Closed redtex closed 1 month ago
benfiola
commented
1 month ago To handle this scenario, I was thinking that the operator could:
How does that sound?
redtex
commented
1 month ago Sounds good. But there is one more thing - in the code, there is hard-coded k8s cluster name - {service_name}.{namespace}.svc.cluster.local In my opinion, it's better not to use 'svc.cluster.local' at all. Just {service_name}.{namespace} will be enough. Or there is must be endpoint with correct cluster name.
benfiola
commented
1 month ago Created a PR that handles secure minio tenants that use the 'requestAutoCert' setting. There are a few ways to create certs for minio tenants - of which this is one of them - so this fix is by no means robust. But, from my local testing, it appears to work.
NOTE: The changes require updated RBAC as we need to grab the CA from the namespace's kube-root-ca.crt configmap.
benfiola
commented
1 month ago Sounds good. But there is one more thing - in the code, there is hard-coded k8s cluster name - {service_name}.{namespace}.svc.cluster.local In my opinion, it's better not to use 'svc.cluster.local' at all. Just {service_name}.{namespace} will be enough. Or there is must be endpoint with correct cluster name.
I've addressed this in another PR that has been merged!
redtex
commented
1 month ago Sorry for late answer - I'm on vacation. Works fine !!
Hello ! Actually, it's almost impossible to make it work without defining endpoint_overrides dictionary. I mean, that when minio run in https mode, it uses self-signed certificate, which is not trusted for minio_operator_ext. So, we have to run it through ingress, which contains trusted cert. So, my problem is - how to define endpoint_overrides dictionary ? I can't find it in the code.