Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat!: add ingress_per_unit integration to glauth-k8s-operator #83

Merged
merged 1 commit into from
Jan 6, 2025
Merged

feat!: add ingress_per_unit integration to glauth-k8s-operator #83

merged 1 commit into from
Jan 6, 2025

Conversation

NucciTheBoss
Copy link
Contributor

Same as PR #78 but with recovered commits + removed merge commit.

This PR adds the ingress_per_unit integration to glauth-k8s so that the glauth TCP service can be addressable from machine charms outside of the Kubernetes cluster. Now, when a machine charm wants to connect to glauth for LDAP goodness, all you need to do is integrate glauth-k8s with traefik:

# Enable LoadBalancer implementation for your k8s cloud.
# In testing I used MetalLB with an IPADDR range partitioned off of my bridged LXD network.
microk8s enable metallb:<IPADDR range>  # Can also use Canonical k8s.

# Do the necessary setup by integrating with `postgresql-k8s` and `self-signed-certificates`...
juju deploy glauth-k8s --trust
juju deploy traefik-k8s --trust
juju integrate glauth-k8s:ingress traefik-k8s
# glauth TCP endpoint will be proxied by traefik and reachable from machine charms such as SSSD.

Breaking changes

One thing to note is that I updated the function signature of the ldap_url to return List[str] instead of str. I don't think it's that much of an issue as ldap_url is only used two times within the operator, and its returned value was casted to List[str] to satisfy the type requirements for the urls field in the ldap interface.

Related issues

@NucciTheBoss NucciTheBoss requested a review from a team as a code owner January 6, 2025 18:16
@NucciTheBoss
Copy link
Contributor Author

@shipperizer @wood-push-melon this PR is the same thing as #78 but restores the clobbered commits. Accidentally knee-capped the original branch when I removed the merge commit from main. Has the recommended changes suggested such as a FIXME comment about the traefik-k8s sacling issue, integration name declared in constants, and the rename of ldap_url to ldap_urls.

@NucciTheBoss
feat: enable ingress_per_unit for glauth
7daa7e2 
WARNING: glauth-k8s can only be scaled to 1 unit
when integrating with traefik-k8s because of issue
canonical/traefik-k8s-operator#406.

This issue will need to be fixed before glauth-k8s can be scaled
to more than one unit.

Signed-off-by: Jason C. Nucciarone <[email protected]>
@NucciTheBoss NucciTheBoss force-pushed the nuccitheboss/feat/ingress-per-unit branch from 06789f0 to 7daa7e2 Compare January 6, 2025 18:20
@wood-push-melon wood-push-melon merged commit 30ef2a6 into canonical:main Jan 6, 2025
3 checks passed
@NucciTheBoss NucciTheBoss deleted the nuccitheboss/feat/ingress-per-unit branch January 27, 2025 14:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@wood-push-melon wood-push-melon wood-push-melon approved these changes

@shipperizer shipperizer shipperizer approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Ingress enablement for GLAuth charm
3 participants
@NucciTheBoss @shipperizer @wood-push-melon