TLS Certificates Requirer
- By Canonical Telco
| Channel | Revision | Published | Runs on |
|---|---|---|---|
| latest/stable | 72 | 18 Apr 2024 | |
| latest/candidate | 72 | 18 Apr 2024 | |
| latest/beta | 72 | 18 Apr 2024 | |
| latest/edge | 85 | 09 May 2024 |
juju deploy tls-certificates-requirer --channel beta
Deploy universal operators easily with Juju, the Universal Operator Lifecycle Manager.
Platform:
22.04
Getting Started
In this tutorial, we will use the Self Signed Certificates Operator to provide X509 certificates to the TLS Certificates Requirer tusing the tls-certificates integration.
1. Install pre-requisites
Install MicroK8s:
sudo snap install microk8s
Enable the hostpath-storage MicroK8s add-on:
microk8s enable hostpath-storage
Install Juju:
sudo snap install juju
2. Bootstrap a Juju controller
Bootstrap a Juju controller:
juju bootstrap microk8s
Create a Juju model:
juju add-model demo
3. Deploy and integrate the charms
Deploy the Self Signed Certificates operator:
juju deploy self-signed-certificates
Deploy the TLS Certificates Requirer operator:
juju deploy tls-certificates-requirer --channel=edge
Integrate the two:
juju integrate tls-certificates-requirer self-signed-certificates
Wait for both charms to be in the Active/Idle state:
ubuntu@server:~$ juju status
Model Controller Cloud/Region Version SLA Timestamp
demo aws-us-east-2 aws/us-east-2 3.1.7 unsupported 20:06:22-05:00
App Version Status Scale Charm Channel Rev Exposed Message
self-signed-certificates active 1 self-signed-certificates stable 57 no
tls-certificates-requirer active 1 tls-certificates-requirer edge 27 no Certificate is available
Unit Workload Agent Machine Public address Ports Message
self-signed-certificates/0* active idle 0 18.226.164.205
tls-certificates-requirer/0* active idle 1 3.17.179.73 Certificate is available
Machine State Address Inst id Base AZ Message
0 started 18.226.164.205 i-02fef38d887ce357f ubuntu@22.04 us-east-2a running
1 started 3.17.179.73 i-0d9d6231ee5b7c1e9 ubuntu@22.04 us-east-2a running
4. Retrieve the TLS Certificates
Use the TLS Certificates Requirer’s get-certificate action to retrieve the Let’s Encrypt certificate:
juju run tls-certificates-requirer/0 get-certificate
You should expect this output (with different certificates of course):
ubuntu@server:~$ juju run tls-certificates-requirer/0 get-certificate
Running operation 1 with 1 task
- task 2 on unit-tls-certificates-requirer-0
Waiting for task 2...
ca-certificate: |-
-----BEGIN CERTIFICATE-----
MIIDZzCCAk+gAwIBAgIUVDNDj2jL72Qdmh19ACQDRjj0Wi0wDQYJKoZIhvcNAQEL
BQAwOTELMAkGA1UEBhMCVVMxKjAoBgNVBAMMIXNlbGYtc2lnbmVkLWNlcnRpZmlj
YXRlcy1vcGVyYXRvcjAeFw0yNDAxMTgwMTA0MDBaFw0yNTAxMTcwMTA0MDBaMDkx
CzAJBgNVBAYTAlVTMSowKAYDVQQDDCFzZWxmLXNpZ25lZC1jZXJ0aWZpY2F0ZXMt
b3BlcmF0b3IwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrFoRCfr9R
PCnvAeewEPjXOF55WWhFjpRm4VcsO1uninMaSAYQc1TRJMdQvK00ia69dY2CmEE+
UK0DrG4sCqnWH2RG0LzP/XN8YkM6eEs2BF9j66ytqA2JIvinAxdtnejaUNHqwiYc
qtXffs8QYye15gCO2aq7bX4N7EH57g2w4aMXlzhWOLBFkD3Q0qL1P3N2i6WyA1iK
YyAhisH3bbHNuJWyxQHjO8ZIBHoZfJqtCqG8ApgFwrxymZWI7dnRxJ7NPGzKiuxr
E5GPeCk5X0hWqENhuXjrqVjD4KQt0lOMNBmaIHlYRwl5DCXRUH+wiEybMycAd++W
b5q0jIxNKv//AgMBAAGjZzBlMB8GA1UdDgQYBBYEFI7WwNj89CcPj52In4ehI7xh
B9Y7MCEGA1UdIwQaMBiAFgQUjtbA2Pz0Jw+PnYifh6EjvGEH1jswDgYDVR0PAQH/
BAQDAgKkMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAHic4ute
X+iekxsjujKkHsIzF1cgpK83Pq8uSotyB5gI61vB+fp7frktJmns5sY40ruQ8Cjf
XL8koYqajaxTwThASh+bnkUrdcZsM3a/9kRi7I8zVwERWNF0J9k/yJPCcocvVesz
nS476i8Ywet87gBlU/wtDFGn3aXlpHVt+siAv+wUW5ChfxxyHdVB6dLwdHMmrm3A
pux0KyvM2mnOKu/RACcCesArv/2fBlKxsUXWlRZFa1a60ogY4+6Nfj8B8Wl13gB/
N/K5RU9bviy48bKg3V7ooSKf8eQHB+AiCmhTAUvWe4qXyXW7uF4gtMUGj7aZEg+3
iwSYqK8tnl5RCOA=
-----END CERTIFICATE-----
certificate: |-
-----BEGIN CERTIFICATE-----
MIIDcjCCAlqgAwIBAgIUR9vrH4Vrs/AFewwKZ8YLRGWZ++owDQYJKoZIhvcNAQEL
BQAwOTELMAkGA1UEBhMCVVMxKjAoBgNVBAMMIXNlbGYtc2lnbmVkLWNlcnRpZmlj
YXRlcy1vcGVyYXRvcjAeFw0yNDAxMTgwMTA1MjlaFw0yNTAxMTcwMTA1MjlaMFkx
KDAmBgNVBAMMH3Rscy1jZXJ0aWZpY2F0ZXMtcmVxdWlyZXItMC50bHMxLTArBgNV
BC0MJDMxMDU1MmE3LTE2YmYtNDJhMy04OTI5LWZhYTM5ZjFiYTU5NTCCASIwDQYJ
KoZIhvcNAQEBBQADggEPADCCAQoCggEBAI9AWXHMLJnrfo8mDc1mtAuA/5SQUSwo
Zb9zHJB4bfTQLRvFKqulda3URcGOmyPUqleVjmYPa9EWkpJtAdkkB1LjYbrw9U+E
M2KlSMItlbRf/0K5sxYFXvOgAr8u2tPbZP830aq3YpE0AItycYC3M8nkKWoB7izo
WdvsC+noZpnH4AQQhw1H/ANaXEKSr4PxAvnl9DO12SpEaL9M4s7DNEsO/ISnU6TZ
CN0eHjQgNt5pEuT+AVQDOz4yCTq4aTRAY3dP8b+hb6sJ0fAJWhtOENZzwpmk6JQb
PsdRYPyzQrDKlHJpvYwwQtjwvgseQiXTNHN2WlHktk/DYBMdLxGzV7ECAwEAAaNS
MFAwIQYDVR0jBBowGIAWBBSO1sDY/PQnD4+diJ+HoSO8YQfWOzAdBgNVHQ4EFgQU
WR1SAhfuReMZxeJ04dtcydhnPmswDAYDVR0TAQH/BAIwADANBgkqhkiG9w0BAQsF
AAOCAQEAULoiiHTLwczoOo/pCabLoVv4DMHR88YMT+8MmVMAx8tD12prr8wjxL8N
4vp7aH7HTEii+4dekBFpZ8C/RimNZUb6JYCEN3+nGJj2+iQ9X+doDNziWBXb3Tdz
bvDKPC5FAT4Uh8DQcKjDzwwS2rrtoXY4l9OPjrHpHAqgAOwixBwucLNOlXv58nwP
5Kl092Vm6MbVyq6odySpgh2GfDoHaQR8hQkq4mvyd7uT8bnh1hYIu0VIa00NVeb4
kaWB3tcoUkeTOzL1vPvefQPo1jMWolxDitdb4WnSONEhOSuEedzSQqyx1vyWJyg3
VlZKuaefuvkWGD6Hg7fO60b4n6UPng==
-----END CERTIFICATE-----
csr: |-
-----BEGIN CERTIFICATE REQUEST-----
MIICnjCCAYYCAQAwWTEoMCYGA1UEAwwfdGxzLWNlcnRpZmljYXRlcy1yZXF1aXJl
ci0wLnRsczEtMCsGA1UELQwkMzEwNTUyYTctMTZiZi00MmEzLTg5MjktZmFhMzlm
MWJhNTk1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj0BZccwsmet+
jyYNzWa0C4D/lJBRLChlv3MckHht9NAtG8Uqq6V1rdRFwY6bI9SqV5WOZg9r0RaS
km0B2SQHUuNhuvD1T4QzYqVIwi2VtF//QrmzFgVe86ACvy7a09tk/zfRqrdikTQA
i3JxgLczyeQpagHuLOhZ2+wL6ehmmcfgBBCHDUf8A1pcQpKvg/EC+eX0M7XZKkRo
v0zizsM0Sw78hKdTpNkI3R4eNCA23mkS5P4BVAM7PjIJOrhpNEBjd0/xv6FvqwnR
8AlaG04Q1nPCmaTolBs+x1Fg/LNCsMqUcmm9jDBC2PC+Cx5CJdM0c3ZaUeS2T8Ng
Ex0vEbNXsQIDAQABoAAwDQYJKoZIhvcNAQELBQADggEBAHNIvxBpCySo/eo4CtFC
KoTMBTEh7EwoNXQ1mNaGsC9hT5FJSCemQLMoTNXL0NxcnpnOpubouFUiBP96jRB/
92r+gtq1XkgZL2Qt51Qt6p+kgEIU8dmJ/0oTMjmYR3FuFQI5EiUopxrfeQz6Vzza
4Zmje2VKiZ2vJw1brajGh9UcMSEuR8lQqDCdW06fYVUkCkB8sagUfQAG50e6sbiT
xFonW9hw6ygx/dV427wfMM0s5rTAWds5WsERFF6RGt52xGADTc9vG/1TUJGUJ0px
0ID2v6diQO9t5SErRBg2wKSQ80ZqHDUd1OEaBs5ekZd/+/+RxtWjPEvTQioJ2D4B
13M=
-----END CERTIFICATE REQUEST-----