fix: update ubi, fix cve, update ruby (#282)

* fix: update ubi, fix cve, update ruby

Author: VihasMakwana

.github/workflows/ci_build_test.yaml

@@ -17,7 +17,7 @@ jobs:
         uses: ruby/setup-ruby@v1
         with:
           bundler-cache: true
-          ruby-version: 2.7
+          ruby-version: 3.1
 
       - name: Install dependencies
         run: |
@@ -63,12 +63,12 @@ jobs:
       CI_SPLUNK_PORT: 8089
       CI_SPLUNK_USERNAME: admin
       CI_SPLUNK_HEC_TOKEN: a6b5e77f-d5f6-415a-bd43-930cecb12959
-      CI_SPLUNK_PASSWORD: helloworld
+      CI_SPLUNK_PASSWORD: changeme2
       CI_INDEX_EVENTS: ci_events
       CI_INDEX_OBJECTS: ci_objects
       CI_INDEX_METRICS: ci_metrics
       KUBERNETES_VERSION: v1.23.2
-      MINIKUBE_VERSION: v1.24.0
+      MINIKUBE_VERSION: latest
       MINIKUBE_NODE_COUNTS: 2
       GITHUB_ACTIONS: true
 
@@ -158,6 +158,8 @@ jobs:
           curl -X POST -u $CI_SPLUNK_USERNAME:$CI_SPLUNK_PASSWORD -k https://$CI_SPLUNK_HOST:$CI_SPLUNK_PORT/servicesNS/nobody/splunk_httpinput/data/inputs/http/http/enable
           # Create new HEC token
           curl -X POST -u $CI_SPLUNK_USERNAME:$CI_SPLUNK_PASSWORD -k -d "name=splunk_hec_token&token=a6b5e77f-d5f6-415a-bd43-930cecb12959&disabled=0&index=default-events&indexes=default-events,$CI_INDEX_METRICS,$CI_INDEX_OBJECTS,$CI_INDEX_EVENTS,ns-anno,pod-anno" https://$CI_SPLUNK_HOST:$CI_SPLUNK_PORT/servicesNS/nobody/splunk_httpinput/data/inputs/http
+          # lower the limit to 50MiB. Higher limits throws error 'Search not executed XXXX'
+          kubectl exec -it splunk -- bash -c 'echo -e "\n[diskUsage]\nminFreeSpace = 50" >> /opt/splunk/etc/system/local/server.conf'
           # Restart Splunk
           curl -k -u $CI_SPLUNK_USERNAME:$CI_SPLUNK_PASSWORD https://$CI_SPLUNK_HOST:$CI_SPLUNK_PORT/services/server/control/restart -X POST
 

.ruby-version

@@ -1 +1 @@
-2.7.4
+3.1.3

Gemfile.lock

@@ -13,9 +13,9 @@ PATH
 GEM
   remote: https://rubygems.org/
   specs:
-    activemodel (7.0.4.3)
-      activesupport (= 7.0.4.3)
-    activesupport (7.0.4.3)
+    activemodel (7.0.7.2)
+      activesupport (= 7.0.7.2)
+    activesupport (7.0.7.2)
       concurrent-ruby (~> 1.0, >= 1.0.2)
       i18n (>= 1.6, < 2)
       minitest (>= 5.1)
@@ -89,15 +89,15 @@ GEM
     power_assert (2.0.1)
     prometheus-client (4.0.0)
     public_suffix (4.0.6)
-    rack (3.0.6.1)
+    rack (3.0.8)
     rack-oauth2 (1.21.2)
       activesupport
       attr_required
       httpclient
       json-jwt (>= 1.11.0)
       rack (>= 2.1.0)
     rake (13.0.6)
-    rexml (3.2.5)
+    rexml (3.2.6)
     ruby2_keywords (0.0.5)
     serverengine (2.3.0)
       sigdump (~> 0.2.2)

ci_scripts/deploy_connector.sh

@@ -23,11 +23,12 @@ helm install ci-sck --set global.splunk.hec.token=$CI_SPLUNK_HEC_TOKEN \
 --set splunk-kubernetes-logging.image.tag=recent \
 --set splunk-kubernetes-logging.image.pullPolicy=IfNotPresent \
 -f ci_scripts/sck_values.yml helm-chart/splunk-connect-for-kubernetes
-
+# kubectl get pod | grep "ci-sck-splunk-kubernetes-logging" | awk 'NR==1{print $1}
 kubectl get pod
 # wait for deployment to finish
 # metric and logging deamon set for each node + aggr + object + splunk
 PODS=$((MINIKUBE_NODE_COUNTS*2+2+1))
 until kubectl get pod | grep Running | [[ $(wc -l) == $PODS ]]; do
-   sleep 1;
+   kubectl get pod
+   sleep 2;
 done

ci_scripts/k8s-splunk.yml

@@ -26,6 +26,6 @@ spec:
     - name: SPLUNK_USER
       value: root
     - name: SPLUNK_PASSWORD
-      value: helloworld
+      value: changeme2
     - name: SPLUNK_LAUNCH_CONF
       value: OPTIMISTIC_ABOUT_FILE_LOCKING=1

docker/Dockerfile

@@ -1,4 +1,4 @@
-FROM ruby:2.7.4-buster as builder
+FROM ruby:3.1.4-buster as builder
 
 ADD ./ /app/
 WORKDIR /app
@@ -8,7 +8,7 @@ RUN bundle install
 
 RUN bundle exec rake build -t -v
 
-FROM registry.access.redhat.com/ubi8/ruby-27
+FROM registry.access.redhat.com/ubi9/ruby-31
 
 ARG VERSION
 
@@ -33,8 +33,6 @@ COPY --from=builder /app/LICENSE /licenses/LICENSE
 RUN dnf install -y jq
 
 COPY --from=builder /app/docker/Gemfile* ./
-RUN gem update date cgi
-RUN rm -f /usr/share/gems/specifications/default/cgi-0.1.0.gemspec /usr/share/gems/specifications/default/date-3.0.0.gemspec 
 RUN yum update -y \
    && yum remove -y nodejs npm \
    && gem install bundler \

docker/Gemfile

@@ -3,7 +3,7 @@ source 'https://rubygems.org'
 # This is separate gemfile for building docker image that has all plugins
 # for kubernetes log collection agent
 # List all required gems here and install via bundler to resolve dependencies
-gem "fluentd", ">=1.15"
+gem "fluentd", "=1.15.3"
 gem "fluent-plugin-systemd", "=1.0.2"
 gem "fluent-plugin-concat", "=2.4.0"
 gem "fluent-plugin-prometheus", "=2.0.2"
@@ -14,13 +14,14 @@ gem "oj", ">=3.11.2"
 gem 'multi_json', '~> 1.13'
 gem 'net-http-persistent', '~> 4.0'
 gem 'openid_connect', '~> 1.1.8'
-gem 'prometheus-client', '>= 2.1.0'
-gem 'activesupport', '~> 5.2.4.3'
+gem 'prometheus-client', '=2.1.0'
 gem 'http_parser.rb', '=0.8.0'
 gem "rack", ">=3.0.0"
 gem "fluent-plugin-record-modifier", ">=2.1"
 gem 'json-jwt', '~> 1.15.0'
 gem 'rack-oauth2', '~> 1.19'
+gem 'cgi', '~> 0.3.6'
+gem 'date', '~> 3.3.3'
 
 
 gem 'fluent-plugin-splunk-hec', path: 'gem/'

docker/Gemfile.lock

@@ -24,21 +24,23 @@ PATH
 GEM
   remote: https://rubygems.org/
   specs:
-    activemodel (5.2.4.6)
-      activesupport (= 5.2.4.6)
-    activesupport (5.2.4.6)
+    activemodel (7.0.7.2)
+      activesupport (= 7.0.7.2)
+    activesupport (7.0.7.2)
       concurrent-ruby (~> 1.0, >= 1.0.2)
-      i18n (>= 0.7, < 2)
-      minitest (~> 5.1)
-      tzinfo (~> 1.1)
-    addressable (2.8.0)
-      public_suffix (>= 2.0.2, < 5.0)
+      i18n (>= 1.6, < 2)
+      minitest (>= 5.1)
+      tzinfo (~> 2.0)
+    addressable (2.8.5)
+      public_suffix (>= 2.0.2, < 6.0)
     aes_key_wrap (1.1.0)
     attr_required (1.0.1)
-    bindata (2.4.14)
-    concurrent-ruby (1.1.9)
-    connection_pool (2.2.5)
-    cool.io (1.7.1)
+    bindata (2.4.15)
+    cgi (0.3.6)
+    concurrent-ruby (1.2.2)
+    connection_pool (2.4.1)
+    cool.io (1.8.0)
+    date (3.3.3)
     domain_name (0.5.20190701)
       unf (>= 0.0.5, < 1.0.0)
     ffi (1.15.5)
@@ -80,36 +82,36 @@ GEM
       http-form_data (~> 2.2)
       http-parser (~> 1.2.0)
     http-accept (1.7.0)
-    http-cookie (1.0.4)
+    http-cookie (1.0.5)
       domain_name (~> 0.5)
     http-form_data (2.3.0)
     http-parser (1.2.3)
       ffi-compiler (>= 1.0, < 2.0)
     http_parser.rb (0.8.0)
     httpclient (2.8.3)
-    i18n (1.9.1)
+    i18n (1.14.1)
       concurrent-ruby (~> 1.0)
     json-jwt (1.15.3)
       activesupport (>= 4.2)
       aes_key_wrap
       bindata
       httpclient
-    jsonpath (1.1.0)
+    jsonpath (1.1.3)
       multi_json
     lru_redux (1.1.0)
     mail (2.7.1)
       mini_mime (>= 0.1.1)
     mime-types (3.4.1)
       mime-types-data (~> 3.2015)
-    mime-types-data (3.2022.0105)
-    mini_mime (1.1.2)
-    minitest (5.15.0)
-    msgpack (1.6.0)
+    mime-types-data (3.2023.0808)
+    mini_mime (1.1.5)
+    minitest (5.19.0)
+    msgpack (1.7.2)
     multi_json (1.15.0)
-    net-http-persistent (4.0.0)
+    net-http-persistent (4.0.2)
       connection_pool (~> 2.2)
     netrc (0.11.0)
-    oj (3.11.2)
+    oj (3.16.0)
     openid_connect (1.1.8)
       activemodel
       attr_required (>= 1.0.0)
@@ -121,9 +123,9 @@ GEM
       validate_url
       webfinger (>= 1.0.1)
     prometheus-client (2.1.0)
-    public_suffix (4.0.6)
-    rack (3.0.1)
-    rack-oauth2 (1.19.0)
+    public_suffix (5.0.3)
+    rack (3.0.8)
+    rack-oauth2 (1.21.3)
       activesupport
       attr_required
       httpclient
@@ -146,18 +148,18 @@ GEM
       httpclient (>= 2.4)
     systemd-journal (1.3.3)
       ffi (~> 1.9)
-    thread_safe (0.3.6)
-    tzinfo (1.2.10)
-      thread_safe (~> 0.1)
-    tzinfo-data (1.2022.6)
+    timeout (0.4.0)
+    tzinfo (2.0.6)
+      concurrent-ruby (~> 1.0)
+    tzinfo-data (1.2023.3)
       tzinfo (>= 1.0.0)
     unf (0.1.4)
       unf_ext
-    unf_ext (0.0.8)
+    unf_ext (0.0.8.2)
     validate_email (0.1.6)
       activemodel (>= 3.0)
       mail (>= 2.2.5)
-    validate_url (1.0.13)
+    validate_url (1.0.15)
       activemodel (>= 3.0.0)
       public_suffix
     webfinger (1.2.0)
@@ -170,23 +172,24 @@ PLATFORMS
   ruby
 
 DEPENDENCIES
-  activesupport (~> 5.2.4.3)
+  cgi (~> 0.3.6)
+  date (~> 3.3.3)
   fluent-plugin-concat (= 2.4.0)
   fluent-plugin-jq (= 0.5.1)
   fluent-plugin-kubernetes_metadata_filter (~> 3.1)
   fluent-plugin-prometheus (= 2.0.2)
   fluent-plugin-record-modifier (>= 2.1)
   fluent-plugin-splunk-hec!
   fluent-plugin-systemd (= 1.0.2)
-  fluentd (>= 1.15)
+  fluentd (= 1.15.3)
   http_parser.rb (= 0.8.0)
   json-jwt (~> 1.15.0)
   kubeclient!
   multi_json (~> 1.13)
   net-http-persistent (~> 4.0)
   oj (>= 3.11.2)
   openid_connect (~> 1.1.8)
-  prometheus-client (>= 2.1.0)
+  prometheus-client (= 2.1.0)
   rack (>= 3.0.0)
   rack-oauth2 (~> 1.19)