Possibly a bit more on my use case, and how I’m going about it
- Deploy HA public facing juju controllers using my own key/cert/ca.
Steps to accomplish goal:
Deploy HA Juju controllers that use my own key/cert by providing
juju bootstrap with the correct config values.
a) Identify config values that matter for this use case can be found here.
b) Formulate bootstrap command with correct values.
juju bootstrap aws/us-west-2 -n 3 --config ca-cert="$(cat my-ca.pem)" \
--config autocert-dns-name="juju-controller-fqdn.example.com" \
Considering the bootstrap command and my use case, I guess I’m a little unsure of a few things still:
autocert-dns-name fqdn point to a load balancer that sits in front of the juju controllers, or should the FQDN assigned to
autocert-dns-name contain values for all three controller public ip addresses?
What are the actual requirements of
autocert-url? I’m guessing this is probably a bit ssl/dns knowledge that I’m just unfamiliar with that is external to juju? Possibly if I knew more about this
autocert-url the rest would make more sense?
Looking at the default config for
autocert-url leads me to believe I need to create a platform similar to lets-encrypt if I want to use this for my own ssl infrastructure.
Possibly its good enough to just provide a public key in a directory on s3? I need to do some more research around this.