-
Notifications
You must be signed in to change notification settings - Fork 8.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Error generating self-signed certificate: could not create temp pem file /etc/ingress-controller/ssl/default-fake-certificate.pem #3589
Comments
@4220182 are you mounting a volume in |
I made a mistake, I used a custom image, thank‘s |
I have the same problem. I used "quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.20.0" |
@DONSEND you should not be using such a version due to all the NGINX CVEs. Please update to 0.26.1 |
I will try, |
I solved my problem. Thank you. |
How did you solve the problem? |
This issue still affects me. @aledbf I just tried updating the image to 0.26.1, but it made no difference. I stumbled across #4061 and the most recent comment from @mcambal says: "There is a breaking change in the default of runAsUser attribute due to migration to Alpine linux." Is there a work around? |
Update to 0.28.0 and make sure to update the deployment |
Worked perfectly with version 0.28.0. I'll submit a bug report to ForgeRock about this for v6.5.2 (stable) release. Since it doesn't have the right version in there. Thank you so much! |
This is due to a bug in Kubernetes / Alpine Linux / Nginx controller and user permissions. The fix is to use `--set controller.image.tag="0.28.0"` in `eks-create-ingress-cntlr.sh`. Issue was found using: $ kubectl -n nginx logs nginx-nginx-ingress-controller-7ff86667cb-clnnr ------------------------------------------------------------------------------- NGINX Ingress controller Release: 0.21.0 Build: git-b65b85cd9 Repository: https://github.com/aledbf/ingress-nginx ------------------------------------------------------------------------------- I0130 10:59:19.037531 8 flags.go:176] Watching for Ingress class: nginx nginx version: nginx/1.15.6 W0130 10:59:19.040927 8 client_config.go:548] Neither --kubeconfig nor --master was specified. Using the inClusterConfig. This might not work. I0130 10:59:19.041146 8 main.go:196] Creating API client for https://10.100.0.1:443 I0130 10:59:19.049909 8 main.go:240] Running in Kubernetes cluster version v1.14+ (v1.14.9-eks-c0eccc) - git (clean) commit c0eccca51d7500bb03b2f163dd8d534ffeb2f7a2 - platform linux/amd64 I0130 10:59:19.054206 8 main.go:101] Validated nginx/nginx-nginx-ingress-default-backend as the default backend. F0130 10:59:19.213212 8 main.go:115] Error generating self-signed certificate: could not create temp pem file /etc/ingress-controller/ssl/default-fake-certificate.pem: open /etc/ingress-controller/ssl/default-fake-certificate.pem970979531: permission denied This particular problem is quite common, see: kubernetes/ingress-nginx#3589
This is due to a bug in Kubernetes / Alpine Linux / Nginx controller and user permissions. The fix is to use `--set controller.image.tag="0.28.0"` in `eks-create-ingress-cntlr.sh`. Issue was found using: $ kubectl -n nginx logs nginx-nginx-ingress-controller-7ff86667cb-clnnr ------------------------------------------------------------------------------- NGINX Ingress controller Release: 0.21.0 Build: git-b65b85cd9 Repository: https://github.com/aledbf/ingress-nginx ------------------------------------------------------------------------------- I0130 10:59:19.037531 8 flags.go:176] Watching for Ingress class: nginx nginx version: nginx/1.15.6 W0130 10:59:19.040927 8 client_config.go:548] Neither --kubeconfig nor --master was specified. Using the inClusterConfig. This might not work. I0130 10:59:19.041146 8 main.go:196] Creating API client for https://10.100.0.1:443 I0130 10:59:19.049909 8 main.go:240] Running in Kubernetes cluster version v1.14+ (v1.14.9-eks-c0eccc) - git (clean) commit c0eccca51d7500bb03b2f163dd8d534ffeb2f7a2 - platform linux/amd64 I0130 10:59:19.054206 8 main.go:101] Validated nginx/nginx-nginx-ingress-default-backend as the default backend. F0130 10:59:19.213212 8 main.go:115] Error generating self-signed certificate: could not create temp pem file /etc/ingress-controller/ssl/default-fake-certificate.pem: open /etc/ingress-controller/ssl/default-fake-certificate.pem970979531: permission denied This particular problem is quite common, see: kubernetes/ingress-nginx#3589
This is due to a bug in Kubernetes / Alpine Linux / Nginx controller and user permissions. The fix is to use `--set controller.image.tag="0.28.0"` in `eks-create-ingress-cntlr.sh`. Issue was found using: $ kubectl -n nginx logs nginx-nginx-ingress-controller-7ff86667cb-clnnr ------------------------------------------------------------------------------- NGINX Ingress controller Release: 0.21.0 Build: git-b65b85cd9 Repository: https://github.com/aledbf/ingress-nginx ------------------------------------------------------------------------------- I0130 10:59:19.037531 8 flags.go:176] Watching for Ingress class: nginx nginx version: nginx/1.15.6 W0130 10:59:19.040927 8 client_config.go:548] Neither --kubeconfig nor --master was specified. Using the inClusterConfig. This might not work. I0130 10:59:19.041146 8 main.go:196] Creating API client for https://10.100.0.1:443 I0130 10:59:19.049909 8 main.go:240] Running in Kubernetes cluster version v1.14+ (v1.14.9-eks-c0eccc) - git (clean) commit c0eccca51d7500bb03b2f163dd8d534ffeb2f7a2 - platform linux/amd64 I0130 10:59:19.054206 8 main.go:101] Validated nginx/nginx-nginx-ingress-default-backend as the default backend. F0130 10:59:19.213212 8 main.go:115] Error generating self-signed certificate: could not create temp pem file /etc/ingress-controller/ssl/default-fake-certificate.pem: open /etc/ingress-controller/ssl/default-fake-certificate.pem970979531: permission denied This particular problem is quite common, see: kubernetes/ingress-nginx#3589
This is due to a bug in Kubernetes / Alpine Linux / Nginx controller and user permissions. The fix is to use `--set controller.image.tag="0.28.0"` in `eks-create-ingress-cntlr.sh`. Issue was found using: $ kubectl -n nginx logs nginx-nginx-ingress-controller-7ff86667cb-clnnr ------------------------------------------------------------------------------- NGINX Ingress controller Release: 0.21.0 Build: git-b65b85cd9 Repository: https://github.com/aledbf/ingress-nginx ------------------------------------------------------------------------------- I0130 10:59:19.037531 8 flags.go:176] Watching for Ingress class: nginx nginx version: nginx/1.15.6 W0130 10:59:19.040927 8 client_config.go:548] Neither --kubeconfig nor --master was specified. Using the inClusterConfig. This might not work. I0130 10:59:19.041146 8 main.go:196] Creating API client for https://10.100.0.1:443 I0130 10:59:19.049909 8 main.go:240] Running in Kubernetes cluster version v1.14+ (v1.14.9-eks-c0eccc) - git (clean) commit c0eccca51d7500bb03b2f163dd8d534ffeb2f7a2 - platform linux/amd64 I0130 10:59:19.054206 8 main.go:101] Validated nginx/nginx-nginx-ingress-default-backend as the default backend. F0130 10:59:19.213212 8 main.go:115] Error generating self-signed certificate: could not create temp pem file /etc/ingress-controller/ssl/default-fake-certificate.pem: open /etc/ingress-controller/ssl/default-fake-certificate.pem970979531: permission denied This particular problem is quite common, see: kubernetes/ingress-nginx#3589
The text was updated successfully, but these errors were encountered: