Configure AWS_CA_BUNDLE environment variable¶
You may encounter an insecure TLS connection error if you are running MSR behind an MITM proxy and using AWS S3 for your storage backend.
Kubernetes resolution¶
Add the
AWS_CA_BUNDLE
environment variable to all of the MSR containers by adding the following to your custom resource manifest:spec: extraEnv: AWS_CA_BUNDLE: "path_to_the_certificate"
Apply the changes to the custom resource:
kubectl apply -f cr-sample-manifest.yaml
Verify completion of the reconciliation process for the custom resource:
kubectl get msrs.msr.mirantis.com kubectl get rethinkdbs.rethinkdb.com
Add the
AWS_CA_BUNDLE
environment variable to all of the MSR containers by appending the MSR Helm chartvalues.yaml
file as follows:global: extraEnv: AWS_CA_BUNDLE: "path_to_the_certificate"
Apply the new value:
helm upgrade msr msrofficial/msr --version <version-number> -f values.yaml
Swarm resolution¶
Update your Registry service to include the
AWS_CA_BUNDLE
environment variable:docker service update msr_msr-registry \ --env-add AWS_CA_BUNDLE=<bundle-path>
Verify that the environment variable is set:
docker service inspect msr_msr-registry \ --format '{{.Spec.TaskTemplate.ContainerSpec.Env }}' \ | grep 'AWS_CA_BUNDLE'