[英]unexpected error storing fake SSL Cert: could not create PEM certificate
-------------------------------------------------------------------------------
NGINX Ingress controller
Release: 0.26.1
Build: git-2de5a893a
Repository: https://github.com/kubernetes/ingress-nginx
nginx version: openresty/1.15.8.2
-------------------------------------------------------------------------------
W0719 06:58:01.543840 6 flags.go:243] SSL certificate chain completion is disabled (--enable-ssl-chain-completion=false)
W0719 06:58:01.544045 6 client_config.go:541] Neither --kubeconfig nor --master was specified. Using the inClusterConfig. This might not work.
I0719 06:58:01.544341 6 main.go:182] Creating API client for https://10.233.0.1:443
I0719 06:58:01.558257 6 main.go:226] Running in Kubernetes cluster version v1.16 (v1.16.3) - git (clean) commit b3cbbae08ec52a7fc73d334838e18d17e8512749 - platform linux/amd64
F0719 06:58:01.857260 6 ssl.go:389] unexpected error storing fake SSL Cert: could not create PEM certificate file /etc/ingress-controller/ssl/default-fake-certificate.pem: open /etc/ingress-controller/ssl/default-fake-certificate.pem: permission denied
I am a Chinese,I can speak English just little。Welcome to help answer我是中国人,我会说一点英文。欢迎帮忙解答
MountVolume.SetUp failed for volume "ingress-nginx-token-w8mq2" : failed to sync secret cache: timed out waiting for the condition MountVolume.SetUp 卷“ingress-nginx-token-w8mq2”失败:无法同步秘密缓存:等待条件超时
NAME READY STATUS RESTARTS AGE
ingress-nginx-controller-7p77g 1/1 Running 0 3h19m
ingress-nginx-controller-9cwzt 0/1 CrashLoopBackOff 2 12m
ingress-nginx-controller-qbww8 1/1 Running 0 3h19m
If I understand your problem correctly, you can solve it by adding runAsUser
directive in the SecurityContext
in your yaml file.如果我正确理解您的问题,您可以通过在 yaml 文件的
SecurityContext
中添加runAsUser
指令来解决它。 Look at the example yaml:看例子yaml:
securityContext:
runAsUser: 1000
runAsGroup: 3000
fsGroup: 2000
fsGroupChangePolicy: "OnRootMismatch"
Here you can find completely guide about security context in Kuberenetes. 在这里你可以找到关于 Kuberenetes 安全上下文的完整指南。 You need to put in a user ID that has permission to create the certificate.
您需要输入有权创建证书的用户 ID。
See also:也可以看看:
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.