Logging stack failing with PKey error

This document (000021260) is provided subject to the disclaimer at the end of this document.

Environment

Rancher-logging is installed and configured with Kafka as an output

Situation

A Clusterflow and an Outpuut or ClusterOutput for rancher-logging are configured to send logs to a Kafka server, fluentd is failing with the following error:

[error]: fluent/log.rb:372:error: unexpected error error_class=OpenSSL::PKey::PKeyError error="Could not parse PKey: no start line"

Resolution

If you don't have client authentication enabled, the root CA is sufficient to connect to Kafka brokers. Removing invalid values and missing keys should resolve the issue

    ssl_ca_cert:
      mountFrom:
        secretKeyRef:
          key: tls.crt
          name: root-ca

Cause

Invalid client certificate/key is configured on the Output or ClusterOutput for Kafka, while the client certificate secret name is kept blank

    ssl_ca_cert:
      mountFrom:
        secretKeyRef:
          key: tls.crt
          name: root-ca
    ssl_client_cert:
      mountFrom:
        secretKeyRef:
          key: tls.crt
          name: certs
    ssl_client_cert_chain:
      mountFrom:
        secretKeyRef:
          key: ''
    ssl_client_cert_key:
      mountFrom:
        secretKeyRef:
          key: tls.key
          name: certs

Status

Top Issue

Additional Information

Logging outputs

Kafka plugin configuration

Disclaimer

This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.