frankreno / sumologic-k8s-api Goto Github PK
View Code? Open in Web Editor NEWDockerized python script to extract information from the Kubernetes API and forward to SumoLogic.
License: Apache License 2.0
Dockerized python script to extract information from the Kubernetes API and forward to SumoLogic.
License: Apache License 2.0
First of all, thank you for making an excellent product. I really appreciate your efforts on this. In a routine scan of our k8s container, we came up with the following vulnerabilities (which I believe are inherited from using python:3.3)
Lots of vulns come from this layer:
ADD file:1dd78a123212328bdc72ef7888024ea27fe141a72e24e0ea7c3c92b63b73d8d1 in /
46 OS high
python2.7-minimal (python2.7) version 2.7.9-2+deb8u1 has 3 vulnerabilities.
46 OS high
python2.7 version 2.7.9-2+deb8u1 has 3 vulnerabilities.
46 OS high
procps version 2:3.3.9-9 has 5 vulnerabilities.
46 OS high
perl-modules (perl) version 5.20.2-3+deb8u9 has 2 vulnerabilities.
46 OS high
perl-base (perl) version 5.20.2-3+deb8u9 has 2 vulnerabilities.
46 OS high
perl version 5.20.2-3+deb8u9 has 2 vulnerabilities.
46 OS high
openssh-client (openssh) version 1:6.7p1-5+deb8u4 has 11 vulnerabilities.
46 OS high
mysql-common (mysql-5.5) version 5.5.58-0+deb8u1 has 18 vulnerabilities.
46 OS high
mercurial-common (mercurial) version 3.1.2-2+deb8u4 has 6 vulnerabilities.
46 OS high
mercurial version 3.1.2-2+deb8u4 has 6 vulnerabilities.
46 OS high
linux-libc-dev (linux) version 3.16.51-2 has 80 vulnerabilities.
46 OS high
libx11-dev (libx11) version 2:1.6.2-3+deb8u1 has 3 vulnerabilities.
Description:
Running the rbac config on my EKS cluster and it fails with the following error:
Steps to reproduce:
$ kubectl create -f sumologic-k8s-api-cronjob-rbac.yaml
$ kubectl logs sumologic-k8s-api-1536183000-r8fcc sumologic-k8s-api
sumologic-k8s-api-error.log
We are using http_proxy & https_proxy. We are resolving hosts using proxy servers. We are not using DNS nameservers to resolve the host.
So my question is how to add proxy in the cron job so that it will go through proxy & resolve the host.
2019-07-04 05:25:13,790 [level=INFO] [line=58]: getting data for nodes
2019-07-04 05:25:13,817 [level=INFO] [line=64]: pushing node data to sumo
Traceback (most recent call last):
File "/usr/local/lib/python3.6/site-packages/urllib3/connection.py", line 171, in _new_conn
(self._dns_host, self.port), self.timeout, **extra_kw)
File "/usr/local/lib/python3.6/site-packages/urllib3/util/connection.py", line 56, in create_connection
for res in socket.getaddrinfo(host, port, family, socket.SOCK_STREAM):
File "/usr/local/lib/python3.6/socket.py", line 745, in getaddrinfo
for res in _socket.getaddrinfo(host, port, family, type, proto, flags):
socket.gaierror: [Errno -2] Name or service not known
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/local/lib/python3.6/site-packages/urllib3/connectionpool.py", line 600, in urlopen
chunked=chunked)
File "/usr/local/lib/python3.6/site-packages/urllib3/connectionpool.py", line 343, in _make_request
self._validate_conn(conn)
File "/usr/local/lib/python3.6/site-packages/urllib3/connectionpool.py", line 849, in _validate_conn
conn.connect()
File "/usr/local/lib/python3.6/site-packages/urllib3/connection.py", line 314, in connect
conn = self._new_conn()
File "/usr/local/lib/python3.6/site-packages/urllib3/connection.py", line 180, in _new_conn
self, "Failed to establish a new connection: %s" % e)
urllib3.exceptions.NewConnectionError: <urllib3.connection.VerifiedHTTPSConnection object at 0x7f3951ff6fd0>: Failed to establish a new connection: [Errno -2] Name or service not known
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/local/lib/python3.6/site-packages/requests/adapters.py", line 445, in send
timeout=timeout
File "/usr/local/lib/python3.6/site-packages/urllib3/connectionpool.py", line 638, in urlopen
_stacktrace=sys.exc_info()[2])
File "/usr/local/lib/python3.6/site-packages/urllib3/util/retry.py", line 398, in increment
raise MaxRetryError(_pool, url, error or ResponseError(cause))
urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='endpoint4.collection.us2.sumologic.com', port=443): Max retries exceeded with url: /receiver/v1/http/ZaVnC4dhaV2Huc2fvRAIitEUX79bs-9ZxXo-vfe6F6d6H417OT2iOeYVdXkg-94Ns8CZRFjxR5p__g4vWk-j7siL6dizjkFMgaBuT9vHi-c59y5g9Em5fg== (Caused by NewConnectionError('<urllib3.connection.VerifiedHTTPSConnection object at 0x7f3951ff6fd0>: Failed to establish a new connection: [Errno -2] Name or service not known',))
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/opt/sumo/extract-data.py", line 86, in
SumoAPILogger.run()
File "/opt/sumo/extract-data.py", line 67, in run
headers=self.headers)
File "/usr/local/lib/python3.6/site-packages/requests/api.py", line 112, in post
return request('post', url, data=data, json=json, **kwargs)
File "/usr/local/lib/python3.6/site-packages/requests/api.py", line 58, in request
return session.request(method=method, url=url, **kwargs)
File "/usr/local/lib/python3.6/site-packages/requests/sessions.py", line 512, in request
resp = self.send(prep, **send_kwargs)
File "/usr/local/lib/python3.6/site-packages/requests/sessions.py", line 622, in send
r = adapter.send(request, **kwargs)
File "/usr/local/lib/python3.6/site-packages/requests/adapters.py", line 513, in send
raise ConnectionError(e, request=request)
requests.exceptions.ConnectionError: HTTPSConnectionPool(host='endpoint4.collection.us2.sumologic.com', port=443): Max retries exceeded with url: /receiver/v1/http/ZaVnC4dhaV2Huc2fvRAIitEUX79bs-9ZxXo-vfe6F6d6H417OT2iOeYVdXkg-94Ns8CZRFjxR5p__g4vWk-j7siL6dizjkFMgaBuT9vHi-c59y5g9Em5fg== (Caused by NewConnectionError('<urllib3.connection.VerifiedHTTPSConnection object at 0x7f3951ff6fd0>: Failed to establish a new connection: [Errno -2] Name or service not known',))
Added checks for http requests to log and exit when an http return code other than "200" is returned.
Had an issue getting the job to work and added the return code checks to help debug the issue.
Turns out the error was due to an embedded line feed char in a secret, but the error checking helped to diagnose the issue.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.