Tutorial: Getting Started with TLS Certificates Requirer

Getting Started

In this tutorial, we will use the Self Signed Certificates Operator to provide X509 certificates to the TLS Certificates Requirer tusing the tls-certificates integration.

1. Install pre-requisites

Install MicroK8s:

sudo snap install microk8s

Enable the hostpath-storage MicroK8s add-on:

microk8s enable hostpath-storage

Install Juju:

sudo snap install juju

2. Bootstrap a Juju controller

Bootstrap a Juju controller:

juju bootstrap microk8s

Create a Juju model:

juju add-model demo

3. Deploy and integrate the charms

Deploy the Self Signed Certificates operator:

juju deploy self-signed-certificates

Deploy the TLS Certificates Requirer operator:

juju deploy tls-certificates-requirer --channel=edge

Integrate the two:

juju integrate tls-certificates-requirer self-signed-certificates

Wait for both charms to be in the Active/Idle state:

ubuntu@server:~$ juju status
Model  Controller     Cloud/Region   Version  SLA          Timestamp
demo   aws-us-east-2  aws/us-east-2  3.1.7    unsupported  20:06:22-05:00

App                        Version  Status  Scale  Charm                      Channel  Rev  Exposed  Message
self-signed-certificates            active      1  self-signed-certificates   stable    57  no       
tls-certificates-requirer           active      1  tls-certificates-requirer  edge      27  no       Certificate is available

Unit                          Workload  Agent  Machine  Public address  Ports  Message
self-signed-certificates/0*   active    idle   0        18.226.164.205         
tls-certificates-requirer/0*  active    idle   1        3.17.179.73            Certificate is available

Machine  State    Address         Inst id              Base          AZ          Message
0        started  18.226.164.205  i-02fef38d887ce357f  ubuntu@22.04  us-east-2a  running
1        started  3.17.179.73     i-0d9d6231ee5b7c1e9  ubuntu@22.04  us-east-2a  running

4. Retrieve the TLS Certificates

Use the TLS Certificates Requirer’s get-certificate action to retrieve the Let’s Encrypt certificate:

juju run tls-certificates-requirer/0 get-certificate

You should expect this output (with different certificates of course):

ubuntu@server:~$ juju run tls-certificates-requirer/0 get-certificate
Running operation 1 with 1 task
  - task 2 on unit-tls-certificates-requirer-0

Waiting for task 2...
ca-certificate: |-
  -----BEGIN CERTIFICATE-----
  MIIDZzCCAk+gAwIBAgIUVDNDj2jL72Qdmh19ACQDRjj0Wi0wDQYJKoZIhvcNAQEL
  BQAwOTELMAkGA1UEBhMCVVMxKjAoBgNVBAMMIXNlbGYtc2lnbmVkLWNlcnRpZmlj
  YXRlcy1vcGVyYXRvcjAeFw0yNDAxMTgwMTA0MDBaFw0yNTAxMTcwMTA0MDBaMDkx
  CzAJBgNVBAYTAlVTMSowKAYDVQQDDCFzZWxmLXNpZ25lZC1jZXJ0aWZpY2F0ZXMt
  b3BlcmF0b3IwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrFoRCfr9R
  PCnvAeewEPjXOF55WWhFjpRm4VcsO1uninMaSAYQc1TRJMdQvK00ia69dY2CmEE+
  UK0DrG4sCqnWH2RG0LzP/XN8YkM6eEs2BF9j66ytqA2JIvinAxdtnejaUNHqwiYc
  qtXffs8QYye15gCO2aq7bX4N7EH57g2w4aMXlzhWOLBFkD3Q0qL1P3N2i6WyA1iK
  YyAhisH3bbHNuJWyxQHjO8ZIBHoZfJqtCqG8ApgFwrxymZWI7dnRxJ7NPGzKiuxr
  E5GPeCk5X0hWqENhuXjrqVjD4KQt0lOMNBmaIHlYRwl5DCXRUH+wiEybMycAd++W
  b5q0jIxNKv//AgMBAAGjZzBlMB8GA1UdDgQYBBYEFI7WwNj89CcPj52In4ehI7xh
  B9Y7MCEGA1UdIwQaMBiAFgQUjtbA2Pz0Jw+PnYifh6EjvGEH1jswDgYDVR0PAQH/
  BAQDAgKkMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAHic4ute
  X+iekxsjujKkHsIzF1cgpK83Pq8uSotyB5gI61vB+fp7frktJmns5sY40ruQ8Cjf
  XL8koYqajaxTwThASh+bnkUrdcZsM3a/9kRi7I8zVwERWNF0J9k/yJPCcocvVesz
  nS476i8Ywet87gBlU/wtDFGn3aXlpHVt+siAv+wUW5ChfxxyHdVB6dLwdHMmrm3A
  pux0KyvM2mnOKu/RACcCesArv/2fBlKxsUXWlRZFa1a60ogY4+6Nfj8B8Wl13gB/
  N/K5RU9bviy48bKg3V7ooSKf8eQHB+AiCmhTAUvWe4qXyXW7uF4gtMUGj7aZEg+3
  iwSYqK8tnl5RCOA=
  -----END CERTIFICATE-----
certificate: |-
  -----BEGIN CERTIFICATE-----
  MIIDcjCCAlqgAwIBAgIUR9vrH4Vrs/AFewwKZ8YLRGWZ++owDQYJKoZIhvcNAQEL
  BQAwOTELMAkGA1UEBhMCVVMxKjAoBgNVBAMMIXNlbGYtc2lnbmVkLWNlcnRpZmlj
  YXRlcy1vcGVyYXRvcjAeFw0yNDAxMTgwMTA1MjlaFw0yNTAxMTcwMTA1MjlaMFkx
  KDAmBgNVBAMMH3Rscy1jZXJ0aWZpY2F0ZXMtcmVxdWlyZXItMC50bHMxLTArBgNV
  BC0MJDMxMDU1MmE3LTE2YmYtNDJhMy04OTI5LWZhYTM5ZjFiYTU5NTCCASIwDQYJ
  KoZIhvcNAQEBBQADggEPADCCAQoCggEBAI9AWXHMLJnrfo8mDc1mtAuA/5SQUSwo
  Zb9zHJB4bfTQLRvFKqulda3URcGOmyPUqleVjmYPa9EWkpJtAdkkB1LjYbrw9U+E
  M2KlSMItlbRf/0K5sxYFXvOgAr8u2tPbZP830aq3YpE0AItycYC3M8nkKWoB7izo
  WdvsC+noZpnH4AQQhw1H/ANaXEKSr4PxAvnl9DO12SpEaL9M4s7DNEsO/ISnU6TZ
  CN0eHjQgNt5pEuT+AVQDOz4yCTq4aTRAY3dP8b+hb6sJ0fAJWhtOENZzwpmk6JQb
  PsdRYPyzQrDKlHJpvYwwQtjwvgseQiXTNHN2WlHktk/DYBMdLxGzV7ECAwEAAaNS
  MFAwIQYDVR0jBBowGIAWBBSO1sDY/PQnD4+diJ+HoSO8YQfWOzAdBgNVHQ4EFgQU
  WR1SAhfuReMZxeJ04dtcydhnPmswDAYDVR0TAQH/BAIwADANBgkqhkiG9w0BAQsF
  AAOCAQEAULoiiHTLwczoOo/pCabLoVv4DMHR88YMT+8MmVMAx8tD12prr8wjxL8N
  4vp7aH7HTEii+4dekBFpZ8C/RimNZUb6JYCEN3+nGJj2+iQ9X+doDNziWBXb3Tdz
  bvDKPC5FAT4Uh8DQcKjDzwwS2rrtoXY4l9OPjrHpHAqgAOwixBwucLNOlXv58nwP
  5Kl092Vm6MbVyq6odySpgh2GfDoHaQR8hQkq4mvyd7uT8bnh1hYIu0VIa00NVeb4
  kaWB3tcoUkeTOzL1vPvefQPo1jMWolxDitdb4WnSONEhOSuEedzSQqyx1vyWJyg3
  VlZKuaefuvkWGD6Hg7fO60b4n6UPng==
  -----END CERTIFICATE-----
csr: |-
  -----BEGIN CERTIFICATE REQUEST-----
  MIICnjCCAYYCAQAwWTEoMCYGA1UEAwwfdGxzLWNlcnRpZmljYXRlcy1yZXF1aXJl
  ci0wLnRsczEtMCsGA1UELQwkMzEwNTUyYTctMTZiZi00MmEzLTg5MjktZmFhMzlm
  MWJhNTk1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj0BZccwsmet+
  jyYNzWa0C4D/lJBRLChlv3MckHht9NAtG8Uqq6V1rdRFwY6bI9SqV5WOZg9r0RaS
  km0B2SQHUuNhuvD1T4QzYqVIwi2VtF//QrmzFgVe86ACvy7a09tk/zfRqrdikTQA
  i3JxgLczyeQpagHuLOhZ2+wL6ehmmcfgBBCHDUf8A1pcQpKvg/EC+eX0M7XZKkRo
  v0zizsM0Sw78hKdTpNkI3R4eNCA23mkS5P4BVAM7PjIJOrhpNEBjd0/xv6FvqwnR
  8AlaG04Q1nPCmaTolBs+x1Fg/LNCsMqUcmm9jDBC2PC+Cx5CJdM0c3ZaUeS2T8Ng
  Ex0vEbNXsQIDAQABoAAwDQYJKoZIhvcNAQELBQADggEBAHNIvxBpCySo/eo4CtFC
  KoTMBTEh7EwoNXQ1mNaGsC9hT5FJSCemQLMoTNXL0NxcnpnOpubouFUiBP96jRB/
  92r+gtq1XkgZL2Qt51Qt6p+kgEIU8dmJ/0oTMjmYR3FuFQI5EiUopxrfeQz6Vzza
  4Zmje2VKiZ2vJw1brajGh9UcMSEuR8lQqDCdW06fYVUkCkB8sagUfQAG50e6sbiT
  xFonW9hw6ygx/dV427wfMM0s5rTAWds5WsERFF6RGt52xGADTc9vG/1TUJGUJ0px
  0ID2v6diQO9t5SErRBg2wKSQ80ZqHDUd1OEaBs5ekZd/+/+RxtWjPEvTQioJ2D4B
  13M=
  -----END CERTIFICATE REQUEST-----