Route53 LEGO (K8s)
- Canonical Telco
Channel | Revision | Published | Runs on |
---|---|---|---|
latest/stable | 90 | 04 Jul 2024 | |
latest/candidate | 90 | 04 Jul 2024 | |
latest/beta | 90 | 04 Jul 2024 | |
latest/edge | 109 | 17 Dec 2024 |
juju deploy route53-lego-k8s
Deploy Kubernetes operators easily with Juju, the Universal Operator Lifecycle Manager. Need a Kubernetes cluster? Install MicroK8s to create a full CNCF-certified Kubernetes system in under 60 seconds.
Platform:
Getting Started
In this tutorial, we will use the Route53 LEGO K8s charm to obtain a certificates from Let’s Encrypt for a requiring charm using the TLS Certificates Requirer Operator as our TLS certificates requirer. This tutorial assumes that you have a Hosted Zone in AWS Route53.
1. Install pre-requisites
Install MicroK8s:
sudo snap install microk8s
Enable the hostpath-storage
MicroK8s add-on:
microk8s enable hostpath-storage
Install Juju:
sudo snap install juju
2. Bootstrap a Juju controller
Bootstrap a Juju controller:
juju bootstrap microk8s
Create a Juju model:
juju add-model demo
3. Deploy Route53 LEGO K8s
Deploy the Route53 Lego K8s charm:
juju deploy route53-lego-k8s
Configure the charm with your ACME and AWS information:
juju config \
server=https://acme-staging-v02.api.letsencrypt.org/directory \
email=test@gmail.com \
aws_region=<your AWS region> \
aws_hosted_zone_id=<your AWS Hosted Zone ID> \
aws_access_key_id=<your AWS Access Key ID> \
aws_secret_access_key=<your AWS Secret Access Key>
Make sure to replace the AWS information with the appropriate one.
4. Deploy tls-certificates-requirer
Deploy TLS Certificates Requirer:
juju deploy tls-certificates-requirer --channel=edge
Configure the charm to use the same common name as in your AWS hosted zone:
juju config tls-certificates-requirer common_name=<your common name>
5. Integrate the two charms
Integrate the charms with their tls-certificates interface:
juju integrate route53-lego-k8s tls-certificates-requirer
Wait for both charms to be in the active/idle status. This can take a couple of minutes as the Route53 LEGO K8s charm makes its request to the ACME server. Once this is completed, you should see the following:
ubuntu@server:~$ juju status
Model Controller Cloud/Region Version SLA Timestamp
demo microk8s-localhost microk8s/localhost 3.1.7 unsupported 10:25:05-05:00
App Version Status Scale Charm Channel Rev Address Exposed Message
route53-lego-k8s waiting 1 route53-lego-k8s stable 7 10.152.183.24 no installing agent
tls-certificates-requirer active 1 tls-certificates-requirer 0 10.152.183.33 no Certificate is available
Unit Workload Agent Address Ports Message
route53-lego-k8s/0* active idle 10.1.182.53
tls-certificates-requirer/0* active idle 10.1.182.57 Certificate is available
6. Retrieve the TLS Certificates
Use the TLS Certificates Requirer’s get-certificate
action to retrieve the Let’s Encrypt certificate:
juju run tls-certificates-requirer/0 get-certificate
You should expect this output (with different certificates of course)
ubuntu@server:~$ juju run tls-certificates-requirer/0 get-certificate
Running operation 3 with 1 task
- task 4 on unit-tls-certificates-requirer-0
Waiting for task 4...
ca-certificate: |-
-----BEGIN CERTIFICATE-----
MIIFVDCCBDygAwIBAgIRAO1dW8lt+99NPs1qSY3Rs8cwDQYJKoZIhvcNAQELBQAw
cTELMAkGA1UEBhMCVVMxMzAxBgNVBAoTKihTVEFHSU5HKSBJbnRlcm5ldCBTZWN1
cml0eSBSZXNlYXJjaCBHcm91cDEtMCsGA1UEAxMkKFNUQUdJTkcpIERvY3RvcmVk
IER1cmlhbiBSb290IENBIFgzMB4XDTIxMDEyMDE5MTQwM1oXDTI0MDkzMDE4MTQw
M1owZjELMAkGA1UEBhMCVVMxMzAxBgNVBAoTKihTVEFHSU5HKSBJbnRlcm5ldCBT
ZWN1cml0eSBSZXNlYXJjaCBHcm91cDEiMCAGA1UEAxMZKFNUQUdJTkcpIFByZXRl
bmQgUGVhciBYMTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALbagEdD
Ta1QgGBWSYkyMhscZXENOBaVRTMX1hceJENgsL0Ma49D3MilI4KS38mtkmdF6cPW
nL++fgehT0FbRHZgjOEr8UAN4jH6omjrbTD++VZneTsMVaGamQmDdFl5g1gYaigk
kmx8OiCO68a4QXg4wSyn6iDipKP8utsE+x1E28SA75HOYqpdrk4HGxuULvlr03wZ
GTIf/oRt2/c+dYmDoaJhge+GOrLAEQByO7+8+vzOwpNAPEx6LW+crEEZ7eBXih6V
P19sTGy3yfqK5tPtTdXXCOQMKAp+gCj/VByhmIr+0iNDC540gtvV303WpcbwnkkL
YC0Ft2cYUyHtkstOfRcRO+K2cZozoSwVPyB8/J9RpcRK3jgnX9lujfwA/pAbP0J2
UPQFxmWFRQnFjaq6rkqbNEBgLy+kFL1NEsRbvFbKrRi5bYy2lNms2NJPZvdNQbT/
2dBZKmJqxHkxCuOQFjhJQNeO+Njm1Z1iATS/3rts2yZlqXKsxQUzN6vNbD8KnXRM
EeOXUYvbV4lqfCf8mS14WEbSiMy87GB5S9ucSV1XUrlTG5UGcMSZOBcEUpisRPEm
QWUOTWIoDQ5FOia/GI+Ki523r2ruEmbmG37EBSBXdxIdndqrjy+QVAmCebyDx9eV
EGOIpn26bW5LKerumJxa/CFBaKi4bRvmdJRLAgMBAAGjgfEwge4wDgYDVR0PAQH/
BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFLXzZfL+sAqSH/s8ffNE
oKxjJcMUMB8GA1UdIwQYMBaAFAhX2onHolN5DE/d4JCPdLriJ3NEMDgGCCsGAQUF
BwEBBCwwKjAoBggrBgEFBQcwAoYcaHR0cDovL3N0Zy1kc3QzLmkubGVuY3Iub3Jn
LzAtBgNVHR8EJjAkMCKgIKAehhxodHRwOi8vc3RnLWRzdDMuYy5sZW5jci5vcmcv
MCIGA1UdIAQbMBkwCAYGZ4EMAQIBMA0GCysGAQQBgt8TAQEBMA0GCSqGSIb3DQEB
CwUAA4IBAQB7tR8B0eIQSS6MhP5kuvGth+dN02DsIhr0yJtk2ehIcPIqSxRRmHGl
4u2c3QlvEpeRDp2w7eQdRTlI/WnNhY4JOofpMf2zwABgBWtAu0VooQcZZTpQruig
F/z6xYkBk3UHkjeqxzMN3d1EqGusxJoqgdTouZ5X5QTTIee9nQ3LEhWnRSXDx7Y0
ttR1BGfcdqHopO4IBqAhbkKRjF5zj7OD8cG35omywUbZtOJnftiI0nFcRaxbXo0v
oDfLD0S6+AC2R3tKpqjkNX6/91hrRFglUakyMcZU/xleqbv6+Lr3YD8PsBTub6lI
oZ2lS38fL18Aon458fbc0BPHtenfhKj5
-----END CERTIFICATE-----
certificate: |-
-----BEGIN CERTIFICATE-----
MIIFLDCCBBSgAwIBAgISKwAxw9n9Zd/jc81/j0iyAVhFMA0GCSqGSIb3DQEBCwUA
MFkxCzAJBgNVBAYTAlVTMSAwHgYDVQQKExcoU1RBR0lORykgTGV0J3MgRW5jcnlw
dDEoMCYGA1UEAxMfKFNUQUdJTkcpIEFydGlmaWNpYWwgQXByaWNvdCBSMzAeFw0y
NDAxMTcxNDI0NThaFw0yNDA0MTYxNDI0NTdaMCMxITAfBgNVBAMTGHBpenphLmNh
bm9uaWNhbHRlbGNvLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
AKf527FKvKx32VFxZhz6eQPr7J5KUhLifbD0rJHpDwAvuKBjDBALqYMmQNYNjQO9
r/cHqtt8+WWBLBB3l4+jeEgkFPJ4XW3pcdEeKVrlKbwyZzJ5DlXjRxAf3kigLApK
7P/HGWUelSFpx0SYfcC0QwKmH1FEVxkehIcwQBjsz2Yq25/T8fqzRavsKWRCkxwr
cfwuuMCJf392JeHWvQoeeLbv3rwd1r0gK6Qnwpf3XmsY+Hif5D0mvWzoeqAjbZ4q
WEG5vEKLcQ3npSKq4iLlxk3V15Ggq1nOPrmAPgqqQKd6PgOD9uyrwnuv6ZQ3AvFy
sDaRL86krLcnwfnz258ti1kCAwEAAaOCAiIwggIeMA4GA1UdDwEB/wQEAwIFoDAd
BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNV
HQ4EFgQUziLKzmQC8iK2XAbPPiHCix8KQCwwHwYDVR0jBBgwFoAU3nJ6SN8xw6ZQ
35+FI99XN0tdLmUwXQYIKwYBBQUHAQEEUTBPMCUGCCsGAQUFBzABhhlodHRwOi8v
c3RnLXIzLm8ubGVuY3Iub3JnMCYGCCsGAQUFBzAChhpodHRwOi8vc3RnLXIzLmku
bGVuY3Iub3JnLzAjBgNVHREEHDAaghhwaXp6YS5jYW5vbmljYWx0ZWxjby5jb20w
EwYDVR0gBAwwCjAIBgZngQwBAgEwggEEBgorBgEEAdZ5AgQCBIH1BIHyAPAAdgAo
dhoYkCf77zzQ1hoBjXawUFcpx6dBG8y99gT0XUJhUwAAAY0YBotuAAAEAwBHMEUC
IF0W5ERRXpAhi27UAd5mTp01uT5BBcP8Xyx61wCTySUcAiEAyfCwKizK2G8DU/3s
WZkGDEHz3s3uZ3r+L5WZJcP5Yf8AdgCwzIPlpfl9a698CcwoSQSHKsfoixMsY1C3
xv0m4WxsdwAAAY0YBotKAAAEAwBHMEUCIBAaKbSnKjO8kWbKHbsQwmBobmQ2yVeV
J9pRGebVM9bDAiEA/iyGQRBZjGMY+zbg1gTuIBzJ9m2BL2UUOqRnbGWFyKEwDQYJ
KoZIhvcNAQELBQADggEBAKZBaUVppLENs4IZc5yL//WfNJ9qneTKl4doEf+2wA4p
bt4vGCVtTPb4S1+IEqA59SsFgk4nLTEJLlZQCB0Czcf+9FUbWp6jmlDVuue3jqok
oecNFCVFGeFs+3PiWxKYraZDqZEYLs797bxvStIHH2+QDxXb0pqi9UNSq1hb1tx7
2QzpCQ1TAQ1Gk/RVMh4RmGggywxMr/TneYOETNMslhWCLmuXU53le0u3CNmTKTkV
9gnuiQD9HfDRan5CfzYSeZDm9XxjwB05z8J9RRazsVaSEwoBr0fLnJyEKNBceFfH
eEObXNuFCdpw7lVLOxTxLSkeh7YGvlBp6HS9AjvyTlg=
-----END CERTIFICATE-----
csr: |-
-----BEGIN CERTIFICATE REQUEST-----
MIIClzCCAX8CAQAwUjEhMB8GA1UEAwwYcGl6emEuY2Fub25pY2FsdGVsY28uY29t
MS0wKwYDVQQtDCRiNTdmNmU2Ni1kNzRiLTQyOTUtODEzYS1jNGMwNTRmNzljZWMw
ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCn+duxSrysd9lRcWYc+nkD
6+yeSlIS4n2w9KyR6Q8AL7igYwwQC6mDJkDWDY0Dva/3B6rbfPllgSwQd5ePo3hI
JBTyeF1t6XHRHila5Sm8MmcyeQ5V40cQH95IoCwKSuz/xxllHpUhacdEmH3AtEMC
ph9RRFcZHoSHMEAY7M9mKtuf0/H6s0Wr7ClkQpMcK3H8LrjAiX9/diXh1r0KHni2
7968Hda9ICukJ8KX915rGPh4n+Q9Jr1s6HqgI22eKlhBubxCi3EN56UiquIi5cZN
1deRoKtZzj65gD4KqkCnej4Dg/bsq8J7r+mUNwLxcrA2kS/OpKy3J8H589ufLYtZ
AgMBAAGgADANBgkqhkiG9w0BAQsFAAOCAQEAoRKeqvD50ZsJNR39cBs98POY1fFt
AO1Ss0qpIwzHuZUUxqxspAMe+J/yCSw5SsBtyhUBdjnzJeYv9IAVCJQmToM7N7SL
3bEQOnTMj+7aPr8K00g5tDfKsuyDOJydfmEgi0yZuMGOPAkIVFkG4dhDFqD8pc6y
Sp78RUc2YTQbR0jrF0oCl8v4pMG199h3y7+nlqChMvYPEjw1y/9jxQmwWRwtfY51
8kpE2qMFYTnfvTCkLTCGmXEvfvyu6+IdncoafDrQ/bRompcl2RdYqMTYxTcqOCvs
2tlJVuVkj5NwruxyYedJgHwtSwpuss6aS/pA7jOU8d2c/qI3RgTfuQCrAA==
-----END CERTIFICATE REQUEST-----
There you go, you have obtained certificates from Let’s Encrypt!
7. Destroy the environment
Kill the Juju controller:
juju kill-controller microk8s-localhost
Uninstall the Juju and MicroK8s snaps:
sudo snap remove microk8s juju --purge