search

openshift-knative / serverless-operator

Main source repository for Openshift Serverless
Apache License 2.0
43 stars 65 forks source link

Adjustable Logging Level for kube-rbac-proxy Container #2740

Open VikramVuppla opened 5 days ago

VikramVuppla commented 5 days ago

Currently, the log level of the kube-rbac-proxy container is set to 10 (--v=10), which logs sensitive information such as tokens to the logs.

  kube-rbac-proxy:
    Image:         registry.redhat.io/openshift4/ose-kube-rbac-proxy@sha256:a6ea11d4df5b439e6ceaf8e9f8799a56aee1cfbfad774af968e01c1e175514c0
    Image ID:      registry.redhat.io/openshift4/ose-kube-rbac-proxy@sha256:a6ea11d4df5b439e6ceaf8e9f8799a56aee1cfbfad774af968e01c1e175514c0
    Port:          <none>
    Host Port:     <none>
    Args:
      --secure-listen-address=0.0.0.0:8444
      --upstream=http://127.0.0.1:9090/
      --tls-cert-file=/etc/tls/private/tls.crt
      --tls-private-key-file=/etc/tls/private/tls.key
      --logtostderr=true
      --http2-disable
      --v=10

I couldn't find a method to update the args information via Custom Resource (CR). It would be greatly beneficial if support could be added to adjust the log level of the kube-rbac-proxy container. Please let me know if you need any additional information.

VikramVuppla commented 4 days ago

Hi @skonto, I noticed you contributed to Support kube rbac proxy overrides, is it possible to override the args for kube-rbac-proxy? Any help is appreciated, thank you.

skonto commented 4 hours ago

I think this is similar to https://github.com/kubernetes-sigs/kubebuilder/issues/2434. This is not configurable afaik, we will need to make it so.