Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Minio not picking up TLS cert #27659

Closed
SledgeHammer01 opened this issue Jul 3, 2024 · 0 comments
Closed

Minio not picking up TLS cert #27659

SledgeHammer01 opened this issue Jul 3, 2024 · 0 comments
Assignees
@javsalgar
Labels
solved tech-issues The user has a technical issue about an application triage Triage is needed

Comments

@SledgeHammer01
Copy link

SledgeHammer01 commented Jul 3, 2024
edited
Loading

Name and Version

minio:14.6.16

What architecture are you using?

amd64

What steps will reproduce the bug?

OS: Using Windows 11 Pro x64
Env: Docker Desktop 4.31.1 w/ Kubernetes enabled
CI/CD Tool: ArgoCD
Ingress: Nginx

My setup is Windows 11 Pro x64 (latest, fully patched), Docker Desktop 4.31.1 (latest), Nginx installed via helm (nginx-stable https://helm.nginx.com/stable). ArgoCD is my CI/CD tool and I'm using it via UI to manage applications and helm charts.

I created various fake dns in my hosts file and use those for the TLS certs.

ArgoCD UI is accessed through https and it is working correctly, so I'm fairly certain my Nginx and cert creation methodology is correct.

I also have Localstack running through Argo which is also accessed through https to further confirm my Nginx and cert creation methodology.

I am now trying to set up minio in a similar manner. If I use Chrome to go to https://minio.xxxsoftware.com and ignore the invalid cert, I DO get to the minio UI, so that part is working.

However, the "Kubernetes Ingress Controller Fake Certificate" is getting presented to Chrome.

I imported my cert by creating a secret like this:

kubectl create secret tls minio-tls --key minio.key.pem --cert minio.cert.pem -n minio

For the helm parameters, the ONLY ones I have overriden are:

ingress.enabled: true
ingress.hostname: minio.xxxsoftware.com
ingress.ingressClassName: nginx
tls.existingSecret: minio-tls
tls.enabled: true

I also have an ingress patch file that I apply:

metadata:
  annotations:
    nginx.ingress.kubernetes.io/force-ssl-redirect: 'true'
    nginx.ingress.kubernetes.io/ssl-redirect: 'true'
    nginx.ingress.kubernetes.io/ssl-passthrough: 'true'
    nginx.ingress.kubernetes.io/backend-protocol: 'HTTPS'
    nginx.ingress.kubernetes.io/proxy-body-size: 512m
spec:
  ingressClassName: nginx
  tls:
    - hosts:
        - minio.xxxsoftware.com
      secretName: minio-tls

But still, it is not picking up the cert.

Actually, if I include the nginx.ingress.* annotations, then I get a Bad Gateway error.

With tls.enabled=true, I'm getting:

MountVolume.SetUp failed for volume "minio-certs" : references non-existent secret key: ca.crt

Are you using any custom parameters or values?

No response

What is the expected behavior?

For the specified TLS cert to be presented.

What do you see instead?

"Kubernetes Ingress Controller Fake Certificate" is getting presented to Chrome.

Additional information

No response
@SledgeHammer01 SledgeHammer01 added the tech-issues The user has a technical issue about an application label Jul 3, 2024
@github-actions github-actions bot added the triage Triage is needed label Jul 3, 2024
@github-actions github-actions bot added the solved label Jul 3, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@javsalgar javsalgar

Labels
solved tech-issues The user has a technical issue about an application triage Triage is needed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@javsalgar @SledgeHammer01