x509: certificate has expired or is not yet valid: - cniackz/public GitHub Wiki

When facing an issue with this signature in old operator:

ERROR Unable to validate passed arguments in MINIO_ARGS:
env+tls://<base64value>:<base64value>@operator.minio-operator.svc.cluster.local:4222/webhook/v1/getenv/<tenant>:
Get "https://operator.minio-operator.svc.cluster.local:4222/webhook/v1/getenv/<tenant>?key=MINIO_ARGS":
x509: certificate has expired or is not yet valid: current time 2023-08-28T13:04:31Z is after 2023-08-25T05:24:06Z

You can do one of two things, you can append MINIO_ARGS to our secret or you can re-new the certificate. Let's explore the first approach:

  1. grep for MINIO_ARGS value in the operator logs: kubectl logs <operator-pod-name> -n minio-operator | grep MINIO_ARGS | grep pool
  2. Look for <tenant-name>-tenant-env-configuration in your secrets in tenant-namespace
  3. Look for config.env: ... <base64-value>
  4. copy this base64-value to your clipboard
  5. and then do echo <base64-value> | base64 --decode > config.env
  6. then edit this file by adding the following line at the end of this file:
echo 'export MINIO_ARGS="https://deap-pool-0-{0...3}.deap-hl.minio-deap-tenant.svc.cluster.local/export{0...3}"' >> config.env
  1. then do:
cat config.env | base64 --wrap=0

  1. copy the value you see on the console and update the secrets value via kubectl edit secret <tenant-name>-env-configuration for config.env: <my-new-base64-value>

  2. once done you can delete the crashing pod it should pick up the newly updated secret.

  3. In Short APPEND MINIO_ARGS to the config.env File in the Secret to overcome the issue.

In case above WorkAround does not work, you can try to renew the certificates, (applicable if we generate the cert or TLS is off):

  1. Delete operator-tls from the tenant and restart Operator, new will be created
  2. Delete operator-tls from the operator and restart Operator, new will be created
  3. Delete operator-webhook-secret from the tenant and restart Operator, new will be created
  4. Remove the appended MINIO_ARGS from the secrets as this is no longer needed and not working at this point.
  5. Re-start the minio sts and get back to running tenants.

Now and finally, if this is just because new cert is needed from the customer side, then all is needed is a new cert that they can push.

⚠️ **GitHub.com Fallback** ⚠️