Configure AWS_CA_BUNDLE environment variable

You may encounter an insecure TLS connection error if you are running MSR behind an MITM proxy and using AWS S3 for your storage back end.

Kubernetes resolution

MSR Operator

1. Add the AWS_CA_BUNDLE environment variable to all of the MSR containers by adding the following to your custom resource manifest:

   spec:
     extraEnv:
       AWS_CA_BUNDLE: "path_to_the_certificate"
   

2. Apply the changes to the custom resource:

   kubectl apply -f cr-sample-manifest.yaml
   

3. Verify completion of the reconciliation process for the custom resource:

   kubectl get msrs.msr.mirantis.com
   kubectl get rethinkdbs.rethinkdb.com
   

Helm chart

1. Add the AWS_CA_BUNDLE environment variable to all of the MSR containers by appending the MSR Helm chart values.yaml file as follows:

   global:
     extraEnv:
       AWS_CA_BUNDLE: "path_to_the_certificate"
   

2. Apply the new value:

   helm upgrade msr msrofficial/msr --version <version-number> -f values.yaml
   

Swarm resolution

1. Update your Registry service to include the AWS_CA_BUNDLE environment variable:

   docker service update msr_msr-registry \
     --env-add AWS_CA_BUNDLE=<bundle-path>
   

2. Verify that the environment variable is set:

   docker service inspect msr_msr-registry \
     --format '{{.Spec.TaskTemplate.ContainerSpec.Env }}' \
     | grep 'AWS_CA_BUNDLE'