From 1b6564ef72c9d269312f0991abf552d0141d693f Mon Sep 17 00:00:00 2001
From: "Byron Miller (MOBB)" <bymiller@redhat.com>
Date: Fri, 19 Jan 2024 11:16:44 -0600
Subject: [PATCH 1/2] Change TLS termination to Reencrypt and Redirect on
 Insecure

Signed-off-by: Byron Miller (MOBB) <bymiller@redhat.com>
---
 controllers/kam.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/controllers/kam.go b/controllers/kam.go
index af6d51f37bb..5ea9b79741e 100644
--- a/controllers/kam.go
+++ b/controllers/kam.go
@@ -144,8 +144,8 @@ func newRouteForCLI() *routev1.Route {
 			TargetPort: intstr.IntOrString{IntVal: portTLS},
 		},
 		TLS: &routev1.TLSConfig{
-			Termination:                   routev1.TLSTerminationPassthrough,
-			InsecureEdgeTerminationPolicy: routev1.InsecureEdgeTerminationPolicyNone,
+			Termination:                   routev1.TLSTerminationReencrypt,
+			InsecureEdgeTerminationPolicy: routev1.InsecureEdgeTerminationPolicyRedirect,
 		},
 	}
 

From e8dd445b6250f01f8edbe278178998b54c77c019 Mon Sep 17 00:00:00 2001
From: "Byron Miller (MOBB)" <bymiller@redhat.com>
Date: Fri, 19 Jan 2024 11:29:46 -0600
Subject: [PATCH 2/2] fix e2e tests to reencrypt and redirect check

Signed-off-by: Byron Miller (MOBB) <bymiller@redhat.com>
---
 .../sequential/1-001_validate_kam_service/01-assert.yaml      | 4 ++--
 .../e2e/sequential/1-001_validate_kam_service/01-assert.yaml  | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/test/openshift/e2e/ignore-tests/sequential/1-001_validate_kam_service/01-assert.yaml b/test/openshift/e2e/ignore-tests/sequential/1-001_validate_kam_service/01-assert.yaml
index e7697a0b711..c72a10e5ff1 100644
--- a/test/openshift/e2e/ignore-tests/sequential/1-001_validate_kam_service/01-assert.yaml
+++ b/test/openshift/e2e/ignore-tests/sequential/1-001_validate_kam_service/01-assert.yaml
@@ -24,8 +24,8 @@ spec:
   port:
     targetPort: 8443
   tls:
-    insecureEdgeTerminationPolicy: None
-    termination: passthrough
+    insecureEdgeTerminationPolicy: Redirect
+    termination: reencrypt
   to:
     kind: Service
     name: kam
diff --git a/test/openshift/e2e/sequential/1-001_validate_kam_service/01-assert.yaml b/test/openshift/e2e/sequential/1-001_validate_kam_service/01-assert.yaml
index e7697a0b711..c72a10e5ff1 100644
--- a/test/openshift/e2e/sequential/1-001_validate_kam_service/01-assert.yaml
+++ b/test/openshift/e2e/sequential/1-001_validate_kam_service/01-assert.yaml
@@ -24,8 +24,8 @@ spec:
   port:
     targetPort: 8443
   tls:
-    insecureEdgeTerminationPolicy: None
-    termination: passthrough
+    insecureEdgeTerminationPolicy: Redirect
+    termination: reencrypt
   to:
     kind: Service
     name: kam