Unable to run ingress-controller with UID provided at runtime from runAsUser of securityContext

kubernetes / ingress-nginx

Ingress NGINX Controller for Kubernetes

https://kubernetes.github.io/ingress-nginx/

Apache License 2.0

17.57k stars 8.27k forks source link

Unable to run ingress-controller with UID provided at runtime from runAsUser of securityContext #12376

Closed sravanith closed 1 week ago

sravanith commented 1 week ago

What happened:

We are using customized ingress-nginx v1.10.1. We want ingress-controller to run with any user passed at run time from runAsUser of securityContext. Instead of 101 when i tried passing 401 to runAsUser pod failedto come up with permission issue as below " unexpected error storing fake SSL Cert: could not create PEM certificate file /etc/ingress-controller/ssl/default-fake-certificate.pem: open /etc/ingress-controller/ssl/default-fake-certificate.pem: permission denied"

What you expected to happen: ingress-controller should be able to run with any UID passed from runasUser.

NGINX Ingress controller version NGINX Ingress controller Release: 1.10.1 Build: git-be46124cc Repository: https://github.com/kubernetes/ingress-nginx.git nginx version: nginx/1.21.6

Kubernetes version Client Version: v1.31.2 Kustomize Version: v5.4.2 Server Version: v1.29.1

k8s-ci-robot commented 1 week ago

This issue is currently awaiting triage.

If Ingress contributors determines this is a relevant issue, they will accept it by applying the triage/accepted label and provide further guidance.

The triage/accepted label can be added by org members by writing /triage accepted in a comment.

Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes-sigs/prow](https://github.com/kubernetes-sigs/prow/issues/new?title=Prow%20issue:) repository.

longwuyuan commented 1 week ago

There is no info on what has been customized
If you custom built the controller image, then it can not be supported by project as we don't know anything about it
The error is clearly indicating root-cause so there is no action item on the project. You have to study and fix the permissions and configuration yourself. Or you have to make sure that the issue description of this issue has all the answers to the questions asked in a new bug report template

/close

k8s-ci-robot commented 1 week ago

@longwuyuan: Closing this issue.

In response to [this](https://github.com/kubernetes/ingress-nginx/issues/12376#issuecomment-2482895551): >- There is no info on what has been customized > >- If you custom built the controller image, then it can not be supported by project as we don't know anything about it > >- The error is clearly indicating root-cause so there is no action item on the project. You have to study and fix the permissions and configuration yourself. Or you have to make sure that the issue description of this issue has all the answers to the questions asked in a new bug report template > >/close Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes-sigs/prow](https://github.com/kubernetes-sigs/prow/issues/new?title=Prow%20issue:) repository.