how-to: Configure LEGO K8s with Route53 DNS plugin information

Configure with Route53 DNS plugin information

In this guide, we will go through the steps neccessary to use the LEGO Operator for providing certificates to another charm using the route53 dns plugin.

Create a Juju Model:

juju add-model <your model name>

Deploy the Lego charm:

juju deploy lego --channel 4/edge

Configure the charm with your ACME information:

juju config lego \
  server=<your ACME server> \
  email=<your email address> \
  plugin=route53

Lego operator accepts all of the environment variables defined in the LEGO documentation as keys in the secret you’ve provided. Provide the configuration for the httpreq as a juju secret:

$ juju add-secret lego-credentials \
    aws-access-key-id=kgemalmaz.com
    aws-secret-access-key=your_secret_access_key \
    aws-region=aws-region \
    aws-hosted-zone-id=your_hosted_zone_id \
    # include your session token if AWS provides this value for you
    aws-session-token=your_session_token  
secret:crr9g37mp25c77tv2atg
$ juju grant-secret lego-credentials lego
$ juju config lego plugin-config-secret-id=crr9g37mp25c77tv2atg

If all of the correct keys are provided, you should see that your charm is now in an active state

Model  Controller          Cloud/Region        Version  SLA          Timestamp
demo   microk8s-localhost  microk8s/localhost  3.4.5    unsupported  14:36:17+03:00

App   Version  Status  Scale  Charm  Channel  Rev  Address         Exposed  Message
lego           active      1  lego   4/edge     7  10.152.183.196  no       0/0 certificate requests are fulfilled

Unit     Workload  Agent  Address      Ports  Message
lego/0*  active    idle   10.1.90.177         0/0 certificate requests are fulfilled

Deploy your charm that requires TLS certificates and integrate it with the Lego charm:

juju deploy <your charm>
juju integrate <your charm> lego