Hi Hydra, I am trying to start Hydra in minikube ...
# talk-hydra
w
Hi Hydra, I am trying to start Hydra in minikube with TLS and using a k8s secret I created self-signed certificate, created a secret and did a base64 conversion using cat hydra.crt | base64 cat hydra.key | base64 Then I read the key/cert using - name: SERVE_TLS_CERT_BASE64 valueFrom: secretKeyRef: name: hydra-tls key: CRT - name: SERVE_TLS_KEY_BASE64 valueFrom: secretKeyRef: name: hydra-tls key: KEY Hydra errors out with ^-- “-----BEGIN CERTIFICATE-----\nMIIDATCCAemgAwIBAgIUJEsaP9FpiCguv1tZq6YtsOXmmr4wDQYJKoZIhvcNAQEL\nBQAwEDEOMAwGA1UEAwwFaHlkcmEwHhcNMjIwNTEyMTMxMTE3WhcNMjMwNTEyMTMx\nMTE3WjAQMQ4wDAYDVQQDDAVoeWRyYTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC\nAQoCggEBANyAGCxLnpkIxJGVwpNrVZVPZCMJUnpdbQMUzR4VeVNYuoXtP2FwhLVJ\nAYUBKghipEvVrTYdWmd9VKeDUbiY0ZHSmAT49UQlLv0PULCnsVIEndFW2Re7pSmH\nUdp2WeauKSM0Fu9WsL7aLxq7H3o/gSCLMmVZcSetjl3DqNLxQwe7WEbzeewfv6ZO\nWFOZpE0nYzymI7P6x3LQxl8MPl2XU+TRWzrrJgoaFL39kRepXb7+YHbrMFoiPCen\nCiVuuBuHSWAptwU+otyJMuZrEM+vurlzZViSeay0r/iBNR/jNzsC3UTovdaSxdDe\n8ybnFdmU7R85goCLW8ImEQBp+ytNWCsCAwEAAaNTMFEwHQYDVR0OBBYEFKKLWBZV\nawGebGDFfNan8MwBgz1MMB8GA1UdIwQYMBaAFKKLWBZVawGebGDFfNan8MwBgz1M\nMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBANWLPNzNDzqKXkwK\nTrC5wPxcLM/66lk5IAY7obLaDslP8FO4vfLJHcp6w82U7H/uyvZPWzohsuM8H1I7\nC5/sPO0u45ZeYnYZV+yBl5BM0MalDPfru0lUf9KBzJFbpCfDXECIaAcVTgdBegi1\nqTtOnbTOiHSxqaq4aaprzEDChtumcsczFi1gxBuW4QmdrQ0mVjmqjE0qtwO+bhw1\ngEG0+j5hhu8NLcw4CU87U4RBrtV7feS8ojsacjyT6eXLVtHXZAgMBSbvKmugpwKC\nelZSwBA7jNiEI8fq88iNKSp/rHT6ui7IrY/zjQL/eec+kA5s1BH0Aip6BOfWik9z\nyHfWjko=\n-----END CERTIFICATE-----\n” is not base64 encoded time=2022-05-15T182005Z level=fatal msg=Unable to instantiate configuration. audience=application error=map[message:I[#/serve/tls] S[#/properties/serve/properties/tls/$ref] doesn’t validate with “#/definitions/tls_config” I[#/serve/tls] S[#/definitions/tls_config] validation failed I[#/serve/tls/key] S[#/definitions/tls_config/properties/key/allOf/0] allOf failed I[#/serve/tls/key] S[#/definitions/tls_config/properties/key/allOf/0/$ref] doesn’t validate with “#/definitions/pem_file” I[#/serve/tls/key] S[#/definitions/pem_file/oneOf] oneOf failed I[#/serve/tls/key] S[#/definitions/pem_file/oneOf/0] validation failed I[#/serve/tls/key] S[#/definitions/pem_file/oneOf/0/required] missing properties: “path” I[#/serve/tls/key] S[#/definitions/pem_file/oneOf/0/additionalProperties] additionalProperties “base64” not allowed
p
Hi @worried-rain-90392 the error seems to be that the string is not base64. also try adding it with the prefix base64
base64://<your encoding>
w
Hi, thanks for this, that was the problem. What I had to do was to get the cert/key TLS files into k8s as a k8s Secret. Then mount them as Files from secrets. Then load them up (running base64) as given here on the Pod https://www.ory.sh/docs/hydra/guides/ssl-https-tls