From my understanding the charm is sending its telemetry to Tempo (hopefully via https, but even this is not obvious). If that is the case, then why does the charm need a certificate? Is there a server running on the charm? Is it Tempo's certificate? If that's the case then how would the charm know about it?
The doc let us believe that not setting this leads to sending traces over an insecure connection. But why, how? It's the server that needs a TLS cert, not the client. Is there some mTLS going on?
In any case, this is not quite clear at the moment and better documentation on this topic would be helpful to charm developers.
Enhancement Proposal
From my understanding the charm is sending its telemetry to Tempo (hopefully via https, but even this is not obvious). If that is the case, then why does the charm need a certificate? Is there a server running on the charm? Is it Tempo's certificate? If that's the case then how would the charm know about it?
The doc let us believe that not setting this leads to sending traces over an insecure connection. But why, how? It's the server that needs a TLS cert, not the client. Is there some mTLS going on?
In any case, this is not quite clear at the moment and better documentation on this topic would be helpful to charm developers.