Skip to content

Logging stack failing with PKey error

Article Number: 000021260

Environment

Rancher-logging is installed and configured with Kafka as an output

Situation

A Clusterflow and an Outpuut or ClusterOutput for rancher-logging are configured to send logs to a Kafka server, fluentd is failing with the following error:

[error]: fluent/log.rb:372:error: unexpected error error_class=OpenSSL::PKey::PKeyError error="Could not parse PKey: no start line"

Cause

Invalid client certificate/key is configured on the Output or ClusterOutput for Kafka, while the client certificate secret name is kept blank

    ssl_ca_cert:
      mountFrom:
        secretKeyRef:
          key: tls.crt
          name: root-ca
    ssl_client_cert:
      mountFrom:
        secretKeyRef:
          key: tls.crt
          name: certs
    ssl_client_cert_chain:
      mountFrom:
        secretKeyRef:
          key: ''
    ssl_client_cert_key:
      mountFrom:
        secretKeyRef:
          key: tls.key
          name: certs

Resolution

If you don't have client authentication enabled, the root CA is sufficient to connect to Kafka brokers. Removing invalid values and missing keys should resolve the issue

    ssl_ca_cert:
      mountFrom:
        secretKeyRef:
          key: tls.crt
          name: root-ca