Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Getting no TLS certificate is found on the local machine error #211

Closed
estherkim11111 opened this issue Jul 28, 2020 · 4 comments
Closed

Getting no TLS certificate is found on the local machine error #211

estherkim11111 opened this issue Jul 28, 2020 · 4 comments
Assignees
@kerneltime @dvaldivia

Comments

@estherkim11111
Copy link

FYI @harshavardhana
Any pointers about what steps I could be missing, something I could be doing wrong, or a better interpretation of the error message below would be appreciated.

Expected Behavior

minio pods should come up healthy with no errors in the logs

Current Behavior

getting in minio pod logs

ERROR Unable to start the server: HTTPS specified in endpoints, but no TLS certificate is found on the local machine
      > Please add TLS certificate or use HTTP endpoints only
      HINT:
        Refer to https://docs.min.io/docs/how-to-secure-access-to-minio-server-with-tls for information about how to load a TLS certificate in your server

even though I have specified in the minioinstance yaml

  externalCertSecret:
    name: tls-ssl-minio
    type: kubernetes.io/tls

and created a secret called tls-ssl-minio following https://github.com/minio/operator/blob/1.0.9/docs/tls.md#using-kubernetes-tls and https://docs.min.io/docs/how-to-secure-access-to-minio-server-with-tls

This can be seen in the pod yaml:

  - name: minio-tls
    projected:
      defaultMode: 420
      sources:
      - secret:
          items:
          - key: tls.crt
            path: public.crt
          - key: tls.key
            path: private.key
          - key: tls.crt
            path: CAs/public.crt
          name: tls-ssl-minio

and

    volumeMounts:
    - mountPath: /export
      name: data0
    - mountPath: /root/.minio/certs
      name: minio-tls

Possible Solution

Steps to Reproduce (for bugs)

  1. kubectl apply -f https://raw.githubusercontent.com/minio/minio-operator/1.0.9/minio-operator.yaml
  2. wget https://raw.githubusercontent.com/minio/minio-operator/1.0.9/examples/minioinstance-with-external-service.yaml
  3. add storageClassName under volumeClaimTemplate (for me I put portworx-db-gp3)
  4. add/uncomment
  externalCertSecret:
    name: tls-ssl-minio
    type: kubernetes.io/tls
  1. Created a private.key and public.crt following directions here: https://docs.min.io/docs/how-to-secure-access-to-minio-server-with-tls#using-open-ssl
  2. Created a secret following directions here: https://github.com/minio/operator/blob/1.0.9/docs/tls.md#using-kubernetes-tls
  3. kubectl apply -f minioinstance-with-external-service.yaml

Context

Regression

Your Environment

  • Version used (minio-operator):
  • Environment name and version (e.g. kubernetes v1.17.2):
  • Server type and version:
  • Operating System and version (uname -a):
  • Link to your deployment file:
@kerneltime
Copy link
Contributor

kerneltime commented Jul 28, 2020
edited
Loading

@estherkim11111 can you try using a more recent version? The latest release is v3.0.2

@estherkim11111
Copy link
Author

@kerneltime we need to use that version for that version of the api apiextensions.k8s.io/v1beta1 vs apiextensions.k8s.io/v1

@harshavardhana
Copy link
Member

@kerneltime we need to use that version for that version of the api apiextensions.k8s.io/v1beta1 vs apiextensions.k8s.io/v1

@estherkim11111 unfortunately we cannot support v1beta1 anymore please upgrade your k8s versions.

@nitisht
Copy link
Contributor

nitisht commented Aug 12, 2020

AFAICS, nothing to be done here from MinIO. Closing

@nitisht nitisht closed this as completed Aug 12, 2020
@ml14tlc ml14tlc mentioned this issue May 18, 2022
Closed
jmontleon added a commit to jmontleon/operator that referenced this issue Jul 23, 2024
@jmontleon
👻 Revert catalogsource ns change. It will not work for k8s (minio#211)
c16e7c6 
Signed-off-by: Jason Montleon <jmontleo@redhat.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@kerneltime kerneltime

@dvaldivia dvaldivia

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@harshavardhana @kerneltime @nitisht @dvaldivia @estherkim11111