0
-------------------------------------------------------------------------------
NGINX Ingress controller
  Release:       0.26.1
  Build:         git-2de5a893a
  Repository:    https://github.com/kubernetes/ingress-nginx
  nginx version: openresty/1.15.8.2

-------------------------------------------------------------------------------

W0719 06:58:01.543840       6 flags.go:243] SSL certificate chain completion is disabled (--enable-ssl-chain-completion=false)
W0719 06:58:01.544045       6 client_config.go:541] Neither --kubeconfig nor --master was specified.  Using the inClusterConfig.  This might not work.
I0719 06:58:01.544341       6 main.go:182] Creating API client for https://10.233.0.1:443
I0719 06:58:01.558257       6 main.go:226] Running in Kubernetes cluster version v1.16 (v1.16.3) - git (clean) commit b3cbbae08ec52a7fc73d334838e18d17e8512749 - platform linux/amd64
F0719 06:58:01.857260       6 ssl.go:389] unexpected error storing fake SSL Cert: could not create PEM certificate file /etc/ingress-controller/ssl/default-fake-certificate.pem: open /etc/ingress-controller/ssl/default-fake-certificate.pem: permission denied

1. my ingress-controller has 3 replicas ,but 2 replicas are normal,1 replica is excption。

I am a Chinese,I can speak English just little。Welcome to help answer

huyouba1
  • 21
  • 2
  • 3
    The error message contains the reason: `/etc/ingress-controller/ssl/default-fake-certificate.pem: permission denied` Hence the file permissions are not set correctly. – Robert Jul 19 '21 at 11:50

1 Answers1

0

If I understand your problem correctly, you can solve it by adding runAsUser directive in the SecurityContext in your yaml file. Look at the example yaml:

securityContext:
  runAsUser: 1000
  runAsGroup: 3000
  fsGroup: 2000
  fsGroupChangePolicy: "OnRootMismatch"

Here you can find completely guide about security context in Kuberenetes. You need to put in a user ID that has permission to create the certificate.

See also:

Mikołaj Głodziak
  • 4,775
  • 7
  • 28
  • Thank you very much for your reply. But I think this problem is very strange. There are three copies. Why are the other two normal and this one abnormal? – huyouba1 Jul 22 '21 at 02:47
  • I would have to see your yaml files. Please attach them to the question. – Mikołaj Głodziak Jul 22 '21 at 05:49
  • The file can't be posted on your comment directly. I'll post the file on the new comment. Please have a look – huyouba1 Jul 22 '21 at 06:41
  • 1
    You have posted an answer, not a comment. Please, remove it and edit your main question. – Mikołaj Głodziak Jul 22 '21 at 06:42
  • The list has been published in the answer – huyouba1 Jul 22 '21 at 06:51
  • This can not be. Answers are only for listing solutions. If you want to provide additional information, you need to edit the question. Your answers will likely be deleted by the moderators. – Mikołaj Głodziak Jul 22 '21 at 06:57
  • Sorry, because the list code is too long to write in the problem. Written in the question, the system judges that it is all code. But only in the answer. If you can, you can extract the list. After extraction, I will delete the list in the answer – huyouba1 Jul 22 '21 at 07:02
  • Unfortunately I am not able to edit the question. – Mikołaj Głodziak Jul 22 '21 at 07:04
  • My God, how can I send yaml to you – huyouba1 Jul 22 '21 at 07:06
  • I can't edit your questions just like that. Each change must be approved by the moderator or the author of the question. Currently, the edit queue is full. By the way, your problem should be solved in this question: https://stackoverflow.com/questions/64908290 – Mikołaj Głodziak Jul 22 '21 at 07:16
  • 1
    At present, the problem has been solved by non-technical means, and now it can't be reproduced. If there are problems in the future, I will try again with the method you provided. Thank you for your support – huyouba1 Jul 22 '21 at 07:22