(DOCSP-17412): Fix HTTP/S abbrev. and add restart reqs for enabling HTTPS (#643)

* (DOCSP-17412): Fix HTTP/S abbrev. and add restart reqs for enabling HTTPS

* added copy review suggestion

* Copy review pt. 2

* Tech review feedback

* Tech review pt. 2

Author: davidhou17

conf.py

@@ -120,8 +120,8 @@
     '.. |global-write-cluster| replace:: Global Cluster',
     '.. |global-write| replace:: Global Writes',
     '.. |hardlink| replace:: https://docs.mongodb.com/kubernetes-operator/',
-    '.. |https| replace:: :abbr:`HTTPS (Secure HyperText Transport Protocol)`',
-    '.. |http| replace:: :abbr:`HTTP (HyperText Transport Protocol)`',
+    '.. |https| replace:: :abbr:`HTTPS (Hypertext Transfer Protocol Secure)`',
+    '.. |http| replace:: :abbr:`HTTP (Hypertext Transfer Protocol)`',
     '.. |iana| replace:: :abbr:`IANA (Internet Assigned Numbers Authority)`',
     '.. |iops| replace:: :abbr:`IOPS (Input/Output Operations per Second)`',
     '.. |ipaddr| replace:: :abbr:`IP (Internet Protocol)`',

source/reference/known-issues.txt

@@ -102,6 +102,32 @@ If the |k8s-op-short| and resources sit in the same ``mongodb``
 This would mean that it could not clean the configurations, which
 would have to be done in the |application|.
 
+.. _https-enablement-issues:
+
+HTTPS Enabled After Deployment
+------------------------------
+
+We recommend that you enable |https| *before* deploying your |onprem| resources.
+However, if you enable |https| after deployment,
+your managed resources can no longer communicate with |onprem| and 
+the |k8s-op-short| reports your resources' status as ``Failed``.
+
+To resolve this issue, you must delete your |k8s-pods| by
+running the following command for each Pod:
+
+.. code-block:: sh
+
+   kubectl delete pod <replicaset-pod-name>
+      
+After deletion, |k8s| automatically restarts the deleted Pods. 
+During this period, the resource is unreachable and incurs 
+downtime.
+
+.. seealso::
+   
+   - :ref:`config-https`
+   - :ref:`k8s-troubleshooting`
+
 Difficulties with Updates
 -------------------------
 

source/reference/production-notes.txt

@@ -606,6 +606,19 @@ default permissions.
 
    :ref:`meko-om-arch`
 
+Enable HTTPS
+------------
+
+The |k8s-op-short| supports configuring |onprem| to run over 
+:ref:`HTTPS <config-https>`.
+
+Enable |https| before deploying your |onprem| resources to avoid a situation 
+where the |k8s-op-short| reports your resources' status as ``Failed``.
+
+.. seealso::
+   
+   - :ref:`https-enablement-issues`
+
 Enable TLS
 ----------
 
@@ -737,4 +750,4 @@ Example User CRD
 
    - :setting:`spec.security.authentication.ldap.automationLdapGroupDN`
    - :ref:`Manage Database Users Using X.509 Authentication <create-x509-certs>`
-   - :ref:`Manage Database Users Using SCRAM Authentication <add-db-user-scram>`
+   - :ref:`Manage Database Users Using SCRAM Authentication <add-db-user-scram>`

source/tutorial/plan-om-resource.txt

@@ -253,15 +253,27 @@ To disable backup after you enabled it:
    To learn about reclaiming |k8s-pvs|, see the
    :k8sdocs:`Kubernetes documentation </concepts/storage/persistent-volumes/#reclaiming>`.
 
+.. _config-https:
+
 Configure |onprem| to Run over HTTPS
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
-You can configure an instance |onprem| created through the
-|k8s-op-short| to run over |https|, rather than |http|. To configure
-your |onprem| instance to run over |https|, you must provide a |tls|
-certificate and Private Key in the |onprem| configuration object.
+You can configure your |onprem| instance created through the |k8s-op-short|
+to run over |https| instead of |http|. 
+
+To configure your |onprem| instance to run over |https|, provide a |tls|
+certificate and Private Key in the |onprem| configuration object. 
+
 For detailed instructions, see :ref:`deploy-om-container`.
 
+.. important::
+   
+   If you have existing deployments, you must restart them manually 
+   after enabling |https|. To avoid restarting your deployments, 
+   configure |https| before deploying your managed resources.
+
+   To learn more, see :ref:`https-enablement-issues`.
+
 Ops Manager Application Access
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~