...

For enabling TLS, as new application port is involved the service should be redeployed (by modifying the parameters in blueprint), esp when changing from noAuth to basicAuth/certOnly/certBasicAuth. The latter 3 types use 8443 while the noAuth uses 8080. Any changes within basicAuth/certOnly/certBasicAuth can be done through consul update as k8s deployment descriptor (which contains the service definition and healthcheck spec) are still valid.

High level test cases for auth.method = "basicAuth"  :

When application is setup for TLS and auth.method = "basicAuth", healthcheck endpoint must be using 8443 (change submitted to override and support 8080 for healthcheck is not required nor valid).

...