k8s: Update ingress to use IAP OAuth config
This allows Jenkins to actually work for google.com users. This also
required making a few changes in Pantheon to update the proxy
permissions to allow IAP authentications for google.com.
Change-Id: Iaedb7d7e9197b19b062f18e6de861f83f82b738d
diff --git a/k8s/ingress.yaml b/k8s/ingress.yaml
index 91a855c..05e879e 100644
--- a/k8s/ingress.yaml
+++ b/k8s/ingress.yaml
@@ -1,10 +1,22 @@
---
+apiVersion: cloud.google.com/v1
+kind: BackendConfig
+metadata:
+ name: jenkins-mendel-linux-backend
+spec:
+ iap:
+ enabled: true
+ oauthclientCredentials:
+ secretName: jenkins-iap-oauth-secret
+
+---
apiVersion: v1
kind: Service
metadata:
name: jenkins-mendel-linux
annotations:
cloud.google.com/neg: '{"ingress": true}'
+ cloud.google.com/backend-config: '{"ports": {"8080": "jenkins-mendel-linux-backend"}}'
spec:
selector:
app: jenkins-operator
@@ -15,11 +27,15 @@
port: 8080
---
-apiVersion: cloud.google.com/v1beta1
+apiVersion: cloud.google.com/v1
kind: BackendConfig
metadata:
name: nginx-apt-backend
spec:
+ iap:
+ enabled: false
+ oauthclientCredentials:
+ secretName: ""
healthCheck:
checkIntervalSec: 15
port: 80