From 60d4b1488be7d65543c5edb385b82ba88a43c4c5 Mon Sep 17 00:00:00 2001
From: David Hoese <david.hoese@ssec.wisc.edu>
Date: Fri, 7 Aug 2020 17:02:42 -0500
Subject: [PATCH] Attempt to add TLS to geosphere-test mapserver and mapcache

---
 admin/README.md                         | 34 ++++++++++++++++++++++++-
 ci_geosphere-test/values-mapcache.yaml  | 16 ++++++++++++
 ci_geosphere-test/values-mapserver.yaml |  6 ++++-
 3 files changed, 54 insertions(+), 2 deletions(-)

diff --git a/admin/README.md b/admin/README.md
index 8e0ccd4..9d6a451 100644
--- a/admin/README.md
+++ b/admin/README.md
@@ -174,4 +174,36 @@ kubectl delete sc/local-large-cache
 
 Similar to Local Large Cache above, but larger available space. Note this
 should only be used for testing as data will be deleted when the claim
-is removed.
\ No newline at end of file
+is removed.
+
+
+## Configure HTTPS on Ingress
+
+Web services being served on the cluster via HTTP can be made available via
+HTTPS by enabling TLS on the Ingress controller of the cluster. The below
+instructions will walk through how to enable this.
+
+First, we must create a Secret to store the certificates. For SSEC-based
+services, certificates should be requested from Technical Computing (TC).
+To create the secret, have the certificate file and key file available in
+your current directory and run:
+
+```
+kubectl create secret tls mysite-tls-certs --cert=mycert.crt --key=mycert.key
+```
+
+Where `mysite-tls-certs` is the name of the secret, `tls` is the type of the
+secret, and `mycert.crt` and `mycert.key` are the actual certificate files.
+Make sure if this certificate is for a specific namespace that you add
+`-n mynamespace`.
+Then we need to make sure our Service definition includes something like:
+
+```bash
+  tls:
+  - hosts:
+      - mysite.ssec.wisc.edu
+    secretName: mysite-tls-certs
+```
+
+Once this is deployed the certificate should now be used when requesting
+the HTTPS version of your service.
diff --git a/ci_geosphere-test/values-mapcache.yaml b/ci_geosphere-test/values-mapcache.yaml
index d0d0345..66d440c 100644
--- a/ci_geosphere-test/values-mapcache.yaml
+++ b/ci_geosphere-test/values-mapcache.yaml
@@ -17,3 +17,19 @@ ingress:
   hosts:
     - host: geosphere-test.ssec.wisc.edu
       paths: ["/mapcache"]
+    - host: geosphere1-test.ssec.wisc.edu
+      paths: ["/mapcache"]
+    - host: geosphere2-test.ssec.wisc.edu
+      paths: ["/mapcache"]
+    - host: geosphere3-test.ssec.wisc.edu
+      paths: ["/mapcache"]
+    - host: geosphere4-test.ssec.wisc.edu
+      paths: ["/mapcache"]
+  tls:
+    - hosts:
+        - "geosphere-test.ssec.wisc.edu"
+        - "geosphere1-test.ssec.wisc.edu"
+        - "geosphere2-test.ssec.wisc.edu"
+        - "geosphere3-test.ssec.wisc.edu"
+        - "geosphere4-test.ssec.wisc.edu"
+      secretName: "geosphere-tls-certs"
diff --git a/ci_geosphere-test/values-mapserver.yaml b/ci_geosphere-test/values-mapserver.yaml
index 3c06f10..4b233c8 100644
--- a/ci_geosphere-test/values-mapserver.yaml
+++ b/ci_geosphere-test/values-mapserver.yaml
@@ -14,4 +14,8 @@ ingress:
   enabled: true
   hosts:
     - host: geosphere-test.ssec.wisc.edu
-      paths: ["/wms", "/wms_times"]
\ No newline at end of file
+      paths: ["/wms", "/wms_times"]
+  tls:
+    - hosts:
+        - "geosphere-test.ssec.wisc.edu"
+      secretName: "geosphere-tls-certs"
-- 
GitLab