Hello, I am trying to configure Splunk Connect for Kubernetes to capture a k8s cluster application logs. I have problems when configuring https connection to HEC. On the Heavy Forwarder, I have configured a ServerCert, which has been signed by our Company Authority. Then, on Splunk Connect for Kubernetes Helm, if I configure https : splunk:
hec:
# host is required and should be provided by user
host: hostname.domain.com
# token is required and should be provided by user
token: MY-HEC-TOKEN
# protocol has two options: "http" and "https", default is "https"
# For self signed certificate leave this field blank
protocol: https When deploying, I see the following logs on Heavy Forwarder : 01-25-2022 09:37:16.729 +0100 WARN SSLCommon [1235867 HttpInputServerDataThread] - Received fatal SSL3 alert. ssl_state='SSLv3 read client key exchange A', alert_description='unknown CA'.
01-25-2022 09:37:16.729 +0100 WARN HttpListener [1235867 HttpInputServerDataThread] - Socket error from 10.8.199.195:55608 while idling: error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca - please check the output of the `openssl verify` command for the certificates involved; note that if certificate verification is enabled (requireClientCert or sslVerifyServerCert set to "true"), the CA certificate and the server certificate should not have the same Common Name. I have to configure insecureSSL: true to get the connection working and see logs on Indexer. But, If I activate HTTPS connection, I do not want it to be insecure ^^. I am a bit confused about Splunk Connect 4 Kubernetes configuration. Can I use : splunk:
# Configurations for HEC (HTTP Event Collector)
hec:
# The PEM-format CA certificate file.
# NOTE: The content of the file itself should be used here, not the file path.
# The file will be stored as a secret in kubernetes.
caFile: To configure ma Company CA ? Or are keys clientCert, clientKey and CaFile only used for mTLS configuration ? Thank you in advance for your answers. Regards. Nicolas.
... View more
