GoCert
- Canonical Telco
Channel | Revision | Published | Runs on |
---|---|---|---|
latest/edge | 19 | 03 Sep 2024 | |
latest/edge | 18 | 03 Sep 2024 |
juju deploy gocert-k8s --channel edge
Deploy Kubernetes operators easily with Juju, the Universal Operator Lifecycle Manager. Need a Kubernetes cluster? Install MicroK8s to create a full CNCF-certified Kubernetes system in under 60 seconds.
Platform:
Run behind an ingress
In this guide we will list the necessary steps to achieve this using the Traefik-K8s operator and run Notary behind an ingress.
Pre-requisites
- notary-k8s deployed on a Juju model
1. Deploy Traefik
juju deploy traefik-k8s --channel edge --trust
2. Deploy Self Signed Certificates Operator
juju deploy self-signed-certificates --channel beta
3. Integrate Self-Signed-Certificates Operator
Note: For now this step is required so Notary and Traefik share the same CA certificate, this is going to be replaced with the certificate-transfer-interface
.
juju integrate self-signed-certificates:certificates traefik-k8s:certificates
juju integrate self-signed-certificates:certificates notary-k8s:certificates
4. Integrate Notary with Traefik
juju integrate notary-k8s:ingress traefik-k8s:ingress
5. Get the URL
Run the show-proxied-endpoints
action on Traefik.
juju run traefik-k8s/0 show-proxied-endpoints
# Sample Action Output
Running operation 1 with 1 task
- task 2 on unit-traefik-k8s-0
Waiting for task 2...
proxied-endpoints: '{"notary-k8s": {"url": "https://10.0.0.5/demo-notary-k8s"}}'
You should now be able to access Notary using the URL in the action output.