X-Git-Url: https://osm.etsi.org/gitweb/?a=blobdiff_plain;f=installers%2Fcharm%2Fng-ui%2Fsrc%2Fcharm.py;h=1c53163e81ad4ddcc24b5cb9cde82cc58a6bc7b4;hb=da31d6e2625a67c6180080ec9433d0f8ebe1de64;hp=4d2bb85d6b6043319cdaea26a359989fcd5db14e;hpb=49379ced23b5e344a773ce77ac9cb59c1864e19b;p=osm%2Fdevops.git

diff --git a/installers/charm/ng-ui/src/charm.py b/installers/charm/ng-ui/src/charm.py
index 4d2bb85d..1c53163e 100755
--- a/installers/charm/ng-ui/src/charm.py
+++ b/installers/charm/ng-ui/src/charm.py
@@ -23,32 +23,25 @@
 # pylint: disable=E0213
 
 
-import logging
-from typing import Optional, NoReturn
 from ipaddress import ip_network
+import logging
+from pathlib import Path
+from string import Template
+from typing import NoReturn, Optional
 from urllib.parse import urlparse
 
 from ops.main import main
-
 from opslib.osm.charm import CharmedOsmBase, RelationsMissing
-
+from opslib.osm.interfaces.http import HttpClient
 from opslib.osm.pod import (
     ContainerV3Builder,
-    PodSpecV3Builder,
     FilesV3Builder,
     IngressResourceV3Builder,
+    PodSpecV3Builder,
 )
+from opslib.osm.validator import ModelValidator, validator
 
 
-from opslib.osm.validator import (
-    ModelValidator,
-    validator,
-)
-
-from opslib.osm.interfaces.http import HttpClient
-from string import Template
-from pathlib import Path
-
 logger = logging.getLogger(__name__)
 
 
@@ -57,6 +50,7 @@ class ConfigModel(ModelValidator):
     server_name: str
     max_file_size: int
     site_url: Optional[str]
+    cluster_issuer: Optional[str]
     ingress_whitelist_source_range: Optional[str]
     tls_secret_name: Optional[str]
 
@@ -155,6 +149,7 @@ class NgUiCharm(CharmedOsmBase):
                     if config.max_file_size > 0
                     else config.max_file_size
                 ),
+                "kubernetes.io/ingress.class": "public",
             }
             ingress_resource_builder = IngressResourceV3Builder(
                 f"{self.app.name}-ingress", annotations
@@ -165,6 +160,9 @@ class NgUiCharm(CharmedOsmBase):
                     "nginx.ingress.kubernetes.io/whitelist-source-range"
                 ] = config.ingress_whitelist_source_range
 
+            if config.cluster_issuer:
+                annotations["cert-manager.io/cluster-issuer"] = config.cluster_issuer
+
             if parsed.scheme == "https":
                 ingress_resource_builder.add_tls(
                     [parsed.hostname], config.tls_secret_name