Setup let's encrypt and cert manager.

config/README.md

@@ -34,3 +34,9 @@ Then deploy with:
 ```
 ko apply -f config/
 ```
+
+## Ingress
+
+Install cert-manager with helm, using https://cert-manager.io/docs/installation/kubernetes/#installing-with-helm
+
+Install nginx-ingress with: kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v0.43.0/deploy/static/provider/cloud/deploy.yaml

config/ingress.yaml

+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  name: rekor
+  annotations:
+    kubernetes.io/ingress.class: "nginx"    
+    cert-manager.io/issuer: "letsencrypt-prod"
+
+spec:
+  tls:
+  - hosts:
+    - api.rekor.dev
+    secretName: rekor-ingress-tls
+  rules:
+  - host: api.rekor.dev
+    http:
+      paths:
+      - path: /
+        backend:
+          serviceName: rekor-server
+          servicePort: 80

config/letsencrypt-prod.yaml

+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+  name: letsencrypt-prod
+spec:
+  acme:
+    # The ACME server URL
+    server: https://acme-v02.api.letsencrypt.org/directory
+    # Email address used for ACME registration
+    email: dlorenc@google.com
+    # Name of a secret used to store the ACME account private key
+    privateKeySecretRef:
+      name: letsencrypt-prod
+    # Enable the HTTP-01 challenge provider
+    solvers:
+    - http01:
+        ingress:
+          class: nginx

config/letsencrypt-staging.yaml

+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+  name: letsencrypt-staging
+spec:
+  acme:
+    # The ACME server URL
+    server: https://acme-staging-v02.api.letsencrypt.org/directory
+    # Email address used for ACME registration
+    email: dlorenc@google.com
+    # Name of a secret used to store the ACME account private key
+    privateKeySecretRef:
+      name: letsencrypt-staging
+    # Enable the HTTP-01 challenge provider
+    solvers:
+    - http01:
+        ingress:
+          class: nginx