Skip to content

Commit

Permalink
feat: enable certificates relation on istio-pilot (#338)
Browse files Browse the repository at this point in the history
* feat: enable certificates relation on istio-pilot

Enabling the certificates relation enables the integration with tls-certificates-operator
and other charms that provide CA certificates. These CA certificates are used by istio-pilot
to configure TLS on the ingress Gateway resource.
In the past this was done exclusively via charm configuration, which is now removed in favour
of CA certificates provided through the certificates relation.
  • Loading branch information
DnPlas authored Oct 17, 2023
1 parent 5678df3 commit e80dcc8
Show file tree
Hide file tree
Showing 12 changed files with 2,571 additions and 94 deletions.
5 changes: 4 additions & 1 deletion .github/workflows/integrate.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -49,6 +49,9 @@ jobs:
microk8s-versions:
- 1.25-strict/stable
- 1.26-strict/stable
integration-types:
- integration
- integration-tls
steps:
- name: Check out repo
uses: actions/checkout@v3
Expand All @@ -65,7 +68,7 @@ jobs:
- name: Run integration tests
run: |
juju add-model test-istio
tox -e integration -- --model test-istio
tox -e ${{ matrix.integration-types }} -- --model test-istio
timeout-minutes: 80

- name: Setup Debug Artifact Collection
Expand Down
4 changes: 2 additions & 2 deletions charms/istio-pilot/charmcraft.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -8,8 +8,8 @@ bases:
channel: "20.04"
parts:
charm:
charm-python-packages: [setuptools, pip]
build-packages: [git]
charm-python-packages: [setuptools, pip, jsonschema, cryptography, cffi]
build-packages: [git, rustc, cargo, libffi-dev, libssl-dev, pkg-config]
istioctl:
plugin: dump
source: https://github.com/istio/istio/releases/download/1.17.3/istioctl-1.17.3-linux-amd64.tar.gz
Expand Down
14 changes: 0 additions & 14 deletions charms/istio-pilot/config.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -19,17 +19,3 @@ options:
type: string
default: istio-ingressgateway-workload
description: Name of the service created by istio-gateway to use as a Gateway
ssl-crt:
type: string
default: ''
description: |
Base-64 certificate output. Can be set as follows:
$ juju config ssl-crt="$(cat CERT_FILE | base64 -w0)"
or on the bundle with: "include-base64://"
ssl-key:
type: string
default: ''
description: |
Base-64 key output. Can be set as follows:
$ juju config ssl-key="$(cat CERT_FILE | base64 -w0)"
or on the bundle with: "include-base64://"
Loading

0 comments on commit e80dcc8

Please sign in to comment.