Initial instructions on how to configure TLS in enterprise

website/docs/enterprise/tls.mdx

@@ -0,0 +1,35 @@
+---
+title: OIDC Integration
+sidebar_position: 5
+---
+
+import TierLabel from "../_components/TierLabel";
+
+# TLS <TierLabel tiers="enterprise" />
+
+By default the UI is served over https. A self-signed Certificate and Key are generated by the clusters-service when it starts.
+
+## Disabling TLS in clusters-service
+
+If you are doing SSL termination in another ingress controller you can disable tls in the clusters-service. Update the weave-gitops-enterprise `HelmRelease` values:
+
+```
+tls:
+  enabled: false
+```
+
+## Providing your own Certificates and Keys to the clusters-service
+
+Create a kubernetes `tls` secret that contains your TLS certs and update the weave-gitops-enterprise
+
+Update the weave-gitops-enterprise `HelmRelease` tls section and provide the name of the tls secret:
+
+```
+tls:
+  enabled: true
+  secretName: my-tls-secret
+```
+
+### `cert-manager`
+
+Install cert-manager and request a `Certificate` in the `wego-system` namespace. Provide the name of secret associated with the certificate to the weave-gitops-enterprise HelmRelease as described above.

website/docs/enterprise/upgrading.mdx

@@ -280,10 +280,10 @@ A **Pull Request** will be created against your cluster repository. **Review and
 You should now be able to load the WGE UI:
 
 ```bash
-kubectl port-forward --namespace wego-system deployments.apps/weave-gitops-enterprise-nginx-ingress-controller 8000:80
+kubectl port-forward --namespace wego-system svc/clusters-service 8000:8000
 ```
 
-The WGE UI should now be accessible at [http://localhost:8000](http://localhost:8000).
+The WGE UI should now be accessible at [https://localhost:8000](https://localhost:8000).
 
 ### 7. Connect the management cluster up to itself