Gitiles
Code Review Sign In
osm.etsi.org / osm / devops / 3cc0316794cc75ecffdf2b969b4ad98d0dd7e826^! / . / installers / charm / prometheus
commit3cc0316794cc75ecffdf2b969b4ad98d0dd7e826[log] [tgz]
authorsousaedu <eduardo.sousa@canonical.com>Thu Apr 29 16:53:12 2021 +0200
committersousaedu <eduardo.sousa@canonical.com>Thu Apr 29 17:48:32 2021 +0200
tree30809b8c894d59415af3e336ac51d23e19a45cd1
parent021b307297a6ab8dfe9ee3af03154989bcd9e0e8 [diff]
Adding cluster-issuer annotation for TLS provisioning

Through the usage of cert-manager, the charms will be able
request TLS certificates to protect the Kubernetes Ingress
endpoint that is exposed.

Note: Cert-manager must be configured ahead of time.

Change-Id: I7dacdb8dca2f78664c5604e509e2516ae6023d06
Signed-off-by: sousaedu <eduardo.sousa@canonical.com>

diff --git a/installers/charm/prometheus/config.yaml b/installers/charm/prometheus/config.yaml
index 9f35e51..a5f5e8a 100644
--- a/installers/charm/prometheus/config.yaml
+++ b/installers/charm/prometheus/config.yaml

@@ -52,6 +52,10 @@
     type: string
     description: Ingress URL
     default: ""
+  cluster_issuer:
+    type: string
+    description: Name of the cluster issuer for TLS certificates
+    default: ""
   enable_web_admin_api:
     type: boolean
     description: Boolean to enable the web admin api

diff --git a/installers/charm/prometheus/src/charm.py b/installers/charm/prometheus/src/charm.py
index 5cd163d..e71d949 100755
--- a/installers/charm/prometheus/src/charm.py
+++ b/installers/charm/prometheus/src/charm.py

@@ -55,6 +55,7 @@
     default_target: str
     max_file_size: int
     site_url: Optional[str]
+    cluster_issuer: Optional[str]
     ingress_whitelist_source_range: Optional[str]
     tls_secret_name: Optional[str]
     enable_web_admin_api: bool
@@ -206,6 +207,9 @@
                     "nginx.ingress.kubernetes.io/whitelist-source-range"
                 ] = config.ingress_whitelist_source_range
 
+            if config.cluster_issuer:
+                annotations["cert-manager.io/cluster-issuer"] = config.cluster_issuer
+
             if parsed.scheme == "https":
                 ingress_resource_builder.add_tls(
                     [parsed.hostname], config.tls_secret_name

diff --git a/installers/charm/prometheus/tests/test_charm.py b/installers/charm/prometheus/tests/test_charm.py
index dd8b732..0713a84 100644
--- a/installers/charm/prometheus/tests/test_charm.py
+++ b/installers/charm/prometheus/tests/test_charm.py

@@ -45,6 +45,7 @@
             "ingress_whitelist_source_range": "",
             "tls_secret_name": "",
             "site_url": "https://prometheus.192.168.100.100.xip.io",
+            "cluster_issuer": "vault-issuer",
             "enable_web_admin_api": False,
         }
         self.harness.update_config(self.config)