Adding cluster-issuer annotation for TLS provisioning
Through the usage of cert-manager, the charms will be able
request TLS certificates to protect the Kubernetes Ingress
endpoint that is exposed.
Note: Cert-manager must be configured ahead of time.
Change-Id: I7dacdb8dca2f78664c5604e509e2516ae6023d06
Signed-off-by: sousaedu <eduardo.sousa@canonical.com>
diff --git a/installers/charm/ng-ui/config.yaml b/installers/charm/ng-ui/config.yaml
index 279b759..df09698 100644
--- a/installers/charm/ng-ui/config.yaml
+++ b/installers/charm/ng-ui/config.yaml
@@ -45,3 +45,7 @@
type: string
description: Ingress URL
default: ""
+ cluster_issuer:
+ type: string
+ description: Name of the cluster issuer for TLS certificates
+ default: ""
diff --git a/installers/charm/ng-ui/src/charm.py b/installers/charm/ng-ui/src/charm.py
index bf301f3..5efaaae 100755
--- a/installers/charm/ng-ui/src/charm.py
+++ b/installers/charm/ng-ui/src/charm.py
@@ -50,6 +50,7 @@
server_name: str
max_file_size: int
site_url: Optional[str]
+ cluster_issuer: Optional[str]
ingress_whitelist_source_range: Optional[str]
tls_secret_name: Optional[str]
@@ -158,6 +159,9 @@
"nginx.ingress.kubernetes.io/whitelist-source-range"
] = config.ingress_whitelist_source_range
+ if config.cluster_issuer:
+ annotations["cert-manager.io/cluster-issuer"] = config.cluster_issuer
+
if parsed.scheme == "https":
ingress_resource_builder.add_tls(
[parsed.hostname], config.tls_secret_name
diff --git a/installers/charm/ng-ui/tests/test_charm.py b/installers/charm/ng-ui/tests/test_charm.py
index 5b5327b..38ad38b 100644
--- a/installers/charm/ng-ui/tests/test_charm.py
+++ b/installers/charm/ng-ui/tests/test_charm.py
@@ -45,6 +45,7 @@
"ingress_whitelist_source_range": "",
"tls_secret_name": "",
"site_url": "https://ui.192.168.100.100.xip.io",
+ "cluster_issuer": "vault-issuer",
}
self.harness.update_config(self.config)