kubernetes/ingress-nginx

Unable to run ingress-controller with UID provided at runtime from runAsUser of securityContext

sravanith opened this issue · 3 comments

sravanith commented

What happened:

We are using customized ingress-nginx v1.10.1. We want ingress-controller to run with any user passed at run time from runAsUser of securityContext. Instead of 101 when i tried passing 401 to runAsUser pod failedto come up with permission issue as below
" unexpected error storing fake SSL Cert: could not create PEM certificate file /etc/ingress-controller/ssl/default-fake-certificate.pem: open /etc/ingress-controller/ssl/default-fake-certificate.pem: permission denied"

What you expected to happen:
ingress-controller should be able to run with any UID passed from runasUser.

NGINX Ingress controller version
NGINX Ingress controller
Release: 1.10.1
Build: git-be46124cc
Repository: https://github.com/kubernetes/ingress-nginx.git
nginx version: nginx/1.21.6

Kubernetes version
Client Version: v1.31.2
Kustomize Version: v5.4.2
Server Version: v1.29.1

k8s-ci-robot commented

This issue is currently awaiting triage.

If Ingress contributors determines this is a relevant issue, they will accept it by applying the triage/accepted label and provide further guidance.

The triage/accepted label can be added by org members by writing /triage accepted in a comment.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

longwuyuan commented

  • There is no info on what has been customized

  • If you custom built the controller image, then it can not be supported by project as we don't know anything about it

  • The error is clearly indicating root-cause so there is no action item on the project. You have to study and fix the permissions and configuration yourself. Or you have to make sure that the issue description of this issue has all the answers to the questions asked in a new bug report template

/close

k8s-ci-robot commented

@longwuyuan: Closing this issue.

In response to this:

  • There is no info on what has been customized

  • If you custom built the controller image, then it can not be supported by project as we don't know anything about it

  • The error is clearly indicating root-cause so there is no action item on the project. You have to study and fix the permissions and configuration yourself. Or you have to make sure that the issue description of this issue has all the answers to the questions asked in a new bug report template

/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.