Skip to content

Commit

Permalink
deploy, cmd/gomoteserver: add the Kubernetes configuration
Browse files Browse the repository at this point in the history
This change adds the Kubernetes configuration changes necessary
for the gomote server to be deployed in the cluster. It creates
a new ingress for the gomote server. It also adds an external
IP address for the gomote ssh functionality.

Updates golang/go#61912
For golang/go#61772

Change-Id: If821ff368bbd025a566b04f2d9779f2a12ff4cb2
Reviewed-on: https://go-review.googlesource.com/c/build/+/520695
TryBot-Result: Gopher Robot <[email protected]>
Reviewed-by: Heschi Kreinick <[email protected]>
Run-TryBot: Carlos Amedee <[email protected]>
Reviewed-by: Dmitri Shuralyov <[email protected]>
Reviewed-by: Dmitri Shuralyov <[email protected]>
  • Loading branch information
cagedmantis committed Sep 6, 2023
1 parent ed87657 commit 245708a
Show file tree
Hide file tree
Showing 2 changed files with 150 additions and 0 deletions.
98 changes: 98 additions & 0 deletions cmd/gomoteserver/deployment-prod.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,98 @@
# Copyright 2023 The Go Authors. All rights reserved.
# Use of this source code is governed by a BSD-style
# license that can be found in the LICENSE file.

apiVersion: apps/v1
kind: Deployment
metadata:
namespace: prod
name: gomoteserver-deployment
spec:
selector:
matchLabels:
app: gomoteserver
template:
metadata:
labels:
app: gomoteserver
spec:
serviceAccountName: gomoteserver
containers:
- name: gomoteserver
image: gcr.io/symbolic-datum-552/gomoteserver:latest
imagePullPolicy: Always
command: ["/gomoteserver", "-listen-http=:80", "-autocert-bucket=gomote-golang-org-autocert-cache", "-listen-https-selfsigned=:444"]
ports:
- containerPort: 80
- containerPort: 444
- containerPort: 2222 # ssh proxy port
resources:
requests:
cpu: "2"
memory: "16Gi"
limits:
cpu: "4"
memory: "16Gi"
---
apiVersion: v1
kind: Service
metadata:
namespace: prod
name: gomoteserver
spec:
ports:
- port: 2222
targetPort: 2222
name: ssh
selector:
app: gomoteserver
type: LoadBalancer
loadBalancerIP: 35.232.178.214 # gomote-ssh-golang-org
externalTrafficPolicy: Local
---
apiVersion: v1
kind: Service
metadata:
namespace: prod
name: gomoteserver-internal-iap
annotations:
cloud.google.com/backend-config: '{"default": "gomoteserver-iap-backend"}'
cloud.google.com/neg: '{"ingress": false}'
cloud.google.com/app-protocols: '{"https":"HTTP2"}'
spec:
ports:
- port: 444
targetPort: 444
name: https
selector:
app: gomoteserver
type: NodePort
---
apiVersion: v1
kind: Service
metadata:
namespace: prod
name: gomoteserver-internal
annotations:
cloud.google.com/neg: '{"ingress": false}'
cloud.google.com/app-protocols: '{"https":"HTTP2"}'
spec:
ports:
- port: 444
targetPort: 444
name: https
selector:
app: gomoteserver
type: NodePort
---
apiVersion: cloud.google.com/v1
kind: BackendConfig
metadata:
namespace: prod
name: gomoteserver-iap-backend
spec:
iap:
enabled: true
oauthclientCredentials:
secretName: iap-oauth
timeoutSec: 86400 # For long-running gomote RPCs. See https://go.dev/issue/56423.
52 changes: 52 additions & 0 deletions deploy/gomote-ingress.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,52 @@
# Copyright 2023 The Go Authors. All rights reserved.
# Use of this source code is governed by a BSD-style
# license that can be found in the LICENSE file.

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
namespace: prod
name: gomoteserver-ingress
annotations:
kubernetes.io/ingress.global-static-ip-name: gomote-web-golang-org
networking.gke.io/managed-certificates: gomoteserver-cert
kubernetes.io/ingress.class: "gce"
networking.gke.io/v1beta1.FrontendConfig: gomoteserver-ingress-frontend
spec:
rules:
- host: gomote.golang.org
http:
paths:
- pathType: ImplementationSpecific
path: /protos.GomoteService/*
backend:
service:
name: gomoteserver-internal-iap
port:
number: 444
- pathType: ImplementationSpecific
path: /*
backend:
service:
name: gomoteserver-internal
port:
number: 444
---
apiVersion: networking.gke.io/v1beta1
kind: FrontendConfig
metadata:
namespace: prod
name: gomoteserver-ingress-frontend
spec:
redirectToHttps:
enabled: true
responseCodeName: FOUND
---
apiVersion: networking.gke.io/v1
kind: ManagedCertificate
metadata:
namespace: prod
name: gomoteserver-cert
spec:
domains:
- gomote.golang.org

0 comments on commit 245708a

Please sign in to comment.