Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Minio api endpoint not picking up TLS certs #27750

Closed
SledgeHammer01 opened this issue Jul 3, 2024 · 1 comment
Closed

Minio api endpoint not picking up TLS certs #27750

SledgeHammer01 opened this issue Jul 3, 2024 · 1 comment
Assignees
@carrodher
Labels
solved tech-issues The user has a technical issue about an application triage Triage is needed

Comments

@SledgeHammer01
Copy link

SledgeHammer01 commented Jul 3, 2024
edited
Loading

Name and Version

bitnami/minio:14.6.16

What architecture are you using?

amd64

What steps will reproduce the bug?

Windows 11 x64 Pro
Docker Desktop w/ Kubernetes enabled
ArgoCD
Nginx Ingress

I have my Minio Nginx ingress working for the Console at https://minio.xxxsoftware.com

Now I'm trying to enable the Minio Nginx ingress for the api at https://minio-api.xxxsoftware.com

NOTE #1: I am able to connect to my api endpoint when used with --insecure, so that part of the configuration is correct.
NOTE #2: This is all on a single machine, the DNSes are faked in my hosts file and point to 127.0.0.1 for certificates and nginx purposes

My application patch values look like this:

spec:
  source:
    helm:
      valuesObject:
        auth:
          rootPassword: xxx
        ingress:
          enabled: true
          hostname: minio.xxxsoftware.com
          ingressClassName: nginx
        tls:
          existingSecret: minio-tls
        apiIngress:
          enabled: true
          hostname: minio-api.xxxsoftware.com
          ingressClassName: nginx

minio-tls is an existing TLS secret which I set as:

kubectl create secret tls minio-tls --key minio.key.pem --cert minio.cert.pem -n minio

There doesn't seem to be an "existingSecret" for the api endpoint? Why? All the other endpoints support that.

Based on the readme, I tried creating the secret as kubectl create secret tls minio-api.xxxsoftware.com-tls --key minio.key.pem --cert minio.cert.pem -n minio, but that wasn't picked up either. I also tried embedding the cert and key in my patch file, but the format wasn't clear... I tried:

        apiIngress:
          enabled: true
          hostname: minio-api.xxxsoftware.com
          ingressClassName: nginx
          secrets:
            key: |-
              -----BEGIN PRIVATE KEY-----
              -----END PRIVATE KEY-----
            certificate: |-
               -----BEGIN CERTIFICATE-----
               -----END CERTIFICATE-----

but those were not picked up either.

Are you using any custom parameters or values?

No response

What is the expected behavior?

Pick up the TLS cert for the api endpoint

What do you see instead?

Kubernetes Ingress Controller Fake Certificate

Additional information

No response
@SledgeHammer01 SledgeHammer01 added the tech-issues The user has a technical issue about an application label Jul 3, 2024
@github-actions github-actions bot added the triage Triage is needed label Jul 3, 2024
@SledgeHammer01
Copy link
Author

SledgeHammer01 commented Jul 4, 2024
edited
Loading

Also tried this based on another example and it still presented the kubernetes fake certificate.

    apiIngress:
      tls: true
      enabled: true
      hostname: minio-api.xxxsoftware.com
      ingressClassName: nginx
      extraTls:
        - hosts:
            - minio-api.xxxsoftware.com
          secretName: minio-api.xxxsoftware.com-tls
      secrets:
        - name: minio-api.xxxsoftware.com-tls
          key: |-
            -----BEGIN PRIVATE KEY-----
            -----END PRIVATE KEY-----
          certificate: |-
            -----BEGIN CERTIFICATE-----
            -----END CERTIFICATE-----

@github-actions github-actions bot added the solved label Jul 4, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@carrodher carrodher

Labels
solved tech-issues The user has a technical issue about an application triage Triage is needed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@carrodher @SledgeHammer01