-
Notifications
You must be signed in to change notification settings - Fork 10
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Missing LE CA? #7
Comments
Could you try with this image: |
@frezbo Still the same. I think aws-go-sdk is expecting the ca-certificate file in /etc/ssl/certs/ca-certificates.crt, but ghcr.io/siderolabs/ca-certificates:v1.4.1 is putting it in /etc/ssl/certs/ca-certificates/cacert.pem. At least that's what I think looking at aws/aws-sdk-go#2322, but I'm having trouble replicating your build setup to build my own image to test.. |
could you try again, pushed with the fix, same image |
Nope, still same result :( (yeah i checked the image sha to make sure it's the newest one) |
could you try again, put the certs in wrong place: |
New errror
|
hmm that's weird, it's running as root, unless the k8s manifest set it othwerwise |
Nah, in the example cronjob you set uid/gid to 1000 |
will fix the file permissions |
Could you try this: ghcr.io/frezbo/talos-backup:v0.1.0-alpha.0-dirty: digest: sha256:290d4827daa78fa8839ec171906169a8f0e655ad4ea2efabce7e4242daffcd62 |
Nope, now it's back to not seing the CA |
so weird, I'll check on this, thanks |
okay, that was a mistake from my side: ghcr.io/frezbo/talos-backup:v0.1.0-alpha.0-dirty: digest: sha256:9c9536887383564939231b05d3008b9143df69957089c1522a4f53e773a227a6 can you try this? |
Success! That one worked! |
will get this fixed soon |
Make the cacert file world readable, so kresfied projects running an non-root user can access CA. Part of fixing: siderolabs/talos-backup#7 Before: ```bash ❯ ls -l _out/etc/ssl/certs/ .rw------- 221k frezbo 2 Jun 2019 ca-certificates ``` After: ```bash ❯ ls -l _out/etc/ssl/certs/ .rw-r--r-- 221k frezbo 2 Jun 2019 ca-certificates ``` Signed-off-by: Noel Georgi <[email protected]>
Make the cacert file world readable, so kresfied projects running an non-root user can access CA. Part of fixing: siderolabs/talos-backup#7 Before: ```bash ❯ ls -l _out/etc/ssl/certs/ .rw------- 221k frezbo 2 Jun 2019 ca-certificates ``` After: ```bash ❯ ls -l _out/etc/ssl/certs/ .rw-r--r-- 221k frezbo 2 Jun 2019 ca-certificates ``` Signed-off-by: Noel Georgi <[email protected]>
When doing backups to an https minio endpoint, i get
The certificate is a wildcard LE certificate
The text was updated successfully, but these errors were encountered: