Ingress-nginx: Error generating self-signed certificate: could not create temp pem file /etc/ingress-controller/ssl/default-fake-certificate.pem

Created on 20 Dec 2018  路  10Comments  路  Source: kubernetes/ingress-nginx 
$ kubectl get po -n ingress-nginx
NAME                                        READY     STATUS             RESTARTS   AGE
nginx-ingress-controller-85df774dd4-clgp8   0/1       CrashLoopBackOff   1          11s

$ kubectl logs nginx-ingress-controller-85df774dd4-clgp8 -n ingress-nginx
-------------------------------------------------------------------------------
NGINX Ingress controller
  Release:    0.21.0
  Build:      b65b85cd9
  Repository: https://github.com/kubernetes/ingress-nginx
-------------------------------------------------------------------------------

W1220 13:48:40.371481       1 flags.go:209] SSL certificate chain completion is disabled (--enable-ssl-chain-completion=false)
nginx version: nginx/1.15.6
W1220 13:48:40.373794       1 client_config.go:548] Neither --kubeconfig nor --master was specified.  Using the inClusterConfig.  This might not work.
I1220 13:48:40.374074       1 main.go:196] Creating API client for https://10.254.0.1:443
I1220 13:48:40.395039       1 main.go:240] Running in Kubernetes cluster version v1.9 (v1.9.11) - git (clean) commit 1bfeeb6f212135a22dc787b73e1980e5bccef13d - platform linux/amd64
F1220 13:48:40.658544       1 main.go:115] Error generating self-signed certificate: could not create temp pem file /etc/ingress-controller/ssl/default-fake-certificate.pem: open /etc/ingress-controller/ssl/default-fake-certificate.pem237497501: permission denied
picture 4220182

Most helpful comment

Is there a work around?

Update to 0.28.0 and make sure to update the deployment runAsUser: 33 to runAsUser: 101

picture aledbf on 30 Jan 2020
👍6 🚀2 🎉2

All 10 comments

@4220182 are you mounting a volume in /etc/ingress-controller/ssl/ or a parent directory?
Are you using a custom image?

aledbf picture aledbf on 20 Dec 2018

I made a mistake, I used a custom image,
I re-use quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.21.0 and there is no error.

thank鈥榮

4220182 picture 4220182 on 21 Dec 2018

I have the same problem. I used "quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.20.0"

donsenD picture donsenD on 22 Oct 2019

@donsenD you should not be using such a version due to all the NGINX CVEs. Please update to 0.26.1

aledbf picture aledbf on 22 Oct 2019

I will try,

donsenD picture donsenD on 23 Oct 2019

I solved my problem. Thank you.

donsenD picture donsenD on 23 Oct 2019

I solved my problem. Thank you.

How did you solve the problem?

OryanOmer picture OryanOmer on 23 Oct 2019

This issue still affects me. @aledbf I just tried updating the image to 0.26.1, but it made no difference. I stumbled across #4061 and the most recent comment from @mcambal says:

"There is a breaking change in the default of runAsUser attribute due to migration to Alpine linux."

Is there a work around?

MartynRussell-Kcom picture MartynRussell-Kcom on 30 Jan 2020

Is there a work around?

Update to 0.28.0 and make sure to update the deployment runAsUser: 33 to runAsUser: 101

aledbf picture aledbf on 30 Jan 2020
👍6 🚀2 🎉2

Is there a work around?

Update to 0.28.0 and make sure to update the deployment runAsUser: 33 to runAsUser: 101

Worked perfectly with version 0.28.0.

I'll submit a bug report to ForgeRock about this for v6.5.2 (stable) release. Since it doesn't have the right version in there.

Thank you so much!

MartynRussell-Kcom picture MartynRussell-Kcom on 30 Jan 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

silasbw picture silasbw  路  3Comments
cxj110 picture cxj110  路  3Comments
oilbeater picture oilbeater  路  3Comments
whereisaaron picture whereisaaron  路  3Comments
juliohm1978 picture juliohm1978  路  3Comments