From 3d9b8c252e7864b168634c7234e55f73a96f9734 Mon Sep 17 00:00:00 2001
From: Tobias Brunner <tobias@tobru.ch>
Date: Sun, 1 Mar 2020 15:04:30 +0100
Subject: [PATCH] configure tls on ingress

---
 monitoring/manifests/ingress-grafana.yaml | 4 ++++
 monitoring/monitoring.jsonnet             | 6 ++++++
 2 files changed, 10 insertions(+)

diff --git a/monitoring/manifests/ingress-grafana.yaml b/monitoring/manifests/ingress-grafana.yaml
index 0cb4613..4357fc5 100644
--- a/monitoring/manifests/ingress-grafana.yaml
+++ b/monitoring/manifests/ingress-grafana.yaml
@@ -14,3 +14,7 @@ spec:
       - backend:
           serviceName: grafana
           servicePort: http
+  tls:
+  - hosts:
+    - grafana.knurrli.tbrnt.ch
+    secretName: grafana-ingress-cert
diff --git a/monitoring/monitoring.jsonnet b/monitoring/monitoring.jsonnet
index fcd82e4..3fd6ec4 100644
--- a/monitoring/monitoring.jsonnet
+++ b/monitoring/monitoring.jsonnet
@@ -1,6 +1,7 @@
 local k = import 'ksonnet/ksonnet.beta.4/k.libsonnet';
 local pvc = k.core.v1.persistentVolumeClaim;
 local ingress = k.extensions.v1beta1.ingress;
+local ingressTls = ingress.mixin.spec.tlsType;
 local ingressRule = ingress.mixin.spec.rulesType;
 local httpIngressPath = ingressRule.mixin.http.pathsType;
 
@@ -56,6 +57,11 @@ local kp =
             httpIngressPath.mixin.backend.withServiceName('grafana') +
             httpIngressPath.mixin.backend.withServicePort('http')
           ),
+        ) +
+        ingress.mixin.spec.withTls(
+          ingressTls.new() +
+          ingressTls.withHosts('grafana.knurrli.tbrnt.ch') +
+          ingressTls.withSecretName('grafana-ingress-cert')
         ),
     },
   };