Adding cluster-issuer annotation for TLS provisioning
Through the usage of cert-manager, the charms will be able
request TLS certificates to protect the Kubernetes Ingress
endpoint that is exposed.
Note: Cert-manager must be configured ahead of time.
Change-Id: I7dacdb8dca2f78664c5604e509e2516ae6023d06
Signed-off-by: sousaedu <eduardo.sousa@canonical.com>
diff --git a/installers/charm/ng-ui/src/charm.py b/installers/charm/ng-ui/src/charm.py
index bf301f3..5efaaae 100755
--- a/installers/charm/ng-ui/src/charm.py
+++ b/installers/charm/ng-ui/src/charm.py
@@ -50,6 +50,7 @@
server_name: str
max_file_size: int
site_url: Optional[str]
+ cluster_issuer: Optional[str]
ingress_whitelist_source_range: Optional[str]
tls_secret_name: Optional[str]
@@ -158,6 +159,9 @@
"nginx.ingress.kubernetes.io/whitelist-source-range"
] = config.ingress_whitelist_source_range
+ if config.cluster_issuer:
+ annotations["cert-manager.io/cluster-issuer"] = config.cluster_issuer
+
if parsed.scheme == "https":
ingress_resource_builder.add_tls(
[parsed.hostname], config.tls_secret_name