commit bcf14e51151cb22205536a9cb403628d1b5a5e69
author June Tate-Gans <jtgans@google.com> Fri Jun 05 13:47:06 2020 -0400
committer June Tate-Gans <jtgans@google.com> Fri Jun 05 13:47:06 2020 -0400
tree a31b9216141e4bc210d7b0371b431311cb280d36
parent 2dd6f302280009283c6261842737bc7f449230cc

k8s: Add NGINX web server to serve apt

This also creates GKE managed certificates and routing for both Jenkins and
NGINX in the same configs.

Change-Id: Ia2718f36e9d98587605690a6f3cb0bf53a4f8c82

k8s/certificates.yaml

diff --git a/k8s/certificates.yaml b/k8s/certificates.yaml
new file mode 100644
index 0000000..f57bae3
--- /dev/null
+++ b/k8s/certificates.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: networking.gke.io/v1beta1
+kind: ManagedCertificate
+metadata:
+  name: mendel-linux-org
+spec:
+  domains:
+    - mendel-linux.org

k8s/ingress.yaml

diff --git a/k8s/ingress.yaml b/k8s/ingress.yaml
index 18ec19e..950e81a 100644
--- a/k8s/ingress.yaml
+++ b/k8s/ingress.yaml
@@ -3,6 +3,8 @@
 kind: Service
 metadata:
   name: jenkins-mendel-linux
+  annotations:
+    cloud.google.com/neg: '{"ingress": true}'
 spec:
   selector:
     app: jenkins-operator
@@ -11,23 +13,60 @@
   ports:
     - protocol: TCP
       port: 8080
-      targetPort: 8080
 
 ---
-apiVersion: extensions/v1beta1
+apiVersion: cloud.google.com/v1beta1
+kind: BackendConfig
+metadata:
+  name: nginx-apt-backend
+spec:
+  cdn:
+    enabled: true
+    cachePolicy:
+      includeHost: true
+      includeProtocol: true
+      includeQueryString: false
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: nginx-apt
+  annotations:
+    cloud.google.com/neg: '{"ingress": true}'
+    cloud.google.com/backend-config: '{"ports": {"80": "nginx-apt-backend"}}'
+spec:
+  selector:
+    app: nginx-apt
+  type: NodePort
+  ports:
+    - protocol: TCP
+      port: 80
+
+---
+apiVersion: networking.k8s.io/v1beta1
 kind: Ingress
 metadata:
   name: mendel-linux-ingress
   annotations:
     kubernetes.io/ingress.global-static-ip-name: mendel-linux-ip
-    networking.gke.io/managed-certificates: mendel-linux-ssl-cert
+    ingress.kubernetes.io/ssl-cert: mendel-linux-org
+    networking.gke.io/managed-certificates: mendel-linux-org
 spec:
+  backend:
+    serviceName: jenkins-mendel-linux
+    servicePort: 8080
   tls:
     - secretName: mendel-linux-ssl-cert
   rules:
     - host: mendel-linux.org
       http:
         paths:
-          - backend:
+          - path: /apt/*
+            backend:
+              serviceName: nginx-apt
+              servicePort: 80
+          - path: /*
+            backend:
               serviceName: jenkins-mendel-linux
               servicePort: 8080

k8s/nginx-apt.yaml

diff --git a/k8s/nginx-apt.yaml b/k8s/nginx-apt.yaml
new file mode 100644
index 0000000..58b7f27
--- /dev/null
+++ b/k8s/nginx-apt.yaml
@@ -0,0 +1,69 @@
+---
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: nginx-config
+data:
+  default.conf: |
+    server {
+      listen 80;
+      server_name mendel-linux.org;
+
+      location /apt {
+        autoindex on;
+        alias /usr/share/nginx/html;
+      }
+
+      location / {
+        autoindex on;
+        root /usr/share/nginx/html;
+      }
+    }
+
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: nginx-apt
+  labels:
+    app: nginx-apt
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: nginx-apt
+  template:
+    metadata:
+      labels:
+        app: nginx-apt
+    spec:
+      restartPolicy: Always
+      containers:
+        - name: nginx
+          image: nginx:1.19-alpine
+          imagePullPolicy: Always
+          ports:
+            - containerPort: 80
+              name: http
+          readinessProbe:
+            httpGet:
+              path: /apt
+              port: http
+            failureThreshold: 1
+            periodSeconds: 10
+          resources:
+            requests:
+              memory: 0.5Gi
+          volumeMounts:
+            - mountPath: /usr/share/nginx/html
+              subPath: publishes
+              name: aptly-publishes
+            - mountPath: /etc/nginx/conf.d
+              name: nginx-config
+      volumes:
+        - name: aptly-publishes
+          persistentVolumeClaim:
+            claimName: aptly-state
+        - name: nginx-config
+          configMap:
+            name: nginx-config