glauth-k8s docs - tutorial

Charmed GLAuth K8s Tutorial

This tutorial aims to provide a general walkthrough to set up a fully working GLAuth server using glauth-k8s charmed operator, MicroK8s, and Juju.

Set up the environment

Follow this guide to bootstrap a MicroK8s cloud running a Juju controller.

Create a Juju model:

juju add-model dev

Deploy prerequisite charmed operators

The glauth-k8s charmed operator requires the following charmed operators deployed in the MicroK8s cluster:

juju deploy postgresql-k8s --channel 14/stable --trust

juju deploy self-signed-certificates

Deploy glauth-k8s charmed operator

The glauth-k8s charmed operator can be deployed as follows:

juju deploy glauth-k8s --channel edge --trust

Integrate with other charmed operators

The glauth-k8s charmed operator needs to integrate with the postgresql-k8s and self-signed-certificates charmed operators to reach active state:

juju integrate glauth-k8s postgresql-k8s

juju integrate glauth-k8s self-signed-certificates

The glauth-k8s charmed operator offers the ldap integration with any LDAP client charmed operator following the ldap interface protocol. Assuming we have deployed such a client charmed operator, we can proceed to integrate it with the glauth-k8s:

juju integrate <client-charm>:ldap glauth-k8s:ldap

The GLAuth supports the StartTLS operation, and the glauth-k8s charmed operator enables it by default. In order to allow the client to trust the self-signed certificates, we need to integrate the client charmed operator with the glauth-k8s charmed operator for the certificate_transfer interface protocol:

juju integrate <client-charm>:send-ca-cert glauth-k8s:send-ca-cert

Furthermore, the glauth-utils charmed operator allows us to apply data changes by using the LDIF. To integrate with the glauth-utils:

juju deploy glauth-utils --channel edge --trust

juju integrate glauth-k8s glauth-utils

A sample of supported LDIF content records can be found here.

We now should be able to reach to the following deployment status:

$ juju status --relations

Model  Controller          Cloud/Region        Version  SLA          Timestamp
dev    microk8s-localhost  microk8s/localhost  3.2.0    unsupported  16:12:33Z

App                       Version  Status  Scale  Charm                     Channel    Rev  Address         Exposed  Message
client                             active      1  client                                 0  10.152.183.78   no
glauth-k8s                         active      1  glauth-k8s                edge        13  10.152.183.231  no
glauth-utils                       active      1  glauth-utils              edge         4  10.152.183.26   no
postgresql-k8s            14.10    active      1  postgresql-k8s            14/stable  193  10.152.183.163  no       Primary
self-signed-certificates           active      1  self-signed-certificates  stable      72  10.152.183.21   no

Unit                         Workload  Agent  Address      Ports  Message
client/0*                    active    idle   10.1.48.115
glauth-k8s/0*                active    idle   10.1.48.96
glauth-utils/0*              active    idle   10.1.48.107
postgresql-k8s/0*            active    idle   10.1.48.77          Primary
self-signed-certificates/0*  active    idle   10.1.48.86

Integration provider                   Requirer                       Interface             Type     Message
glauth-k8s:glauth-auxiliary            glauth-utils:glauth-auxiliary  glauth_auxiliary      regular
glauth-k8s:glauth-peers                glauth-k8s:glauth-peers        glauth_peers          peer
glauth-k8s:ldap                        client:ldap                    ldap                  regular
glauth-k8s:send-ca-cert                client:send-ca-cert            certificate_transfer  regular
postgresql-k8s:database                glauth-k8s:pg-database         postgresql_client     regular
postgresql-k8s:database-peers          postgresql-k8s:database-peers  postgresql_peers      peer
postgresql-k8s:restart                 postgresql-k8s:restart         rolling_op            peer
postgresql-k8s:upgrade                 postgresql-k8s:upgrade         upgrade               peer
self-signed-certificates:certificates  glauth-k8s:certificates        tls-certificates      regular

Tear down the environment

Remove the dev Juju model:

juju destroy-model dev