IBM Support

QRadar SOAR: Installation of Kubernetes fails with incorrect proxy configuration

Troubleshooting


Problem

Installing IBM QRadar SOAR App Host with incorrect proxy configurations causes the deployment of Kubernetes to fail.

Symptom


If you are required to use a proxy server to reach external sites, you need to first configure the proxy settings before installing the App Host. Verify that the status of the pods is running or completed. If the status is stuck in ContainerCreating, you need to correct the proxy configuration before proceeding.
sudo kubectl get pods -n kube-system

NAME READY STATUS RESTARTS AGE
local-path-provisioner-58fb86bdfd-l58dz 0/1 ContainerCreating 0 26h
metrics-server-6d684c7b5-gpptn          0/1 ContainerCreating 0 26h
coredns-d798c9dd-z8tlh                  0/1 ContainerCreating 0 26h
If the state is ContainerCreating, check the proxy settings and correct any errors before installing the App Host.

Cause

IBM QRadar SOAR App Host connects to registry-1.docker.io in order to download the code to install the App Host. 
The proxy configuration settings were incorrect or missing preventing access to the internet to access the installation code.

Environment

IBM QRadar SOAR v37 or higher configured to use IBM QRadar SOAR App Host.

Diagnosing The Problem

The correct proxy server needs to be configured in this file when setting up proxy settings for App Host:
/etc/systemd/system/k3s.service.env

Running the command:  sudo kubectl describe pod/<pod> -n <namespace> shows you what is to be pulled down and any failures.

sudo kubectl describe pod/coredns-744d7bd568-b2w9j -n kube-system

Check the connection to the internet by using a curl command or by tailing the logs on the Proxy server:

curl --verbose -x http://proxyserver.com:80 https://registry-1.docker.io -cacert /etc/pki/ca-trust/certificate.pem
Replace http://proxyserver.com:80 with the correct proxy server address, port, and protocol.
If the proxy is authenticated:
curl -x <[protocol://][user:password@]proxyhost[:port]> https://registry-1.docker.io -cacert /etc/pki/ca-trust/certificate.pem

Resolving The Problem

To resolve issues with the proxy configuration and restart installation of Kubernetes, perform the following steps:

1. Update the contents of the k3 environment file:
/etc/systemd/system/k3s.service.env

Proxy servers that do not require SSL can be set to use HTTP for both HTTP_PROXY AND HTTPS_PROXY in k3s.service.env.

HTTP_PROXY=http://proxyserver.com:80
HTTPS_PROXY=http://proxyserver.com:80
NO_PROXY=<localhost and other IPs that do not need proxy>

2. Clear the proxy settings and run the following commands:

sudo manageAppHost proxy --clear

3. Restart the deployment of the k3s service:

sudo systemctl restart k3s

4. Run describe pod command to see whether the error is different:

sudo kubectl describe pod -n kube-system coredns-XXXXXX-XXXXX

(Where coredns-XXXXXX-XXXXX matches the value from running: sudo kubectl get pods -n kube-system). 

5. Update the proxy configuration with the correct settings:

sudo manageAppHost proxy --proxy-url <http://URL:port# of proxy>

6. Restart the deployment of Kubernetes:

sudo kubectl rollout restart deployments/coredns -n kube-system

7. Check to ensure that the pods are installing by running the following command to list all system containers.
Verify that their status is Running or Completed:

sudo kubectl get pods -A
sudo kubectl get deployments -A

8. If the pods are still stuck in ContainerCreating, you might need to trust the proxy CA certificate.

Add the certificate to:
/etc/pki/ca-trust/source/anchors

Now run.

sudo update-ca-trust

When completed, proceed to install App Host by running:

sudo manageAppHost install -p <full path to pairing file>


 

Document Location

Worldwide

[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSA230","label":"IBM Security QRadar SOAR"},"ARM Category":[{"code":"a8m0z0000001jTpAAI","label":"Integrations->AppHost"}],"ARM Case Number":"TS014784679","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"},{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSEGM63","label":"IBM Security QRadar SOAR on Cloud"},"ARM Category":[{"code":"a8m0z0000001jTpAAI","label":"Integrations->AppHost"}],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"},{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSL2BV","label":"IBM Security QRadar Suite - SOAR"},"ARM Category":[{"code":"a8m0z0000001jTpAAI","label":"Integrations->AppHost"}],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"},{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSTDPP","label":"IBM Cloud Pak for Security"},"ARM Category":[{"code":"a8m0z0000001h8uAAA","label":"Cloud Pak for Security (CP4S)->Install or Upgrade"}],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]

Document Information

Modified date:
21 November 2023

UID

ibm16321353

Page Feedback