Closed PietroPasotti closed 1 month ago
if we enable tls for tempo and another charm for charm tracing and then we disable tls on tempo and the other charm without removing the tracing relation, App data will not change (internal_scheme will still remain as https) and that will fail non-tls communication or if its the other way around, communication will also fail as it sees the app data still has http is this a valid scenario to cover?
@PietroPasotti @mmkay when certificates are pushed into the workload container, its an ephemeral volume so, in case of pod crash and restart, the certificates will be no longer there. Once tempo is back up, it will run as non-tls, but all databags are expected to send to a tls endpoint, so tls is now broken.
prometheus handles that https://github.com/canonical/prometheus-k8s-operator/blob/main/src/charm.py#L546
TLS integration support for Tempo charm
In principle ready for review, but it depends on ingress #94
Testing instructions:
you should be able to see charm traces in grafana for all the charms. verify that all receiver endpoints are using https: