Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

PEM data was not found in buffer with valid RSA key in v1.31.0 #496

Open
ratdude07 opened this issue Mar 21, 2025 · 1 comment
Open

PEM data was not found in buffer with valid RSA key in v1.31.0 #496

ratdude07 opened this issue Mar 21, 2025 · 1 comment

Comments

@ratdude07
Copy link

ratdude07 commented Mar 21, 2025
edited
Loading

Description

The OCI Cloud Controller Manager (CCM) v1.31.0 fails to initialize with "PEM data was not found in buffer" despite a valid RSA private key being provided at the specified path. The key is readable by the CCM process (confirmed via pre-start debug), works with the OCI CLI, and matches the fingerprint in the config. Tried with standard /etc/oci in-container mount and custom /oci-config mount. Tried regular PEM key and converted RSA key, always the same error from the cloud controller container. Tried using multiple different versions of CCM.

Environment

  • CCM Version: ghcr.io/oracle/cloud-provider-oci:v1.31.0
  • Kubernetes: v1.31.0
  • OCI Region: us-ashburn-1
  • Date: March 21, 2025

Steps to Reproduce

  1. Generate an RSA key:
    bash
    openssl rsa -in /root/.oci/richard.tylka.clean.pem -out /root/.oci/richard.tylka.rsa.pem -traditional
    kubectl create secret generic oci-credential
    --from-file=cloud-provider.yaml
    --from-file=key.pem=/root/.oci/richard.tylka.rsa.pem
    -n kube-system

cloud-provider.yaml:

auth:
region: us-ashburn-1
tenancy: ocid1.tenancy.oc1..aaaaaaaa6bpzdsduwbti65kqm7gvubwvrspi7626cxona2t6fgguxn3ftvxa
user: ocid1.user.oc1..aaaaaaaaahcwxw3yxfayfxm666prjwi4667zhvnh4ddz5sdzclar3tjpww5q
key: /oci-config/key.pem
fingerprint: 76:75:60:81:15:20:95:b6:3a:cb:29:c6:38:ad:83:76
compartment: ocid1.compartment.oc1..aaaaaaaameevqllpkruwsepv2ps3otacm7vgx257uoi2o7sgeischov64hja
vcn: ocid1.vcn.oc1.iad.amaaaaaausti56qaepofn65jytrp37n5o4jopfbvxnquomr2dt46khs24s4a

oci-ccm.yaml:

oci-ccm.txt
kubectl logs -n kube-system -l k8s-app=oci-cloud-controller-manager -c oci-cloud-controller-manager --tail=-1
total 4
-rw-r--r-- 1 root root 1675 Mar 21 18:45 key.pem
-----BEGIN RSA PRIVATE KEY-----
MIIEogIBAAKCAQEAtu3ghDp8/LUR6Jc2GNHsDvcFRUgjB72g0yNG9HmPxas785Bu
F6DD5p9WjtpyLuwh2/MH87eDPtJzdmVGX2huI9BS130G4f4e0sGqBGIT0XMhlL+a
9zUAANhZavRWOY6+9qNKdB+MhPMsw5W3Pqc1g4MOjlRBlYVUa60lHZk6OEyi2SqI
lUziYbwBBSQUH7xWkk6ObbH+kdSEabaGhBUvmQ6X+2cYdJAZyrF23L1vAHjmS26H
...truncated...
JU6F8NeWiPiqUQ/kAO8FmG/3gYCIA6WDy0WmyOj7OvG2cs9yKw2hzu7lHw9sk+4D
6qvRAoGAG0TXp5Ub+gpzXx1wQj6pvb8IQKyazROtXst4M0bsqYmrJgw/fwUNoNh9
6Ks0N2W5gSLme5C8Irxi1mZPwntd5/jbwpYdbDCUA7svevM3CclHf5xLQwJtdg+i
bruvA3e2A1Gw8fp29l9OCrIwNsIUQPt4yfRryWpX/VjBYJlzZ40=
-----END RSA PRIVATE KEY-----
2025-03-21T18:56:23.336Z INFO oci-cloud-controller-manager/main.go:69 oci-cloud-controller-manager {"version": "411bfeb2", "build": "411bfeb2"}
I0321 18:56:24.870569 1 serving.go:386] Generated self-signed cert in-memory
I0321 18:56:25.538715 1 serving.go:386] Generated self-signed cert in-memory
W0321 18:56:25.538742 1 client_config.go:659] Neither --kubeconfig nor --master was specified. Using the inClusterConfig. This might not work.
I0321 18:56:26.555771 1 requestheader_controller.go:247] Loaded a new request header values for RequestHeaderAuthRequestController
2025-03-21T18:56:26.560Z INFO metadata/instance_metadata.go:76 Metadata endpoint /opc/v2/instance/ returned response successfully
2025-03-21T18:56:26.571Z INFO metadata/instance_metadata.go:76 Metadata endpoint /opc/v2/instance/ returned response successfully
2025-03-21T18:56:26.571Z INFO client/utils.go:95 OCI using read rate limit configuration: QPS=20, bucket=5 {"component": "cloud-controller-manager"}
2025-03-21T18:56:26.571Z INFO client/utils.go:99 OCI using write rate limit configuration: QPS=20, bucket=5 {"component": "cloud-controller-manager"}
F0321 18:56:26.571981 1 main.go:82] Cloud provider could not be initialized: could not init cloud provider "oci": NewComputeClientWithConfigurationProvider: can not create client, bad configuration: PEM data was not found in buffer

Additional Info
Key works with OCI CLI using the same fingerprint.

Tested with PKCS#8 and RSA formats, symlinks and real files, various paths (/etc/oci/key.pem, /oci-config/key.pem).

Debug container confirms key presence.

Full logs available upon request.

Suspected Cause
Bug in NewComputeClientWithConfigurationProvider failing to parse a valid RSA key.
@ratdude07
Copy link
Author

Could someone please take a look at this issue? Thank you.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@ratdude07