search

yandex-cloud / k8s-csi-s3

GeeseFS-based CSI for mounting S3 buckets as PersistentVolumes
Other
540 stars 95 forks source link

certificate signed by unknown authority #120

Open yuhaoJustGo opened 4 months ago

yuhaoJustGo commented 4 months ago

the question is: 'ProvisioningFailed' failed to provision volume with StorageClass "csi-s3": rpc error: code = Unknown desc = failed to check if bucket pvc-9c725734-3e06-4d8b-8138-fca3f210b804 exists: Get "https://xxx:9000/pvc-9c725734-3e06-4d8b-8138-fca3f210b804/?location=": x509: certificate signed by unknown authority.

how to skip Ca verify?

stepanovmm1992 commented 3 months ago

I have a same problem Can you please help!

michaeleino commented 2 months ago

+1 here , how can we bypass this ?

yuhaoJustGo commented 1 month ago

This method can solve the problem:

  1. create configmap for your CA kubectl create configmap s3-ca-cert --from-file=ca.crt=/xxxpath/public.crt -n kube-system
  2. update the csi-s3.yaml and provisioner.yaml,add ca-cert: volumeMounts:
    • name: ca-cert mountPath: /etc/ssl/certs readOnly: true volumes:
      • name: ca-cert configMap: name: s3-ca-cert