Currently, the tls-certificates integration only allows for certificates to be requested by charm units. In this change, we add support for certificates to be requested and owned by applications. TLS requirers can now insert the same content in the unit databag and in the application databag. The selection of the correct databag will be done by the TLS Library V4 trough the use of a Mode parameter with the potential values being Mode.UNIT, and Mode.APP.
Rationale
Certain applications like ingresses (ex. Traefik) require TLS Certificates to be owned at the application level.
Description
Currently, the
tls-certificatesintegration only allows for certificates to be requested by charm units. In this change, we add support for certificates to be requested and owned by applications. TLS requirers can now insert the same content in the unit databag and in the application databag. The selection of the correct databag will be done by the TLS Library V4 trough the use of a Mode parameter with the potential values being Mode.UNIT, and Mode.APP.Rationale
Certain applications like ingresses (ex. Traefik) require TLS Certificates to be owned at the application level.
Reference