devapp: enable IAP on test site
Experiment with per-path IAP backends.
Change-Id: Ic25460e9a7af230035303af55ba94e5b453451f6
Reviewed-on: https://go-review.googlesource.com/c/build/+/357754
Trust: Heschi Kreinick <heschi@google.com>
Run-TryBot: Heschi Kreinick <heschi@google.com>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Carlos Amedee <carlos@golang.org>
diff --git a/deploy/build-ingress.yaml b/deploy/build-ingress.yaml
index 945d4c1..776e917 100644
--- a/deploy/build-ingress.yaml
+++ b/deploy/build-ingress.yaml
@@ -16,6 +16,13 @@
http:
paths:
- pathType: ImplementationSpecific
+ path: /owners
+ backend:
+ service:
+ name: devapp-internal-iap
+ port:
+ number: 80
+ - pathType: ImplementationSpecific
path: /*
backend:
service:
@@ -59,7 +66,7 @@
path: /*
backend:
service:
- name: maintner-internal
+ name: maintnerd-internal
port:
number: 80
---
@@ -73,6 +80,17 @@
enabled: true
responseCodeName: FOUND
---
+apiVersion: cloud.google.com/v1
+kind: BackendConfig
+metadata:
+ namespace: prod
+ name: build-ingress-iap-backend
+spec:
+ iap:
+ enabled: true
+ oauthclientCredentials:
+ secretName: iap-oauth
+---
apiVersion: networking.gke.io/v1
kind: ManagedCertificate
metadata:
diff --git a/devapp/deployment-prod.yaml b/devapp/deployment-prod.yaml
index a0c197e..0b050d5 100644
--- a/devapp/deployment-prod.yaml
+++ b/devapp/deployment-prod.yaml
@@ -60,6 +60,22 @@
kind: Service
metadata:
namespace: prod
+ name: devapp-internal-iap
+ annotations:
+ beta.cloud.google.com/backend-config: '{"default": "build-ingress-iap-backend"}'
+spec:
+ ports:
+ - port: 80
+ targetPort: 80
+ name: http
+ selector:
+ app: devapp
+ type: ClusterIP
+---
+apiVersion: v1
+kind: Service
+metadata:
+ namespace: prod
name: devapp-internal
spec:
ports: