etcd备份到内部S3

我正在尝试将我的rke集群备份到我自己的内部托管minio服务器。但我一直在犯这个错误。

FATA[0002] Failed to take one-time snapshot, exit code [1]: time="2019-04-29T08:37:15Z" level=fatal msg="faield to set s3 server: failed to check s3 bucket:rke, err:Get https://redacted/rke/?location=: x509: certificate signed by unknown authority"

我正在使用Docker 17.03.05 运行Rancher v2.3.2和rke v0.3.2

这个问题是因为容器不信任S3服务器提供的证书。这主要是因为它由内部CA签名。要解决此问题，请将字段custom_ca添加到您的cluster.yaml和您的根ca证书.中

示例：

services:
etcd:
backup_config:
interval_hours: 12
retention: 6
s3backupconfig:
access_key: S3_ACCESS_KEY
secret_key: S3_SECRET_KEY
bucket_name: s3-bucket-name
region: ""
endpoint: s3.rancher.support
custom_ca: "-----BEGIN CERTIFICATE-----nMIIDazCCAlOgAwIBAgIUMo....n-----END CERTIFICATE-----"

你可以在这里找到完整的文档https://support.rancher.com/hc/en-us/articles/360033950632-Is-it-possible-to-perform-etcd-snapshots-to-an-s3-endpoint-with-a-certificate-signed-by-a-custom-CA-

相关内容

最新更新

热门标签：