[MISC] Clean up TLS SANs + avoid deleting and recreating K8s service (#386)

## Issue
1. We are deleting and re-creating K8s service as a result of a juju bug
(https://bugs.launchpad.net/juju/+bug/2084711) which would cause
integration tests to fail. The juju bug is no longer reproducible in
juju 3.6.2
2. We have a number of unreachable DNS names which are included in the
SANs when constructing the TLS CSR

## Solution
1. Avoid deleting and recreating the service
2. Clean up unreachable DNS names

Author: shayancanonical

src/charm.py

@@ -130,7 +130,7 @@ def _status(self) -> ops.StatusBase:
             ):
                 return ops.MaintenanceStatus("Waiting for K8s service connectivity")
             else:
-                return ops.BlockedStatus("K8s service not connectible")
+                return ops.BlockedStatus("K8s service not connectable")
 
     def is_externally_accessible(self, *, event) -> typing.Optional[bool]:
         """No-op since this charm is exposed with the expose-external config."""
@@ -221,30 +221,6 @@ def _reconcile_service(self) -> None:
             ),
         )
 
-        # Delete and re-create until https://bugs.launchpad.net/juju/+bug/2084711 resolved
-        if service_exists:
-            logger.info(f"Issuing delete service {service_type=}")
-            self._lightkube_client.delete(
-                res=lightkube.resources.core_v1.Service,
-                name=self.service_name,
-                namespace=self.model.name,
-            )
-            logger.info(f"Deleting service {service_type=}")
-
-            try:
-                for attempt in tenacity.Retrying(
-                    reraise=True,
-                    stop=tenacity.stop_after_delay(10),
-                    wait=tenacity.wait_fixed(1),
-                ):
-                    with attempt:
-                        assert self._get_service() is not None
-            except AssertionError:
-                logger.warning("Deletion of service took longer than expected")
-                return
-            else:
-                logger.debug(f"Deleted service {service_type=}")
-
         logger.info(f"Creating desired service {desired_service_type=}")
         self._lightkube_client.apply(desired_service, field_manager=self.app.name)
 

src/relations/tls.py

@@ -124,22 +124,15 @@ def _generate_csr(self, key: bytes) -> bytes:
             sans_dns=[
                 socket.getfqdn(),
                 service_name,
+                f"{service_name}.{self._charm.model_service_domain}",
                 unit_name,
-                f"{service_name}.{self._charm.app.name}-endpoints",
                 f"{unit_name}.{self._charm.app.name}-endpoints",
-                f"{self._charm.app.name}.{self._charm.app.name}-endpoints",
-                f"{service_name}.{self._charm.app.name}-endpoints.{self._charm.model_service_domain}",
                 f"{unit_name}.{self._charm.app.name}-endpoints.{self._charm.model_service_domain}",
-                f"{self._charm.app.name}.{self._charm.app.name}-endpoints.{self._charm.model_service_domain}",
+                self._charm.app.name,
+                f"{self._charm.app.name}.{self._charm.app.name}-endpoints",
+                f"{self._charm.app.name}.{self._charm.app.name}-endpoints.{self._charm.model_service_domain}"
                 f"{self._charm.app.name}-endpoints",
                 f"{self._charm.app.name}-endpoints.{self._charm.model_service_domain}",
-                f"{service_name}.{self._charm.app.name}",
-                f"{unit_name}.{self._charm.app.name}",
-                f"{self._charm.app.name}.{self._charm.app.name}",
-                f"{service_name}.{self._charm.app.name}.{self._charm.model_service_domain}",
-                f"{unit_name}.{self._charm.app.name}.{self._charm.model_service_domain}",
-                f"{self._charm.app.name}.{self._charm.app.name}.{self._charm.model_service_domain}",
-                self._charm.app.name,
                 f"{self._charm.app.name}.{self._charm.model_service_domain}",
                 *extra_hosts,
             ],