects enabled.
For each of build, dev, gerritbot, maintner:
- Add three certs: the new Google-managed cert, plus the two old LE certs.
- Add an ingress rule for the host, and a new internal Service it maps to.
- Disable our own HTTPS redirects, since the ingress terminates HTTPS.
They will be accessible via HTTP for the duration of the migration;
they don't serve anything sensitive anyway.
dev-test.golang.org is already rolled out using only a Google-managed
cert, so you can try HTTP and HTTPS directly there. I've also verified
that the LE certs are served:
curl -v --resolve dev.golang.org:443:34.149.223.5 https://dev.golang.org/
Change-Id: I20f3c92ffb00dbd9066822f748508013b68d5483
Reviewed-on: https://go-review.googlesource.com/c/build/+/355670
Trust: Heschi Kreinick <heschi@google.com>
Trust: Alexander Rakoczy <alex@golang.org>
Run-TryBot: Heschi Kreinick <heschi@google.com>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Alexander Rakoczy <alex@golang.org>
Reviewed-by: Carlos Amedee <carlos@golang.org>
Carlos Amedee
Dmitri Shuralyov
Heschi Kreinick
Michael Pratt
Alexander Rakoczy