Title
#general
y

Yali Ren

12/10/2020, 9:22 PM
My ex-team member followed the below link recommendation about using Kubernetes to deploy Kolide Fleet web server:https://github.com/kolide/fleet/blob/master/docs/infrastructure/fleet-on-kubernetes.md He used these 3 below files, to successfully deployed Kolide Fleet web server on AWS and the Osquery result output on server side is 'file system' (file location: /tmp/osquery_result):https://github.com/kolide/fleet/blob/master/examples/kubernetes/fleet-migrations.yml,https://github.com/kolide/fleet/blob/master/examples/kubernetes/fleet-deployment.yml,https://github.com/kolide/fleet/blob/master/examples/kubernetes/fleet-service.yml. However, this ex-team member already left my company. Now, I am ready to change the Osquery result output from file system to others (kinesis, firehose, redis, pubsub, etc.) on the server side, and make redeployment about Kolide fleet server. However, when I just run the original 'fleet-deployment.yml' file, with the command 'kubectl apply -f fleet-deployment.yaml -n fleet', then the kolide fleet server will crash with status '500' error. When I retrieve the log history from the Kolide fleet server pod, then the error message is something like below: "2020/12/09 18:42:43 http: TLS handshake error from 10.0.2.54:62379: EOF 2020/12/09 18:42:43 http: TLS handshake error from 10.0.15.33:64346: EOF 2020/12/09 18:42:43 http: TLS handshake error from 10.0.15.33:17935: EOF ts=2020-12-09T18:42:44.173127649Z component="gRPC Launcher" method=RequestQueries err="internal error: missing host from request context" took=1.042259ms 2020/12/09 18:42:44 http: TLS handshake error from 10.0.0.164:10314: EOF 2020/12/09 18:42:44 http: TLS handshake error from 10.0.0.164:61047: EOF 2020/12/09 18:42:45 http: TLS handshake error from 10.0.2.54:1248: EOF" This issue seems to come from GRPC server. I searched google, but could not find an exact solution. Please see the below error image:  Therefore, could anyone help me to diagnose those error messages and fix this issue? Thank you.
z

Zach Zeid

12/10/2020, 9:23 PM
if you're able to, run the server with
--tls_dump
to get more info