Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Splunk Operator: Containers Need Readonly Root Filesystem #1323

Open
thormanrd opened this issue Apr 15, 2024 · 4 comments
Open

Splunk Operator: Containers Need Readonly Root Filesystem #1323

thormanrd opened this issue Apr 15, 2024 · 4 comments
Assignees
@vivekr-splunk
Labels
enhancement New feature or request

Comments

@thormanrd
Copy link

Please select the type of request

Enhancement

Tell us more

Describe the request

  • All the containers the Splunk Operator for Kubernetes uses or deploy needs to honor a readonly root file system. There is nothing in the / or /root filesystem that should be writeable in any container the Splunk Operator uses or deploys. This is a compliance issue in most large organizations.

Expected behavior

  • All root filesystems (e.g. / and /root) should be readonly.

Splunk setup on K8S

  • This is critical to large, clustered environments with many indexers, search heads, and forwarders.

Reproduction/Testing steps

  • Install Splunk using the operator and verify all nodes created have readonly root filesystems.

K8s environment

  • This comes from a large Splunk platform using Azure Kubernetes Service

Proposed changes(optional)

  • Proposed change, if any.

K8s collector data(optional)

Additional context(optional)

  • Add any other context about the problem here.
@vivekr-splunk
Copy link
Collaborator

@thormanrd, we're collaborating with our internal team and product department to assess the feasibility of prioritizing this feature change. The change is necessary in Splunk Ansible, and redesigning it entails eliminating the use of sudo. We'll provide you with an update on the timelines shortly.

@yaroslav-nakonechnikov
Copy link

@thormanrd why this is here and not in https://github.com/splunk/docker-splunk ?

@vivekr-splunk vivekr-splunk added the enhancement New feature or request label Apr 23, 2024
@thormanrd
Copy link
Author

@yaroslav-nakonechnikov because the operator has it's own issues for read-only settings and then deploys containers with issues.

@yaroslav-nakonechnikov
Copy link

i've re-read description, and it is still not clear which container is affected.
for splunk-operator image? or just splunk?
for splunk - root cause is docker-splunk project, and creating ticket here won't help in any way... just because i already struggle a lot with that project.

and if you have access to splunk support - please, also raise ticket there, for reference. otherwise i have a strong feeling that all issues in gh are considered as low priority.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@vivekr-splunk vivekr-splunk

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@thormanrd @kumarajeet @jryb @vivekr-splunk @yaroslav-nakonechnikov @michal-tatusko-splunk