-
If pods get stuck in CrashLoopBackOff or Init:Error, verify that all ConfigMaps and Secrets are correctly applied and their names match those referenced in the deployment file.
-
If you encounter Permission denied errors on
/certsor mounted volumes, ensure that proper permissions are set using an initContainer or appropriate security context for OpenShift’s random UID policy. -
If SSL/TLS handshake fails in NGINX pods, confirm that the SSL certificate and key paths are correctly mounted and that the PKCS#11 configuration points to the correct key label and PIN.
-
If the
p11tool2command is not found inside the container, check that the Utimaco binaries were properly copied from the initContainer to/opt/utimaco/bin. -
If there are HSM connection errors or timeouts, verify that the
Devicesparameter ofcs_pkcs11_R3.cfgpresent in theutimaco-cm.yamlfile points to the correct HSM IP and port and ensures that the HSM is reachable from the OpenShift node. -
If the Secret is missing during deployment, make sure the key-generation Job completed successfully and created the
ssl-certSecret before applying the main deployment. -
If new pods fail to connect to the HSM after scaling, confirm that Utimaco libraries and configuration volumes are mounted correctly and that the pods can list HSM objects using
p11tool2.
