}

    upstream console {
        ip_hash;
        server minio1:9001;
        server minio2:9001;
        server minio3:9001;
        server minio4:9001;
        server minio5:9001;
        server minio6:9001;
        server minio7:9001;
        server minio8:9001;
    }

    server {
        listen       9000;
        listen  [::]:9000;
        server_name  localhost;

	podIP := netip.MustParseAddr("99.9.9.1")
	podIPs := []netip.Addr{podIP}

	server := &fakeServer{}
	server.On("AddPodToMesh",
		fakeCtx,
		pod,
		podIPs,
		"",
	).Return(nil)

	server.Start(fakeCtx)

	fakeIPSetDeps := ipset.FakeNLDeps()
	set := ipset.IPSet{V4Name: "foo-v4", Prefix: "foo", Deps: fakeIPSetDeps}

	m := getFakeDPWithIPSet(server, fakeClientSet, set)
	expectPodAddedToIPSet(fakeIPSetDeps, podIP, pod.ObjectMeta)

  @RegisterExtension @JvmField
  val platform = PlatformRule()

  @RegisterExtension @JvmField
  val clientTestRule = OkHttpClientTestRule()

  private lateinit var server: MockWebServer

  @BeforeEach
  fun setup(server: MockWebServer) {
    this.server = server

    // BCX509ExtendedTrustManager not supported in TlsUtil.newTrustManager
    platform.assumeNotBouncyCastle()
  }

  -
        - 'https://server-example-pool1:9000/mnt/disk{1...4}/'
        - 'https://server1-pool1:9000/mnt/disk{1...4}/'
        - 'https://server3-pool1:9000/mnt/disk{1...4}/'
        - 'https://server4-pool1:9000/mnt/disk{1...4}/'
  -
        - 'https://server-example-pool2:9000/mnt/disk{1...4}/'
        - 'https://server1-pool2:9000/mnt/disk{1...4}/'
        - 'https://server3-pool2:9000/mnt/disk{1...4}/'

      .build()
  private val executorService = Executors.newScheduledThreadPool(1)

  @BeforeEach
  fun setUp(server: MockWebServer) {
    this.server = server
    platform.assumeNotOpenJSSE()
    platform.assumeHttp2Support()
  }

  @AfterEach
  fun tearDown() {
    executorService.shutdown()
  }

  @Test
  @Throws(IOException::class)
  fun http1DoesntSupportDuplex() {

	[ ${first_time} -ne 0 ] && sleep 120

	if ! ps -p $pid1 1>&2 >/dev/null; then
		echo "minio server 1 is not running" && fail
	fi

	if ! ps -p $pid2 1>&2 >/dev/null; then
		echo "minio server 2 is not running" && fail
	fi

	if ! ps -p $pid3 1>&2 >/dev/null; then
		echo "minio server 3 is not running" && fail
	fi

	if ! pkill minio; then
		fail
	fi

	sleep 1
	if pgrep minio; then

The scrape configurations should use all the servers under `targets` so that graphing systems like
grafana can visualize them for all the nodes

```yaml
scrape_configs:
- job_name: minio-job
  metrics_path: /minio/v2/metrics/node
  scheme: http
  static_configs:
  - targets: ['server1:9000','server2:9000','server3:9000','server4:9000']
```

        },
        "definition": "label_values(minio_node_drive_total,server)",
        "hide": 0,
        "includeAll": false,
        "label": "Server",
        "multi": false,
        "name": "server",
        "options": [],
        "query": {
          "qryType": 1,
          "query": "label_values(minio_node_drive_total,server)",
          "refId": "PrometheusVariableQueryEditor-VariableQuery"
        },

Recommendations
---------------

Typically servers need a held certificate plus a chain of intermediates. Servers only need the
private key for their own certificate. The chain served by a server doesn't need the root
certificate.

The trusted roots don't need to be the same for client and server when using client authentication.
Clients might rely on the platform certificates and servers might use a private

    - [Client Binaries](#client-binaries-15)
    - [Server Binaries](#server-binaries-15)
    - [Node Binaries](#node-binaries-15)
  - [Changelog since v1.17.1](#changelog-since-v1171)
- [v1.17.1](#v1171)
  - [Downloads for v1.17.1](#downloads-for-v1171)
    - [Client Binaries](#client-binaries-16)
    - [Server Binaries](#server-binaries-16)
    - [Node Binaries](#node-binaries-16)