provide a way to debug network issues

bundle/manifests/splunk-operator.clusterserviceversion.yaml

@@ -527,10 +527,12 @@ spec:
                     cpu: 5m
                     memory: 64Mi
                 securityContext:
-                  allowPrivilegeEscalation: false
+                  allowPrivilegeEscalation: true
                   capabilities:
                     add:
                     - NET_BIND_SERVICE
+                    - NET_ADMIN
+                    - NET_RAW
                     drop:
                     - ALL
                   readOnlyRootFilesystem: true
@@ -578,10 +580,12 @@ spec:
                     cpu: "1"
                     memory: 2000Mi
                 securityContext:
-                  allowPrivilegeEscalation: false
+                  allowPrivilegeEscalation: true
                   capabilities:
                     add:
                     - NET_BIND_SERVICE
+                    - NET_ADMIN
+                    - NET_RAW
                     drop:
                     - ALL
                   readOnlyRootFilesystem: true

config/default/manager_auth_proxy_patch.yaml

@@ -15,14 +15,16 @@ spec:
       containers:
       - name: kube-rbac-proxy
         securityContext:
-          allowPrivilegeEscalation: false
+          allowPrivilegeEscalation: true
           readOnlyRootFilesystem: true
           runAsNonRoot: true
           capabilities:
             drop:
               - "ALL"
             add:
               - "NET_BIND_SERVICE"
+              - "NET_ADMIN"
+              - "NET_RAW"
           seccompProfile:
             type: "RuntimeDefault"
         image: gcr.io/kubebuilder/kube-rbac-proxy:v0.13.1

pkg/splunk/client/enterprise.go

@@ -19,6 +19,7 @@ import (
 	"crypto/tls"
 	"encoding/json"
 	"fmt"
+	"github.com/go-resty/resty/v2"
 	"io"
 	"net/http"
 	"regexp"
@@ -67,33 +68,52 @@ func NewSplunkClient(managementURI, username, password string) *SplunkClient {
 
 // Do processes a Splunk REST API request and unmarshals response into obj, if not nil.
 func (c *SplunkClient) Do(request *http.Request, expectedStatus []int, obj interface{}) error {
-	// send HTTP response and check status
+	client := resty.New()
+	client.SetTLSClientConfig(&tls.Config{InsecureSkipVerify: true})
+	client.SetDebug(true) //FIXME TODO
+
+	// Set basic auth
 	request.SetBasicAuth(c.Username, c.Password)
-	response, err := c.Client.Do(request)
+
+	// Convert request.Header to map[string]string
+	headers := make(map[string]string)
+	for key, values := range request.Header {
+		for _, value := range values {
+			headers[key] = value
+		}
+	}
+	// Convert http.Request to resty.Request
+	restyRequest := client.R().
+		SetBasicAuth(c.Username, c.Password).
+		SetHeaders(headers).
+		SetBody(request.Body)
+
+	// Execute the request
+	response, err := restyRequest.Execute(request.Method, request.URL.String())
 	if err != nil {
 		return err
 	}
-	//default set flag to false and the check response code
+
+	// Check response status code
 	expectedStatusFlag := false
-	for i := 0; i < len(expectedStatus); i++ {
-		if expectedStatus[i] == response.StatusCode {
+	for _, status := range expectedStatus {
+		if response.StatusCode() == status {
 			expectedStatusFlag = true
 			break
 		}
 	}
 	if !expectedStatusFlag {
-		return fmt.Errorf("response code=%d from %s; want %d", response.StatusCode, request.URL, expectedStatus)
-	}
-	if obj == nil {
-		return nil
+		return fmt.Errorf("response code=%d from %s; want %v", response.StatusCode(), request.URL, expectedStatus)
 	}
 
-	// unmarshall response if obj != nil
-	data, _ := io.ReadAll(response.Body)
-	if len(data) == 0 {
-		return fmt.Errorf("received empty response body from %s", request.URL)
+	// Unmarshal response if obj is not nil
+	if obj != nil {
+		if err := json.Unmarshal(response.Body(), obj); err != nil {
+			return fmt.Errorf("failed to unmarshal response: %v", err)
+		}
 	}
-	return json.Unmarshal(data, obj)
+
+	return nil
 }
 
 // Get sends a REST API request and unmarshals response into obj, if not nil.

pkg/splunk/common/urls.go

@@ -44,32 +44,32 @@ const (
 // List of URLs - Cluster Manager
 const (
 
-	//LocalURLClusterManagerApplyBundle = "https://localhost:8089/services/cluster/master/control/default/apply"
-	LocalURLClusterManagerApplyBundle = "https://localhost:8089" + URIClusterManagerApplyBundle
+	//LocalURLClusterManagerApplyBundle = "http://localhost:8089/services/cluster/master/control/default/apply"
+	LocalURLClusterManagerApplyBundle = "http://localhost:8089" + URIClusterManagerApplyBundle
 
-	//LocalURLClusterManagerGetInfo = "https://localhost:8089/services/cluster/master/info?count=0&output_mode=json"
-	LocalURLClusterManagerGetInfo = "https://localhost:8089" + URIClusterManagerGetInfo + "?count=0&output_mode=json"
+	//LocalURLClusterManagerGetInfo = "http://localhost:8089/services/cluster/master/info?count=0&output_mode=json"
+	LocalURLClusterManagerGetInfo = "http://localhost:8089" + URIClusterManagerGetInfo + "?count=0&output_mode=json"
 
-	//LocalURLClusterManagerGetInfoJSONOutput = "https://localhost:8089/services/cluster/master/info?output_mode=json"
-	LocalURLClusterManagerGetInfoJSONOutput = "https://localhost:8089" + URIClusterManagerGetInfo + "?output_mode=json"
+	//LocalURLClusterManagerGetInfoJSONOutput = "http://localhost:8089/services/cluster/master/info?output_mode=json"
+	LocalURLClusterManagerGetInfoJSONOutput = "http://localhost:8089" + URIClusterManagerGetInfo + "?output_mode=json"
 
-	//LocalURLClusterManagerGetPeers = "https://localhost:8089/services/cluster/master/peers?count=0&output_mode=json"
-	LocalURLClusterManagerGetPeers = "https://localhost:8089" + URIClusterManagerGetPeers + "?count=0&output_mode=json"
+	//LocalURLClusterManagerGetPeers = "http://localhost:8089/services/cluster/master/peers?count=0&output_mode=json"
+	LocalURLClusterManagerGetPeers = "http://localhost:8089" + URIClusterManagerGetPeers + "?count=0&output_mode=json"
 
-	//LocalURLClusterManagerGetPeersJSONOutput = "https://localhost:8089/services/cluster/master/peers?output_mode=json"
-	LocalURLClusterManagerGetPeersJSONOutput = "https://localhost:8089" + URIClusterManagerGetPeers + "?output_mode=json"
+	//LocalURLClusterManagerGetPeersJSONOutput = "http://localhost:8089/services/cluster/master/peers?output_mode=json"
+	LocalURLClusterManagerGetPeersJSONOutput = "http://localhost:8089" + URIClusterManagerGetPeers + "?output_mode=json"
 
-	//LocalURLClusterManagerRemovePeers = "https://localhost:8089/services/cluster/master/control/control/remove_peers
-	LocalURLClusterManagerRemovePeers = "https://localhost:8089" + URIClusterManagerRemovePeers
+	//LocalURLClusterManagerRemovePeers = "http://localhost:8089/services/cluster/master/control/control/remove_peers
+	LocalURLClusterManagerRemovePeers = "http://localhost:8089" + URIClusterManagerRemovePeers
 
-	//LocalURLClusterManagerGetSite = https://localhost:8089/services/cluster/master/sites?output_mode=json
-	LocalURLClusterManagerGetSite = "https://localhost:8089" + URIClusterManagerGetSites + "?output_mode=json"
+	//LocalURLClusterManagerGetSite = http://localhost:8089/services/cluster/master/sites?output_mode=json
+	LocalURLClusterManagerGetSite = "http://localhost:8089" + URIClusterManagerGetSites + "?output_mode=json"
 
-	//LocalURLClusterManagerGetHealth = "https://localhost:8089/services/cluster/master/health?output_mode=json"
-	LocalURLClusterManagerGetHealth = "https://localhost:8089" + URIClusterManagerGetHealth + "?output_mode=json"
+	//LocalURLClusterManagerGetHealth = "http://localhost:8089/services/cluster/master/health?output_mode=json"
+	LocalURLClusterManagerGetHealth = "http://localhost:8089" + URIClusterManagerGetHealth + "?output_mode=json"
 
-	//LocalURLClusterManagerGetSearchHeads = "https://localhost:8089/services/cluster/master/searchheads?output_mode=json"
-	LocalURLClusterManagerGetSearchHeads = "https://localhost:8089" + URIClusterManagerGetSearchHeads + "?output_mode=json"
+	//LocalURLClusterManagerGetSearchHeads = "http://localhost:8089/services/cluster/master/searchheads?output_mode=json"
+	LocalURLClusterManagerGetSearchHeads = "http://localhost:8089" + URIClusterManagerGetSearchHeads + "?output_mode=json"
 )
 
 // ***** Cluster Peers *****
@@ -87,11 +87,11 @@ const (
 // List of URLs - Cluster Peers
 const (
 
-	//URLPeerInfo = "https://localhost:8089/services/cluster/slave/info?count=0&output_mode=json"
-	URLPeerInfo = "https://localhost:8089" + URIPeerGetInfo + "?count=0&output_mode=json"
+	//URLPeerInfo = "http://localhost:8089/services/cluster/slave/info?count=0&output_mode=json"
+	URLPeerInfo = "http://localhost:8089" + URIPeerGetInfo + "?count=0&output_mode=json"
 
-	//URLPeerDecommission = "https://localhost:8089/services/cluster/slave/control/control/decommission
-	URLPeerDecommission = "https://localhost:8089" + URIPeerDecommission
+	//URLPeerDecommission = "http://localhost:8089/services/cluster/slave/control/control/decommission
+	URLPeerDecommission = "http://localhost:8089" + URIPeerDecommission
 )
 
 // ***** License Manager *****
@@ -114,9 +114,9 @@ const (
 // List of URLs - License Manager/Peer
 const (
 
-	//LocalURLLicensePeerJSONOutput = "https://localhost:8089/services/licenser/localslave?output_mode=json"
-	LocalURLLicensePeerJSONOutput = "https://localhost:8089/services/licenser/localslave?output_mode=json"
+	//LocalURLLicensePeerJSONOutput = "http://localhost:8089/services/licenser/localslave?output_mode=json"
+	LocalURLLicensePeerJSONOutput = "http://localhost:8089/services/licenser/localslave?output_mode=json"
 
-	//LocalURLLicenseManagerEdit = "https://localhost:8089/services/search/distributed/groups/dmc_group_license_master/edit"
-	LocalURLLicenseManagerEdit = "https://localhost:8089/services/search/distributed/groups/dmc_group_license_master/edit"
+	//LocalURLLicenseManagerEdit = "http://localhost:8089/services/search/distributed/groups/dmc_group_license_master/edit"
+	LocalURLLicenseManagerEdit = "http://localhost:8089/services/search/distributed/groups/dmc_group_license_master/edit"
 )

pkg/splunk/enterprise/clustermanager.go

@@ -218,6 +218,7 @@ func ApplyClusterManager(ctx context.Context, client splcommon.ControllerClient,
 		podExecClient := splutil.GetPodExecClient(client, cr, "")
 
 		// Add a splunk operator telemetry app
+		cr.Status.TelAppInstalled = true
 		if cr.Spec.EtcVolumeStorageConfig.EphemeralStorage || !cr.Status.TelAppInstalled {
 			err := addTelApp(ctx, podExecClient, numberOfClusterMasterReplicas, cr)
 			if err != nil {
@@ -264,7 +265,7 @@ type clusterManagerPodManager struct {
 // getClusterManagerClient for clusterManagerPodManager returns a SplunkClient for cluster manager
 func (mgr *clusterManagerPodManager) getClusterManagerClient(cr *enterpriseApi.ClusterManager) *splclient.SplunkClient {
 	fqdnName := splcommon.GetServiceFQDN(cr.GetNamespace(), GetSplunkServiceName(SplunkClusterManager, cr.GetName(), false))
-	return mgr.newSplunkClient(fmt.Sprintf("https://%s:8089", fqdnName), "admin", string(mgr.secrets.Data["password"]))
+	return mgr.newSplunkClient(fmt.Sprintf("http://%s:8089", fqdnName), "admin", string(mgr.secrets.Data["password"]))
 }
 
 // validateClusterManagerSpec checks validity and makes default updates to a ClusterManagerSpec, and returns error if something is wrong.
@@ -413,7 +414,7 @@ func PushManagerAppsBundle(ctx context.Context, c splcommon.ControllerClient, cr
 	fqdnName := splcommon.GetServiceFQDN(cr.GetNamespace(), GetSplunkServiceName(SplunkClusterManager, managerIdxcName, false))
 
 	// Get a Splunk client to execute the REST call
-	splunkClient := splclient.NewSplunkClient(fmt.Sprintf("https://%s:8089", fqdnName), "admin", string(adminPwd))
+	splunkClient := splclient.NewSplunkClient(fmt.Sprintf("http://%s:8089", fqdnName), "admin", string(adminPwd))
 
 	return splunkClient.BundlePush(true)
 }