Skip to content

Commit

Permalink
Set up ingress and switch to SF as primary
Browse files Browse the repository at this point in the history 
Due to a freeze bug we need to re-ingest ads from all providers for the
last 18 hours or so on berg.

For now switch to SF as primary.
  • Loading branch information
@masih
masih committed Oct 11, 2024
1 parent edbcec3 commit 3fd0c5c
Show file tree
Hide file tree
Showing 2 changed files with 60 additions and 5 deletions.
28 changes: 23 additions & 5 deletions deploy/infrastructure/prod/us-east-2/cloudfront.tf
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,8 @@
locals {
indexstar_origin_id = "${local.environment_name}_${local.region}_indexstar"
indexstar_berg_origin_id = "${local.environment_name}_${local.region}_indexstar_berg"
indexstar_sf_origin_id = "${local.environment_name}_${local.region}_indexstar_sf"
indexstar_primary = local.indexstar_sf_origin_id
http_announce_origin_id = "${local.environment_name}_${local.region}_assigner"
cdn_subdomain = "cdn"
cf_log_bucket = "${local.environment_name}-${local.region}-cf-log"
Expand Down Expand Up @@ -90,6 +92,22 @@ resource "aws_cloudfront_distribution" "cdn" {
}
}

// A local load balancer which hooked up to sf.cid.contact under the hood.
origin {
domain_name = "indexstar-sf.${aws_route53_zone.prod_external.name}"
origin_id = local.indexstar_sf_origin_id
custom_origin_config {
http_port = 80
https_port = 443
origin_protocol_policy = "https-only"
origin_ssl_protocols = ["SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2"]
}
origin_shield {
enabled = true
origin_shield_region = local.region
}
}

custom_error_response {
error_code = 404
error_caching_min_ttl = 300
Expand All @@ -100,7 +118,7 @@ resource "aws_cloudfront_distribution" "cdn" {
# Hence the complete method list.
allowed_methods = ["GET", "HEAD", "OPTIONS", "PUT", "DELETE", "PATCH", "POST"]
cached_methods = ["GET", "HEAD", "OPTIONS"]
target_origin_id = local.indexstar_berg_origin_id
target_origin_id = local.indexstar_primary

forwarded_values {
query_string = false
Expand All @@ -122,7 +140,7 @@ resource "aws_cloudfront_distribution" "cdn" {
# Hence the complete method list.
allowed_methods = ["GET", "HEAD", "OPTIONS", "PUT", "DELETE", "PATCH", "POST"]
cached_methods = ["GET", "HEAD", "OPTIONS"]
target_origin_id = local.indexstar_berg_origin_id
target_origin_id = local.indexstar_primary
cache_policy_id = aws_cloudfront_cache_policy.lookup.id

compress = true
Expand All @@ -133,7 +151,7 @@ resource "aws_cloudfront_distribution" "cdn" {
path_pattern = "cid/*"
allowed_methods = ["GET", "HEAD", "OPTIONS"]
cached_methods = ["GET", "HEAD", "OPTIONS"]
target_origin_id = local.indexstar_berg_origin_id
target_origin_id = local.indexstar_primary
cache_policy_id = aws_cloudfront_cache_policy.lookup.id

compress = true
Expand All @@ -144,7 +162,7 @@ resource "aws_cloudfront_distribution" "cdn" {
path_pattern = "providers"
allowed_methods = ["GET", "HEAD", "OPTIONS"]
cached_methods = ["GET", "HEAD", "OPTIONS"]
target_origin_id = local.indexstar_berg_origin_id
target_origin_id = local.indexstar_primary
forwarded_values {
query_string = false
cookies {
Expand All @@ -164,7 +182,7 @@ resource "aws_cloudfront_distribution" "cdn" {
# Hence the complete method list.
allowed_methods = ["GET", "HEAD", "OPTIONS", "PUT", "DELETE", "PATCH", "POST"]
cached_methods = ["GET", "HEAD", "OPTIONS"]
target_origin_id = local.indexstar_berg_origin_id
target_origin_id = local.indexstar_primary
forwarded_values {
query_string = false
cookies {
Expand Down
37 changes: 37 additions & 0 deletions deploy/manifests/prod/us-east-2/tenant/storetheindex/indexstar/sf-ingress.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,37 @@
apiVersion: v1
kind: Service
metadata:
name: indexstar-sf
namespace: storetheindex
spec:
type: ExternalName
externalName: sf.cid.contact
ports:
- port: 443
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: indexstar-sf
namespace: storetheindex
annotations:
kubernetes.io/ingress.class: "nginx"
cert-manager.io/cluster-issuer: "letsencrypt"
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
nginx.ingress.kubernetes.io/enable-cors: "true"
spec:
tls:
- hosts:
- indexstar-sf.prod.cid.contact
secretName: indexstar-sf-ingress-tls
rules:
- host: indexstar-sf.prod.cid.contact
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: indexstar-sf
port:
number: 443

0 comments on commit 3fd0c5c

Please sign in to comment.