I have a problem with Minio installation.
Minio tenants stucked in state 'Waiting for MinIO TLS Certificate'. It doesn't matter if tenant created by helm chart or by additional yaml. Even if I'm creating tenant from Minio web console the result is the same.
I use chart installation from: https://github.com/minio/operator
helm repo remove minio
helm repo add minio https://operator.min.io/
helm install --namespace minio-operator --create-namespace --generate-name minio/minio-operator
3 kubectl apply -f https://github.com/minio/operator/blob/master/examples/tenant.yaml
Operator installs fine. Tenant after creation stacked with 'Waiting for MinIO TLS Certificate' message.
Logs from operator:
E0729 11:06:17.788400 1 operator.go:137] Unexpected error during the creation of the csr/operator-minio-csr: timeout during certificate fetching of csr/operator-minio-csr
I0729 11:06:17.788419 1 main-controller.go:627] Waiting for the operator certificates to be issued timeout during certificate fetching of csr/operator-minio-csr
I0729 11:06:27.795784 1 main-controller.go:625] operator TLS secret not found%!(EXTRA string=secrets "operator-tls" not found)
I0729 11:06:27.817912 1 csr.go:145] Start polling for certificate of csr/operator-minio-csr, every 5s, timeout after 20m0s
E0729 11:26:07.973014 1 minio.go:213] Unexpected error during the creation of the csr/minio-minio-csr: timeout during certificate fetching of csr/minio-minio-csr
E0729 11:26:07.973050 1 main-controller.go:754] error syncing 'minio/minio': timeout during certificate fetching of csr/minio-minio-csr
E0729 11:26:27.823681 1 operator.go:137] Unexpected error during the creation of the csr/operator-minio-csr: timeout during certificate fetching of csr/operator-minio-csr
I0729 11:26:27.823700 1 main-controller.go:627] Waiting for the operator certificates to be issued timeout during certificate fetching of csr/operator-minio-csr
I0729 11:26:37.831111 1 main-controller.go:625] operator TLS secret not found%!(EXTRA string=secrets "operator-tls" not found)
I0729 11:26:37.845819 1 csr.go:145] Start polling for certificate of csr/operator-minio-csr, every 5s, timeout after 20m0s
E0729 11:27:08.019483 1 main-controller.go:754] error syncing 'minio/minio': secrets "operator-tls" not found
I0729 11:28:08.036307 1 minio.go:141] Generating private key
I0729 11:28:08.036396 1 minio.go:154] Generating CSR with CN=minio
I0729 11:28:08.054702 1 csr.go:145] Start polling for certificate of csr/minio-minio-csr, every 5s, timeout after 20m0s
CSR request exists:
minio-minio-csr 15m kubernetes.io/kubelet-serving system:serviceaccount:minio:minio-operator Approved
operator-minio-csr 163m kubernetes.io/kubelet-serving system:serviceaccount:minio:minio-operator Approved
Tenant exists:
minio minio Waiting for MinIO TLS Certificate 37s
Example of tenant.yaml
---
apiVersion: minio.min.io/v2
kind: Tenant
metadata:
name: minio
namespace: minio
labels:
app: minio
annotations:
prometheus.io/path: /minio/v2/metrics/cluster
prometheus.io/port: "9000"
prometheus.io/scrape: "true"
spec:
image: minio/minio:RELEASE.2021-06-17T00-10-46Z
imagePullPolicy: IfNotPresent
credsSecret:
name: minio-creds-secret
pools:
- servers: 4
name: pool-0
volumesPerServer: 4
volumeClaimTemplate:
metadata:
name: data
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10Gi
securityContext:
runAsUser: 1000
runAsGroup: 1000
runAsNonRoot: true
fsGroup: 1000
mountPath: /export
requestAutoCert: true
s3:
bucketDNS: false
certConfig:
commonName: "minio"
organizationName: []
dnsNames: []
podManagementPolicy: Parallel
serviceMetadata:
minioServiceLabels:
label: minio-svc
minioServiceAnnotations:
v2.min.io: minio-svc
consoleServiceLabels:
label: console-svc
consoleServiceAnnotations:
v2.min.io: console-svc
console:
image: minio/console:v0.7.5
replicas: 2
consoleSecret:
name: console-secret
securityContext:
runAsUser: 1000
runAsGroup: 2000
runAsNonRoot: true
fsGroup: 2000