If you are going to use this setup in production, you should enable HTTP TLS in your OpenFGA server. You will need to configure the TLS certificate and key.
And their config page suggests:
1. Configure the authentication method to preshared: export OPENFGA_AUTHN_METHOD=preshared.
2. Configure the authentication keys: export OPENFGA_AUTHN_PRESHARED_KEYS=key1,key2
3. Enable the HTTP TLS configuration: export OPENFGA_HTTP_TLS_ENABLED=true
4. Configure the HTTP TLS certificate location: export OPENFGA_HTTP_TLS_CERT=/Users/myuser/key/server.crt
5. Configure the HTTP TLS key location: export OPENFGA_HTTP_TLS_KEY=/Users/myuser/key/server.key
I think it would suffice if you implemented the cerficiates relation (tls-certificates interface) allowing us to relate the httprequest-lego-k8s charm to it to obtain the certificate and then set the corresponding environment variables.
Enhancement Proposal
Please implement the TLS support in the charm.
The OpenFGA documentation says:
And their config page suggests:
I think it would suffice if you implemented the
cerficiates
relation (tls-certificates
interface) allowing us to relate thehttprequest-lego-k8s
charm to it to obtain the certificate and then set the corresponding environment variables.