Getting `no TLS certificate is found on the local machine` error

[estherkim11111]

FYI @harshavardhana
Any pointers about what steps I could be missing, something I could be doing wrong, or a better interpretation of the error message below would be appreciated.

Expected Behavior

minio pods should come up healthy with no errors in the logs

Current Behavior

getting in minio pod logs

ERROR Unable to start the server: HTTPS specified in endpoints, but no TLS certificate is found on the local machine
      > Please add TLS certificate or use HTTP endpoints only
      HINT:
        Refer to https://docs.min.io/docs/how-to-secure-access-to-minio-server-with-tls for information about how to load a TLS certificate in your server

even though I have specified in the minioinstance yaml

  externalCertSecret:
    name: tls-ssl-minio
    type: kubernetes.io/tls

and created a secret called tls-ssl-minio following https://github.com/minio/operator/blob/1.0.9/docs/tls.md#using-kubernetes-tls and https://docs.min.io/docs/how-to-secure-access-to-minio-server-with-tls

This can be seen in the pod yaml:

  - name: minio-tls
    projected:
      defaultMode: 420
      sources:
      - secret:
          items:
          - key: tls.crt
            path: public.crt
          - key: tls.key
            path: private.key
          - key: tls.crt
            path: CAs/public.crt
          name: tls-ssl-minio

and

    volumeMounts:
    - mountPath: /export
      name: data0
    - mountPath: /root/.minio/certs
      name: minio-tls

Possible Solution

Steps to Reproduce (for bugs)

1. kubectl apply -f https://raw.githubusercontent.com/minio/minio-operator/1.0.9/minio-operator.yaml
2. wget https://raw.githubusercontent.com/minio/minio-operator/1.0.9/examples/minioinstance-with-external-service.yaml
3. add storageClassName under volumeClaimTemplate (for me I put portworx-db-gp3)
4. add/uncomment

  externalCertSecret:
    name: tls-ssl-minio
    type: kubernetes.io/tls

5. Created a private.key and public.crt following directions here: https://docs.min.io/docs/how-to-secure-access-to-minio-server-with-tls#using-open-ssl
6. Created a secret following directions here: https://github.com/minio/operator/blob/1.0.9/docs/tls.md#using-kubernetes-tls
7. kubectl apply -f minioinstance-with-external-service.yaml

Context

Regression

Your Environment

• Version used (minio-operator):
• Environment name and version (e.g. kubernetes v1.17.2):
• Server type and version:
• Operating System and version (uname -a):
• Link to your deployment file:

[kerneltime]

@estherkim11111 can you try using a more recent version? The latest release is v3.0.2

[estherkim11111]

@kerneltime we need to use that version for that version of the api apiextensions.k8s.io/v1beta1 vs apiextensions.k8s.io/v1

[harshavardhana]

@kerneltime we need to use that version for that version of the api apiextensions.k8s.io/v1beta1 vs apiextensions.k8s.io/v1

@estherkim11111 unfortunately we cannot support v1beta1 anymore please upgrade your k8s versions.

[nitisht]

AFAICS, nothing to be done here from MinIO. Closing