Closed flamarion closed 2 months ago
This is how the configuration looks like in the yaml
[...]
global:
bucket:
[...]
customCACerts:
- |
-----BEGIN CERTIFICATE-----
MIIBnDCCAUKgAwIBAgIRALt+/LEb2TdSeCVlVAFfucMwCgYIKoZIzj0EAwIwLDEQ
MA4GA1UEChMHSG9tZUxhYjEYMBYGA1UEAxMPSG9tZUxhYiBSb290IENBMB4XDTI0
MDQwMTA4MjgzMFoXDTM0MDMzMDA4MjgzMFowLDEQMA4GA1UEChMHSG9tZUxhYjEY
MBYGA1UEAxMPSG9tZUxhYiBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcD
QgAEqXGk4+Op8IpZo0bvVHp7/+bh2dUB0lsKS/s2k5sFnwDdn5U2dGuEf/ThphdY
kXu96J8QLLi3ajyU1t3AqDxXiqNFMEMwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB
/wQIMAYBAf8CAQEwHQYDVR0OBBYEFACUX+y7e6joNWYggsMo8O+0mWLYMAoGCCqG
SM49BAMCA0gAMEUCIQDejznNXCMUfBo1eIrjiVFhwuJgyQRaqMI149div72V2QIg
P5GD+5I+02yEp58Cwxd5Bj2CvyQwTjTO4hiVl1Xd0M0=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIBxTCCAWugAwIBAgIRAMXl8L4i99gapX+WGdpqaJcwCgYIKoZIzj0EAwIwLDEQ
MA4GA1UEChMHSG9tZUxhYjEYMBYGA1UEAxMPSG9tZUxhYiBSb290IENBMB4XDTI0
MDQwMTA4MjgzMVoXDTM0MDMzMDA4MjgzMVowNDEQMA4GA1UEChMHSG9tZUxhYjEg
MB4GA1UEAxMXSG9tZUxhYiBJbnRlcm1lZGlhdGUgQ0EwWTATBgcqhkjOPQIBBggq
hkjOPQMBBwNCAAQDzmSJjNVT2eqxpCn/Zsb+RaskgIDEPRRNrAjwuL5IJ3XZjvGC
MaWcPQHhxG5aIWfmIX83zAYRKYXUZcYfnYuJo2YwZDAOBgNVHQ8BAf8EBAMCAQYw
EgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHQ4EFgQUK+moK4nZYvpNpqfvz/7m5wKU
zgYwHwYDVR0jBBgwFoAUAJRf7Lt7qOg1ZiCCwyjw77SZYtgwCgYIKoZIzj0EAwID
SAAwRQIhAIzXZMW44l6XMf9Nf4TxTevK8vE4Ic6E8UFqsCcILdXjAiA7iTluM0IU
aIgJYVqKxXt25blH/VyBRzvNhViesfkNUQ==
-----END CERTIFICATE-----
host: https://wandb.home.lab
[...]
I fixed the error message so both root and intermediate certs were added separately.
customCACerts:
- |
-----BEGIN CERTIFICATE-----
MIIBnDCCAUKgAwIBAgIRALt+/LEb2TdSeCVlVAFfucMwCgYIKoZIzj0EAwIwLDEQ
MA4GA1UEChMHSG9tZUxhYjEYMBYGA1UEAxMPSG9tZUxhYiBSb290IENBMB4XDTI0
MDQwMTA4MjgzMFoXDTM0MDMzMDA4MjgzMFowLDEQMA4GA1UEChMHSG9tZUxhYjEY
MBYGA1UEAxMPSG9tZUxhYiBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcD
QgAEqXGk4+Op8IpZo0bvVHp7/+bh2dUB0lsKS/s2k5sFnwDdn5U2dGuEf/ThphdY
kXu96J8QLLi3ajyU1t3AqDxXiqNFMEMwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB
/wQIMAYBAf8CAQEwHQYDVR0OBBYEFACUX+y7e6joNWYggsMo8O+0mWLYMAoGCCqG
SM49BAMCA0gAMEUCIQDejznNXCMUfBo1eIrjiVFhwuJgyQRaqMI149div72V2QIg
P5GD+5I+02yEp58Cwxd5Bj2CvyQwTjTO4hiVl1Xd0M0=
-----END CERTIFICATE-----
- |
-----BEGIN CERTIFICATE-----
MIIBxTCCAWugAwIBAgIRAMXl8L4i99gapX+WGdpqaJcwCgYIKoZIzj0EAwIwLDEQ
MA4GA1UEChMHSG9tZUxhYjEYMBYGA1UEAxMPSG9tZUxhYiBSb290IENBMB4XDTI0
MDQwMTA4MjgzMVoXDTM0MDMzMDA4MjgzMVowNDEQMA4GA1UEChMHSG9tZUxhYjEg
MB4GA1UEAxMXSG9tZUxhYiBJbnRlcm1lZGlhdGUgQ0EwWTATBgcqhkjOPQIBBggq
hkjOPQMBBwNCAAQDzmSJjNVT2eqxpCn/Zsb+RaskgIDEPRRNrAjwuL5IJ3XZjvGC
MaWcPQHhxG5aIWfmIX83zAYRKYXUZcYfnYuJo2YwZDAOBgNVHQ8BAf8EBAMCAQYw
EgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHQ4EFgQUK+moK4nZYvpNpqfvz/7m5wKU
zgYwHwYDVR0jBBgwFoAUAJRf7Lt7qOg1ZiCCwyjw77SZYtgwCgYIKoZIzj0EAwID
SAAwRQIhAIzXZMW44l6XMf9Nf4TxTevK8vE4Ic6E8UFqsCcILdXjAiA7iTluM0IU
aIgJYVqKxXt25blH/VyBRzvNhViesfkNUQ==
-----END CERTIFICATE-----
Logs are much better now :)
Defaulted container "app" out of: app, init-db (init)
*** Running /etc/my_init.d/00_regen_ssh_host_keys.sh...
*** Running /etc/my_init.d/01_enable-services.sh...
*** Found custom SSL certifcates, updating root trust...
Updating certificates in /etc/ssl/certs...
rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
3 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d...
done.
*** Enabling production mode
*** Enabling external weave server pool
This may fix the injection of custom CA to the wandb-app if the intention is to make the certs a global config.
If the idea is to make it local to
app
only I can move it to the correct chart.Upgrade the deployment
Results:
Before
After
Internal test