Skip to content

x/build/cmd/gomote: configure HTTPS load balancers for the build infrastructure #49191

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
cagedmantis opened this issue Oct 27, 2021 · 5 comments
Closed

x/build/cmd/gomote: configure HTTPS load balancers for the build infrastructure #49191

cagedmantis opened this issue Oct 27, 2021 · 5 comments
Labels
Builders x/build issues (builders, bots, dashboards) FrozenDueToAge NeedsFix The path to resolution is known, but the work has not been done.
Milestone
Backlog

Comments

@cagedmantis
Copy link
Contributor

The gomote authentication revamp project requires Identity Aware Proxy to be enabled for the coordinator. As part of enabling IAP, an external HTTPS load balancer must be configured to route requests to our deployments on GKE. This is a multipart project which requires changing DNS addresses and various Kubernetes and GCP configuration changes.

This is a component of the project to revamp the security model used by gomote #47521
@golang/release
@cagedmantis cagedmantis added Builders x/build issues (builders, bots, dashboards) NeedsFix The path to resolution is known, but the work has not been done. labels Oct 27, 2021
@cagedmantis cagedmantis added this to the Backlog milestone Oct 27, 2021
@cagedmantis cagedmantis mentioned this issue Oct 27, 2021
Closed
16 tasks
@gopherbot
Copy link
Contributor

Change https://golang.org/cl/359234 mentions this issue: internal/https: document

gopherbot pushed a commit to golang/build that referenced this issue Oct 28, 2021
@heschi
internal/https: document
8952556 
For golang/go#49191.

Change-Id: I1fe2fc3fff2ba9add532b9c7d447f27ac6cfc54c
Reviewed-on: https://go-review.googlesource.com/c/build/+/359234
Trust: Heschi Kreinick <heschi@google.com>
Run-TryBot: Heschi Kreinick <heschi@google.com>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Alexander Rakoczy <alex@golang.org>
Reviewed-by: Carlos Amedee <carlos@golang.org>
@gopherbot
Copy link
Contributor

Change https://golang.org/cl/359479 mentions this issue: cmd/coordinator,cmd/gerritbot: use HTTP/2 between LB and app

@gopherbot
Copy link
Contributor

Change https://golang.org/cl/359480 mentions this issue: all: disable unnecessary serving methods

gopherbot pushed a commit to golang/build that referenced this issue Nov 1, 2021
@heschi
cmd/coordinator,cmd/gerritbot: use HTTP/2 between LB and app
e6783b0 
Also disassociate LE certs we don't need any more.

For golang/go#49191.

Change-Id: I74acf2f2f52fbf91670d27d91112136450f81944
Reviewed-on: https://go-review.googlesource.com/c/build/+/359479
Trust: Heschi Kreinick <heschi@google.com>
Run-TryBot: Heschi Kreinick <heschi@google.com>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Carlos Amedee <carlos@golang.org>
gopherbot pushed a commit to golang/build that referenced this issue Nov 1, 2021
@heschi
all: disable unnecessary serving methods
79bb74b 
We only need self-signed HTTPS on many services now.

For golang/go#49191.

Change-Id: I523a98b738f9cca7aeba57f7f6f66c199d99b788
Reviewed-on: https://go-review.googlesource.com/c/build/+/359480
Trust: Heschi Kreinick <heschi@google.com>
Run-TryBot: Heschi Kreinick <heschi@google.com>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Carlos Amedee <carlos@golang.org>
@cagedmantis cagedmantis changed the title x/build/cmd/gomote: configure HTTPS load balancers for the build repository x/build/cmd/gomote: configure HTTPS load balancers for the build infrastructure Nov 4, 2021
@gopherbot
Copy link
Contributor

Change https://golang.org/cl/365735 mentions this issue: deploy: add GRPC servers to build.golang.org

gopherbot pushed a commit to golang/build that referenced this issue Nov 23, 2021
@cagedmantis
deploy: add GRPC servers to build.golang.org
67fc292 
This change mounts the gomote and coordinator servers in the proper
locations.

Updates golang/go#47521
Updates golang/go#49191

Change-Id: I7c0054028fa928ba025b3c511701512e183894fd
Reviewed-on: https://go-review.googlesource.com/c/build/+/365735
Trust: Carlos Amedee <carlos@golang.org>
Run-TryBot: Carlos Amedee <carlos@golang.org>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>
Reviewed-by: Heschi Kreinick <heschi@google.com>
Reviewed-by: Alexander Rakoczy <alex@golang.org>
@gopherbot
Copy link
Contributor

Change https://go.dev/cl/398497 mentions this issue: cmd/coordinator: increase backend server timeout

gopherbot pushed a commit to golang/build that referenced this issue Apr 5, 2022
@cagedmantis
cmd/coordinator: increase backend server timeout
5aee8ef 
This change updates the backend service timeout for the
coordinator-internal-iap service. The default timeout is set to 30
seconds. Gomote creates will often require more than 30 seconds to
reach completion.

For golang/go#47521
Updates golang/go#49191

Change-Id: Ia7f3fa9ed24cfb5df143d5b45f28d7e1e94ed5b2
Reviewed-on: https://go-review.googlesource.com/c/build/+/398497
Trust: Carlos Amedee <carlos@golang.org>
Run-TryBot: Carlos Amedee <carlos@golang.org>
Reviewed-by: Heschi Kreinick <heschi@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
@rsc rsc unassigned heschi Jun 23, 2022
@heschi heschi moved this to Done in Go Release Sep 27, 2022
@golang golang locked and limited conversation to collaborators Jun 23, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
Builders x/build issues (builders, bots, dashboards) FrozenDueToAge NeedsFix The path to resolution is known, but the work has not been done.
Projects
Go Release
Archived in project
Milestone
Backlog
Development

No branches or pull requests
4 participants
@toothrot @cagedmantis @gopherbot @heschi