Skip to content
GitLab
Explore
Sign in
Primary navigation
Search or go to…
Project
G
geosphere-deploy
Manage
Activity
Members
Plan
Wiki
Code
Repository
Branches
Commits
Tags
Repository graph
Compare revisions
Snippets
Deploy
Releases
Container Registry
Model registry
Analyze
Contributor analytics
Repository analytics
Model experiments
Help
Help
Support
GitLab documentation
Compare GitLab plans
Community forum
Contribute to GitLab
Provide feedback
Keyboard shortcuts
?
Snippets
Groups
Projects
Show more breadcrumbs
cspp_geo
geosphere
geosphere-deploy
Commits
60d4b148
Verified
Commit
60d4b148
authored
4 years ago
by
David Hoese
Browse files
Options
Downloads
Patches
Plain Diff
Attempt to add TLS to geosphere-test mapserver and mapcache
parent
f8678221
No related branches found
Branches containing commit
No related tags found
Tags containing commit
No related merge requests found
Changes
3
Hide whitespace changes
Inline
Side-by-side
Showing
3 changed files
admin/README.md
+33
-1
33 additions, 1 deletion
admin/README.md
ci_geosphere-test/values-mapcache.yaml
+16
-0
16 additions, 0 deletions
ci_geosphere-test/values-mapcache.yaml
ci_geosphere-test/values-mapserver.yaml
+5
-1
5 additions, 1 deletion
ci_geosphere-test/values-mapserver.yaml
with
54 additions
and
2 deletions
admin/README.md
+
33
−
1
View file @
60d4b148
...
...
@@ -174,4 +174,36 @@ kubectl delete sc/local-large-cache
Similar to Local Large Cache above, but larger available space. Note this
should only be used for testing as data will be deleted when the claim
is removed.
\ No newline at end of file
is removed.
## Configure HTTPS on Ingress
Web services being served on the cluster via HTTP can be made available via
HTTPS by enabling TLS on the Ingress controller of the cluster. The below
instructions will walk through how to enable this.
First, we must create a Secret to store the certificates. For SSEC-based
services, certificates should be requested from Technical Computing (TC).
To create the secret, have the certificate file and key file available in
your current directory and run:
```
kubectl create secret tls mysite-tls-certs --cert=mycert.crt --key=mycert.key
```
Where
`mysite-tls-certs`
is the name of the secret,
`tls`
is the type of the
secret, and
`mycert.crt`
and
`mycert.key`
are the actual certificate files.
Make sure if this certificate is for a specific namespace that you add
`-n mynamespace`
.
Then we need to make sure our Service definition includes something like:
```
bash
tls:
- hosts:
- mysite.ssec.wisc.edu
secretName: mysite-tls-certs
```
Once this is deployed the certificate should now be used when requesting
the HTTPS version of your service.
This diff is collapsed.
Click to expand it.
ci_geosphere-test/values-mapcache.yaml
+
16
−
0
View file @
60d4b148
...
...
@@ -17,3 +17,19 @@ ingress:
hosts
:
-
host
:
geosphere-test.ssec.wisc.edu
paths
:
[
"
/mapcache"
]
-
host
:
geosphere1-test.ssec.wisc.edu
paths
:
[
"
/mapcache"
]
-
host
:
geosphere2-test.ssec.wisc.edu
paths
:
[
"
/mapcache"
]
-
host
:
geosphere3-test.ssec.wisc.edu
paths
:
[
"
/mapcache"
]
-
host
:
geosphere4-test.ssec.wisc.edu
paths
:
[
"
/mapcache"
]
tls
:
-
hosts
:
-
"
geosphere-test.ssec.wisc.edu"
-
"
geosphere1-test.ssec.wisc.edu"
-
"
geosphere2-test.ssec.wisc.edu"
-
"
geosphere3-test.ssec.wisc.edu"
-
"
geosphere4-test.ssec.wisc.edu"
secretName
:
"
geosphere-tls-certs"
This diff is collapsed.
Click to expand it.
ci_geosphere-test/values-mapserver.yaml
+
5
−
1
View file @
60d4b148
...
...
@@ -14,4 +14,8 @@ ingress:
enabled
:
true
hosts
:
-
host
:
geosphere-test.ssec.wisc.edu
paths
:
[
"
/wms"
,
"
/wms_times"
]
\ No newline at end of file
paths
:
[
"
/wms"
,
"
/wms_times"
]
tls
:
-
hosts
:
-
"
geosphere-test.ssec.wisc.edu"
secretName
:
"
geosphere-tls-certs"
This diff is collapsed.
Click to expand it.
Preview
0%
Loading
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Save comment
Cancel
Please
register
or
sign in
to comment
