How Should I Deploy Private Charms for an Organization?

What is the recommended way to deploy private charms that contain IP that should not be exposed to the public?

Is it as simple as deploying the charm to the charm store, but not making it visible to everyone, then logging in to my Juju controller with my Ubuntu SSO account so that I have permission to deploy it?

So a couple of things here. As the charm store is moved to work on a common footprint with the snap store the private charms will go away. I think the answer there is the idea of a private brand store at some point in the future.

Until then, you can stick a charm in your namespace and just make sure to not grant EVERYONE read access to it.

In reality though, I’d never expect an IP address to be located in a charm. You might do something like use config and an overlay file in a bundle so that charms are generic and in the store, but then you deploy that charm from the store with a bundle overlay that will be one off config for that deployment. You could also go the route of a charm leveraging a provided private resource file that the charm reads and leverages for things that are specific from one case to another. Finally, if it’s an IP of something that could be “relatable” in the model that’s ideal as then the IPs are never mentally managed and the Juju model handles it behind the scenes.

1 Like

Oh, I meant Intellectual Property ( IP ) :slight_smile: , shouldn’t have used that acronym . In-house software that you don’t want public access too.

Ok, cool.

I think that will be a hard requirement for enterprises using Juju for their own software.

I have an enterprise client who is planning on using Juju for a deployment of an in-house tool. The tool is meant to stay private to the organization. If I don’t have a place to put that charm that could be a problem. I would end up having to deploy that charm manually from a local path if I understand correctly.

Yes, I mean the poor man’s private charm is a git repo in a private gitlab or something with the processing being

git checkout ..../thing.git
juju deploy ./$thing
1 Like

We are initially fine with semi private team namespaces. But it’s not taking us all the way off course since some IP:s are simply a legal no-no.

Condider military grade artifacts or resources. I would only consider a private store for that purpose and never trust a public charm store for this use-case.

1 Like

Yea, completely understand and when we can offer private setups it’ll be one of the big wins from moving into the snap ecosystem.

1 Like