stackoom
  简体   繁体   中英

unexpected error storing fake SSL Cert: could not create PEM certificate

 原文  2021-07-19 09:56:57       nginx/ ssl/ kubernetes

Question

-------------------------------------------------------------------------------
NGINX Ingress controller
  Release:       0.26.1
  Build:         git-2de5a893a
  Repository:    https://github.com/kubernetes/ingress-nginx
  nginx version: openresty/1.15.8.2

-------------------------------------------------------------------------------

W0719 06:58:01.543840       6 flags.go:243] SSL certificate chain completion is disabled (--enable-ssl-chain-completion=false)
W0719 06:58:01.544045       6 client_config.go:541] Neither --kubeconfig nor --master was specified.  Using the inClusterConfig.  This might not work.
I0719 06:58:01.544341       6 main.go:182] Creating API client for https://10.233.0.1:443
I0719 06:58:01.558257       6 main.go:226] Running in Kubernetes cluster version v1.16 (v1.16.3) - git (clean) commit b3cbbae08ec52a7fc73d334838e18d17e8512749 - platform linux/amd64
F0719 06:58:01.857260       6 ssl.go:389] unexpected error storing fake SSL Cert: could not create PEM certificate file /etc/ingress-controller/ssl/default-fake-certificate.pem: open /etc/ingress-controller/ssl/default-fake-certificate.pem: permission denied

1. my ingress-controller has 3 replicas ,but 2 replicas are normal,1 replica is excption。

I am a Chinese,I can speak English just little。Welcome to help answer

1 answers

solution1
 0  2021-07-20 02:14:15

MountVolume.SetUp failed for volume "ingress-nginx-token-w8mq2" : failed to sync secret cache: timed out waiting for the condition 

NAME                             READY   STATUS             RESTARTS   AGE
ingress-nginx-controller-7p77g   1/1     Running            0          3h19m
ingress-nginx-controller-9cwzt   0/1     CrashLoopBackOff   2          12m
ingress-nginx-controller-qbww8   1/1     Running            0          3h19m

solution2
 0  2021-07-21 08:19:05

If I understand your problem correctly, you can solve it by adding runAsUser directive in the SecurityContext in your yaml file. Look at the example yaml:

securityContext:
  runAsUser: 1000
  runAsGroup: 3000
  fsGroup: 2000
  fsGroupChangePolicy: "OnRootMismatch"

Here you can find completely guide about security context in Kuberenetes. You need to put in a user ID that has permission to create the certificate.

See also:

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question No such file or directory: /etc/ssl/certs/example-cert.pem nginx ingress - unexpected error generating SSL certificate with full intermediate chain CA certs: Invalid certificate Does renewing SSL certificate require re-issuing the cert? SSL Certificate - nGinx - error 404 Custom nginx error page for “The SSL certificate error” StartSSL SSL certificate showing up as net::ERR_CERT_AUTHORITY_INVALID in browser Multiple SSL Cert Bundles? 400 Bad Request: The SSL certificate error SSL Error - Unable to verify the first certificate NGINX SSL certificate permission SSL error :0200100D:system
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM