Add support for ingress tls entry

[hardillb]

part of #83

Basic TLS ingress entry

Description

Related Issue(s)

#83

Checklist

• I have read the contribution guidelines
• Suitable unit/system level tests have been added and they pass
• Documentation has been updated
  • Upgrade instructions
  • Configuration details
  • Concepts
• Changes flowforge.yml?
  • Issue/PR raised on flowforge/helm to update ConfigMap Template
  • Issue/PR raised on flowforge/CloudProject to update values for Staging/Production

Labels

• Backport needed? -> add the backport label
• Includes a DB migration? -> add the area:migration label

[dfulgham]

Should have the tls section refer to a specific secret for the ca certificates.

I don't know if nginx-ingress can reference/use a configMap (ff-ca-certs), looks like it only supports secrets. ?

[dfulgham]

secretName: "ff-apps-ca-secret"

Or something, to hold the wildcard ca certificate to be used for applications, would need to be documented.

[hardillb]

ff-apps-ca-secrets is not a Secret, it's a collection of CA certs that the instance should trust, so not useful here.

I'm still working out how to solve this nicely, there are 2 possible approaches

1. A single shared wildcard cert/key in a single secret
2. A secret per instance, and something like CertManager issuing new ACME provisioned certs for each.

Both have pros/cons for different environments.

[hardillb]

superseded by #131