I am trying to get the snyk monitor up and running on AWS and VMware Tanzu but the container crashes immediately
Warning: Ignoring extra certs from /srv/app/certs/ca.pem, load failed: error:02001002:system library:fopen:No such file or directory
10
{"name":"kubernetes-monitor","hostname":"snyk-monitor-8574686b5f-nj8pq","pid":6,"level":30,"msg":"Cleaned temp storage","time":"2022-03-18T10:12:12.904Z","v":0}
9
{"name":"snyk-monitor","hostname":"snyk-monitor-8574686b5f-nj8pq","pid":6,"level":50,"error":{"message":"HTTP request failed","name":"HttpError","stack":"HttpError: HTTP request failed\n at Request._callback (/srv/app/node_modules/@kubernetes/client-node/dist/gen/api/appsV1Api.js:4141:36)\n at Request.self.callback (/srv/app/node_modules/request/request.js:185:22)\n at Request.emit (node:events:520:28)\n at Request.emit (node:domain:475:12)\n at Request.<anonymous> (/srv/app/node_modules/request/request.js:1154:10)\n at Request.emit (node:events:520:28)\n at Request.emit (node:domain:475:12)\n at IncomingMessage.<anonymous> (/srv/app/node_modules/request/request.js:1076:12)\n at Object.onceWrapper (node:events:639:28)\n at IncomingMessage.emit (node:events:532:35)"},"namespace":"helix-snyk-monitor","msg":"could not read the snyk-monitor deployment unique id","time":"2022-03-18T10:12:13.009Z","v":0}
8
{"name":"kubernetes-monitor","hostname":"snyk-monitor-8574686b5f-nj8pq","pid":6,"level":30,"userLocator":"969f618c-cbc7-4c6c-947b-3de7a7e3bb90","cluster":"Helix AWS Showcase","agentId":"949bd26e-fa6c-45b9-b4f9-dd19a4c47aed","msg":"attempting to send cluster metadata","time":"2022-03-18T10:12:13.009Z","v":0}
7
{"name":"kubernetes-monitor","hostname":"snyk-monitor-8574686b5f-nj8pq","pid":6,"level":30,"userLocator":"969f618c-cbc7-4c6c-947b-3de7a7e3bb90","cluster":"Helix AWS Showcase","agentId":"949bd26e-fa6c-45b9-b4f9-dd19a4c47aed","attempt":1,"msg":"cluster metadata sent upstream successfully","time":"2022-03-18T10:12:13.277Z","v":0}
6
{"name":"kubernetes-monitor","hostname":"snyk-monitor-8574686b5f-nj8pq","pid":6,"level":30,"userLocator":"969f618c-cbc7-4c6c-947b-3de7a7e3bb90","cluster":"Helix AWS Showcase","agentId":"949bd26e-fa6c-45b9-b4f9-dd19a4c47aed","msg":"attempting to send workload auto-import policy","time":"2022-03-18T10:12:13.278Z","v":0}
5
{"name":"kubernetes-monitor","hostname":"snyk-monitor-8574686b5f-nj8pq","pid":6,"level":30,"userLocator":"969f618c-cbc7-4c6c-947b-3de7a7e3bb90","cluster":"Helix AWS Showcase","agentId":"949bd26e-fa6c-45b9-b4f9-dd19a4c47aed","attempt":1,"msg":"workload auto-import policy sent upstream successfully","time":"2022-03-18T10:12:13.579Z","v":0}
4
{"name":"kubernetes-monitor","hostname":"snyk-monitor-8574686b5f-nj8pq","pid":6,"level":30,"cluster":"Helix AWS Showcase","msg":"starting to monitor","time":"2022-03-18T10:12:13.580Z","v":0}
3
{"name":"kubernetes-monitor","hostname":"snyk-monitor-8574686b5f-nj8pq","pid":6,"level":30,"msg":"setting up cluster informers","time":"2022-03-18T10:12:13.580Z","v":0}
2
{"name":"kubernetes-monitor","hostname":"snyk-monitor-8574686b5f-nj8pq","pid":6,"level":50,"err":{"message":"HTTP request failed","name":"HttpError","stack":"HttpError: HTTP request failed\n at Request._callback (/srv/app/node_modules/@kubernetes/client-node/dist/gen/api/coreV1Api.js:9175:36)\n at Request.self.callback (/srv/app/node_modules/request/request.js:185:22)\n at Request.emit (node:events:520:28)\n at Request.emit (node:domain:475:12)\n at Request.<anonymous> (/srv/app/node_modules/request/request.js:1154:10)\n at Request.emit (node:events:520:28)\n at Request.emit (node:domain:475:12)\n at IncomingMessage.<anonymous> (/srv/app/node_modules/request/request.js:1076:12)\n at Object.onceWrapper (node:events:639:28)\n at IncomingMessage.emit (node:events:532:35)"},"msg":"error while listing namespaces in cluster","time":"2022-03-18T10:12:13.591Z","v":0}
1
{"name":"kubernetes-monitor","hostname":"snyk-monitor-8574686b5f-nj8pq","pid":6,"level":50,"error":{"message":"HTTP request failed","name":"HttpError","stack":"HttpError: HTTP request failed\n at Request._callback (/srv/app/node_modules/@kubernetes/client-node/dist/gen/api/coreV1Api.js:9175:36)\n at Request.self.callback (/srv/app/node_modules/request/request.js:185:22)\n at Request.emit (node:events:520:28)\n at Request.emit (node:domain:475:12)\n at Request.<anonymous> (/srv/app/node_modules/request/request.js:1154:10)\n at Request.emit (node:events:520:28)\n at Request.emit (node:domain:475:12)\n at IncomingMessage.<anonymous> (/srv/app/node_modules/request/request.js:1076:12)\n at Object.onceWrapper (node:events:639:28)\n at IncomingMessage.emit (node:events:532:35)"},"msg":"an error occurred while monitoring the cluster","time":"2022-03-18T10:12:13.591Z","v":0}
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app.kubernetes.io/instance: helix-snyk-monitor
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: snyk-monitor
helm.sh/chart: snyk-monitor-1.85.2
name: snyk-monitor
namespace: helix-snyk-monitor
spec:
selector:
matchLabels:
app.kubernetes.io/instance: snyk-monitor
app.kubernetes.io/name: snyk-monitor
strategy:
type: RollingUpdate
template:
metadata:
labels:
app.kubernetes.io/instance: snyk-monitor
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: snyk-monitor
spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/arch
operator: In
values:
- amd64
containers:
- env:
- name: SNYK_CLUSTER_NAME
value: Helix AWS Showcase
- name: NODE_EXTRA_CA_CERTS
value: /srv/app/certs/ca.pem
- name: SNYK_INTEGRATION_ID
valueFrom:
secretKeyRef:
key: integrationId
name: snyk-monitor
- name: SNYK_WATCH_NAMESPACE
- name: SNYK_DEPLOYMENT_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: SNYK_DEPLOYMENT_NAME
value: snyk-monitor
- name: SNYK_INTEGRATION_API
- name: SNYK_MONITOR_VERSION
value: 1.85.2
- name: HOME
value: /srv/app
- name: HTTP_PROXY
- name: HTTPS_PROXY
- name: NO_PROXY
- name: LOG_LEVEL
- name: SKIP_K8S_JOBS
- name: SNYK_SKOPEO_COMPRESSION_LEVEL
value: '6'
- name: SNYK_WORKERS_COUNT
value: '10'
- name: V8_MAX_OLD_SPACE_SIZE
value: '2048'
- name: UV_THREADPOOL_SIZE
value: '24'
- name: NODE_OPTIONS
value: '--max_old_space_size=2048'
image: 'privateregistry.com/snyk/kubernetes-monitor:1.85.2'
imagePullPolicy: Always
livenessProbe:
exec:
command:
- 'true'
name: snyk-monitor
readinessProbe:
exec:
command:
- 'true'
resources:
limits:
cpu: '1'
memory: 2Gi
requests:
cpu: 250m
memory: 400Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
privileged: false
readOnlyRootFilesystem: true
runAsNonRoot: true
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /srv/app/.docker
name: docker-config
readOnly: true
- mountPath: /var/tmp
name: temporary-storage
- mountPath: /srv/app/certs
name: ssl-certs
- mountPath: /tmp/policies
name: workload-policies
readOnly: true
- mountPath: /srv/app/.config/containers
name: registries-conf
initContainers:
- command:
- sh
- '-c'
- chmod -R go+rwX /var/tmp || true
image: 'privateregistry.com/snyk/busybox:latest'
name: volume-permissions
resources:
limits:
cpu: 100m
memory: 100Mi
requests:
cpu: 100m
memory: 100Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
privileged: false
readOnlyRootFilesystem: true
runAsNonRoot: false
volumeMounts:
- mountPath: /var/tmp
name: temporary-storage
restartPolicy: Always
serviceAccountName: snyk-monitor
volumes:
- name: docker-config
secret:
items:
- key: dockercfg.json
path: config.json
secretName: snyk-monitor
- emptyDir:
sizeLimit: 50Gi
name: temporary-storage
- configMap:
name: snyk-monitor-certs
optional: true
name: ssl-certs
- configMap:
name: snyk-monitor-workload-policies
optional: true
name: workload-policies
- configMap:
name: snyk-monitor-registries-conf
optional: true
name: registries-conf