Closed Hevienz closed 2 years ago
Same problem here.
[none] [none] [none] > context kubernetes-admin@kubernetes Private key data was invalid: ()
This is a vanilla kubeconfig generated by kubeadm.
Specifically, RSAKeyPair::from_der
fails in the step 5.i
. Can't debug further right now as lldb triggers a hilarious kernel memory leak and osx dies 🤦♂️
Digging deeper, this starts to look like a ring problem to me (maybe related to https://github.com/briansmith/ring/issues/635 ?).
try!(q.verify_less_than(&p))
fails for me (LIMBS_less_than(q, p)
returns 0). My pk has q<p
though (verified with pycrypto).
Got sidetracked. It is a ring "feature".
// XXX: |p < q| is actually OK, it seems, but our implementation
// of CRT-based moduluar exponentiation used requires that
// |q > p|. (|p == q| is just wrong.)
kubeadm generated keys have p < q
(I looked into a wrong key in the previous comment)
Ahh yes! We ran into this at some point a long time ago and then moved away from those kinds of keys.
There is a general problem here that the Rust ecosystem has much stricter requirements around keys/certs than most other languages. WebPKI also rejects a number of certs that other languages (i.e. go/python) accept happily.
Trying to fix everything in Click is probably infeasible, but I will be pushing on upstream authors and looking at ways to improve this situation.
For this case, there is a PR out against ring, and once it merges we can update Click's dependencies and you should be good to go. I'll leave this open to remind me to update ring asap.
@farcaller The above support just got merged into ring (I referenced the issue). Once they release it and we update the dependency here do you expect this to be fixed?
I suppose that it will work, but I suggest to wait and see.
Still getting the same error.
Any updates on this?
This is not only with minikube, same error with kubeadm-bootstraped clusters.
Click print "Private key data was invalid", but this private key can be used by kubectl and helm.