Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

kubernetes 1.9.4 breaking universal forwarder with ConfigMap #70

Open
erks opened this issue Apr 16, 2018 · 13 comments
Open

kubernetes 1.9.4 breaking universal forwarder with ConfigMap #70

erks opened this issue Apr 16, 2018 · 13 comments

Comments

@erks
Copy link

erks commented Apr 16, 2018

Using ConfigMap to manage splunk universal forwarder's config has been working well until the release of 1.9.4, which included this security fix.

ConfigMap now gets mounted as read-only always, which breaks this container due to the chown commands in entrypoint.sh.

See: https://answers.splunk.com/answers/626964/kubernetes-194-breaking-changes-universal-forwarde.html
@halr9000
Copy link
Contributor

@mchene ^

@halr9000
Copy link
Contributor

@erks I've alerted PM and got ack back that they will triage.

@erks
Copy link
Author

erks commented Apr 17, 2018

@halr9000 if you're okay with doing chown ... || true, which seems to work for me, I can create a quick PR for that.

@rayh0001
Copy link

Any updates? Any temporary fix or work-around?

@ffscl
Copy link

ffscl commented Apr 28, 2018
edited
Loading

@rayh0001
Mount your config maps inside /var/opt/splunk/etc instead of directly inside ${SPLUNK_HOME}. This fix works because the entrypoint copies the files over before trying to change the ownership https://github.com/splunk/docker-splunk/blob/master/universalforwarder/entrypoint.sh#L24

@guilhemmarchand
Copy link

Thanks @ffscl
I just tested it in a Kubernetes v1.10.2 cluster and this fixes the issue, I used:

        volumeMounts:
        - name: ufconfig
          mountPath: /var/opt/splunk/etc/apps/search/local

And still reference any file with $SPLUNK_HOME

@rayh0001
Copy link

rayh0001 commented May 2, 2018

Thanks @ffscl @guilhemmarchand that seems to work

@erks
Copy link
Author

erks commented May 2, 2018

This definitely should be documented. @halr9000

@vasartori
Copy link

@guilhemmarchand Works like a charm!!

@mychalsexton
Copy link

@ffscl That worked like a charm! Thank goodness I found this otherwise I might have gone crazy.

@sharmmoh1983
Copy link

Sorry I am not getting what solved the issue here... I updated daemonset yaml with:

volumeMounts:
        - name: ufconfig
          mountPath: /var/opt/splunk/etc/apps/search/local

But nothing seems to work. Please let me know what exactly need to be done to resolve the issue

@sharmmoh1983 sharmmoh1983 mentioned this issue Jul 26, 2018
Open
@sforsman
Copy link

@sharmmoh1983 If you are using Splunk Cloud, you need to mount the ConfigMap to /var/opt/splunk/etc/apps/splunkclouduf/default

@pgilad
Copy link

pgilad commented Jun 22, 2019

Can't get this to work with a daemonset and configmaps. Does anyone has any working example with splunkforwarder:7.3.0 ?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
10 participants
@halr9000 @erks @pgilad @rayh0001 @ffscl @guilhemmarchand @sforsman @sharmmoh1983 @vasartori @mychalsexton