Troubleshooting
Problem
The TLS certificate fails to load and the default ingress certificate gets applied automatically for the Data Insight ingress pod.
Symptom
Data Insight ingress pod shows errors at the time of starting and attempting to get the TLS certificate from the Kubernetes secret.
Identify the ingress pod on the Data Insight master node:
[sevone@ibm-di-01 ~]$ kubectl get pods | egrep 'ingress|NAME'
NAME READY STATUS RESTARTS AGE
ingress-ingress-nginx-defaultbackend-57b8c9fdc4-cp2t8 1/1 Running 6 (11d ago) 167d
ingress-ingress-nginx-controller-587f9dfd76-mm726 1/1 Running 0 5d19h
Check the logs specific to the ingress-nginx-controller pod:
[sevone@ibm-di-01 ~]$ kubectl logs ingress-ingress-nginx-controller-587f9dfd76-mm726
-------------------------------------------------------------------------------
NGINX Ingress controller
Release: v1.3.1
Build: 92534fa2ae799b502882c8684db13a25cde68155
Repository: https://github.com/kubernetes/ingress-nginx
nginx version: nginx/1.19.10
-------------------------------------------------------------------------------
W0705 11:28:20.850826 7 client_config.go:617] Neither --kubeconfig nor --master was specified. Using the inClusterConfig. This might not work.
I0705 11:28:20.851306 7 main.go:209] "Creating API client" host="https://192.168.96.1:443"
I0705 11:28:20.862208 7 main.go:253] "Running in Kubernetes cluster" major="1" minor="23" git="v1.23.12+k3s1" state="clean" commit="66309a8ee50853d8da144bdffc39d546389f58cd" platform="linux/amd64"
I0705 11:28:20.867179 7 main.go:86] "Valid default backend" service="default/ingress-ingress-nginx-defaultbackend"
I0705 11:28:21.043728 7 main.go:104] "SSL fake certificate created" file="/etc/ingress-controller/ssl/default-fake-certificate.pem"
2023-07-05T10:38:42.644311521Z I0705 10:38:42.644205 7 nginx.go:255] "Starting NGINX Ingress controller"
2023-07-05T10:38:42.657641786Z I0705 10:38:42.657521 7 event.go:282] Event(v1.ObjectReference{Kind:"ConfigMap", Namespace:"default", Name:"ingress-ingress-nginx-controller", UID:"dd9cbeda-f344-49d6-9f0b-a0a053337937", APIVersion:"v1", ResourceVersion:"29569005", FieldPath:""}): type: 'Normal' reason: 'CREATE' ConfigMap default/ingress-ingress-nginx-controller
2023-07-05T10:38:43.752704230Z I0705 10:38:43.752608 7 store.go:427] "Found valid IngressClass" ingress="default/di" ingressclass="nginx"
2023-07-05T10:38:43.752789645Z I0705 10:38:43.752724 7 event.go:282] Event(v1.ObjectReference{Kind:"Ingress", Namespace:"default", Name:"di", UID:"8cce99f9-1f10-4a24-b286-ab5e6391031d", APIVersion:"networking.k8s.io/v1", ResourceVersion:"75628466", FieldPath:""}): type: 'Normal' reason: 'Sync' Scheduled for sync
2023-07-05T10:38:43.753071654Z W0705 10:38:43.752989 7 backend_ssl.go:45] Error obtaining X.509 certificate: unexpected error creating SSL Cert: no certificate PEM data found, make sure certificate content starts with 'BEGIN CERTIFICATE'
UID:"8c774d47-6efa-4fef-9520-13f27758b52d", APIVersion:"networking.k8s.io/v1", ResourceVersion:"74581333", FieldPath:""}): type: 'Normal' reason: 'Sync' Scheduled for sync
2023-07-05T10:38:43.846277540Z I0705 10:38:43.846168 7 nginx.go:298] "Starting NGINX process"
2023-07-05T10:38:43.846523267Z I0705 10:38:43.846447 7 leaderelection.go:248] attempting to acquire leader lease default/ingress-controller-leader...
2023-07-05T10:38:43.848544079Z W0705 10:38:43.848440 7 controller.go:1317] Error getting SSL certificate "default/datainsightcerts": local SSL certificate default/datainsightcerts was not found. Using default certificate
2023-07-05T10:38:43.848655497Z I0705 10:38:43.848577 7 controller.go:159] "Configuration changes detected, backend reload required"
2023-07-05T10:38:43.852255776Z I0705 10:38:43.852172 7 status.go:84] "New leader elected" identity="ingress-ingress-nginx-controller-65b4c868c-ggbm5"
2023-07-05T10:38:43.941322942Z I0705 10:38:43.940768 7 controller.go:176] "Backend successfully reloaded"
2023-07-05T10:38:43.941353761Z I0705 10:38:43.940867 7 controller.go:187] "Initial sync, sleeping for 1 second"
2023-07-05T10:38:43.941361336Z I0705 10:38:43.941181 7 event.go:282] Event(v1.ObjectReference{Kind:"Pod", Namespace:"default", Name:"ingress-ingress-nginx-controller-65b4c868c-49q8w", UID:"415184ae-03d2-4afb-b086-39e878c42147", APIVersion:"v1", ResourceVersion:"75629344", FieldPath:""}): type: 'Normal' reason: 'RELOAD' NGINX reload triggered due to a change in configuration
The error seen in the log that indicates the problem encountered by Ingress in loading the certificate:
2023-07-05T10:38:43.753071654Z W0705 10:38:43.752989 7 backend_ssl.go:45] Error obtaining X.509 certificate: unexpected error creating SSL Cert: no certificate PEM data found, make sure certificate content starts with 'BEGIN CERTIFICATE'
Document Location
Worldwide
[{"Type":"MASTER","Line of Business":{"code":"LOB77","label":"Automation Platform"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSUWLY","label":"IBM SevOne Network Performance Management"},"ARM Category":[{"code":"a8m3p000000F89LAAS","label":"Data Insight-\u003EAdministration"}],"ARM Case Number":"TS013507507","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]
Log InLog in to view more of this document
This document has the abstract of a technical article that is available to authorized users once you have logged on. Please use Log in button above to access the full document. After log in, if you do not have the right authorization for this document, there will be instructions on what to do next.
Was this topic helpful?
Document Information
Modified date:
11 July 2023
UID
ibm17011019