个人中心
gpt4 book ai didi

Minio 租户卡在 'Waiting for MinIO TLS Certificate'

转载 作者:行者123 更新时间:2023-12-05 01:28:26 27 4
gpt4 key购买 nike

我在安装 Minio 时遇到问题。

Minio 租户卡在“等待 MinIO TLS 证书”状态。租户是由 helm chart 还是由附加的 yaml 创建的并不重要。即使我从 Minio Web 控制台创建租户,结果也是一样的。

我使用图表安装来自:https://github.com/minio/operator 

helm repo remove minio
helm repo add minio https://operator.min.io/
helm install --namespace minio-operator --create-namespace --generate-name minio/minio-operator
3 kubectl apply -f https://github.com/minio/operator/blob/master/examples/tenant.yaml

运算符(operator)安装正常。创建后的租户堆叠了“等待 MinIO TLS 证书”消息。

来自运营商的日志:

E0729 11:06:17.788400       1 operator.go:137] Unexpected error during the creation of the csr/operator-minio-csr: timeout during certificate fetching of csr/operator-minio-csr
I0729 11:06:17.788419       1 main-controller.go:627] Waiting for the operator certificates to be issued timeout during certificate fetching of csr/operator-minio-csr
I0729 11:06:27.795784       1 main-controller.go:625] operator TLS secret not found%!(EXTRA string=secrets "operator-tls" not found)
I0729 11:06:27.817912       1 csr.go:145] Start polling for certificate of csr/operator-minio-csr, every 5s, timeout after 20m0s
E0729 11:26:07.973014       1 minio.go:213] Unexpected error during the creation of the csr/minio-minio-csr: timeout during certificate fetching of csr/minio-minio-csr
E0729 11:26:07.973050       1 main-controller.go:754] error syncing 'minio/minio': timeout during certificate fetching of csr/minio-minio-csr
E0729 11:26:27.823681       1 operator.go:137] Unexpected error during the creation of the csr/operator-minio-csr: timeout during certificate fetching of csr/operator-minio-csr
I0729 11:26:27.823700       1 main-controller.go:627] Waiting for the operator certificates to be issued timeout during certificate fetching of csr/operator-minio-csr
I0729 11:26:37.831111       1 main-controller.go:625] operator TLS secret not found%!(EXTRA string=secrets "operator-tls" not found)
I0729 11:26:37.845819       1 csr.go:145] Start polling for certificate of csr/operator-minio-csr, every 5s, timeout after 20m0s
E0729 11:27:08.019483       1 main-controller.go:754] error syncing 'minio/minio': secrets "operator-tls" not found
I0729 11:28:08.036307       1 minio.go:141] Generating private key
I0729 11:28:08.036396       1 minio.go:154] Generating CSR with CN=minio
I0729 11:28:08.054702       1 csr.go:145] Start polling for certificate of csr/minio-minio-csr, every 5s, timeout after 20m0s

存在 CSR 请求:

minio-minio-csr      15m    kubernetes.io/kubelet-serving   system:serviceaccount:minio:minio-operator   Approved
operator-minio-csr   163m   kubernetes.io/kubelet-serving   system:serviceaccount:minio:minio-operator   Approved

租户存在:

minio minio 等待 MinIO TLS 证书 37s

tenant.yaml 示例

---
apiVersion: minio.min.io/v2
kind: Tenant
metadata:
  name: minio
  namespace: minio
  labels:
    app: minio
  annotations:
    prometheus.io/path: /minio/v2/metrics/cluster
    prometheus.io/port: "9000"
    prometheus.io/scrape: "true"
spec:
  image: minio/minio:RELEASE.2021-06-17T00-10-46Z
  imagePullPolicy: IfNotPresent
  credsSecret:
    name: minio-creds-secret
  pools:
    - servers: 4
      name: pool-0
      volumesPerServer: 4
      volumeClaimTemplate:
        metadata:
          name: data
        spec:
          accessModes:
            - ReadWriteOnce
          resources:
            requests:
              storage: 10Gi
      securityContext:
        runAsUser: 1000
        runAsGroup: 1000
        runAsNonRoot: true
        fsGroup: 1000
  mountPath: /export
  requestAutoCert: true
  s3:
    bucketDNS: false
  certConfig:
    commonName: "minio"
    organizationName: []
    dnsNames: []
  podManagementPolicy: Parallel
  serviceMetadata:
    minioServiceLabels:
      label: minio-svc
    minioServiceAnnotations:
      v2.min.io: minio-svc
    consoleServiceLabels:
      label: console-svc
    consoleServiceAnnotations:
      v2.min.io: console-svc
  console:
    image: minio/console:v0.7.5
    replicas: 2
    consoleSecret:
      name: console-secret
    securityContext:
      runAsUser: 1000
      runAsGroup: 2000
      runAsNonRoot: true
      fsGroup: 2000

最佳答案

我记得需要在 k8s 中进行一些设置才能启用 requestAutoCert: true

类似于:

kube-controller:
  extra_args:
    cluster-signing-cert-file: "/etc/kubernetes/ssl/kube-ca.pem"
    cluster-signing-key-file: "/etc/kubernetes/ssl/kube-ca-key.pem"

关于Minio 租户卡在 'Waiting for MinIO TLS Certificate',我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/68610565/

27 4 0
文章推荐: rust - rust collect() 如何通用地创建不同的集合
文章推荐: plot - 如何在 Julia 中绘制带有错误栏的函数
文章推荐: Angular::error TS2532:对象可能是 'undefined'
文章推荐: axapta - 具有多个输入的 X++ 开关盒
行者123
个人简介

我是一名优秀的程序员,十分优秀!

滴滴打车优惠券免费领取
滴滴打车优惠券
全站热门文章
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com