Why does the Ingress status show an ESSSMG error?
Virtual Private Cloud Classic infrastructure Satellite
When you check the status of your cluster's Ingress components by running the ibmcloud ks ingress status-report get command, you see an error similar to the following example.
Could not the secret group (ESSSMG).
IBM Cloud Kubernetes Service is unable to access the secret group that was registered with the cluster to upload the default Ingress certificates.
Review your service-to-service authorization policies and verify that communication between IBM Cloud Kubernetes Service and Secrets Manager is enabled.
-
Follow the steps to ensure there is a service-to-service authorization policy configured to enable communication between IBM Cloud Kubernetes Service and Secrets Manager.
-
If the policy exists, verify that the secret group registered with the cluster exists in the instance.
- To view the instance registration details for your cluster run the
ibmcloud ks ingress instance lscommand. - To view and modify the secret groups available in your instance, see Organizing your secrets.
- To update the secret group for your cluster, run the
ibmcloud ks ingress instance default setcommand and specify the--secret-groupoption.
- To view the instance registration details for your cluster run the
-
If the issue persists, contact support. Open a support case. In the case details, be sure to include any relevant log files, error messages, or command outputs.