Before enabling TLS, make sure you have deployed charmed Pyroscope. See the How to deploy Charmed Pyroscope guide for instructions.
Deploy a certificates provider
For this example, we will use the self-signed-certificates charm, but you can use any other charm that provides the tls-certificates interface:
juju deploy self-signed-certificates ssc
Integrate with Pyroscope
Then, integrate the coordinator with self-signed-certificates
juju integrate pyroscope:certificates ssc
Now, Charmed Pyroscope will be running over NGINX-terminated TLS.
Note: Upstream Pyroscope does not yet support TLS.
Charmed Pyroscope uses NGINX TLS termination at the coordinator, which means:
- Requests from clients to the coordinator are encrypted over TLS.
- Requests forwarded from the coordinator to worker charms are unsecured.
If you need e2e TLS, keep an eye out on adding service mesh support to Pyroscope