Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: support external ca from cloud-integrator #330

Merged
merged 2 commits into from
Nov 14, 2024
Merged

feat: support external ca from cloud-integrator #330

merged 2 commits into from
Nov 14, 2024

Conversation

lucabello
Copy link
Contributor

@lucabello lucabello commented Nov 14, 2024
edited
Loading

Issue

This PR partially is in tandem with the PR canonical/grafana-cloud-integrator#21 and should be merged after.

It also fixes (partially) canonical/grafana-cloud-integrator#18 (I'm also opening a PR in the machine charm).

⚠️ Do NOT merge before the other one, it contains the (yet) unreleased version of the cloud_config_requirer library.

Solution

grafana-cloud-integrator#21 (the PR for the CA issue) is addressed by saving the CA coming from relation data to file, and then calling update-ca-certificates as usual. We do this on the custom cloud-config-available event, which is emitted whenever there is a relation joined/changed/broken involving the cloud-integrator relation.

grafana-cloud-integrator#18 (the config issue) is solved by populating the _loki_config not only if there are endpoints coming from self._loki_consumer, but also considering the ones coming from the cloud integrator (self._cloud.loki_ready). The endpoints themselves are already included in self._loki_endpoints_with_tls().

Testing Instructions

Remember to use the Loki FQDN, not the IP, or TLS won't work.

  1. Deploy the necessary charms:
# all the juju deploy commands are from edge and with --trust
juju deploy (the grafana-agent-k8s charm from this branch) agent
juju deploy (the grafana-cloud-integrator from the linked PR) cloud-integrator
juju deploy self-signed-certificates ca
juju deploy flog-k8s flog
juju deploy loki-k8s loki
  1. Relate the charms:
juju relate agent:logging-provider flog:log-proxy
juju relate agent cloud-integrator
juju relate loki ca
  1. juju config cloud-integrator loki-url="https://<loki-fqdn>:3100/loki/api/v1/push"
  2. Make sure there is no agent series in Loki (no CA is configured in cloud-integrator yet)
curl -k https://<loki-fqdn>:3100/loki/api/v1/series | jq | grep flog
  1. Extract the CA from Loki and set it in cloud integrator:
juju scp --container=loki loki/0:/usr/local/share/ca-certificates/cos-ca.crt cos-ca.crt
juju config cloud-integrator [email protected]
  1. Observe the configuration contains the Loki endpoint, the CA has reached grafana-agent and that the series is now in Loki:
# agent config contains the endpoint
juju ssh --container=agent agent/0 cat /etc/grafana-agent.yaml
# agent contains the certificate from cloud-integrator
juju ssh --container=agent agent/0 cat /usr/local/share/ca-certificates/cloud-integrator.crt
# series is now in loki
curl -k https://<loki-fqdn>:3100/loki/api/v1/series | jq | grep flog

@lucabello lucabello requested a review from a team as a code owner November 14, 2024 10:23
@lucabello lucabello mentioned this pull request Nov 14, 2024
Merged
@lucabello
Copy link
Contributor Author

I have tested this manually and everything works fine :)

sed-i
sed-i approved these changes Nov 14, 2024
View reviewed changes
Copy link
Contributor

@sed-i sed-i left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Haven't tested but looks good.

src/grafana_agent.py Show resolved Hide resolved
@lucabello lucabello merged commit a6e47de into main Nov 14, 2024
13 checks passed
@lucabello lucabello deleted the feature/cloud-integrator-ca branch November 14, 2024 16:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sed-i sed-i sed-i approved these changes

Assignees
No one assigned
Labels
Libraries: Out of sync
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@lucabello @sed-i