Unable to bypass/configure SSL validation for S3 endpoints used for snapshots

[mircea-pavel-anton]

Describe the bug

I have a dragonfly instance deployed in my Kubernetes cluster and I am trying to configure snapshots to an S3 endpoint hosted on a MinIO instance.

The ingress object for the MniIO instance uses a certificate signed by an internal CA, not publicly trusted. This causes the dragonfly snapshot to fail on the SSL verification step and not taking any snapshots.

To Reproduce

Steps to reproduce the behavior:

1. Deploy a MinIO instance with a TLS cert signed by a custom CA
2. Deploy a Dragonfly instance that attempts to push snapshots to that MinIO instance
3. See error on TLS verification

Expected behavior
I would expect to be able to somehow either:

• disable SSL verification so I can bypass this error,
• configure a custom certificate for the SSL verification so I can make my minio cert trusted

Environment (please complete the following information):

• Containerized?: yes. Issue spotted in Kubernetes, troubleshooting was done via Docker
• Dragonfly Version: 1.25.5

Additional context
I think this is a fairly common setup for corporate environments, having an internal CA that is not publicly trusted.

[romange]

@andydunstall not urgent at all but sounds like something you may solve quicker than others.

[mircea-pavel-anton]

@romange just to be clear, this is blocking in the sense that I can't snapshot and restore my dragonfly instance at all.

No snapshots make it through

While I wouldn't necessarily say this is critical, I don't know if I'd call it minor either