ingress.yaml

Documentation: edge-infra.dev/config/pallets/f8n/gridbug/gke

     1apiVersion: networking.k8s.io/v1
     2kind: Ingress
     3metadata:
     4  name: gridbug
     5  annotations:
     6    kubernetes.io/ingress.allow-http: "false"
     7    kubernetes.io/ingress.class: 'gce'
     8    kubernetes.io/ingress.global-static-ip-name: "gridbug-ip"
     9    networking.gke.io/managed-certificates: gridbug-cert
    10    networking.gke.io/v1beta1.FrontendConfig: "ncr-default"
    11spec:
    12  defaultBackend:
    13    service:
    14      name: gridbug
    15      port:
    16        number: 8080
    17---
    18apiVersion: networking.gke.io/v1beta1
    19kind: FrontendConfig
    20metadata:
    21  name: ncr-default
    22spec:
    23  redirectToHttps:
    24    enabled: true
    25  sslPolicy: ncr-default
    26---
    27apiVersion: cloud.google.com/v1
    28kind: BackendConfig
    29metadata:
    30  name: gridbug
    31spec:
    32  iap:
    33    enabled: true
    34    oauthclientCredentials:
    35      secretName: iap-oauth
    36---
    37apiVersion: external-secrets.io/v1beta1
    38kind: ExternalSecret
    39metadata:
    40  name: iap-oauth-ext
    41spec:
    42  dataFrom:
    43  - extract:
    44      key: gridbug-iap-oauth-creds
    45  refreshInterval: 1h
    46  secretStoreRef:
    47    name: gcp-provider
    48    kind: ClusterSecretStore
    49  target:
    50    name: iap-oauth
    51    creationPolicy: Owner
    52---
    53apiVersion: iam.cnrm.cloud.google.com/v1beta1
    54kind: IAMPolicyMember
    55metadata:
    56  name: essa-gridbug-iap-oauth-creds
    57spec:
    58  member: serviceAccount:ext-sec-${cluster_hash}@${gcp_project_id}.iam.gserviceaccount.com
    59  resourceRef:
    60    apiVersion: secretmanager.cnrm.cloud.google.com/v1beta1
    61    kind: SecretManagerSecret
    62    external: projects/${gcp_project_id}/secrets/gridbug-iap-oauth-creds
    63  role: roles/secretmanager.secretAccessor
View as plain text