0

My goal now is to create a TLS certificate for MinIO in my k8s cluster.

Link to MinIO requirements for TLS connection - up to date.

MinIO running through port-forward to get into the service in the cluster.

There is a cert-manager chart installed via terraform in the cluster which I want to use it for.

I would be happy to get all info on how to actually create, check the certificate, assign it and understand the core concepts of TLS secure connection. many of the guides I have read/watch so far got me a bit confused.

  • Our k8s is working as Helm charts overall so please be aware not to get into local commands.

  • Those certificates are supposed to be the simplest ones to create and assign. It will be self-signed which means the CA will be part of the cluster itself and not Third Party CA.

  • MinIO service expects for public.crt and private.key insdie this path: /etc/minio/certs/ or this path: ${HOME}/.minio/certs

values.yaml snippet of TLS configuration:

## TLS Settings for MinIO
tls:
   enabled: true
## Create a secret with private.key and public.crt files and pass 
that here. Ref: 
https://github.com/minio/minio/tree/master/docs/tls/kubernetes#2- 
create-kubernetes-secret
certSecret: "tls-minio"
publicCrt: public.crt
privateKey: private.key

## Trusted Certificates Settings for MinIO. Ref: 
https://docs.minio.io/docs/how-to-secure-access-to-minio-server- 
with-tls#install-certificates-from-third-party-cas
## Bundle multiple trusted certificates into one secret and pass that here. Ref: 
https://github.com/minio/minio/tree/master/docs/tls/kubernetes#2- 
create-kubernetes-secret
## When using self-signed certificates, remember to include MinIO's own certificate in the bundle with key public.crt.
## If certSecret is left empty and tls is enabled, this chart installs the public certificate from .Values.tls.certSecret.
trustedCertsSecret: ""

Ask me for any more info about this.

Thanks!

n1vgabay
  • 91
  • 1
  • 11
  • Which version of kubernetes did you use? Did you use bare metal installation or some cloud provider? You mentioned about guides that made you confused, could you please attach links for some of them? Did you see [this one](https://github.com/minio/operator/blob/master/docs/tls.md)? Maybe is it helpful? – kkopczak Nov 04 '21 at 14:47
  • @kkopczak Yup I've seen this doc. It relates to Minio Operator. I'm using the basic latest stable version of Minio which isn't support in this kind of TLS apply. Therfore, I do have cert manager and trying to think if it's even possible to use only secret / or I should pass those file to PATH (Like what my minio service is looking for when you set TLS enable in values.yaml. – n1vgabay Nov 07 '21 at 10:11
  • Could you, please, provide exact version? Please, don't use 'latest; because it's imprecise. – kkopczak Nov 09 '21 at 12:07
  • @kkopczak version is: RELEASE.2021-10-13T00-23-17Z – n1vgabay Nov 16 '21 at 10:09

0 Answers0