GoCert

  • Canonical Telco
Channel Revision Published Runs on
latest/edge 19 03 Sep 2024
Ubuntu 22.04
latest/edge 18 03 Sep 2024
Ubuntu 22.04
juju deploy gocert-k8s --channel edge
Show information

Platform:

Run behind an ingress

In this guide we will list the necessary steps to achieve this using the Traefik-K8s operator and run Notary behind an ingress.

Pre-requisites

  • notary-k8s deployed on a Juju model

1. Deploy Traefik

juju deploy traefik-k8s --channel edge --trust

2. Deploy Self Signed Certificates Operator

juju deploy self-signed-certificates --channel beta

3. Integrate Self-Signed-Certificates Operator

Note: For now this step is required so Notary and Traefik share the same CA certificate, this is going to be replaced with the certificate-transfer-interface.

juju integrate self-signed-certificates:certificates traefik-k8s:certificates
juju integrate self-signed-certificates:certificates notary-k8s:certificates

4. Integrate Notary with Traefik

juju integrate notary-k8s:ingress traefik-k8s:ingress

5. Get the URL

Run the show-proxied-endpoints action on Traefik.

juju run traefik-k8s/0 show-proxied-endpoints
# Sample Action Output
Running operation 1 with 1 task
  - task 2 on unit-traefik-k8s-0

Waiting for task 2...
proxied-endpoints: '{"notary-k8s": {"url": "https://10.0.0.5/demo-notary-k8s"}}'

You should now be able to access Notary using the URL in the action output.