My ex-team member followed the below link recommen...
# generaly
Yali Ren
12/10/2020, 9:22 PMMy ex-team member followed the below link recommendation about using Kubernetes to deploy Kolide Fleet web server:
https://github.com/kolide/fleet/blob/master/docs/infrastructure/fleet-on-kubernetes.md
He used these 3 below files, to successfully deployed Kolide Fleet web server on AWS and the Osquery result output on server side is 'file system' (file location: /tmp/osquery_result):
https://github.com/kolide/fleet/blob/master/examples/kubernetes/fleet-migrations.yml,
https://github.com/kolide/fleet/blob/master/examples/kubernetes/fleet-deployment.yml,
https://github.com/kolide/fleet/blob/master/examples/kubernetes/fleet-service.yml.
However, this ex-team member already left my company. Now, I am ready to change the Osquery result output from file system to others (kinesis, firehose, redis, pubsub, etc.) on the server side, and make redeployment about Kolide fleet server. However, when I just run the original 'fleet-deployment.yml' file, with the command 'kubectl apply -f fleet-deployment.yaml -n fleet', then the kolide fleet server will crash with status '500' error. When I retrieve the log history from the Kolide fleet server pod, then the error message is something like below:
"2020/12/09 184243 http: TLS handshake error from 10.0.2.5462379 EOF
2020/12/09 184243 http: TLS handshake error from 10.0.15.3364346 EOF
2020/12/09 184243 http: TLS handshake error from 10.0.15.3317935 EOF
ts=2020-12-09T184244.173127649Z component="gRPC Launcher" method=RequestQueries err="internal error: missing host from request context" took=1.042259ms
2020/12/09 184244 http: TLS handshake error from 10.0.0.16410314 EOF
2020/12/09 184244 http: TLS handshake error from 10.0.0.16461047 EOF
2020/12/09 184245 http: TLS handshake error from 10.0.2.541248 EOF"
This issue seems to come from GRPC server. I searched google, but could not find an exact solution. Please see the below error image: Therefore, could anyone help me to diagnose those error messages and fix this issue? Thank you.
z
Zach Zeid
12/10/2020, 9:23 PMif you're able to, run the server with
--tls_dump2 Views