Request for Updates to SC4S Build for RKE Cluster Deployment

[hatem2018]

Description: I am currently deploying Splunk Connect for Syslog (SC4S) on an RKE cluster and have made some progress by updating the Dockerfile and entrypoint.sh to change the user to syslog. Below are the details of my setup and the steps I followed:

Configuration Details:

Provider: RKE1
Kubernetes Version: v1.28.7
Architecture: Amd64
SC4S Version: 4.8.1
Deployment Method: AzureDevOps pipelines with Helm chart
Private Registry: JFrog

Steps to Reproduce:
image-sc4s.zip
pipeline-sc4s.zip

• Set up an RKE cluster with the above configuration.
• Update the Dockerfile and entrypoint.sh to change the user to syslog.
• Push the custom SC4S image to the JFrog registry using Azure pipelines.
• Modify the image in the values.yaml file to use a custom SC4S image.
• Use AzureDevOps pipelines to deploy SC4S using the Helm chart.

Expected Behavior: I should be able to change any configuration in the values.yaml file using the syslog user without encountering issues related to creating folders and files inside the pods.

Actual Behavior: For example, when configuring custom index using values.yaml file, the configuration is applied but the pods show error creating folder (see screenshot attached)

Request: I would like to request updates to the SC4S build to better support this deployment strategy. Specifically:

Improvements or changes to streamline the process of changing the user to syslog within the SC4S deployment.
Guidance on using a non-root user, such as the syslog user (UID 1024), as our internal policy does not permit the use of root on cluster pods.

Additional Information:

Attached are the updated Dockerfile, entrypoint.sh file, pipeline, and values.yaml file.
This request is related to the Splunk ODS case opened Number 3623626.

Thank you

[hatem2018]

[rjha-splunk]

We will check and get back, please expect a reply on it in a week.