Adding cluster-issuer annotation for TLS provisioning
Through the usage of cert-manager, the charms will be able
request TLS certificates to protect the Kubernetes Ingress
endpoint that is exposed.
Note: Cert-manager must be configured ahead of time.
Change-Id: I7dacdb8dca2f78664c5604e509e2516ae6023d06
Signed-off-by: sousaedu <eduardo.sousa@canonical.com>
diff --git a/installers/charm/nbi/src/charm.py b/installers/charm/nbi/src/charm.py
index 7efc5b0..1f5812a 100755
--- a/installers/charm/nbi/src/charm.py
+++ b/installers/charm/nbi/src/charm.py
@@ -56,6 +56,7 @@
log_level: str
max_file_size: int
site_url: Optional[str]
+ cluster_issuer: Optional[str]
ingress_whitelist_source_range: Optional[str]
tls_secret_name: Optional[str]
@@ -240,6 +241,9 @@
"nginx.ingress.kubernetes.io/whitelist-source-range"
] = config.ingress_whitelist_source_range
+ if config.cluster_issuer:
+ annotations["cert-manager.io/cluster-issuer"] = config.cluster_issuer
+
if parsed.scheme == "https":
ingress_resource_builder.add_tls(
[parsed.hostname], config.tls_secret_name