Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

cert-transfer integration (mutual_tls misnomer) #204

Merged
merged 20 commits into from
Aug 17, 2023
Merged

cert-transfer integration (mutual_tls misnomer) #204

merged 20 commits into from
Aug 17, 2023

Conversation

PietroPasotti
Copy link
Collaborator

@PietroPasotti PietroPasotti commented Jul 21, 2023
edited by sed-i

This PR adds a cert-transfer endpoint to Traefik, using the mutual_tls interface (rename pending) to allow traefik to receive ca certificates.

Fixes #195
Fixes #214

Depends on:

Tandem PRs:

Design target:

  1. For in-cluster CA, we need to use cert_transfer with traefik, instead of tls_certificates.
  2. For external CA, traefik needs to create a CSR over tls_certificates only with its external hostname. We should not add fqdn there.

image

@PietroPasotti PietroPasotti changed the base branch from main to ingress/scheme July 21, 2023 13:17
@PietroPasotti PietroPasotti mentioned this pull request Jul 21, 2023
Open
Base automatically changed from ingress/scheme to main July 25, 2023 14:38
sed-i
sed-i reviewed Jul 25, 2023
View reviewed changes
lib/charms/traefik_k8s/v2/ingress.py Outdated Show resolved Hide resolved
metadata.yaml Outdated Show resolved Hide resolved
lib/charms/mutual_tls_interface/v0/mutual_tls.py Show resolved Hide resolved
src/charm.py Outdated Show resolved Hide resolved
src/charm.py Outdated Show resolved Hide resolved
src/charm.py Outdated Show resolved Hide resolved
@lucabello
Copy link
Contributor

Not sure if this should wait for grafana-agent to be tested or not, but in any case LGTM :)

This was referenced Aug 10, 2023
Closed
Merged
@sed-i sed-i mentioned this pull request Aug 14, 2023
Merged
@sed-i sed-i requested review from lucabello and sed-i August 15, 2023 04:53
@lucabello lucabello changed the title Mtls integration (cert-transfer endpoint) cert-transfer integration (mutual_tls misnomer) Aug 16, 2023
@sed-i
Copy link
Contributor

sed-i commented Aug 17, 2023

Will address canonical/certificate-transfer-interface#11 in a separate traefik PR.
Merging as is to enable progress with related charms.

@sed-i sed-i merged commit 7b614ad into main Aug 17, 2023
14 checks passed
@sed-i sed-i deleted the mtls-integration branch August 17, 2023 22:23
This was referenced Aug 17, 2023
Closed
Merged
Closed
Merged
@sed-i sed-i mentioned this pull request Sep 25, 2023
Closed
@sed-i sed-i mentioned this pull request Nov 23, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lucabello lucabello lucabello approved these changes

@Abuelodelanada Abuelodelanada Awaiting requested review from Abuelodelanada Abuelodelanada is a code owner

@dstathis dstathis Awaiting requested review from dstathis dstathis is a code owner

@simskij simskij Awaiting requested review from simskij simskij is a code owner

@sed-i sed-i Awaiting requested review from sed-i sed-i is a code owner

Assignees
No one assigned
Labels
Libraries: Out of sync
Projects
None yet
Milestone
No milestone
3 participants
@PietroPasotti @lucabello @sed-i