Configure TLS termination with ingress

This guide shows you how to configure TLS termination for Falcosidekick using the ingress interface.

Prerequisites

• A deployed Falcosidekick K8s operator from deploy Falcosidekick K8s tutorial

Configure ingress

Deploy the required operator

1. Deploy the gateway-api-integrator operator:

   juju deploy gateway-api-integrator --channel=latest/stable --config external-hostname=ingress.internal --config gateway-class=ck-gateway --trust
   

2. Remove the integration between falcosidekick and self-signed-certificates if you followed the previous tutorial:

   juju remove-relation falcosidekick-k8s:certificates self-signed-certificates:certificates
   

Tip

If you have not install the gateway API CRDs, you can do so by following the upstream documentation.

Integrate the operators

1. Integrate self-signed-certificates with gateway-api-integrator to provide certificates:

   juju integrate self-signed-certificates:certificates gateway-api-integrator:certificates
   

2. Integrate falcosidekick-k8s with gateway-api-integrator to enable ingress:

   juju integrate falcosidekick-k8s:ingress gateway-api-integrator:gateway
   

Alternative to self-signed-certificates charm for production

For production deployments, consider using the lego charm to automatically obtain and renew TLS certificates from Let’s Encrypt using the ACME protocol.