Kube-apiserver No Matching Key Was Found for the Provided AES Transformer

Solution Verified - Updated -

Issue

The kube apiserver is logging lots of errors about the following:

2022-02-17T23:30:58.227976139Z E0217 23:30:58.227914     197 cacher.go:419] cacher (*core.ConfigMap): unexpected ListAndWatch error: failed to list *core.ConfigMap: unable to transform key "/kubernetes.io/configmaps/testers/kube-root-ca.crt": no matching key was found for the provided AES transformer; reinitializing...

This may result in a situation where the kube apiserver never becomes ready to serve requests and logs a lot of:

2022-02-11T05:05:42.062045174+00:00 stderr F W0211 05:05:42.061938     208 patch_genericapiserver.go:123] Request to "/api/v1/namespaces/openshift-sdn/secrets" (source IP 10.124.117.137:35229, user agent "kubelet/v1.20.11+c343126 (linux/amd64) kubernetes/f12ed97") before server is ready, possibly a sign for a broken load balancer setup.

Environment

  • OpenShift Container Platform 4.x
  • etcd encryption enabled

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content