Hi Hydra,
I am trying to start Hydra in minikube ...
# talk-hydraw
worried-rain-90392
05/15/2022, 6:28 PMHi Hydra,
I am trying to start Hydra in minikube with TLS and using a k8s secret
I created self-signed certificate, created a secret and did a base64 conversion using
cat hydra.crt | base64
cat hydra.key | base64
Then I read the key/cert using
- name: SERVE_TLS_CERT_BASE64
valueFrom:
secretKeyRef:
name: hydra-tls
key: CRT
- name: SERVE_TLS_KEY_BASE64
valueFrom:
secretKeyRef:
name: hydra-tls
key: KEY
Hydra errors out with
^-- “-----BEGIN CERTIFICATE-----\nMIIDATCCAemgAwIBAgIUJEsaP9FpiCguv1tZq6YtsOXmmr4wDQYJKoZIhvcNAQEL\nBQAwEDEOMAwGA1UEAwwFaHlkcmEwHhcNMjIwNTEyMTMxMTE3WhcNMjMwNTEyMTMx\nMTE3WjAQMQ4wDAYDVQQDDAVoeWRyYTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC\nAQoCggEBANyAGCxLnpkIxJGVwpNrVZVPZCMJUnpdbQMUzR4VeVNYuoXtP2FwhLVJ\nAYUBKghipEvVrTYdWmd9VKeDUbiY0ZHSmAT49UQlLv0PULCnsVIEndFW2Re7pSmH\nUdp2WeauKSM0Fu9WsL7aLxq7H3o/gSCLMmVZcSetjl3DqNLxQwe7WEbzeewfv6ZO\nWFOZpE0nYzymI7P6x3LQxl8MPl2XU+TRWzrrJgoaFL39kRepXb7+YHbrMFoiPCen\nCiVuuBuHSWAptwU+otyJMuZrEM+vurlzZViSeay0r/iBNR/jNzsC3UTovdaSxdDe\n8ybnFdmU7R85goCLW8ImEQBp+ytNWCsCAwEAAaNTMFEwHQYDVR0OBBYEFKKLWBZV\nawGebGDFfNan8MwBgz1MMB8GA1UdIwQYMBaAFKKLWBZVawGebGDFfNan8MwBgz1M\nMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBANWLPNzNDzqKXkwK\nTrC5wPxcLM/66lk5IAY7obLaDslP8FO4vfLJHcp6w82U7H/uyvZPWzohsuM8H1I7\nC5/sPO0u45ZeYnYZV+yBl5BM0MalDPfru0lUf9KBzJFbpCfDXECIaAcVTgdBegi1\nqTtOnbTOiHSxqaq4aaprzEDChtumcsczFi1gxBuW4QmdrQ0mVjmqjE0qtwO+bhw1\ngEG0+j5hhu8NLcw4CU87U4RBrtV7feS8ojsacjyT6eXLVtHXZAgMBSbvKmugpwKC\nelZSwBA7jNiEI8fq88iNKSp/rHT6ui7IrY/zjQL/eec+kA5s1BH0Aip6BOfWik9z\nyHfWjko=\n-----END CERTIFICATE-----\n” is not base64 encoded
time=2022-05-15T182005Z level=fatal msg=Unable to instantiate configuration. audience=application error=map[message:I[#/serve/tls] S[#/properties/serve/properties/tls/$ref] doesn’t validate with “#/definitions/tls_config”
I[#/serve/tls] S[#/definitions/tls_config] validation failed
I[#/serve/tls/key] S[#/definitions/tls_config/properties/key/allOf/0] allOf failed
I[#/serve/tls/key] S[#/definitions/tls_config/properties/key/allOf/0/$ref] doesn’t validate with “#/definitions/pem_file”
I[#/serve/tls/key] S[#/definitions/pem_file/oneOf] oneOf failed
I[#/serve/tls/key] S[#/definitions/pem_file/oneOf/0] validation failed
I[#/serve/tls/key] S[#/definitions/pem_file/oneOf/0/required] missing properties: “path”
I[#/serve/tls/key] S[#/definitions/pem_file/oneOf/0/additionalProperties] additionalProperties “base64” not allowed
p
proud-plumber-24205
05/17/2022, 8:06 AMHi @worried-rain-90392
the error seems to be that the string is not base64.
also try adding it with the prefix base64
base64://<your encoding>proud-plumber-24205
05/17/2022, 8:08 AMMaybe also check https://www.ory.sh/docs/hydra/faq#how-can-i-import-tls-certificates
w
worried-rain-90392
05/17/2022, 9:27 PMHi, thanks for this, that was the problem. What I had to do was to get the cert/key TLS files into k8s as a k8s Secret. Then mount them as Files from secrets. Then load them up (running base64) as given here on the Pod https://www.ory.sh/docs/hydra/guides/ssl-https-tls