Configure HTTPS for Argo #44
Conversation
…ed elsewhere, and so the benefits of being a separate module were questionable; in the end, however, I didn't really gain much from defctoring it, as it didn't make it possible to again use the kubernetes provider in the setup of this stage; though I did figure out how to get around this, that solution is independent of the defactor (cold start flag); this would be much easier to swallow if this change did not require a complete tear-down and rebuild of the cluster to put into use
|
Current status: this is not completely working. I've been able to issue the certificate and get the load balancer configured to use it. However, Argo seems to be quite unhappy, and does not allow for the Argo server interface to communicate with the backend controller. The end result is that while it is possible to go to https://argo.compute.azavea.com, log in, and see the Argo server interface, that interface allows no actions. It complains with a return with a 403. This is surely to do with the fact that these requests are being forwarded to https://argo.compute.azavea.com, and the token that is accompanying the request is not correct. There must be some configuration that I am not setting correctly, but the docs for Argo seem to be very poor for this. I'm going to have to punt on this for the moment. I've spent far too much time here already. |
Previous iterations of the Argo application module relied on a self-signed certificate to have secure access over HTTPS. This is obviously only a temporary solution, which needs to be fixed by issuing a genuine certificate through an official authority. In this case, we want to use AWS ACM to issue the cert. This should then be applied to the Argo service load balancer to complete the setup. This PR makes the needed changes to get this all working.