caFile is ignored when using own secret

[MoFrei]

Today I discovered two minor bugs related to the use of self-created secrets:

1. When you use a self-created Secret to store your token (secret.create = false) the global option for an caFile is not working. This (correctly) leads to an error with untrusted HEC endpoint certificates, since the caFile is not added to the (self-created) Secret The documentation should be changed so that the CAFile must also be included in the secret

2. when adding the CAFile to the Secret, the CA is not used, because the ENV variable "SSL_CERT_FILE" is only used when the CAFile is imported via values.yaml There should be an additional variable to allow the creation of the ENV variable However, as a workaround you can add a dummy entry to your values.yaml

https://github.com/splunk/splunk-connect-for-kubernetes/blob/64a44059afd7b3f824e003518a8c5e0ecc93cb8f/helm-chart/splunk-connect-for-kubernetes/charts/splunk-kubernetes-logging/templates/daemonset.yaml#L86

[hvaghani221]

Hi @MoFrei, your workaround will work.

To fix the bug,

• Instead of hard-coded path, read file path from env https://github.com/splunk/splunk-connect-for-kubernetes/blob/64a44059afd7b3f824e003518a8c5e0ecc93cb8f/helm-chart/splunk-connect-for-kubernetes/charts/splunk-kubernetes-logging/templates/configMap.yaml#L393-L401
• Use environmentVar config to set SSL_CERT_FILE when using self-created secret https://github.com/splunk/splunk-connect-for-kubernetes/blob/64a44059afd7b3f824e003518a8c5e0ecc93cb8f/helm-chart/splunk-connect-for-kubernetes/values.yaml#L423
• Document how to use self-created secret

If possible, can you submit a PR to fix this?

[github-actions[bot]]

This issue is stale because it has been open for 30 days with no activity.

[github-actions[bot]]

This issue was closed because it has been inactive for 14 days since being marked as stale.