Bug 1908316
Summary: | kube-rbac-proxy exposes tokens, has excessive verbosity | ||
---|---|---|---|
Product: | OpenShift Container Platform | Reporter: | OpenShift BugZilla Robot <openshift-bugzilla-robot> |
Component: | Cloud Compute | Assignee: | Joel Speed <jspeed> |
Cloud Compute sub component: | Other Providers | QA Contact: | Milind Yadav <miyadav> |
Status: | CLOSED ERRATA | Docs Contact: | |
Severity: | high | ||
Priority: | medium | ||
Version: | 4.7 | ||
Target Milestone: | --- | ||
Target Release: | 4.6.z | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: |
Cause: The log level for the kube-rbac-proxy was set to level 10
Consequence: Logs messages contained excessive detail about the operations of the kube-rbac-proxy. Much more than needed in most scenarios
Fix: Reduce the log level to 3 to match other components
Result: Log messages have been reduced and are much more appropriate
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2021-02-01 15:24:32 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1907380 | ||
Bug Blocks: |
Description
OpenShift BugZilla Robot
2020-12-16 12:02:58 UTC
This bug's PR is dev-approved and not yet merged, so I'm following DPTP-660 to do pre-merge verification by using cluster-bot to launch a cluster with the open PR. VALIDATED [miyadav@miyadav ~]$ oc logs -f machine-approver-7f749dcd59-pg2fp error: a container name must be specified for pod machine-approver-7f749dcd59-pg2fp, choose one of: [kube-rbac-proxy machine-approver-controller] [miyadav@miyadav ~]$ oc logs -f machine-approver-7f749dcd59-pg2fp -c kube-rbac-proxy I0122 06:28:21.035801 1 main.go:157] Reading config file: /etc/kube-rbac-proxy/config-file.yaml I0122 06:28:21.037946 1 main.go:188] Valid token audiences: I0122 06:28:21.038078 1 main.go:261] Reading certificate files I0122 06:28:21.038444 1 main.go:294] Starting TCP socket on 0.0.0.0:9192 I0122 06:28:21.038969 1 main.go:301] Listening securely on 0.0.0.0:9192 . . [miyadav@miyadav ~]$ oc logs -f machine-api-controllers-cbd448b48-fdn4p -c kube-rbac-proxy-machineset-mtrc I0122 06:28:56.402920 1 main.go:157] Reading config file: /etc/kube-rbac-proxy/config-file.yaml I0122 06:28:56.407824 1 main.go:188] Valid token audiences: I0122 06:28:56.407984 1 main.go:261] Reading certificate files I0122 06:28:56.408461 1 main.go:294] Starting TCP socket on 0.0.0.0:8442 I0122 06:28:56.411335 1 main.go:301] Listening securely on 0.0.0.0:8442 . . [miyadav@miyadav ~]$ oc logs -f machine-api-controllers-cbd448b48-fdn4p -c kube-rbac-proxy-machine-mtrc I0122 06:28:56.757119 1 main.go:157] Reading config file: /etc/kube-rbac-proxy/config-file.yaml I0122 06:28:56.759119 1 main.go:188] Valid token audiences: I0122 06:28:56.759275 1 main.go:261] Reading certificate files I0122 06:28:56.759596 1 main.go:294] Starting TCP socket on 0.0.0.0:8441 I0122 06:28:56.760096 1 main.go:301] Listening securely on 0.0.0.0:8441 . . . [miyadav@miyadav ~]$ oc logs -f cluster-autoscaler-operator-5bcc7fdcf-2nqfc -c kube-rbac-proxy I0122 06:28:21.499005 1 main.go:157] Reading config file: /etc/kube-rbac-proxy/config-file.yaml I0122 06:28:21.501197 1 main.go:188] Valid token audiences: I0122 06:28:21.501329 1 main.go:261] Reading certificate files I0122 06:28:21.501663 1 main.go:294] Starting TCP socket on 0.0.0.0:9192 I0122 06:28:21.502443 1 main.go:301] Listening securely on 0.0.0.0:9192 Was created using clusterbot for open PR - Cluster version is 4.6.0-0.ci.test-2021-01-22-061115-ci-ln-c7wmwhk , After the PR gets merged, the bug will be moved to VERIFIED by the bot automatically, if not working, I will move to VERIFIED manually. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (OpenShift Container Platform 4.6.15 bug fix update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2021:0235 |