From f0d14754a764f780bf058d8d040341857d18283a Mon Sep 17 00:00:00 2001
From: James Polley <jp@jamezpolley.com>
Date: Sat, 28 Jul 2018 09:49:30 +1000
Subject: [PATCH] Rework review app deployment to use ingress per deployment

---
 .gitlab-ci.yml                  |  8 +--
 k8s/deployment_template.jsonnet | 98 +++++++++++++++++----------------
 2 files changed, 54 insertions(+), 52 deletions(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 664a1f06..1e8cc29d 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -50,8 +50,7 @@ build_review_deployment:
   artifacts:
     paths:
     - k8s/deployment.json
-    - k8s/ingress-patch.json
-    - k8s/certificate-patch.json
+    - k8s/ingress.json
 
 build_2019_image:
   image: docker:git
@@ -112,8 +111,8 @@ build_2019_image:
   - kubectl config set-context cluster --cluster=cluster --namespace=rego-review --user=rego-dev/gitlab-sa
   - kubectl config use-context cluster
   - kubectl --token "${GL_KUBE_TOKEN}" apply -f k8s/deployment.json
-  - kubectl --token "${GL_KUBE_TOKEN}" describe ingress | grep "${CI_COMMIT_REF_SLUG}" || kubectl --token "${GL_KUBE_TOKEN}" patch ingress symposion-app-ingress -p "$(cat k8s/ingress-patch.json)" --type json
-  - kubectl --token "${GL_KUBE_TOKEN}" describe certificate | grep "${CI_COMMIT_REF_SLUG}" || kubectl --token "${GL_KUBE_TOKEN}" patch certificate dev-lca2019-org -p "$(cat k8s/certificate-patch.json)" --type json
+  - kubectl --token "${GL_KUBE_TOKEN}" apply -f k8s/ingress.json
+
   only:
   - /^dev\/.*$/
   environment:
@@ -130,6 +129,7 @@ build_2019_image:
   - kubectl config set-context cluster --cluster=cluster --namespace=rego-review --user=rego-dev/gitlab-sa
   - kubectl config use-context cluster
   - kubectl --token "${GL_KUBE_TOKEN}" delete -f k8s/deployment.json
+  - kubectl --token "${GL_KUBE_TOKEN}" delete -f k8s/ingress.json
   only:
   - /^dev\/.*$/
   when: manual
diff --git a/k8s/deployment_template.jsonnet b/k8s/deployment_template.jsonnet
index 23be06fb..78593f6d 100644
--- a/k8s/deployment_template.jsonnet
+++ b/k8s/deployment_template.jsonnet
@@ -1,9 +1,10 @@
 function (slug, sha) {
-  
+
   local app = "symposion-app-" + slug,
   local namespace = "rego-review",
   local domain = slug + ".dev.lca2019.org",
-  
+  local tls_secret = domain + "-tls",
+
   "deployment.json":
     {
       "apiVersion": "v1",
@@ -13,7 +14,7 @@ function (slug, sha) {
           "kind": "Service",
           "metadata": {
             "labels": {
-              "app": "symposion-app",
+              "app":  app,
               "slug": slug
             },
             "name": app,
@@ -28,7 +29,7 @@ function (slug, sha) {
               }
             ],
             "selector": {
-              "app": "symposion-app",
+              "app": app,
               "slug": slug
             },
             "sessionAffinity": "None",
@@ -40,7 +41,7 @@ function (slug, sha) {
           "kind": "Deployment",
           "metadata": {
             "labels": {
-              "app": "symposion-app",
+              "app": app,
               "slug": slug,
             },
             "name": app,
@@ -51,7 +52,7 @@ function (slug, sha) {
             "revisionHistoryLimit": 1,
             "selector": {
               "matchLabels": {
-                "app": "symposion-app",
+                "app": app,
                 "slug": slug
               }
             },
@@ -65,7 +66,7 @@ function (slug, sha) {
             "template": {
               "metadata": {
                 "labels": {
-                  "app": "symposion-app",
+                  "app": app,
                   "slug": slug
                 }
               },
@@ -148,47 +149,48 @@ function (slug, sha) {
       ],
       "kind": "List"
     },
-  "ingress-patch.json": [
-      {
-        "op": "add",
-        "path": "/spec/rules/-",
-        "value": {
-          "host": domain,
-          "http": {
-            "paths": [
-              {
-                "backend": {
-                  "serviceName": app,
-                  "servicePort": 8000
-                },
-                "path": "/"
-              }
+  "ingress.json":
+    {
+        "kind": "Ingress",
+        "apiVersion": "extensions/v1beta1",
+        "metadata": {
+            "name": app,
+            "namespace": namespace,
+            "annotations": {
+                "certmanager.k8s.io/acme-http01-edit-in-place": "true",
+                "kubernetes.io/ingress.class": "nginx-review",
+                "kubernetes.io/tls-acme": "true"
+            }
+        },
+        "spec": {
+            "backend": {
+                "serviceName": app,
+                "servicePort": 80
+            },
+            "tls": [
+                {
+                    "hosts": [
+                        domain
+                    ],
+                    "secretName": tls_secret,
+                }
+            ],
+            "rules": [
+                {
+                    "host": domain,
+                    "http": {
+                        "paths": [
+                            {
+                                "path": "/",
+                                "backend": {
+                                    "serviceName": app,
+                                    "servicePort": 8000
+                                }
+                            }
+                        ]
+                    }
+                }
             ]
-          }
         }
-      },
-      {
-        "op": "add",
-        "path": "/spec/tls/0/hosts/-",
-        "value": domain
-      }
-  ],
-   "certificate-patch.json": [
-      {
-        "op": "add",
-        "path": "/spec/acme/config/-",
-        "value": {
-          "domains": [ domain ],
-          "http01": {
-            "ingress": "",
-            "ingressClass": "nginx-review"
-          }
-        }
-      },
-      {
-        "op": "add",
-        "path": "/spec/dnsNames/-",
-        "value": domain
-      }
-  ]
+    }
 }