+++ This bug was initially created as a clone of Bug #1907380 +++ Description of problem: kube-rbac-proxy container in various components of `openshift-machine-api` has excessive verbosity: * unnecessarily logs too many lines which decreases disk performance * logs bearer tokens, which is insecure This seems to happen for all providers - noticed in AWS and vSphere tests at least --- Additional comment from vrutkovs on 2020-12-14 11:42:57 UTC --- Same for pods in `openshift-cluster-machine-approver` namespace
This bug's PR is dev-approved and not yet merged, so I'm following DPTP-660 to do pre-merge verification by using cluster-bot to launch a cluster with the open PR. VALIDATED [miyadav@miyadav ~]$ oc logs -f machine-approver-7f749dcd59-pg2fp error: a container name must be specified for pod machine-approver-7f749dcd59-pg2fp, choose one of: [kube-rbac-proxy machine-approver-controller] [miyadav@miyadav ~]$ oc logs -f machine-approver-7f749dcd59-pg2fp -c kube-rbac-proxy I0122 06:28:21.035801 1 main.go:157] Reading config file: /etc/kube-rbac-proxy/config-file.yaml I0122 06:28:21.037946 1 main.go:188] Valid token audiences: I0122 06:28:21.038078 1 main.go:261] Reading certificate files I0122 06:28:21.038444 1 main.go:294] Starting TCP socket on 0.0.0.0:9192 I0122 06:28:21.038969 1 main.go:301] Listening securely on 0.0.0.0:9192 . . [miyadav@miyadav ~]$ oc logs -f machine-api-controllers-cbd448b48-fdn4p -c kube-rbac-proxy-machineset-mtrc I0122 06:28:56.402920 1 main.go:157] Reading config file: /etc/kube-rbac-proxy/config-file.yaml I0122 06:28:56.407824 1 main.go:188] Valid token audiences: I0122 06:28:56.407984 1 main.go:261] Reading certificate files I0122 06:28:56.408461 1 main.go:294] Starting TCP socket on 0.0.0.0:8442 I0122 06:28:56.411335 1 main.go:301] Listening securely on 0.0.0.0:8442 . . [miyadav@miyadav ~]$ oc logs -f machine-api-controllers-cbd448b48-fdn4p -c kube-rbac-proxy-machine-mtrc I0122 06:28:56.757119 1 main.go:157] Reading config file: /etc/kube-rbac-proxy/config-file.yaml I0122 06:28:56.759119 1 main.go:188] Valid token audiences: I0122 06:28:56.759275 1 main.go:261] Reading certificate files I0122 06:28:56.759596 1 main.go:294] Starting TCP socket on 0.0.0.0:8441 I0122 06:28:56.760096 1 main.go:301] Listening securely on 0.0.0.0:8441 . . . [miyadav@miyadav ~]$ oc logs -f cluster-autoscaler-operator-5bcc7fdcf-2nqfc -c kube-rbac-proxy I0122 06:28:21.499005 1 main.go:157] Reading config file: /etc/kube-rbac-proxy/config-file.yaml I0122 06:28:21.501197 1 main.go:188] Valid token audiences: I0122 06:28:21.501329 1 main.go:261] Reading certificate files I0122 06:28:21.501663 1 main.go:294] Starting TCP socket on 0.0.0.0:9192 I0122 06:28:21.502443 1 main.go:301] Listening securely on 0.0.0.0:9192 Was created using clusterbot for open PR - Cluster version is 4.6.0-0.ci.test-2021-01-22-061115-ci-ln-c7wmwhk , After the PR gets merged, the bug will be moved to VERIFIED by the bot automatically, if not working, I will move to VERIFIED manually.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (OpenShift Container Platform 4.6.15 bug fix update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2021:0235