PKCS11Exception When Deploying AMQ Streams to OpenShift
Issue
When trying to deploy Red Hat AMQ Streams or Strimzi to my OpenShift cluster, I see errors like this one in the log:
2022-04-14T22:22:21.482293012Z Exception in thread "main" 2022-04-14T22:22:21.482330593Z io.fabric8.kubernetes.client.KubernetesClientException: An error has occurred.
2022-04-14T22:22:21.482383809Z at io.fabric8.kubernetes.client.KubernetesClientException.launderThrowable(KubernetesClientException.java:103)
2022-04-14T22:22:21.482393438Z at io.fabric8.kubernetes.client.KubernetesClientException.launderThrowable(KubernetesClientException.java:97)2022-04-14T22:22:21.482400209Z
2022-04-14T22:22:21.482408370Z at io.fabric8.kubernetes.client.utils.HttpClientUtils.applyCommonConfiguration(HttpClientUtils.java:214)2022-04-14T22:22:21.482415010Z
2022-04-14T22:22:21.482421547Z at io.fabric8.kubernetes.client.okhttp.OkHttpClientFactory.createHttpClient(OkHttpClientFactory.java:89)2022-04-14T22:22:21.482428174Z
2022-04-14T22:22:21.482436244Z at io.fabric8.kubernetes.client.utils.HttpClientUtils.createHttpClient(HttpClientUtils.java:164)2022-04-14T22:22:21.482442771Z
2022-04-14T22:22:21.482449262Z at io.fabric8.kubernetes.client.BaseClient.<init>(BaseClient.java:48)2022-04-14T22:22:21.482466077Z
2022-04-14T22:22:21.482466077Z at io.fabric8.kubernetes.client.BaseClient.<init>(BaseClient.java:40)
2022-04-14T22:22:21.482475580Z at io.fabric8.kubernetes.client.BaseKubernetesClient.<init>(BaseKubernetesClient.java:151)2022-04-14T22:22:21.482482145Z
2022-04-14T22:22:21.482519293Z at io.fabric8.kubernetes.client.DefaultKubernetesClient.<init>(DefaultKubernetesClient.java:34)
2022-04-14T22:22:21.482526991Z at io.strimzi.operator.cluster.Main.main(Main.java:75)2022-04-14T22:22:21.482533712Z
2022-04-14T22:22:21.482782548Z Caused by: java.security.KeyStoreException: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_SESSION_READ_ONLY
2022-04-14T22:22:21.482802195Z at jdk.crypto.cryptoki/sun.security.pkcs11.P11KeyStore.engineSetEntry(P11KeyStore.java:1049)
2022-04-14T22:22:21.482817972Z at jdk.crypto.cryptoki/sun.security.pkcs11.P11KeyStore.engineSetCertificateEntry(P11KeyStore.java:515)
2022-04-14T22:22:21.482833573Z at java.base/java.security.KeyStore.setCertificateEntry(KeyStore.java:1235)
2022-04-14T22:22:21.482849010Z at io.fabric8.kubernetes.client.internal.CertUtils.createTrustStore(CertUtils.java:100)
2022-04-14T22:22:21.482857973Z at io.fabric8.kubernetes.client.internal.CertUtils.createTrustStore(CertUtils.java:74)2022-04-14T22:22:21.482864735Z
2022-04-14T22:22:21.482872855Z at io.fabric8.kubernetes.client.internal.SSLUtils.trustManagers(SSLUtils.java:140)2022-04-14T22:22:21.482892209Z
2022-04-14T22:22:21.482899384Z at io.fabric8.kubernetes.client.internal.SSLUtils.trustManagers(SSLUtils.java:90)2022-04-14T22:22:21.482906002Z
2022-04-14T22:22:21.482912506Z at io.fabric8.kubernetes.client.utils.HttpClientUtils.applyCommonConfiguration(HttpClientUtils.java:203)2022-04-14T22:22:21.482919184Z
2022-04-14T22:22:21.482927242Z ... 7 more2022-04-14T22:22:21.482933880Z
2022-04-14T22:22:21.483010584Z Caused by: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_SESSION_READ_ONLY2022-04-14T22:22:21.483019725Z
2022-04-14T22:22:21.483035268Z at jdk.crypto.cryptoki/sun.security.pkcs11.wrapper.PKCS11.C_CreateObject(Native Method)
2022-04-14T22:22:21.483050644Z at jdk.crypto.cryptoki/sun.security.pkcs11.wrapper.PKCS11$FIPSPKCS11.C_CreateObject(PKCS11.java:1950)
2022-04-14T22:22:21.483070093Z at jdk.crypto.cryptoki/sun.security.pkcs11.P11KeyStore.storeCert(P11KeyStore.java:1567)
2022-04-14T22:22:21.483077228Z at jdk.crypto.cryptoki/sun.security.pkcs11.P11KeyStore.engineSetEntry(P11KeyStore.java:1045)2022-04-14T22:22:21.483083887Z
2022-04-14T22:22:21.483090445Z ... 14 more
I don't understand why this is happening.
Environment
Red Hat OpenShift Container Platform
Red Hat AMQ Streams
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.
