Error generating self-signed certificate: could not create temp pem file /etc/ingress-controller/ssl/default-fake-certificate.pem #3589
Comments
|
@4220182 are you mounting a volume in |
|
I made a mistake, I used a custom image, thank‘s |
|
I have the same problem. I used "quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.20.0" |
|
@DONSEND you should not be using such a version due to all the NGINX CVEs. Please update to 0.26.1 |
|
I will try, |
|
I solved my problem. Thank you. |
How did you solve the problem? |
|
This issue still affects me. @aledbf I just tried updating the image to 0.26.1, but it made no difference. I stumbled across #4061 and the most recent comment from @mcambal says: "There is a breaking change in the default of runAsUser attribute due to migration to Alpine linux." Is there a work around? |
Update to 0.28.0 and make sure to update the deployment |
Worked perfectly with version 0.28.0. I'll submit a bug report to ForgeRock about this for v6.5.2 (stable) release. Since it doesn't have the right version in there. Thank you so much! |
MartynRussell-Kcom
pushed a commit
to curlybeast/forgeops
that referenced
this issue
Jan 30, 2020
This is due to a bug in Kubernetes / Alpine Linux / Nginx controller and
user permissions. The fix is to use `--set controller.image.tag="0.28.0"`
in `eks-create-ingress-cntlr.sh`.
Issue was found using:
$ kubectl -n nginx logs nginx-nginx-ingress-controller-7ff86667cb-clnnr
-------------------------------------------------------------------------------
NGINX Ingress controller
Release: 0.21.0
Build: git-b65b85cd9
Repository: https://github.com/aledbf/ingress-nginx
-------------------------------------------------------------------------------
I0130 10:59:19.037531 8 flags.go:176] Watching for Ingress class: nginx
nginx version: nginx/1.15.6
W0130 10:59:19.040927 8 client_config.go:548] Neither --kubeconfig nor --master was specified. Using the inClusterConfig. This might not work.
I0130 10:59:19.041146 8 main.go:196] Creating API client for https://10.100.0.1:443
I0130 10:59:19.049909 8 main.go:240] Running in Kubernetes cluster version v1.14+ (v1.14.9-eks-c0eccc) - git (clean) commit c0eccca51d7500bb03b2f163dd8d534ffeb2f7a2 - platform linux/amd64
I0130 10:59:19.054206 8 main.go:101] Validated nginx/nginx-nginx-ingress-default-backend as the default backend.
F0130 10:59:19.213212 8 main.go:115] Error generating self-signed certificate: could not create temp pem file /etc/ingress-controller/ssl/default-fake-certificate.pem: open /etc/ingress-controller/ssl/default-fake-certificate.pem970979531: permission denied
This particular problem is quite common, see:
kubernetes/ingress-nginx#3589
MartynRussell-Kcom
pushed a commit
to curlybeast/forgeops
that referenced
this issue
Feb 3, 2020
This is due to a bug in Kubernetes / Alpine Linux / Nginx controller and
user permissions. The fix is to use `--set controller.image.tag="0.28.0"`
in `eks-create-ingress-cntlr.sh`.
Issue was found using:
$ kubectl -n nginx logs nginx-nginx-ingress-controller-7ff86667cb-clnnr
-------------------------------------------------------------------------------
NGINX Ingress controller
Release: 0.21.0
Build: git-b65b85cd9
Repository: https://github.com/aledbf/ingress-nginx
-------------------------------------------------------------------------------
I0130 10:59:19.037531 8 flags.go:176] Watching for Ingress class: nginx
nginx version: nginx/1.15.6
W0130 10:59:19.040927 8 client_config.go:548] Neither --kubeconfig nor --master was specified. Using the inClusterConfig. This might not work.
I0130 10:59:19.041146 8 main.go:196] Creating API client for https://10.100.0.1:443
I0130 10:59:19.049909 8 main.go:240] Running in Kubernetes cluster version v1.14+ (v1.14.9-eks-c0eccc) - git (clean) commit c0eccca51d7500bb03b2f163dd8d534ffeb2f7a2 - platform linux/amd64
I0130 10:59:19.054206 8 main.go:101] Validated nginx/nginx-nginx-ingress-default-backend as the default backend.
F0130 10:59:19.213212 8 main.go:115] Error generating self-signed certificate: could not create temp pem file /etc/ingress-controller/ssl/default-fake-certificate.pem: open /etc/ingress-controller/ssl/default-fake-certificate.pem970979531: permission denied
This particular problem is quite common, see:
kubernetes/ingress-nginx#3589
MartynRussell-Kcom
pushed a commit
to curlybeast/forgeops
that referenced
this issue
Feb 5, 2020
This is due to a bug in Kubernetes / Alpine Linux / Nginx controller and
user permissions. The fix is to use `--set controller.image.tag="0.28.0"`
in `eks-create-ingress-cntlr.sh`.
Issue was found using:
$ kubectl -n nginx logs nginx-nginx-ingress-controller-7ff86667cb-clnnr
-------------------------------------------------------------------------------
NGINX Ingress controller
Release: 0.21.0
Build: git-b65b85cd9
Repository: https://github.com/aledbf/ingress-nginx
-------------------------------------------------------------------------------
I0130 10:59:19.037531 8 flags.go:176] Watching for Ingress class: nginx
nginx version: nginx/1.15.6
W0130 10:59:19.040927 8 client_config.go:548] Neither --kubeconfig nor --master was specified. Using the inClusterConfig. This might not work.
I0130 10:59:19.041146 8 main.go:196] Creating API client for https://10.100.0.1:443
I0130 10:59:19.049909 8 main.go:240] Running in Kubernetes cluster version v1.14+ (v1.14.9-eks-c0eccc) - git (clean) commit c0eccca51d7500bb03b2f163dd8d534ffeb2f7a2 - platform linux/amd64
I0130 10:59:19.054206 8 main.go:101] Validated nginx/nginx-nginx-ingress-default-backend as the default backend.
F0130 10:59:19.213212 8 main.go:115] Error generating self-signed certificate: could not create temp pem file /etc/ingress-controller/ssl/default-fake-certificate.pem: open /etc/ingress-controller/ssl/default-fake-certificate.pem970979531: permission denied
This particular problem is quite common, see:
kubernetes/ingress-nginx#3589
MartynRussell-Kcom
pushed a commit
to curlybeast/forgeops
that referenced
this issue
Feb 7, 2020
This is due to a bug in Kubernetes / Alpine Linux / Nginx controller and
user permissions. The fix is to use `--set controller.image.tag="0.28.0"`
in `eks-create-ingress-cntlr.sh`.
Issue was found using:
$ kubectl -n nginx logs nginx-nginx-ingress-controller-7ff86667cb-clnnr
-------------------------------------------------------------------------------
NGINX Ingress controller
Release: 0.21.0
Build: git-b65b85cd9
Repository: https://github.com/aledbf/ingress-nginx
-------------------------------------------------------------------------------
I0130 10:59:19.037531 8 flags.go:176] Watching for Ingress class: nginx
nginx version: nginx/1.15.6
W0130 10:59:19.040927 8 client_config.go:548] Neither --kubeconfig nor --master was specified. Using the inClusterConfig. This might not work.
I0130 10:59:19.041146 8 main.go:196] Creating API client for https://10.100.0.1:443
I0130 10:59:19.049909 8 main.go:240] Running in Kubernetes cluster version v1.14+ (v1.14.9-eks-c0eccc) - git (clean) commit c0eccca51d7500bb03b2f163dd8d534ffeb2f7a2 - platform linux/amd64
I0130 10:59:19.054206 8 main.go:101] Validated nginx/nginx-nginx-ingress-default-backend as the default backend.
F0130 10:59:19.213212 8 main.go:115] Error generating self-signed certificate: could not create temp pem file /etc/ingress-controller/ssl/default-fake-certificate.pem: open /etc/ingress-controller/ssl/default-fake-certificate.pem970979531: permission denied
This particular problem is quite common, see:
kubernetes/ingress-nginx#3589
|
Just in case this helps someone else: For anyone who has this permission error when using WSL2 and/or Rancher Desktop, I was able to resolve it by performing a Note: This will reset all configurations. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The text was updated successfully, but these errors were encountered: