k8s: Update ingress to use IAP OAuth config This allows Jenkins to actually work for google.com users. This also required making a few changes in Pantheon to update the proxy permissions to allow IAP authentications for google.com. Change-Id: Iaedb7d7e9197b19b062f18e6de861f83f82b738d

commit: d7a397b26679d2d551ff561dc90cd820714df15c [log] [tgz]
author: June Tate-Gans <jtgans@google.com> Fri May 14 18:32:15 2021 +0000
committer: June Tate-Gans <jtgans@google.com> Fri May 14 18:33:23 2021 +0000
tree: d37903d1c4782d1830bafc10a737eba1d19df315
parent: bd5c426417312c6e4afd1d1abdc0f89136d18fb0 [diff]
diff --git a/k8s/ingress.yaml b/k8s/ingress.yaml
index 91a855c..05e879e 100644
--- a/k8s/ingress.yaml
+++ b/k8s/ingress.yaml

@@ -1,10 +1,22 @@
 ---
+apiVersion: cloud.google.com/v1
+kind: BackendConfig
+metadata:
+  name: jenkins-mendel-linux-backend
+spec:
+  iap:
+    enabled: true
+    oauthclientCredentials:
+      secretName: jenkins-iap-oauth-secret
+
+---
 apiVersion: v1
 kind: Service
 metadata:
   name: jenkins-mendel-linux
   annotations:
     cloud.google.com/neg: '{"ingress": true}'
+    cloud.google.com/backend-config: '{"ports": {"8080": "jenkins-mendel-linux-backend"}}'
 spec:
   selector:
     app: jenkins-operator
@@ -15,11 +27,15 @@
       port: 8080
 
 ---
-apiVersion: cloud.google.com/v1beta1
+apiVersion: cloud.google.com/v1
 kind: BackendConfig
 metadata:
   name: nginx-apt-backend
 spec:
+  iap:
+    enabled: false
+    oauthclientCredentials:
+      secretName: ""
   healthCheck:
     checkIntervalSec: 15
     port: 80
commit	d7a397b26679d2d551ff561dc90cd820714df15c	[log] [tgz]
author	June Tate-Gans <jtgans@google.com>	Fri May 14 18:32:15 2021 +0000
committer	June Tate-Gans <jtgans@google.com>	Fri May 14 18:33:23 2021 +0000
tree	d37903d1c4782d1830bafc10a737eba1d19df315
parent	bd5c426417312c6e4afd1d1abdc0f89136d18fb0 [diff]