【发布时间】:2021-08-01 12:48:07
【问题描述】:
我在安装 Minio 时遇到问题。
Minio 租户卡在“等待 MinIO TLS 证书”状态。由 helm chart 或其他 yaml 创建的租户无关紧要。 即使我从 Minio Web 控制台创建租户,结果也是一样的。
我使用来自https://github.com/minio/operator的图表安装
helm repo remove minio
helm repo add minio https://operator.min.io/
helm install --namespace minio-operator --create-namespace --generate-name minio/minio-operator
3 kubectl apply -f https://github.com/minio/operator/blob/master/examples/tenant.yaml
操作员安装良好。创建后的租户会显示“等待 MinIO TLS 证书”消息。
来自运营商的日志:
E0729 11:06:17.788400 1 operator.go:137] Unexpected error during the creation of the csr/operator-minio-csr: timeout during certificate fetching of csr/operator-minio-csr
I0729 11:06:17.788419 1 main-controller.go:627] Waiting for the operator certificates to be issued timeout during certificate fetching of csr/operator-minio-csr
I0729 11:06:27.795784 1 main-controller.go:625] operator TLS secret not found%!(EXTRA string=secrets "operator-tls" not found)
I0729 11:06:27.817912 1 csr.go:145] Start polling for certificate of csr/operator-minio-csr, every 5s, timeout after 20m0s
E0729 11:26:07.973014 1 minio.go:213] Unexpected error during the creation of the csr/minio-minio-csr: timeout during certificate fetching of csr/minio-minio-csr
E0729 11:26:07.973050 1 main-controller.go:754] error syncing 'minio/minio': timeout during certificate fetching of csr/minio-minio-csr
E0729 11:26:27.823681 1 operator.go:137] Unexpected error during the creation of the csr/operator-minio-csr: timeout during certificate fetching of csr/operator-minio-csr
I0729 11:26:27.823700 1 main-controller.go:627] Waiting for the operator certificates to be issued timeout during certificate fetching of csr/operator-minio-csr
I0729 11:26:37.831111 1 main-controller.go:625] operator TLS secret not found%!(EXTRA string=secrets "operator-tls" not found)
I0729 11:26:37.845819 1 csr.go:145] Start polling for certificate of csr/operator-minio-csr, every 5s, timeout after 20m0s
E0729 11:27:08.019483 1 main-controller.go:754] error syncing 'minio/minio': secrets "operator-tls" not found
I0729 11:28:08.036307 1 minio.go:141] Generating private key
I0729 11:28:08.036396 1 minio.go:154] Generating CSR with CN=minio
I0729 11:28:08.054702 1 csr.go:145] Start polling for certificate of csr/minio-minio-csr, every 5s, timeout after 20m0s
存在 CSR 请求:
minio-minio-csr 15m kubernetes.io/kubelet-serving system:serviceaccount:minio:minio-operator Approved
operator-minio-csr 163m kubernetes.io/kubelet-serving system:serviceaccount:minio:minio-operator Approved
租户存在:
minio minio Waiting for MinIO TLS Certificate 37s
tenant.yaml 示例
---
apiVersion: minio.min.io/v2
kind: Tenant
metadata:
name: minio
namespace: minio
labels:
app: minio
annotations:
prometheus.io/path: /minio/v2/metrics/cluster
prometheus.io/port: "9000"
prometheus.io/scrape: "true"
spec:
image: minio/minio:RELEASE.2021-06-17T00-10-46Z
imagePullPolicy: IfNotPresent
credsSecret:
name: minio-creds-secret
pools:
- servers: 4
name: pool-0
volumesPerServer: 4
volumeClaimTemplate:
metadata:
name: data
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10Gi
securityContext:
runAsUser: 1000
runAsGroup: 1000
runAsNonRoot: true
fsGroup: 1000
mountPath: /export
requestAutoCert: true
s3:
bucketDNS: false
certConfig:
commonName: "minio"
organizationName: []
dnsNames: []
podManagementPolicy: Parallel
serviceMetadata:
minioServiceLabels:
label: minio-svc
minioServiceAnnotations:
v2.min.io: minio-svc
consoleServiceLabels:
label: console-svc
consoleServiceAnnotations:
v2.min.io: console-svc
console:
image: minio/console:v0.7.5
replicas: 2
consoleSecret:
name: console-secret
securityContext:
runAsUser: 1000
runAsGroup: 2000
runAsNonRoot: true
fsGroup: 2000
【问题讨论】:
-
大约需要 5-10 分钟。等等
标签: minio