⚠️ WARNING: This feature has been added due to #380, but will be supported only in 1.17 and 1.21 (and the versions released in between, iff any), after that, it will be removed in favour of integrating with a TLS certificates provider. Documentation will be provided for upgrades and migrations.
This commits introduces actions that allow users to configure the TLS
ingress gateway for a single host directly passing the SSL cert and key
to the charm.
save-tls-secret: allows users to pass the ssl-key and ssl-crt values,
which the charm saves in a juju secret (owned by the charm) and uses
them to reconcile the ingress Gateway with such information.
remove-tls-secret: a handy action that allows users to remove the
TLS secret, which in turn removes the TLS configuration from the
ingress Gateway.
This commit also adds unit and integration tests to increase the
coverage due to the recent changes.
WARNING: please note this feature is only supported in 1.17 and 1.18,
and it will be removed after releasing 1.18 in favour of the TLS
provider method.
Fixes #380
Manual testing instructions
This feature requires juju 3.x
Deploy istio-operators from latest/edge and relate them
Pack the istio-pilot charm and refresh. Wait for active and idle.
Make sure the gateway resource is not configured for TLS:
⚠️ WARNING: This feature has been added due to #380, but will be supported only in 1.17 and 1.21 (and the versions released in between, iff any), after that, it will be removed in favour of integrating with a TLS certificates provider. Documentation will be provided for upgrades and migrations.
This commits introduces actions that allow users to configure the TLS ingress gateway for a single host directly passing the SSL cert and key to the charm.
This commit also adds unit and integration tests to increase the coverage due to the recent changes.
WARNING: please note this feature is only supported in 1.17 and 1.18, and it will be removed after releasing 1.18 in favour of the TLS provider method.
Fixes #380
Manual testing instructions
This feature requires juju 3.x
latest/edge
and relate themistio-pilot
charm and refresh. Wait for active and idle.gateway
resource is not configured forTLS
:save-tls-secret
action to pass values (strings)Secret
the gateway uses for TLS:remove-tls-secret
action and watch the Gateway be reconfigured w/o TLSsave-tls-secret
action and watch the unit go to BlockedStatus