Unable to upload cache to minio S3 server due to x509 unknown certificate authority
I'm running a self-hosted Minio S3 storage server, with a certificate signed by a private authority. Gitlab Runner is running the Kubernetes executor, and has the following cache settings:
[runners.cache] Type = "s3" ServerAddress = "minio.myserver.com" AccessKey = "minio-access-key" SecretKey = "minio-secret-key" BucketName = "gitlab-ci-cache"
The tests run fine, however at checking and updating cache, I get the following error:
FATAL: Get https://minio.myserver.com/gitlab-ci-cache/runner/b77179e5/project/6/master?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=ZTEPIPIRNBNNCYMSUCYV%2F20180618%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20180618T145218Z&X-Amz-Expires=3600&X-Amz-SignedHeaders=host&X-Amz-Signature=b78a9f63ba05cec3cf6655a50e27549ea0ff6816db50f83ba1316c9c2ce03378: x509: certificate signed by unknown authority
Which would be understandable as it is a private certificate authority. However, I have added said CA to the runner's alpine image, both as described in the documentation, and also with update-ca-certificates. That does work for reaching the Gitlab server itself as described, the cache still doesn't work though.
I've also added it to the test image (both docker:stable, and docker:stable-dind, as I'm running a docker-in-docker configuration) to no avail.
At this point I'm not entirely sure which container communicates with the S3 server, as all of them have the certificate authority installed, yet the error persists.
There should ideally be a way to provide the certificate authority for the S3 configuration, or barring that, worst case scenario, turn off SSL verification, or barring even that, some sort of documentation on how and where to import the certificate authority for cache uploading and downloading to work.