Open Akhalaka opened 3 years ago
Any news on this? We are using rook-ceph object store, and thus provider: minio
. Since TLS is required and the http connection is force-upgraded to https there should be some means of supplying the CA certificate ourselves.
Small update:
I upgraded to splunk-operator 2.1.0 yesterday (from 1.0.5) and noticed that the Minio client session no longer force-upgrades http to https, so you can indeed use the provider: minio
with http s3 endpoints now!
I have run into the same issue working in a network that is not connected to the internet. so using tools like certmanager and lets encrypt to get a globally trusted cert just is not possible. We are limited to using a Certificate Authority without any outside trust.
I had success as described by @magguns by configuring Minio to use insecure http, which is fine for development but that ultimately will not fly in production.
What is odd to me is that the SmartStore configuration does not have the same issue as the AppFramework does.
yes, support of self-signed certificates is needed.
and i've checked splunk-ansible and splunk-docker projects - nothing supports it. But it is really needed.
When starting up a new splunk resource with the app framework configured, the init container fails with:
The appRepo configuration is as follows:
The endpoint URL points to a ceph s3 endpoint that I have trusted certificates available, but would need to be able to configure the amazon/aws-cli image with. Based on looking at the code this all looks to be hardcoded right now.
Other notes: I did hack the underlying statefulset to add --no-verify-ssl option in the runtime args of the init container. This did allow the pod to start and the 1 test app to download to /init-apps/configApps/test.tgz. This clearly is not a sustainable solution because the next time the splunk definition is changed, this does get wiped out. That said, this trusted certificate also needs to be available in the splunk-operator itself. The splunk operator started producing the error
Some potential solutions would be: