Bug 1999261
| Summary: | ovnkube-node log spam (and security token leak?) | ||
|---|---|---|---|
| Product: | OpenShift Container Platform | Reporter: | Dan Winship <danw> |
| Component: | Networking | Assignee: | Riccardo Ravaioli <rravaiol> |
| Networking sub component: | ovn-kubernetes | QA Contact: | Anurag saxena <anusaxen> |
| Status: | CLOSED ERRATA | Docs Contact: | |
| Severity: | medium | ||
| Priority: | unspecified | CC: | dcbw, rravaiol |
| Version: | 4.9 | ||
| Target Milestone: | --- | ||
| Target Release: | 4.10.0 | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2022-03-12 04:37:58 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 2009857 | ||
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: OpenShift Container Platform 4.10.3 security update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2022:0056 |
At default log levels, ovnkube-node is logging some very verbose pod fields: I0829 00:36:35.134556 10110 cni.go:246] [openshift-console-operator/console-operator-b7df4775c-8bnqm 8af3fb32af82ca3b9402b3dd7a1d95d2cde4a98381bb60ac1f0b1231b1586588] ADD finished CNI request [openshift-console-operator/console-operator-b7df4775c-8bnqm 8af3fb32af82ca3b9402b3dd7a1d95d2cde4a98381bb60ac1f0b1231b1586588], result "{\"Result\":{\"interfaces\":[{\"name\":\"8af3fb32af82ca3\",\"mac\":\"92:3a:c1:49:2e:7d\"},{\"name\":\"eth0\",\"mac\":\"0a:58:19:94:19:d0\",\"sandbox\":\"/var/run/netns/da9dd93d-ba48-49bd-b193-d70ae17bba48\"}],\"ips\":[{\"version\":\"6\",\"interface\":1,\"address\":\"fd01:0:0:2::24/64\",\"gateway\":\"fd01:0:0:2::1\"}],\"dns\":{}},\"PodIFInfo\":null,\"KubeAuth\":{\"kube-api-server\":\"https://api-int.ostest.test.metalkube.org:6443\",\"kube-api-token\":\"eyJhbGciOiJSUzI1NiIsImtpZCI6Im80d0l0S2NZQU96V3hHTzlHSDlUQVJWY0lpWnQwc2REcU5yazVwR3AxWGMifQ.eyJhdWQiOlsiaHR0cHM6Ly9rdWJlcm5ldGVzLmRlZmF1bHQuc3ZjIl0sImV4cCI6MTY2MTczMTI1OSwiaWF0IjoxNjMwMTk1MjU5LCJpc3MiOiJodHRwczovL2t1YmVybmV0ZXMuZGVmYXVsdC5zdmMiLCJrdWJlcm5ldGVzLmlvIjp7Im5hbWVzcGFjZSI6Im9wZW5zaGlmdC1vdm4ta3ViZXJuZXRlcyIsInBvZCI6eyJuYW1lIjoib3Zua3ViZS1ub2RlLXpqaDV6IiwidWlkIjoiZTZkNDE0ZjItYmZjYy00ZjQ3LWIyZjgtZWVkOWQ2Y2MzMGZiIn0sInNlcnZpY2VhY2NvdW50Ijp7Im5hbWUiOiJvdm4ta3ViZXJuZXRlcy1ub2RlIiwidWlkIjoiNDdmYTljMTQtNTU2Ny00OThlLTg3YjEtN2ZkMmVmZDU4MWFkIn0sIndhcm5hZnRlciI6MTYzMDE5ODg2Nn0sIm5iZiI6MTYzMDE5NTI1OSwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Om9wZW5zaGlmdC1vdm4ta3ViZXJuZXRlczpvdm4ta3ViZXJuZXRlcy1ub2RlIn0.nDRrS1FbOI3DIvmUFQrl3IslfDx2k9LiF2TRWNMSNI9JseGAVmrlJWXQRC699sMtbfpE7zOEbV4hPldtVbUuA0UrdMxHuPdhL3bvDSenNlwjrBuBADh_bcAv42xJjBNbjGtRYbddVGs_XChgRX6tbBRVy8gAh2q3mzCuZXYCPTiexQltz8ea7VdsLh65E12oSWaR22qPQb9CEbtQj5j635j_5mxJ-Lil7HF9cUTMqG0vhd93ijid7o1w6hK1f3GT5gCBJqIURqsP8-Nx77FOMBkpvdKnp9EIYcGMNX9o6bTt68T8LGt_m0UEslsQ4LamQ7yWMJb9tyDfx86r6Z9VWRZhMAxiQ8swu5qL2FS4eUoWH8yMsvgDxxA-6PK5MvrHEPCxp2sGuANy8RRS5dRVB--ihMw5fzgUfdpH07ahtEoLyOkVE6xi0R-1bJVWuqdz1ropn50vEJ0fzjaI6Rc2gWbbvBwjUDqlNdslCIkRX7gCHCvKXcRrwDfVOYhnQLr_s0IOSPCx_fFMlBtXThJWemMzExk-XZTRPa3Bl3-DJKpuSAebmZ8em6df0bp8oIqPhWmCncFb7mjqFs-xWL9XJArqWobM59UjHR2whTuGt-EhihuG8jU_HrGowWqnxwdneEHRbxWNAT1qN5eVPQXVupUoSU9-_6P3qmESWTfsM3w\",\"kube-ca-data\":\"LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURRRENDQWlpZ0F3SUJBZ0lJSmNPdG5IbVpUUlF3RFFZSktvWklodmNOQVFFTEJRQXdQakVTTUJBR0ExVUUKQ3hNSmIzQmxibk5vYVdaME1TZ3dKZ1lEVlFRREV4OXJkV0psTFdGd2FYTmxjblpsY2kxc2IyTmhiR2h2YzNRdApjMmxuYm1WeU1CNFhEVEl4TURneU9ESXpNemt5T1ZvWERUTXhNRGd5TmpJek16a3lPVm93UGpFU01CQUdBMVVFCkN4TUpiM0JsYm5Ob2FXWjBNU2d3SmdZRFZRUURFeDlyZFdKbExXRndhWE5sY25abGNpMXNiMk5oYkdodmMzUXQKYzJsbmJtVnlNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQXVyQnRkbmpZN2YveAo1OE9udGJrcG9Gd1p1bzc5d2lDOUVGS21PT0EvUW9NUGVCUjA0TVNQQ2luRDkzVDZVa3NLT2JKYm5qaUVob0w0CjgwbGUxSmZJZHk0M1kyZHovNFlzUlZJZ1l4YjVFejNrc092UzRFN3g1d0lJVVdjWTVpeU5neDhvMVNnVUwycjMKdzg0L2pPT1BJNHlpcjY4YmZlcFN6TEgvYmRaK1FGeFF4Wm5ZdzE1Sm8zME51S0ZTM3JXME1yT1lDbUdvNnJSTwp5QXRGekNUWXNjQ2ZpdHF2L1puOXBNNzJ2VE11anIwOWdoQStQYkpXUG1SeElrbUY2N2dGbjF0Q0VLVFZjK0J6Cm4zSThuVVFKVitFdVZ1aUMycVJ1M2ZBWGlIOWJXdVNIaEw3Y0RyeityTmhzeWJ0NGJqQzdHemUzN091NWVaMDYKNUNUVUMwVXRwd0lEQVFBQm8wSXdRREFPQmdOVkhROEJBZjhFQkFNQ0FxUXdEd1lEVlIwVEFRSC9CQVV3QXdFQgovekFkQmdOVkhRNEVGZ1FVRVZhM3ZkaVlNL05Md3NldFV4R1dqS3ZlWlpjd0RRWUpLb1pJaHZjTkFRRUxCUUFECmdnRUJBSVd2S2lSM3RmRnN4by9BaithSy9Na2tCQkZKTE5ySnpqUHFJcTNtNG9VS2JER1psTWNiVEwxZ25GWDYKeWlkbytTTlRzY09Xek80ODliMWp1Yk9kdTl5YmloWHlMUmVxY3lsd0FFM2tzRUFUbjl3MWU4NGl6a3hYd2QyNgpKRjlPU0QvK2JVYiswZ0Y2YlU5WVd3aTAxRzF6NHdpMGM1bExKNHgzU21oSGVQanV0MTBQcUxBWU5ucHpINjhwCnJLZWVBbCt6aVpTeHdmTjJXZmZ4Qll2NlB6dm8wajRGczdvUnYwaStiRUQvRlJMLzlwVHRBdTN5L0xMSmFnVDgKK1llMGIwSDJicnZ0NXcrUkZPTVdmZFJIY3VTZXRtUVBtbmNkL1BKT1c5K2cxMHVaOHFPcHdIa2pQb1Urb042MApITEJhS1BRM21sTFlsTUlERGFWbFNKQXNBTlE9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0KLS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURURENDQWpTZ0F3SUJBZ0lJVGkxK0dNclhBRTB3RFFZSktvWklodmNOQVFFTEJRQXdSREVTTUJBR0ExVUUKQ3hNSmIzQmxibk5vYVdaME1TNHdMQVlEVlFRREV5VnJkV0psTFdGd2FYTmxjblpsY2kxelpYSjJhV05sTFc1bApkSGR2Y21zdGMybG5ibVZ5TUI0WERUSXhNRGd5T0RJek16a3lPVm9YRFRNeE1EZ3lOakl6TXpreU9Wb3dSREVTCk1CQUdBMVVFQ3hNSmIzQmxibk5vYVdaME1TNHdMQVlEVlFRREV5VnJkV0psTFdGd2FYTmxjblpsY2kxelpYSjIKYVdObExXNWxkSGR2Y21zdGMybG5ibVZ5TUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQwpBUUVBNEZia0d0SFVkS3JDVXBLd1B5S1lHd2gwWVVPUDFFMHVWVWZsTHFZL2NkVm5reEpkQ2Y0NEZoelpDdStKCkVyYXQrTVJOSXd6d1FUdzdTOTdTbTJUUUFadC9Fa0lvV2p3Q2NBMzBZZWxSMS9iSU9Fa3Y4Y1dTRGNiU085SHYKVFdHYllvNGsyYjNRMWZxNUxJYkV4TFBUMEpKd2hkNVJpa3o4eGFtS0JUdkJtU1FKY0xOYmg1YVd1TzdZMktRVApHbTdoNUh4aEhHbklOalRNREVYOHRGei9GNDVaOVhFYWR1SVFwQU5PdnVnZUh1eDFVR21nWU4zam44MGV1R2x5CjFwdTAzZUZNOU81VVh0UXQ5dHBRajdWRkVjM1UzMnhxRkNsRmtYYkE2VHhWa1Jvanc5SzJOUm1HQzRyVEhOeXoKTGJKNWhsT1VVV2FQZVpZWk5KaE92cXNKZVFJREFRQUJvMEl3UURBT0JnTlZIUThCQWY4RUJBTUNBcVF3RHdZRApWUjBUQVFIL0JBVXdBd0VCL3pBZEJnTlZIUTRFRmdRVTA3bnh1alpGVFRQUzRBd0JlZHNvRzFXVGpWNHdEUVlKCktvWklodmNOQVFFTEJRQURnZ0VCQU1kOVlWbjJFOUVGZVF4TDNTNm1iTzdLSnBSMnFkSjF3bkFlTWRqTmVDcnQKQ21xditUSXZhVk05SnRNTnFwakhPZTl6dWZnUnlDb1dmeWxPQXlyc3E5RGo0OEpiU1ZCTi8wSU1TMGEreVptTgoyZnNkL25UTzNnQTAxRnhPY1EzeEo3cmM3V2dxbVVyb2hYOWpKSU83LytiK1R5dU5iU0JXd2cwRFhBWG5mcXhRCjhJVEIzdjQrT211aGNEREx1MjlZbko4VEs0UndpUnlITjBZN2dsMUI2UmNYYy8zR2RpWGlRRkFzcFJUSXpVS0sKTkU3MmdhL3ZGN0luT2p1cWdlV1lBU2pySjIrano4ZFVnMnVVNVdBRVJWRitjL0JzR3F6d2xxNFhJNEwvMURUZgpqUnV4NnpxV1BCUEg0dHBFOHR6dXFhQm4reXJqNDlSYW1tV3U3RmFvRVg4PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCi0tLS0tQkVHSU4gQ0VSVElGSUNBVEUtLS0tLQpNSUlETWpDQ0FocWdBd0lCQWdJSVpLOFBnZ1R4Vmlrd0RRWUpLb1pJaHZjTkFRRUxCUUF3TnpFU01CQUdBMVVFCkN4TUpiM0JsYm5Ob2FXWjBNU0V3SHdZRFZRUURFeGhyZFdKbExXRndhWE5sY25abGNpMXNZaTF6YVdkdVpYSXcKSGhjTk1qRXdPREk0TWpNek9USTVXaGNOTXpFd09ESTJNak16T1RJNVdqQTNNUkl3RUFZRFZRUUxFd2x2Y0dWdQpjMmhwWm5ReElUQWZCZ05WQkFNVEdHdDFZbVV0WVhCcGMyVnlkbVZ5TFd4aUxYTnBaMjVsY2pDQ0FTSXdEUVlKCktvWklodmNOQVFFQkJRQURnZ0VQQURDQ0FRb0NnZ0VCQUxXYVpwR3MrazBzVlBvU2JzZnlpOURNdmRYOXFhWFIKTEJmdEFBQXYvL2k1WVgxeDJCckd4V21kaFFFSG1DSUlDaDdncDl2bzFQcUNNc2w5cGc1SDRUQ3F0UVdYNG80MgpzVTZBV0UxcTJyb0FqaWg2a1Z1ZDYybE9jbVNDbythY0hpdVdxTFlZWks3VitPQjBaUGZleFNjRGJJWG1tREI5CmY3eG5maHNqTU10OWZaamNVK1lkendNWDRJTStLMUNKbHdFVmQ0RDFwaUxmOWxhemFIZG9PUWlCalFqamVaZEIKaXB4V3ZJVWJJUWdnZS96YmtUcWFRV3hrQ0xPL084cSs1Rm4yak9FZFkxVzNraUlhSmpnM1R2WGVVWTgvc3JzWQppWDdhUzB6NzliN3BBbnpkVy9pS2l0TFVaRjhCeEdFbUxvaDFMbDVPSmIvd0M2VnNvelFndllFQ0F3RUFBYU5DCk1FQXdEZ1lEVlIwUEFRSC9CQVFEQWdLa01BOEdBMVVkRXdFQi93UUZNQU1CQWY4d0hRWURWUjBPQkJZRUZBcVMKVFJjd243bXRJRDZlS1NwRVNSdFdSYXRDTUEwR0NTcUdTSWIzRFFFQkN3VUFBNElCQVFBR2ZPK1dhZ240WEdGcwpXRjNNSzl0L0xKOE5kUzdpcWRoeVJycXU0U3R2bThJbmxDTFg0MzZETmNINTVraEtWMWdHS1FiM0sveEptdURICkF1bEV2SEJRcjRBMy9aRmYvNzM0Wm96TVZ1czNISHRUOXdFK2lLWTBvb1lCT3lhS3dtUWN1WmdwN3lPRGI1Mm8KL2FwVThBd2Z2UWl3bWQ1dTJ4MENPVkpOY0lBenc4c2QvcmpJeU1xd0gvRkRWeFRpRExIbmpDYStFMVBhTEdIRwpEVGdTRjc2eXBINlB5R29CYzZ2R2JKVjk3eksrT3IrWWUrWGdtamJQRFJ3OTE3K1o4U00vRHUzOTZNMzhPMXJtCnNvNHh5ckxick95RGZIWENBVEZoaXlVMy9mcnduMHZxM3BabG0vTloyMkV1cUNuMWlSa2g2WUlwNmVwdTVzMUkKZ1FzNGpnK3EKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=\"}}", err <nil> Given that one of those fields is "kube-api-token", we probably shouldn't be logging that anyway... (maybe just log response.Result instead of all of response)