I have a Sinatra web app that serves up fine on http on k8s. I want to serve it out with a cert (self signed?) on an internal network. What are the general steps. I use rack...

So far I have

• choose an FQDN to bind to (e.g. https://foobarapp)
• Use ssl enforcer?

require 'rack/ssl-enforcer'
use Rack::SslEnforcer

• Include more stuff to tell Sinatra or rack where the SSL certs live?
• Expose 443 of webapp with a nodeport svc (simple is ok here/low traffic app)
• Point FQDN to nodeport using DNS

As you can see I am hazy about points 2 and 3 and possibly more. Anybody exposed a Sinatra app on https on k8s? Is this all the wiring needed?

Thanks.