Channels
android_tests
apple-silicon
arm-architecture
auditing-warroom
aws
carving
code-review
community-feeds
core
darkbytes
doorman
ebpf
eclecticiq-polylogyx-extension
extensions
file-carving
fim
fleet
fleet-dev
fleetosquery
foundation
fuzzing
general
golang
goquery
infrastructure
jobs
kolide
linen-dev
linux
macos
officehours
osctrl
plugins
process-auditing
querycon
queryhub
random
selfgroup
sql
tls
uptycs
vendor-feeds
website
windows
zeek
zentral
zercurity
Title
y
Yali Ren
12/10/2020, 9:22 PMMy ex-team member followed the below link recommendation about using Kubernetes to deploy Kolide Fleet web server:
https://github.com/kolide/fleet/blob/master/docs/infrastructure/fleet-on-kubernetes.md
He used these 3 below files, to successfully deployed Kolide Fleet web server on AWS and the Osquery result output on server side is 'file system' (file location: /tmp/osquery_result):
https://github.com/kolide/fleet/blob/master/examples/kubernetes/fleet-migrations.yml,
https://github.com/kolide/fleet/blob/master/examples/kubernetes/fleet-deployment.yml,
https://github.com/kolide/fleet/blob/master/examples/kubernetes/fleet-service.yml.
However, this ex-team member already left my company. Now, I am ready to change the Osquery result output from file system to others (kinesis, firehose, redis, pubsub, etc.) on the server side, and make redeployment about Kolide fleet server. However, when I just run the original 'fleet-deployment.yml' file, with the command 'kubectl apply -f fleet-deployment.yaml -n fleet', then the kolide fleet server will crash with status '500' error. When I retrieve the log history from the Kolide fleet server pod, then the error message is something like below:
"2020/12/09 18:42:43 http: TLS handshake error from 10.0.2.54:62379: EOF
2020/12/09 18:42:43 http: TLS handshake error from 10.0.15.33:64346: EOF
2020/12/09 18:42:43 http: TLS handshake error from 10.0.15.33:17935: EOF
ts=2020-12-09T18:42:44.173127649Z component="gRPC Launcher" method=RequestQueries err="internal error: missing host from request context" took=1.042259ms
2020/12/09 18:42:44 http: TLS handshake error from 10.0.0.164:10314: EOF
2020/12/09 18:42:44 http: TLS handshake error from 10.0.0.164:61047: EOF
2020/12/09 18:42:45 http: TLS handshake error from 10.0.2.54:1248: EOF"
This issue seems to come from GRPC server. I searched google, but could not find an exact solution. Please see the below error image: Therefore, could anyone help me to diagnose those error messages and fix this issue? Thank you.
z
Zach Zeid
12/10/2020, 9:23 PMif you're able to, run the server with
--tls_dump