kubernetes · thockin · Aug 23, 2016 · Aug 22, 2016 · Aug 23, 2016
diff --git a/k8s.io/.gitignore b/k8s.io/.gitignore
@@ -0,0 +1,3 @@
+tls.crt
+tls.key
+tls.csr
diff --git a/k8s.io/Makefile b/k8s.io/Makefile
@@ -0,0 +1,21 @@
+all: test
+
+.PHONY: deploy-fake-secret
+deploy-fake-secret:
+	openssl genrsa -out tls.key 2048
+	openssl req -new -key tls.key -out tls.csr -subj '/CN=k8s.io/O=TEST/C=US'
+	openssl x509 -req -days 10000 -in tls.csr -signkey tls.key -out tls.crt
+	kubectl get secret/ssl || kubectl create secret generic ssl --from-file=tls.key=tls.key --from-file=tls.crt=tls.crt
+
+.PHONY: deploy
+deploy:
+	kubectl get secret/ssl || kubectl apply -f secret-ssl.yaml
+	kubectl apply -f configmap-nginx.yaml
+	kubectl apply -f configmap-www-get.yaml
+	kubectl apply -f configmap-www-golang.yaml
+	kubectl apply -f service.yaml
+	kubectl apply -f deployment.yaml
+
+.PHONY: test
+test:
+	python test.py
diff --git a/k8s.io/README.md b/k8s.io/README.md
@@ -0,0 +1,17 @@
+Overview
+====
+This contains the Nginx configuration for k8s.io and the associated subdomain
+redirectors.
+
+Testing
+====
+Configure kubectl to target a test cluster on GKE.
+
+Run `make deploy-fake-secret deploy` and wait for the service to be available--
+the load balancer may take some time to configure.
+
+Use `make test` to run unit tests to verify the various endpoints on the server.
+
+Deploying
+===
+Set kubectl to target the production cluster, then run `make deploy`.
diff --git a/k8s.io/configmap-nginx.yaml b/k8s.io/configmap-nginx.yaml
@@ -0,0 +1,181 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: nginx
+data:
+  # Adding new entries here will make them appear as files in the deployment.
+  nginx.conf: |
+    worker_processes 5;
+
+    events {
+    }
+
+    http {
+      # Certs for all SSL server_names.
+      ssl_certificate     /certs/tls.crt;
+      ssl_certificate_key /certs/tls.key;
+      ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
+      ssl_ciphers         HIGH:!aNULL:!MD5;
+
+      # This is the main site redirector.
+      server {
+        server_name k8s.io kubernetes.io kubernet.es;
+        listen 80;
+        listen 443 ssl;
+
+        if ($arg_go-get = "1") {
+          # This is a go-get operation.
+          # Send any file in any repo to static content.
+          rewrite ^/([^/]*)(/.*)?$  /_golang-go-get/$1.html;
+        }
+
+        location /_golang-go-get {
+          # Serve static content.
+          alias /www/golang;
+        }
+
+        location /_healthz {
+          add_header Content-Type text/plain;
+          return 200 'ok';
+        }
+
+        # Forward to the real site.
+        location / {
+          rewrite ^/(.*)$   http://kubernetes.io/$1 redirect;
+        }
+      }
+
+      #
+      # Vanity redirect rules.
+      #
+
+      server {
+        server_name changelog.kubernetes.io changelog.k8s.io;
+        listen 80;
+        listen 443 ssl;
+
+        rewrite ^/(.*)?$    https://github.com/kubernetes/kubernetes/releases/tag/$1 redirect;
+      }
+      server {
+        server_name ci-test.kubernetes.io ci-test.k8s.io;
+        listen 80;
+        listen 443 ssl;
+
+        # This is really not ideal, but there's no obvious way to browse GCS that handles directories and files.
+        rewrite ^/$             https://console.developers.google.com/storage/browser/kubernetes-jenkins/logs redirect;
+        rewrite ^/(.*)/$        https://console.developers.google.com/storage/browser/kubernetes-jenkins/logs/$1 redirect;
+        rewrite ^/(.*)$         https://storage.cloud.google.com/kubernetes-jenkins/logs/$1 redirect;
+      }
+      server {
+        server_name code.kubernetes.io code.k8s.io;
+        listen 80;
+        listen 443 ssl;
+
+        rewrite ^/(.*)?$    https://github.com/kubernetes/kubernetes/tree/master/$1 redirect;
+      }
+      server {
+        server_name docs.k8s.io docs.kubernetes.io;
+        listen 80;
+        listen 443 ssl;
+
+        location / {
+          rewrite ^/v[0-9]+\.[0-9]+(/.*)?$     http://kubernetes.io/docs$1   redirect; # legacy
+          rewrite ^/(.*)$                      http://kubernetes.io/docs/$1  redirect;
+        }
+      }
+      server {
+        server_name examples.k8s.io examples.kubernetes.io;
+        listen 80;
+        listen 443 ssl;
+
+        location / {
+          rewrite ^/v([0-9]+\.[0-9]+)(/.*)?$    https://github.com/kubernetes/kubernetes/tree/release-$1/examples$2  redirect;
+          rewrite ^/(.*)$                       https://github.com/kubernetes/kubernetes/tree/master/examples/$1     redirect;
+        }
+      }
+      server {
+        server_name get.k8s.io get.kubernetes.io;
+        listen 80;
+        # 443 is covered below.
+
+        location / {
+          root /www/get;
+          index get-kube-insecure.sh;
+        }
+      }
+      server {
+        server_name get.k8s.io get.kubernetes.io;
+        listen 443 ssl;
+        # 80 is covered above.
+
+        location / {
+          root /www/get;
+          index get-kube-secure.sh;
+        }
+      }
+      server {
+        server_name go.k8s.io go.kubernetes.io;
+        listen 80;
+        listen 443 ssl;
+
+        location / {
+          rewrite ^/bounty$          https://github.com/kubernetes/kubernetes.github.io/issues?q=is%3Aopen+is%3Aissue+label%3ABounty redirect;
+          rewrite ^/start$           http://kubernetes.io/docs/getting-started-guides/ redirect;
+          rewrite ^/help-wanted$     https://github.com/kubernetes/kubernetes/labels/help-wanted redirect;
+        }
+      }
+      server {
+        server_name issue.k8s.io issues.k8s.io issue.kubernetes.io issues.kubernetes.io;
+        listen 80;
+        listen 443 ssl;
+
+        location / {
+          rewrite ^/(.*)$              https://github.com/kubernetes/kubernetes/issues/$1 redirect;
+        }
+      }
+      server {
+        server_name pr.k8s.io prs.k8s.io pr.kubernetes.io prs.kubernetes.io;
+        listen 80;
+        listen 443 ssl;
+
+        location / {
+          rewrite ^/$                  https://github.com/kubernetes/kubernetes/pulls redirect;
+          rewrite ^/(.*)$              https://github.com/kubernetes/kubernetes/pull/$1 redirect;
+        }
+      }
+      server {
+        server_name pr-test.kubernetes.io pr-test.k8s.io;
+        listen 80;
+        listen 443 ssl;
+
+        # This is really not ideal, but there's no obvious way to browse GCS that handles directories and files.
+        rewrite ^/$             https://console.developers.google.com/storage/browser/kubernetes-jenkins/pr-logs/pull redirect;
+        rewrite ^/(.*)/$        https://console.developers.google.com/storage/browser/kubernetes-jenkins/pr-logs/pull/$1 redirect;
+        rewrite ^/(.*)$         https://storage.cloud.google.com/kubernetes-jenkins/pr-logs/pull/$1 redirect;
+      }
+      server {
+        server_name releases.k8s.io rel.k8s.io releases.kubernetes.io rel.kubernetes.io;
+        listen 80;
+        listen 443 ssl;
+
+        location / {
+          rewrite ^/$                  https://github.com/kubernetes/kubernetes/releases redirect;
+          rewrite ^/([^/]*)(/.*)?$     https://github.com/kubernetes/kubernetes/tree/$1$2 redirect;
+        }
+      }
+      server {
+        server_name reviewable.kubernetes.io reviewable.k8s.io;
+        listen 80;
+        listen 443 ssl;
+
+        rewrite ^/(.*)?$    https://reviewable.kubernetes.io/$1 redirect;
+      }
+
+      server {
+        server_name testgrid.kubernetes.io testgrid.k8s.io;
+        listen 80;
+        listen 443 ssl;
+
+        rewrite ^/(.*)?$    https://k8s-testgrid.appspot.com/$1 redirect;
+      }
+    }
diff --git a/k8s.io/configmap-www-get.yaml b/k8s.io/configmap-www-get.yaml
@@ -0,0 +1,157 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: www-get
+data:
+  # Adding new entries here will make them appear as files in the deployment.
+  get-kube-secure.sh: |
+    #!/bin/bash
+
+    # Copyright 2014 The Kubernetes Authors All rights reserved.
+    #
+    # Licensed under the Apache License, Version 2.0 (the "License");
+    # you may not use this file except in compliance with the License.
+    # You may obtain a copy of the License at
+    #
+    #     http://www.apache.org/licenses/LICENSE-2.0
+    #
+    # Unless required by applicable law or agreed to in writing, software
+    # distributed under the License is distributed on an "AS IS" BASIS,
+    # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+    # See the License for the specific language governing permissions and
+    # limitations under the License.
+
+    # Bring up a Kubernetes cluster.
+    # Usage:
+    #   wget -q -O - https://get.k8s.io | bash
+    # or
+    #   curl -sS https://get.k8s.io | bash
+    #
+    # Advanced options
+    #  Set KUBERNETES_PROVIDER to choose between different providers:
+    #  Google Compute Engine [default]
+    #   * export KUBERNETES_PROVIDER=gce; wget -q -O - https://get.k8s.io | bash
+    #  Google Container Engine
+    #   * export KUBERNETES_PROVIDER=gke; wget -q -O - https://get.k8s.io | bash
+    #  Amazon EC2
+    #   * export KUBERNETES_PROVIDER=aws; wget -q -O - https://get.k8s.io | bash
+    #  Microsoft Azure
+    #   * export KUBERNETES_PROVIDER=azure; wget -q -O - https://get.k8s.io | bash
+    #  Vagrant (local virtual machines)
+    #   * export KUBERNETES_PROVIDER=vagrant; wget -q -O - https://get.k8s.io | bash
+    #  VMWare VSphere
+    #   * export KUBERNETES_PROVIDER=vsphere; wget -q -O - https://get.k8s.io | bash
+    #  Rackspace
+    #   * export KUBERNETES_PROVIDER=rackspace; wget -q -O - https://get.k8s.io | bash
+    #
+    #  Set KUBERNETES_SKIP_DOWNLOAD to non-empty to skip downloading a release.
+    #  Set KUBERNETES_SKIP_CONFIRM to skip the installation confirmation prompt.
+    set -o errexit
+    set -o nounset
+    set -o pipefail
+
+    function create_cluster {
+      echo "Creating a kubernetes on ${KUBERNETES_PROVIDER:-gce}..."
+      (
+        cd kubernetes
+        ./cluster/kube-up.sh
+        echo "Kubernetes binaries at ${PWD}/cluster/"
+        if [[ ":$PATH:" != *":${PWD}/cluster:"* ]]; then
+          echo "You may want to add this directory to your PATH in \$HOME/.profile"
+        fi
+
+        echo "Installation successful!"
+      )
+    }
+
+    if [[ "${KUBERNETES_SKIP_DOWNLOAD-}" ]]; then
+      create_cluster
+      exit 0
+    fi
+
+    function get_latest_version_number {
+      local -r latest_url="https://storage.googleapis.com/kubernetes-release/release/stable.txt"
+      if [[ $(which wget) ]]; then
+        wget -qO- ${latest_url}
+      elif [[ $(which curl) ]]; then
+        curl -Ss ${latest_url}
+      else
+        echo "Couldn't find curl or wget.  Bailing out."
+        exit 4
+      fi
+    }
+
+    release=$(get_latest_version_number)
+    release_url=https://storage.googleapis.com/kubernetes-release/release/${release}/kubernetes.tar.gz
+
+    uname=$(uname)
+    if [[ "${uname}" == "Darwin" ]]; then
+      platform="darwin"
+    elif [[ "${uname}" == "Linux" ]]; then
+      platform="linux"
+    else
+      echo "Unknown, unsupported platform: (${uname})."
+      echo "Supported platforms: Linux, Darwin."
+      echo "Bailing out."
+      exit 2
+    fi
+
+    machine=$(uname -m)
+    if [[ "${machine}" == "x86_64" ]]; then
+      arch="amd64"
+    elif [[ "${machine}" == "i686" ]]; then
+      arch="386"
+    elif [[ "${machine}" == "arm*" ]]; then
+      arch="arm"
+    else
+      echo "Unknown, unsupported architecture (${machine})."
+      echo "Supported architectures x86_64, i686, arm*"
+      echo "Bailing out."
+      exit 3
+    fi
+
+    file=kubernetes.tar.gz
+
+    echo "Downloading kubernetes release ${release} to ${PWD}/kubernetes.tar.gz"
+    if [[ -n "${KUBERNETES_SKIP_CONFIRM-}" ]]; then
+      echo "Is this ok? [Y]/n"
+      read confirm
+      if [[ "$confirm" == "n" ]]; then
+        echo "Aborting."
+        exit 0
+      fi
+    fi
+
+    if [[ $(which wget) ]]; then
+      wget -O ${file} ${release_url}
+    elif [[ $(which curl) ]]; then
+      curl -L -o ${file} ${release_url}
+    else
+      echo "Couldn't find curl or wget.  Bailing out."
+      exit 1
+    fi
+
+    echo "Unpacking kubernetes release ${release}"
+    tar -xzf ${file}
+    rm ${file}
+
+    create_cluster
+  get-kube-insecure.sh: |
+    #!/bin/bash
+
+    # Copyright 2014 Google Inc. All rights reserved.
+    #
+    # Licensed under the Apache License, Version 2.0 (the "License");
+    # you may not use this file except in compliance with the License.
+    # You may obtain a copy of the License at
+    #
+    #     http://www.apache.org/licenses/LICENSE-2.0
+    #
+    # Unless required by applicable law or agreed to in writing, software
+    # distributed under the License is distributed on an "AS IS" BASIS,
+    # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+    # See the License for the specific language governing permissions and
+    # limitations under the License.
+
+    echo Install Kubernetes securely:
+    echo curl -sS https://get.k8s.io | bash
-Original file line number
+Diff line change
@@ -0,0 +1,3 @@
+    tls.crt
+    tls.key
+    tls.csr