fix: use internal ingress if set, otherwise stick with k8s networking

src/charm.py

@@ -264,13 +264,13 @@ def __init__(self, *args: Any) -> None:
         self.framework.observe(self.tracing.on.endpoint_removed, self._on_config_changed)
 
         self.framework.observe(
-            self.on[INTERNAL_INGRESS_RELATION_NAME].relation_joined, self._configure_ingress
+            self.on[INTERNAL_INGRESS_RELATION_NAME].relation_joined, self._configure_internal_ingress
         )
         self.framework.observe(
-            self.on[INTERNAL_INGRESS_RELATION_NAME].relation_changed, self._configure_ingress
+            self.on[INTERNAL_INGRESS_RELATION_NAME].relation_changed, self._configure_internal_ingress
         )
-        self.framework.observe(self.on.leader_elected, self._configure_ingress)
-        self.framework.observe(self.on.config_changed, self._configure_ingress)
+        self.framework.observe(self.on.leader_elected, self._configure_internal_ingress)
+        self.framework.observe(self.on.config_changed, self._configure_internal_ingress)
 
     @property
     def _http_proxy(self) -> str:
@@ -454,18 +454,14 @@ def _internal_ingress_config(self) -> dict:
     @property
     def _kratos_endpoints(self) -> Tuple[str, str]:
         admin_endpoint = (
-            self._admin_url
+            self._internal_url
             or f"http://{self.app.name}.{self.model.name}.svc.cluster.local:{KRATOS_ADMIN_PORT}"
         )
         public_endpoint = (
-            self._public_url
+            self._internal_url
             or f"http://{self.app.name}.{self.model.name}.svc.cluster.local:{KRATOS_PUBLIC_PORT}"
         )
 
-        admin_endpoint, public_endpoint = (
-            admin_endpoint.replace("https", "http"),
-            public_endpoint.replace("https", "http"),
-        )
         return admin_endpoint, public_endpoint
 
     @property
@@ -1193,8 +1189,10 @@ def _on_run_migration_action(self, event: ActionEvent) -> None:
     def _promtail_error(self, event: PromtailDigestError) -> None:
         logger.error(event.message)
 
-    def _configure_ingress(self, event: HookEvent) -> None:
-        """Since :class:`TraefikRouteRequirer` may not have been constructed with an existing
+    def _configure_internal_ingress(self, event: HookEvent) -> None:
+        """Method setting up the internal networking.
+
+        Since :class:`TraefikRouteRequirer` may not have been constructed with an existing
         relation if a :class:`RelationJoinedEvent` comes through during the charm lifecycle, if we
         get one here, we should recreate it, but OF will give us grief about "two objects claiming
         to be ...", so manipulate its private `_relation` variable instead.
@@ -1214,7 +1212,8 @@ def _configure_ingress(self, event: HookEvent) -> None:
         # and config-change
         if self.internal_ingress.is_ready():
             self.internal_ingress.submit_to_traefik(self._internal_ingress_config)
-
+            self._update_kratos_endpoints_relation_data(event)
+            self._update_kratos_info_relation_data(event)
 
 if __name__ == "__main__":
     main(KratosCharm)

src/constants.py

@@ -1,6 +1,6 @@
 # Copyright 2023 Canonical Ltd.
 # See LICENSE file for licensing details.
 
-"""File contianing all constants"""
+"""File containing all constants."""
 
 INTERNAL_INGRESS_RELATION_NAME = "internal-ingress"

src/utils.py

@@ -51,6 +51,9 @@ def normalise_url(url: str) -> str:
     """
     parsed_url = urlparse(url)
 
+    # latest versions of traefik automatically redirect to https is ceritficate relation is
+    # set, this would void the changes below as even a request to the http url would be redirected
+    # make sure to disable the certificate relation for the internal ingress or trust that certificate
     parsed_url = parsed_url._replace(scheme="https")
     parsed_url = parsed_url._replace(netloc=parsed_url.netloc.rsplit(":", 1)[0])