From 267e297ecaae07ef16adb40866646a70108b08e2 Mon Sep 17 00:00:00 2001
From: Khaled Elkhawaga <k.elkhawaga@gmail.com>
Date: Fri, 11 Oct 2019 00:50:52 +0200
Subject: [PATCH] add variable to set tls secret for kubernetes ingress

Signed-off-by: Khaled Elkhawaga <k.elkhawaga@gmail.com>
---
 installer/inventory                                    | 1 +
 installer/roles/kubernetes/templates/deployment.yml.j2 | 6 ++++++
 2 files changed, 7 insertions(+)

diff --git a/installer/inventory b/installer/inventory
index 39e8b6b433..4f056499e5 100644
--- a/installer/inventory
+++ b/installer/inventory
@@ -31,6 +31,7 @@ dockerhub_base=ansible
 # The example below shows an annotation to be used with Traefik but other Ingress controllers are also supported.
 #kubernetes_ingress_hostname=awx.example.org
 #kubernetes_ingress_annotations={'kubernetes.io/ingress.class': 'traefik', 'traefik.ingress.kubernetes.io/redirect-entry-point': 'https'}
+#kubernetes_ingress_tls_secret=awx-cert
 
 # Kubernetes and Openshift Install Resource Requests
 # These are the request and limit values for a pod's container for task/web/rabbitmq/memcached/management.
diff --git a/installer/roles/kubernetes/templates/deployment.yml.j2 b/installer/roles/kubernetes/templates/deployment.yml.j2
index 8e9f234c20..dfb76cbc7b 100644
--- a/installer/roles/kubernetes/templates/deployment.yml.j2
+++ b/installer/roles/kubernetes/templates/deployment.yml.j2
@@ -433,6 +433,12 @@ metadata:
 {% endfor %}
 
 spec:
+{% if kubernetes_ingress_tls_secret is defined %}
+  tls:
+  - hosts:
+    - {{ kubernetes_ingress_hostname }}
+    secretName: {{ kubernetes_ingress_tls_secret }}
+{% endif %}
   rules:
   - host: {{ kubernetes_ingress_hostname }}
     http: