You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
logcollector: user CA for Splunk HEC, watch the CA ConfigMaps
The Splunk output verifies https HEC endpoints against the trusted
bundle, but nothing put a private CA there — a self-hosted Splunk with a
self-signed certificate could not be used since the splunk-public-
certificate secret was removed (#2545). Accept one the same way syslog
does: a splunk-ca ConfigMap in tigera-operator (key tls.crt), folded
into fluent-bit's bundle.
Also watch the syslog-ca and splunk-ca ConfigMaps: previously a created
or rotated CA sat unnoticed until an unrelated event triggered a
reconcile.
Validated on a live cluster: the Splunk e2e forwards flow logs to an
https HEC endpoint serving Splunk's self-signed certificate.
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
log.Info(fmt.Sprintf("ConfigMap %q is not found, assuming syslog's certificate is signed by publicly trusted CA", rlogcollector.SyslogCAConfigMapName))
910
+
log.Info(fmt.Sprintf("ConfigMap %q is not found, assuming the endpoint's certificate is signed by publicly trusted CA", name))
884
911
returnnil, nil
885
912
}
886
-
returnnil, fmt.Errorf("failed to read ConfigMap %q: %s", rlogcollector.SyslogCAConfigMapName, err)
913
+
returnnil, fmt.Errorf("failed to read ConfigMap %q: %s", name, err)
887
914
}
888
915
iflen(cm.Data[corev1.TLSCertKey]) ==0 {
889
-
log.Info(fmt.Sprintf("ConfigMap %q does not have a field named %q, assuming syslog's certificate is signed by publicly trusted CA", rlogcollector.SyslogCAConfigMapName, corev1.TLSCertKey))
916
+
log.Info(fmt.Sprintf("ConfigMap %q does not have a field named %q, assuming the endpoint's certificate is signed by publicly trusted CA", name, corev1.TLSCertKey))
0 commit comments