If I add an exception to the rule 'The docker client is executed in a container' like:
exceptions:
- name: kube_mon
fields: [container.image.repository, k8s.ns.name, k8s.pod.name]
comps: [=, =, startswith]
values:
- [repo/myimg, myns, my-pod-]
I start receiving Warnings where the mentioned fields are null (instead of not receiving them at all) :
screen:
[1]: https://i.stack.imgur.com/1RTiJ.png
Same exceptions added to the rule 'Contact K8S API Server From Container' works ok and my pods are filtered out from logging.
How can I solve it?
Thanks.
Falco 0.31.1
Chart falco-1.17.4
Related
I m trying to remove some fields, I use filebeat 7.14 on Kubernetes
I tried as described in the doc
processors:
- drop_fields:
when:
contains
fields: ["host.os.name", "host.os.codename", "host.os.family"]
ignore_missing: false
container failed "ERROR instance/beat.go:989
Exiting: Failed to start crawler:
starting input failed: Error while initializing input:
missing or invalid condition
failed to initialize condition"
ignore_missing still messing
- drop_fields:
fields: ["host.os.name", "host.os.codename", "host.os.family"]
fields are still present
you don't seem to have a condition set under the when. take a look at https://www.elastic.co/guide/en/beats/filebeat/7.14/defining-processors.html#conditions and make sure you've got something for it to match
We are using mta to structure our application and deploying it using the SAP Cloud SDK Pipeline and Transport Management landscape.
In the mta.yaml, we are referencing the org (organization) parameter value using the placeholder notation ${org}.
The issue is that the org name contains spaces between the characters (viz. Sample Org Name) and that is causing error during the application deployment to Cloud Foundry.
We do not want to rename the org name.
Is there any other placeholder notation that removes the spaces between the characters?
We have observed that ${default-host} removes the spaces from the organization name but its scope is limited to only modules and not resources.
We need the substitution variable in the resources scope.
Appreciate if someone can help us here to resolve the issue.
Please find snippet of the mta.yaml and the error message.
resources:
- name: uaa_test_app
parameters:
path: ./xs-security.json
service-plan: application
service: xsuaa
config:
xsappname: 'test-app-${org}-${space}'
type: org.cloudfoundry.managed-service
Error Message:
Service operation failed: Controller operation failed: 502 Updating service "uaa_test_app" failed: Bad Gateway: Service broker error: Service broker xsuaa failed with: org.springframework.cloud.servicebroker.exception.ServiceBrokerException: Error updating application null (Error parsing xs-security.json data: Inconsistent xs-security.json: Invalid xsappname "Test-App-Sample Org Name-test": May only include characters 'a'-'z', 'A'-'Z', '0'-'9', '_', '-', '', and '/'.)
When I try to deploy package on SAM, the very first status comes in cloud formation console is ROLLBACK_IN_PROGRESS after that it gets changed to ROLLBACK_COMPLETE
I have tried deleting the stack and trying again, but every time same issue occurs.
Error in terminal looks like this-
Sourcing local options from ./SAMToolkit.devenv
SAM_PARAM_PKG environment variable not set
SAMToolkit will operate in legacy mode.
Please set SAM_PARAM_PKG in your .devenv file to run modern packaging.
Run 'sam help package' for more information
Runtime: java
Attempting to assume role from AWS Identity Broker using account 634668058279
Assumed role from AWS Identity Broker successfully.
Deploying stack sam-dev* from template: /home/***/1.0/runtime/sam/template.yml
sam-additional-artifacts-url.txt was not found, which is fine if there is no additional artifacts uploaded
Replacing BATS::SAM placeholders in template...
Uploading template build/private/tmp/sam-toolkit.yml to s3://***/sam-toolkit.yml
make_bucket failed: s3://sam-dev* An error occurred (BucketAlreadyOwnedByYou) when calling the CreateBucket operation: Your previous request to create the named bucket succeeded and you already own it.
upload: build/private/tmp/sam-toolkit.yml to s3://sam-dev*/sam-toolkit.yml
An error occurred (ValidationError) when calling the DescribeStacks operation: Stack with id sam-dev* does not exist
sam-dev* will be created.
Creating ChangeSet ChangeSet-2020-01-20T12-25-56Z
Deploying stack sam-dev*. Follow in console: https://aws-identity-broker.amazon.com/federation/634668058279/CloudFormation
ChangeSet ChangeSet-2020-01-20T12-25-56Z in sam-dev* succeeded
"StackStatus": "REVIEW_IN_PROGRESS",
sam-dev* reached REVIEW_IN_PROGRESS
Deploying stack sam-dev*. Follow in console: https://console.aws.amazon.com/cloudformation/home?region=us-west-2
Waiting for stack-create-complete
Waiter StackCreateComplete failed: Waiter encountered a terminal failure state
Command failed.
Please see the logs above.
I set SQS as event source for Lambda, but didn't provided the permissions like this
- Effect: Allow
Action:
- sqs:ReceiveMessage
- sqs:DeleteMessage
- sqs:GetQueueAttributes
Resource: "*"
in lambda policies.
I found this error in "Events" tab of "CloudFormation" service.
I have created a JHipster microservices application and want to do some frontend development on it. Launching the whole microservices stack in the ./docker-compose/ directory with docker-compose up -d works as expected. Registry shows all microservices, the gateway and an UAA instance with status 'up'. No exceptions thrown. Login to http://localhost:8080 works as expected.
Launching yarn start in the gateway project directory launches the development server via webpack and browsersync. Hot reload works as expected when pointing the browser at http://localhost:9000.
Now to my problem/question: logging into http://localhost:9000 as user/user doesn't work, as the account cannot be retrieved. The thrown exception is irrelevant because it just states that the account is null:
webpack-internal:///…fesm5/core.js:16064 ERROR Error: Uncaught (in promise):
TypeError: Cannot read property 'langKey' of null
TypeError: Cannot read property 'langKey' of null
at LoginService.setPreferredLanguage (webpack-internal:///…
login.service.ts:34)
....
But when I point the browser back to http://localhost:8080, I'm logged in as 'user'. Which means that the login on the backend worked.
Being new to docker and microservices, I'm suspecting that I'm conceptually missing something (networks/ports/etc..). Any ideas that could point to finding a solution? Or what is the suggested setup/practices for developing the frontend in a JHipster/microservices configuration.
There has been an error in the webpack.dev.js configuration file and because UAA was added later to the project, the UAA module was missing in the contexts to be proxies:
devServer: {
contentBase: './build/www',
proxy: [{
context: [
'/microservice1',
'/microservice2',
'/microserviceuaa', /* !!! was missing !!! */
/* jhipster-needle-add-entity-to-webpack - JHipster will add entity api paths here */
'/api',
'/management',
'/swagger-resources',
'/v2/api-docs',
'/h2-console',
'/auth'
],
target: `http${options.tls ? 's' : ''}://127.0.0.1:8080`,
secure: false,
changeOrigin: options.tls,
headers: { host: 'localhost:9000' }
}],
when I create a service in kubernetes, I see that controller-manager will create a security group and a new rule of minion's security group. with some warning:
W1028 05:34:44.104402 1 aws.go:1755] Failed to create tags (too many attempts): InvalidParameterValue: Value ( '' ) for parameter Tag key is invalid. Tag key cannot be null or empty.
status code: 400, request id: []
E1028 05:34:44.104450 1 aws.go:1830] error creating load balancer security group: error tagging security group: InvalidParameterValue: Value ( '' ) for parameter Tag key is invalid. Tag key cannot be null or empty.
status code: 400, request id: []
E1028 05:34:44.104500 1 servicecontroller.go:173] Failed to process service delta. Retrying: failed to create external load balancer for service default/nginx-service: error tagging security group: InvalidParameterValue: Value ( '' ) for parameter Tag key is invalid. Tag key cannot be null or empty.
status code: 400, request id: []
is there anything I missed when I setup my kubernetes cluster?
added on 12/22/2015
still find this problem, when creating ELB
W1222 04:38:51.220684 1 aws.go:1571] Failed to create tags (too many attempts): InvalidParameterValue: Value ( '' ) for parameter Tag key is invalid. Tag key cannot be null or empty.
status code: 400, request id:
E1222 04:38:51.220726 1 aws.go:1647] error creating load balancer security group: error tagging security group: InvalidParameterValue: Value ( '' ) for parameter Tag key is invalid. Tag key cannot be null or empty.
status code: 400, request id:
E1222 04:38:51.220780 1 servicecontroller.go:187] Failed to process service delta. Retrying: Failed to create load balancer for service default/nginx: error tagging security group: InvalidParameterValue: Value ( '' ) for parameter Tag key is invalid. Tag key cannot be null or empty.
status code: 400, request id:
kubectl version
Client Version: version.Info{Major:"1", Minor:"1", GitVersion:"v1.1.2", GitCommit:"3085895b8a70a3d985e9320a098e74f545546171", GitTreeState:"clean"}
Server Version: version.Info{Major:"1", Minor:"1", GitVersion:"v1.1.3", GitCommit:"6a81b50c7e97bbe0ade075de55ab4fa34f049dc2", GitTreeState:"clean"}
I'm the author of the code here. Something definitely isn't right, and I can't see how you hit the case based on reading the code. What version of kubernetes are you running (a release, or running from source)? And how did you install - did you use kube-up?
Also, when you first start the controller-manager, it should log one of these two messages: either "AWS cloud filtering on tags: ..." or ""AWS cloud - no tag filtering". Which of the two does it log, and if the first what tags is it filtering on?