frankreno / sumologic-k8s-api Goto Github PK

Description:
Running the rbac config on my EKS cluster and it fails with the following error:

Steps to reproduce:
$ kubectl create -f sumologic-k8s-api-cronjob-rbac.yaml

$ kubectl logs sumologic-k8s-api-1536183000-r8fcc sumologic-k8s-api
sumologic-k8s-api-error.log

We are using http_proxy & https_proxy. We are resolving hosts using proxy servers. We are not using DNS nameservers to resolve the host.

So my question is how to add proxy in the cron job so that it will go through proxy & resolve the host.

2019-07-04 05:25:13,790 [level=INFO] [line=58]: getting data for nodes
2019-07-04 05:25:13,817 [level=INFO] [line=64]: pushing node data to sumo
Traceback (most recent call last):
File "/usr/local/lib/python3.6/site-packages/urllib3/connection.py", line 171, in _new_conn
(self._dns_host, self.port), self.timeout, **extra_kw)
File "/usr/local/lib/python3.6/site-packages/urllib3/util/connection.py", line 56, in create_connection
for res in socket.getaddrinfo(host, port, family, socket.SOCK_STREAM):
File "/usr/local/lib/python3.6/socket.py", line 745, in getaddrinfo
for res in _socket.getaddrinfo(host, port, family, type, proto, flags):
socket.gaierror: [Errno -2] Name or service not known

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "/usr/local/lib/python3.6/site-packages/urllib3/connectionpool.py", line 600, in urlopen
chunked=chunked)
File "/usr/local/lib/python3.6/site-packages/urllib3/connectionpool.py", line 343, in _make_request
self._validate_conn(conn)
File "/usr/local/lib/python3.6/site-packages/urllib3/connectionpool.py", line 849, in _validate_conn
conn.connect()
File "/usr/local/lib/python3.6/site-packages/urllib3/connection.py", line 314, in connect
conn = self._new_conn()
File "/usr/local/lib/python3.6/site-packages/urllib3/connection.py", line 180, in _new_conn
self, "Failed to establish a new connection: %s" % e)
urllib3.exceptions.NewConnectionError: <urllib3.connection.VerifiedHTTPSConnection object at 0x7f3951ff6fd0>: Failed to establish a new connection: [Errno -2] Name or service not known

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "/usr/local/lib/python3.6/site-packages/requests/adapters.py", line 445, in send
timeout=timeout
File "/usr/local/lib/python3.6/site-packages/urllib3/connectionpool.py", line 638, in urlopen
_stacktrace=sys.exc_info()[2])
File "/usr/local/lib/python3.6/site-packages/urllib3/util/retry.py", line 398, in increment
raise MaxRetryError(_pool, url, error or ResponseError(cause))
urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='endpoint4.collection.us2.sumologic.com', port=443): Max retries exceeded with url: /receiver/v1/http/ZaVnC4dhaV2Huc2fvRAIitEUX79bs-9ZxXo-vfe6F6d6H417OT2iOeYVdXkg-94Ns8CZRFjxR5p__g4vWk-j7siL6dizjkFMgaBuT9vHi-c59y5g9Em5fg== (Caused by NewConnectionError('<urllib3.connection.VerifiedHTTPSConnection object at 0x7f3951ff6fd0>: Failed to establish a new connection: [Errno -2] Name or service not known',))

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "/opt/sumo/extract-data.py", line 86, in
SumoAPILogger.run()
File "/opt/sumo/extract-data.py", line 67, in run
headers=self.headers)
File "/usr/local/lib/python3.6/site-packages/requests/api.py", line 112, in post
return request('post', url, data=data, json=json, **kwargs)
File "/usr/local/lib/python3.6/site-packages/requests/api.py", line 58, in request
return session.request(method=method, url=url, **kwargs)
File "/usr/local/lib/python3.6/site-packages/requests/sessions.py", line 512, in request
resp = self.send(prep, **send_kwargs)
File "/usr/local/lib/python3.6/site-packages/requests/sessions.py", line 622, in send
r = adapter.send(request, **kwargs)
File "/usr/local/lib/python3.6/site-packages/requests/adapters.py", line 513, in send
raise ConnectionError(e, request=request)
requests.exceptions.ConnectionError: HTTPSConnectionPool(host='endpoint4.collection.us2.sumologic.com', port=443): Max retries exceeded with url: /receiver/v1/http/ZaVnC4dhaV2Huc2fvRAIitEUX79bs-9ZxXo-vfe6F6d6H417OT2iOeYVdXkg-94Ns8CZRFjxR5p__g4vWk-j7siL6dizjkFMgaBuT9vHi-c59y5g9Em5fg== (Caused by NewConnectionError('<urllib3.connection.VerifiedHTTPSConnection object at 0x7f3951ff6fd0>: Failed to establish a new connection: [Errno -2] Name or service not known',))

Added checks for http requests to log and exit when an http return code other than "200" is returned.

Had an issue getting the job to work and added the return code checks to help debug the issue.
Turns out the error was due to an embedded line feed char in a secret, but the error checking helped to diagnose the issue.

First of all, thank you for making an excellent product. I really appreciate your efforts on this. In a routine scan of our k8s container, we came up with the following vulnerabilities (which I believe are inherited from using python:3.3)

Lots of vulns come from this layer:

ADD file:1dd78a123212328bdc72ef7888024ea27fe141a72e24e0ea7c3c92b63b73d8d1 in /

46 OS high
python2.7-minimal (python2.7) version 2.7.9-2+deb8u1 has 3 vulnerabilities.

46 OS high
python2.7 version 2.7.9-2+deb8u1 has 3 vulnerabilities.

46 OS high
procps version 2:3.3.9-9 has 5 vulnerabilities.

46 OS high
perl-modules (perl) version 5.20.2-3+deb8u9 has 2 vulnerabilities.

46 OS high
perl-base (perl) version 5.20.2-3+deb8u9 has 2 vulnerabilities.

46 OS high
perl version 5.20.2-3+deb8u9 has 2 vulnerabilities.

46 OS high
openssh-client (openssh) version 1:6.7p1-5+deb8u4 has 11 vulnerabilities.

46 OS high
mysql-common (mysql-5.5) version 5.5.58-0+deb8u1 has 18 vulnerabilities.

46 OS high
mercurial-common (mercurial) version 3.1.2-2+deb8u4 has 6 vulnerabilities.

46 OS high
mercurial version 3.1.2-2+deb8u4 has 6 vulnerabilities.

46 OS high
linux-libc-dev (linux) version 3.16.51-2 has 80 vulnerabilities.

46 OS high
libx11-dev (libx11) version 2:1.6.2-3+deb8u1 has 3 vulnerabilities.