Insecure Skip verify for mimir helm chart.

[dpreston-wss]

Deploying Mimr utilizing an already existing secure minio setup. Running into issues with the storage pods connecting to minio buckets.

Using insecure = false, fails because it does now

To Reproduce

When installing the helm chart (after disabling the minio container creation), using insecure = true fails due to minio redirecting from http to https.

Using insecure = false, fails because it fails to verify cerificate.

Expected behavior

A clear and concise description of what you expected to happen.

Environment

• Infrastructure: Kubernetes
• Deployment tool: helm

Is there a way to implement Insecure_skip_verify?
Is there a way with the helm chart to add our internal certificates so that it can connect to the existing secure minio?

[dimitarvdimitrov]

When installing the helm chart (after disabling the minio container creation), using insecure = true fails due to minio redirecting from http to https.

looks like setting an https scheme for the minio URL should fix this.

there are a couple of open issues related to this - #1796 and #1981

---

But you should be able to verify certs as well.

Technically it should be possible to mount the certificate files onto the Mimir pods on specific locations and the go runtime should pick them up and trust them by default. Juding from the code the locations are

	"/etc/ssl/certs",               // SLES10/SLES11, https://golang.org/issue/12139
	"/etc/pki/tls/certs",           // Fedora/RHEL
	"/system/etc/security/cacerts", // Android

You can try mounting the self-seigned certificates of Minio somewhere under /etc/ssl/certs. Maybe /etc/ssl/certs/minio.pem.