Register domain name for BERtron API #97
Description
One source of (a little bit of) friction during the previous hackathon was the web browser showing the "Insecure connection" warning when we (hackathon participants) would visit the BERtron API's Swagger UI page, and us having to click a couple buttons to dismiss the warning.
Some of us have talked briefly about getting a domain set up, which would enable us to set up a valid SSL certificate, eliminating that web browser warning.
I'm creating this ticket to represent the task of registering — or otherwise setting up — a domain.
Footnote: In case team members want to use a *.microbiomedata.org domain in the short term (like just for the duration of the upcoming hackathon) (we're already using NMDC's Spin account for hosting the API), that's something we could, at least from a technical standpoint, do.
For reference, here's the standard setup for an NMDC website:
- A: Domain managed by LBNL IT (use IP Request to create CNAME DNS record for subdomain, pointing to Cloudflare)
- B: Cloudflare (CNAME DNS record for subdomain, with "Proxied" mode enabled, pointing to Spin-hosted Ingress)
- C: Spin (ingress configured to listen for that subdomain)
B's "Proxied" mode takes care of the SSL certificate that the end user sees.
C can technically use the Kubernetes-provided SSL certificate for the connection between Cloudflare and Spin, but I'd recommend using Cloudflare to generate an "origin SSL certificate" for that connection. That's a certificate that Cloudflare provides for free and can subsequently validate (also, Cloudflare is the only "client" of that certificate). Alternatively, we could generate an SSL certificate via LBNL, but I think doing it via Cloudflare would be quicker and easier.
CC: @ct-parker , @shreddd