devapp,maintnerd: use HTTP/2 between LB and app
Enable self-signed HTTPS, and configure the Service and Ingress to do
HTTP/2 over that port.
Also fix various silly mistakes and typos that I discovered while
rolling out the previous change.
For #49191.
Change-Id: If4f308d0e79a94a480ba97b27b5a503cf2aeff2e
Reviewed-on: https://go-review.googlesource.com/c/build/+/358914
Trust: Heschi Kreinick <heschi@google.com>
Reviewed-by: Carlos Amedee <carlos@golang.org>
Reviewed-by: Alexander Rakoczy <alex@golang.org>
diff --git a/cmd/coordinator/deployment-prod.yaml b/cmd/coordinator/deployment-prod.yaml
index e6d53dc..81e9657 100644
--- a/cmd/coordinator/deployment-prod.yaml
+++ b/cmd/coordinator/deployment-prod.yaml
@@ -20,7 +20,7 @@
- name: coordinator
image: gcr.io/symbolic-datum-552/coordinator:latest
imagePullPolicy: Always
- command: ["/coordinator", "-listen-http=:80", "-listen-autocert-ssh=:443", "-autocert-bucket=farmer-golang-org-autocert-cache"]
+ command: ["/coordinator", "-listen-http=:80", "-listen-https-autocert=:443", "-autocert-bucket=farmer-golang-org-autocert-cache"]
ports:
- containerPort: 80
- containerPort: 443
diff --git a/cmd/pubsubhelper/deployment-prod.yaml b/cmd/pubsubhelper/deployment-prod.yaml
index b5524c6..bc1dddc 100644
--- a/cmd/pubsubhelper/deployment-prod.yaml
+++ b/cmd/pubsubhelper/deployment-prod.yaml
@@ -21,7 +21,7 @@
- name: pubsubhelper
image: gcr.io/symbolic-datum-552/pubsubhelper:latest
imagePullPolicy: Always
- command: ["/pubsubhelper", "-listen-http=:80", "-listen-https-autocert=443", "-autocert-bucket=golang-pubsubhelper-autocert"]
+ command: ["/pubsubhelper", "-listen-http=:80", "-listen-https-autocert=:443", "-autocert-bucket=golang-pubsubhelper-autocert"]
ports:
- containerPort: 25
- containerPort: 80
diff --git a/deploy/build-ingress.yaml b/deploy/build-ingress.yaml
index 776e917..c87c6dd 100644
--- a/deploy/build-ingress.yaml
+++ b/deploy/build-ingress.yaml
@@ -21,14 +21,14 @@
service:
name: devapp-internal-iap
port:
- number: 80
+ number: 444
- pathType: ImplementationSpecific
path: /*
backend:
service:
name: devapp-internal
port:
- number: 80
+ number: 444
- host: build.golang.org
http:
paths:
@@ -48,7 +48,7 @@
service:
name: devapp-internal
port:
- number: 80
+ number: 444
- host: gerritbot.golang.org
http:
paths:
@@ -68,7 +68,7 @@
service:
name: maintnerd-internal
port:
- number: 80
+ number: 444
---
apiVersion: networking.gke.io/v1beta1
kind: FrontendConfig
diff --git a/devapp/deployment-prod.yaml b/devapp/deployment-prod.yaml
index 1aacdb7f..15436ce 100644
--- a/devapp/deployment-prod.yaml
+++ b/devapp/deployment-prod.yaml
@@ -21,7 +21,7 @@
- name: devapp
image: gcr.io/symbolic-datum-552/devapp:latest
imagePullPolicy: Always
- command: ["/devapp", "-listen-http=:80", "-listen-https-autocert=:443", "-autocert-bucket=golang-devapp-autocert"]
+ command: ["/devapp", "-listen-http=:80", "-listen-https-autocert=:443", "-autocert-bucket=golang-devapp-autocert", "-listen-https-selfsigned=:444"]
readinessProbe:
httpGet:
path: /healthz
@@ -29,6 +29,7 @@
ports:
- containerPort: 80
- containerPort: 443
+ - containerPort: 444
resources:
requests:
cpu: "1"
@@ -63,11 +64,12 @@
name: devapp-internal-iap
annotations:
beta.cloud.google.com/backend-config: '{"default": "build-ingress-iap-backend"}'
+ cloud.google.com/app-protocols: '{"https":"HTTP2"}'
spec:
ports:
- - port: 80
- targetPort: 80
- name: http
+ - port: 444
+ targetPort: 444
+ name: https
selector:
app: devapp
type: ClusterIP
@@ -77,11 +79,13 @@
metadata:
namespace: prod
name: devapp-internal
+ annotations:
+ cloud.google.com/app-protocols: '{"https":"HTTP2"}'
spec:
ports:
- - port: 80
- targetPort: 80
- name: http
+ - port: 444
+ targetPort: 444
+ name: https
selector:
app: devapp
type: ClusterIP
diff --git a/maintner/maintnerd/deployment-prod.yaml b/maintner/maintnerd/deployment-prod.yaml
index 1ce99ec..cccb156 100644
--- a/maintner/maintnerd/deployment-prod.yaml
+++ b/maintner/maintnerd/deployment-prod.yaml
@@ -27,7 +27,7 @@
- name: maintnerd
image: gcr.io/symbolic-datum-552/maintnerd:latest
imagePullPolicy: Always
- command: ["/usr/bin/tini", "--", "/maintnerd", "--config=go", "--bucket=golang-maintner-log", "--verbose", "--data-dir=/cache", "--listen-http=:80", "--listen-https-autocert=:443", "--autocert-bucket=golang-maintner-autocert"]
+ command: ["/usr/bin/tini", "--", "/maintnerd", "--config=go", "--bucket=golang-maintner-log", "--verbose", "--data-dir=/cache", "--listen-http=:80", "--listen-https-autocert=:443", "--autocert-bucket=golang-maintner-autocert", "-listen-https-selfsigned=:444"]
volumeMounts:
- mountPath: /cache
name: maintner-cache
@@ -77,11 +77,13 @@
metadata:
namespace: prod
name: maintnerd-internal
+ annotations:
+ cloud.google.com/app-protocols: '{"https":"HTTP2"}'
spec:
ports:
- - port: 80
- targetPort: 80
- name: http
+ - port: 444
+ targetPort: 444
+ name: https
selector:
app: maintnerd
type: ClusterIP
diff --git a/maintner/maintnerd/maintnerd.go b/maintner/maintnerd/maintnerd.go
index 9eca6c6..c03d2a9 100644
--- a/maintner/maintnerd/maintnerd.go
+++ b/maintner/maintnerd/maintnerd.go
@@ -71,6 +71,7 @@
var autocertManager *autocert.Manager
func main() {
+ https.RegisterFlags(flag.CommandLine)
flag.Parse()
ctx := context.Background()
diff --git a/vcs-test/redeploy-vcweb.sh b/vcs-test/redeploy-vcweb.sh
index 5ea6144..29bc511 100755
--- a/vcs-test/redeploy-vcweb.sh
+++ b/vcs-test/redeploy-vcweb.sh
@@ -9,9 +9,9 @@
GO111MODULE=on CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build "-ldflags=\"-X=main.buildInfo=$info\"" -o vcweb.exe ./vcweb
trap "rm -f vcweb.exe" EXIT
-gcloud beta compute scp vcweb.exe vcs-test:
+gcloud beta compute scp --zone us-central1-a vcweb.exe vcs-test:
-gcloud compute ssh vcs-test -- sudo -n bash -c \''
+gcloud compute ssh --zone us-central1-a vcs-test -- sudo -n bash -c \''
mv vcweb.exe /usr/bin/vcweb
chmod a+rx /usr/bin/vcweb
systemctl restart vcweb.service