Open pgodowski opened 8 months ago
What worked (and it's a bit ugly):
oc get secret router-certs-default -n openshift-ingress -o jsonpath="{.data['tls\.crt']}" | base64 -D > ocp-router.crt
oc create configmap minio-certs --from-file=ocp-api.crt=ocp-api.crt --from-file=ocp-router.crt=ocp-router.crt
and then patch
apiVersion: datasciencepipelinesapplications.opendatahub.io/v1alpha1
kind: DataSciencePipelinesApplication
metadata:
name: pipelines-definition
spec:
apiServer:
cABundle: <---- HERE
configMapKey: ocp-router.crt
configMapName: minio-certs
...
Yeah, Pipelines, as well as other components, currently have some issues with self-signed certificates. This is known and worked upon. Another solution is not to use the Route to access Minio, but directly the Service in http mode, all the traffic being then purely internal to the cluster.
Thanks for your feedback. Are you saying that even if I added cABundle
as in https://github.com/opendatahub-io-contrib/ai-on-openshift/issues/60#issuecomment-1875090002, Pipelines won't work anyway?
Oh, no, if you have tested it as you said and it worked, then it works. What I meant is that the solution that will finally be implemented may be this one, or a slightly different one. Iirc, the team is looking to define/upload certificates from a central point, that will then be applied to all components. So the caBundle directive, as you did, will surely be there as there are not a thousands different methods available, but it may or may not come from a configMap.
If one follows the OSAI Fraud Detection tutorial and decided to use the local Minio setup, following https://github.com/opendatahub-io-contrib/ai-on-openshift/blob/main/docs/tools-and-applications/minio/minio.md , then there is an issue with creating the Data Science Pipeline, due to the TLS connection issue to Object Store:
and erorr reported in
data-science-pipelines-operator-controller-manager
in the namespaceredhat-ods-applications
:Once I solve this issue myself, will contribute PR to the minio setup instructions (https://github.com/opendatahub-io-contrib/ai-on-openshift/blob/main/docs/tools-and-applications/minio/minio.md, to provide some hint where to put OCP CA bundle reference.