Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

httprequest-lego-k8s does not go into error state if external_hostname is not set on traefik #144

Open
Thanhphan1147 opened this issue Apr 26, 2024 · 2 comments
Open

httprequest-lego-k8s does not go into error state if external_hostname is not set on traefik #144

Thanhphan1147 opened this issue Apr 26, 2024 · 2 comments
Labels
enhancement New feature or request

Comments

@Thanhphan1147
Copy link

Bug Description

Hi, when using httprequest-lego-k8s to provide certificates to traefik-k8s, I noticed that even though I haven't set the external_hostname config value for traefik-k8s, the charm still went ahead and create the request using the traefik's LB IP address which failed, but this failure does not make the charm go into error/blocked state and the charm went into an active state instead.

In this case the charm should go into blocked/error state to let the user know that it's not possible unless traefik-k8s is configured with external-hostname

To Reproduce

  1. juju deploy traefik-k8s --channel=latest/edge
  2. juju deploy httprequest-lego-k8s
  3. juju integrate traefik-k8s httprequest-lego-k8s

Environment

channel=stable

Relevant log output

Here is an extract of juju debug-log from one of our deployments.

2024-04-26T08:59:07.310Z [container-agent] 2024-04-26 08:59:07 ERROR juju-log certificates:43:     2024/04/26 08:59:07 Could not obtain certificates:
2024-04-26T08:59:07.312Z [container-agent] 2024-04-26 08:59:07 ERROR juju-log certificates:43:          acme: error: 400 :: POST :: https://acme-v02.api.letsencrypt.org/acme/new-order :: urn:ietf:params:acme:error:unsupportedIdentifier :: NewOrder reques
t included invalid non-DNS type identifier: type "ip", value "10.142.2.170"
2024-04-26T08:59:07.314Z [container-agent] 2024-04-26 08:59:07 ERROR juju-log certificates:43: Failed to execute lego command


### Additional context

_No response_
@Thanhphan1147 Thanhphan1147 added the bug Something isn't working label Apr 26, 2024
@gruyaume gruyaume added enhancement New feature or request and removed bug Something isn't working labels Apr 29, 2024
@gruyaume
Copy link
Contributor

The charm status only depends on what it can control, not on what TLS requirers do. For instance, httprequest could be integrated to multiple TLS requirers, and it should likely not go to blocked status if one of them does something wrong.

Maybe we could improve some of the logging, but I doubt we would want to implement this as requested.

I switched the issue type from bug to enhancement.

@Thanhphan1147
Copy link
Author

I see, thanks for the explaination! I agree with the improved logging proposal, maybe we can keep the charm's status as active but put a short text in the charm's status message. The idea is to notify the user that the request has failed and that some action needs to be done on the user's side.

@gruyaume gruyaume mentioned this issue May 10, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@gruyaume @Thanhphan1147