Invalid path for SSL session ticket key file #13635
Description
What happened:
We set ssl-session-tickets and ssl-session-ticket-key in configmap so the SSL session resumption starts working through session tickets. We saw this error in log
E0718 20:13:57.087788 5 store.go:731] unexpected error writing ssl-session-ticket-key to /etc/nginx/tickets.key: open /etc/nginx/tickets.key: permission denied
The file that should be created for ticket key does not exists.
What you expected to happen:
Ticket key from config map will be written to the file /etc/ingress-controller/tickets.key
NGINX Ingress controller version 1.11.3
Kubernetes version 1.30.4
How to reproduce this issue: set ssl-session-tickets = true and ssl-session-ticket-key = <some key> in configmap
Anything else we need to know:
I think issue was created here 9ed0d7f#diff-5f4da05f4716a8d567db533819486a784e3f4993c11021da3b569564c78a5935R1218 because here the path to tickets.key is changed to new folder, but that same folder is then here 9ed0d7f#diff-9695be8f0aac1e548a5ecec853de2cd6d7d3d1f70e9fd2d735a59449aeedd259L52 removed so the www-data user cannot write key from configmap to the file.
Maybe author intended to use folder /etc/ingress-controller/ssl ? I think the problem is that container user www-data is trying to write ticket key to file in folder /etc/ingress-controller/ but because of removing that folder from the list, www-data is not owner of that folder anymore and cannot write the file here.