Creating a secret
You must create a secret for S3 targets that use a self signed certificate before you create a backup storage location.
Whenever you create a backup storage location for S3 compliant storage, you have the option to specify a certificate to authenticate the connection.
- Extract the certificate from an S3 compliant service to a file. Use the
openssl
command to extract the certificate into the filetls.crt
.Note: Ensure that the file name must betls.crt
.openssl s_client -connect <s3-service-name>-<s3-service-namespace>.apps.<fusion-hostname>.<domainname>:443 -showcerts \ | sed -n '/BEGIN CERTIFICATE/,/END CERTIFICATE/p' > tls.crt
For example, use the
openssl
command to extract the certificate from theminio
service in theminio-ns
namespace on a IBM Storage Fusion cluster.openssl s_client -connect minio-minio-ns.apps.myfusionhostname.mydomain:443 -showcerts \ | sed -n '/BEGIN CERTIFICATE/,/END CERTIFICATE/p' > tls.crt
- Run the oc command to create a generic secret in the IBM Storage Fusion namespace using the
tls.crt
file.oc create secret generic <secret-name> --type=opaque --from-file=tls.crt -n <fusion-namespace>
For example, in the default IBM Storage Fusion namespaceibm-spectrum-fusion-ns
.oc create secret generic minio-cert-secret --type=opaque --from-file=tls.crt -n ibm-spectrum-fusion-ns
Note: Make a note of this secret name. You need it to create a backup storage location.