Kubernetes editing resources
As with listing resource examples in the previous section, the get command can be replaced in most situations with edit. It is however recommended to list the relevant resources first to determine which one to edit. This section comes with a number of warnings. Please note these.
⚠️ NOTE: It is very important to edit the specific resource you need to modify and not accidentally a full resource subset e.g. kubectl -n tenant1 edit sts tenant1-wazuh and NOT kubectl -n tenant1 edit sts. If you choose the second option it will open all STS’s as a single editable file and the risk of crippling the environment is drastically increased.
The following resources can be edited:
STS’s
Deployments
Secrets
Services (SVC)
PVC’s
⚠️ NOTE: Other resources are editable also but it is highly discouraged.
Great care has to be taken when modifying the deployment and STS configurations as syntax errors or typographical errors can have significant impact e.g. instead of creating a 1Ti PVC creating a 10Ti PVC. When volumes have been expanded like this they can’t be shrunk.
⚠️ NOTE: All configuration items in Kubernetes use yaml files. The [TAB] key must NEVER be used as this will break the configuration.
The primary areas where editing could occur is STS’s, deployments and PVC’s. Examples are provided below for this.
Editing STS’s and deployments
Items and use cases for this include the following:
The image to use
This specified the container image
The image pull policy
When and if an image should be pulled
Liveness configuration
This deals with the lives probes and should only be edited under direct instruction from SIEMonster’s technical resources.
Port mappings
Port mapping additions for additionally required ports
Resource specifications
This can include RAM requests or limits, and CPU
Even though there are many more items that can be edited this should not be done.
Editing the image in an STS or deployment
In the following example we will edit the image version to reflect a custom container image. Such images may be made available after modifications have been done under professional services etc.
🔖 NOTE: Please assume that [ENTER] needs to be pressed after pasting or typing the contents of the codeblocks below.
For the example below we will be using the tenant1 namespace and the wazuh sts. Using kubectl perform the following actions:
Determine the exact sts that needs to be edited.
CODEkubectl -n tenant1 get sts |grep tenant1-wazuh
The above would provide two results
Before editing, backup the resource using the following command
kubectl -n tenant1 get sts tenant1-wazuh -o yaml > /<path_to_backup_location>/tenant1-wazuh-bak-%yyyy%mm%dd.yamlCODEkubectl -n tenant1 get sts tenant1-wazuh -o yaml > /home/user/tenant1-wazuh-bak-20230120.yaml
Once the command has run, cat the output file to make sure it has been correctly populated.
Now we can edit the sts
CODEkubectl -n tenant1 edit sts tenant1-wazuh
Find the line that starts with “image:”
Replace the image with the one provided by SIEMonster
Change the line “imagePullPolicy” that is directly below the line “image:” to “IfNotPresent”
Press [ESC] and then [:wq] and Press [ENTER]
At this point, if any breaking changes were made to the structure, the screen will flash away from the editor and then back to it with an error. If all is in order it will state changes saved successfully and it will restart the pod and start it with the new container image.
The process for changing the other available fields is exactly the same.
Editing PVC’s
For the most part, PVC’s should be autoscaling to the required size. Should you wish to increase the size outside of this, the steps below will be required.
For this sample we will use tenant1 as the namespace and MiSP as the pod to be addressed.
Find the correct PVC with the following command
CODEkubectl -n tenant1 get pvc |grep misp
The first colum has the PVC name that should be used for the editing
Now edit the PVC with the following command
CODEkubectl -n tenant1 edit pvc persistent-storage-tenant1-misp-0
Scroll down to where you see the following
Change the value to the number you require, Press [ESC] and then Type [:wq] and Press [ENTER]
⚠️ NOTE: Extreme care should be taken, accidently typing the wrong number can incur significant costs and cannot be rolled back, the volume has to be recreated and the incorrectly sized one removed which will incur professional services charges.Depending on the size specified, this change can take up to 30 mins to reflect. You can check the status with the following command
CODEkubectl -n tenant1 get pvc persistent-storage-tenant1-misp-0
🔖 NOTE: A tip to continously run the command until the disk expansion is complete is to use the watch command. Example below. You can cancel this at any time by Pressing [CTRL]+[C]. The command below will update every 3 seconds automatically.
watch -n3 "kubectl -n tenant1 get pvc persistent-storage-tenant1-misp-0"