x509 auth needs to go through nginx load balancer #117
Description
at some point code that looks roughly like this needs to be deployed to get nginx load balancing in front of the x509
echo "Creating Gate x509 API Service for deployment named sandbox-us-central1"
cat <<SVC_EOF | kubectl --kubeconfig="/spinnaker/.kube/sandbox-us-central1.config" apply -f -
apiVersion: v1
kind: Service
metadata:
labels:
app: spin
cluster: spin-gate
name: spin-gate-spin-api
namespace: spinnaker
spec:
ports:
- name: x509
port: 8085
protocol: TCP
targetPort: 8085
selector:
app: spin
cluster: spin-gate
type: ClusterIP
SVC_EOF
echo "Creating Gate x509 API Ingress for deployment named sandbox-us-central1"
cat <<ING_EOF | kubectl --kubeconfig="/spinnaker/.kube/sandbox-us-central1.config" apply -f -
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/backend-protocol: HTTPS
nginx.ingress.kubernetes.io/ssl-passthrough: "true"
nginx.ingress.kubernetes.io/ssl-redirect: "true"
labels:
app: spin
cluster: spin-gate
name: spin-gate-spin-api
namespace: spinnaker
spec:
rules:
- host: spin-api.spinnaker.example.com
http:
paths:
- backend:
serviceName: spin-gate-spin-api
servicePort: 8085
path: /
tls:
- hosts:
- spin-api.spinnaker.example.com
ING_EOF
thanks to @dmrogers7 for finding the code that will do it.