I'm unsure why I originally filed this agains charm-aws-iam. That was not my intention. Ah, I see now that I was directed at the charmed-kubernetes project to file the bug and I did not notice there is a drop-down. My apologies.
I agree with your assessment that it should be possible (maybe even simple?) to provide the certificate on the relation.
The charm has an action for getting the certs called package-client-credentials and it references ~/.bash_aliases:
This suggests that updating the register job call with ca_cert, client_cert, and client_key with the contents of the above files would be all that is required. And, it turns out, there is already a method for pulling in those files.
I gave that a try by patching a live charm and, it turns out, etcd (724) from latest/stable doesn't have the latest prometheus-manual interface layer so it doesn't support the client cert. I patched that too with the latest and it works. Prometheus is now pulling the etcd metrics.
I'm unsure why I originally filed this agains charm-aws-iam. That was not my intention. Ah, I see now that I was directed at the charmed-kubernetes project to file the bug and I did not notice there is a drop-down. My apologies.
I agree with your assessment that it should be possible (maybe even simple?) to provide the certificate on the relation.
The charm has an action for getting the certs called package- client- credentials and it references ~/.bash_aliases:
$ cat ~/.bash_aliases KEY=/var/ snap/etcd/ common/ client. key CERT=/var/ snap/etcd/ common/ client. crt CACERT= /var/snap/ etcd/common/ ca.crt
export ETCDCTL_
export ETCDCTL_
export ETCDCTL_
This suggests that updating the register job call with ca_cert, client_cert, and client_key with the contents of the above files would be all that is required. And, it turns out, there is already a method for pulling in those files.
I gave that a try by patching a live charm and, it turns out, etcd (724) from latest/stable doesn't have the latest prometheus-manual interface layer so it doesn't support the client cert. I patched that too with the latest and it works. Prometheus is now pulling the etcd metrics.