start minio server with tls

[clyang82]

Signed-off-by: clyang82 [email protected]

• I added CHANGELOG entry for this change.
• Change is not relevant to the end user.

Changes

Enable e2e connect MinIO with TLS enabled：

• Generate certs for MinIO TLS
• Update S3 Configure to have tls_config field

part of #4820

Verification

[clyang82]

/assign @yeya24 Please take a look. Thanks.

[matej-g]

I'm wondering if this could not increase flakiness somewhere down the road, since we'll be assuming minio is ready straight away 🤔. Could we try to do the readiness probe with the workaround I described in that commented issue?

[clyang82]

Do you mean try to do the readiness probe with the workaround here? I think we should support this feature in efficientgo/e2e and then update here.

[matej-g]

I'm not sure how soon that will be fixed in the upstream, but the flakiness could be immediate. I would agree with either solution (workaround or fix it upstream) as long as it can be done ASAP.

[clyang82]

@matej-g please look at the fix in upstream - efficientgo/e2e#19
I also have a workaround for the readiness probe so that we can merge it this PR firstly. I can open another PR once the upstream fix is acceptable.

[matej-g]

Awesome! Thanks a ton for addressing my concern, this is looking good now 👍. We can replace it with proper option once it lands in the upstream.

[matej-g]

This now looks ready to me, I'm just not sure about the test failure, I cannot tell if it's related or not. Otherwise looking good to go 😊.

[clyang82]

This now looks ready to me, I'm just not sure about the test failure, I cannot tell if it's related or not. Otherwise looking good to go 😊.

Thanks @matej-g . I did test in my local environment. it works well. so it seems it is not related with my fix.

[matej-g]

Thanks @matej-g . I did test in my local environment. it works well. so it seems it is not related with my fix.

From logs it seems the issue is with minio server not being ready, see:

2022-01-10T09:50:19.7465904Z 09:50:19 store-gw-1: level=info name=store-gw-1 ts=2022-01-10T09:50:19.741901135Z caller=grpc.go:131 service=gRPC/server component=store msg="listening for serving gRPC" address=:9091
2022-01-10T09:50:19.7468549Z 09:50:19 store-gw-1: level=info name=store-gw-1 ts=2022-01-10T09:50:19.742995743Z caller=http.go:93 service=http/server component=store msg="internal server is shutdown gracefully" err="bucket store initial sync: sync block: BaseFetcher: iter bucket: Server not initialized, please try again."

Since we're touching the readiness probe, I'm wondering if this is having any effect or the minio readiness is still flaky even in current main with the workaround 🤔. Perhaps rerunning the tests on this PR and seeing if they succeed would help us tell.

[clyang82]

It passes the thanos end-to-end tests by adding sleep 1 to fix the flakiness of minio. I will update once the upstream PR is merged. so this PR is ready for reviewing again. Thanks.

[matej-g]

🏆

[clyang82]

@GiedriusS Can you help to review again? Thanks.

[yeya24]

LGTM

[clyang82]

Thank you @yeya24