Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

sysdump: Don't save cilium-etcd-secrets #1634

Merged
merged 1 commit into from
May 18, 2023
Merged

sysdump: Don't save cilium-etcd-secrets #1634

merged 1 commit into from
May 18, 2023

Conversation

michi-covalent
Copy link
Contributor

Redacting sensitive info is error prone. For example, there was a bug that recently got fixed in #1631 where the cilium-cli wasn't redacting fields in last-applied-configuration.

The purpose of this check is to indicate whether cilium-etcd-secrets exists, so let's just do that without actually storing the secret in sysdump. With this change, there will be a line in cilium-sysdump.log.

If the secret exists:

% grep cilium-etcd-secrets cilium-sysdump.log
馃攳 Checking if cilium-etcd-secrets exists in kube-system namespace
Secret "cilium-etcd-secrets" found in namespace "kube-system"

If the secret does not exist:

% grep cilium-etcd-secrets cilium-sysdump.log
馃攳 Checking if cilium-etcd-secrets exists in kube-system namespace
Secret "cilium-etcd-secrets" not found in namespace "kube-system" - this is expected when using the CRD KVStore

@michi-covalent
sysdump: Don't save cilium-etcd-secrets
adc94e3 
Redacting sensitive info is error prone. For example, there was a bug
that recently got fixed in #1631 where the cilium-cli wasn't redacting
fields in last-applied-configuration.

The purpose of this check is to indicate whether cilium-etcd-secrets
exists, so let's just do that without actually storing the secret in
sysdump. With this change, there will be a line in cilium-sysdump.log.

If the secret exists:

    % grep cilium-etcd-secrets cilium-sysdump.log
    馃攳 Checking if cilium-etcd-secrets exists in kube-system namespace
    Secret "cilium-etcd-secrets" found in namespace "kube-system"

If the secret does not exist:

    % grep cilium-etcd-secrets cilium-sysdump.log
    馃攳 Checking if cilium-etcd-secrets exists in kube-system namespace
    Secret "cilium-etcd-secrets" not found in namespace "kube-system" - this is expected when using the CRD KVStore

Signed-off-by: Michi Mutsuzaki <michi@isovalent.com>
@michi-covalent michi-covalent temporarily deployed to ci May 16, 2023 18:38 — with GitHub Actions Inactive
@michi-covalent michi-covalent marked this pull request as ready for review May 16, 2023 21:54
@michi-covalent michi-covalent requested a review from a team as a code owner May 16, 2023 21:54
@maintainer-s-little-helper maintainer-s-little-helper bot added the ready-to-merge This PR has passed all tests and received consensus from code owners to merge. label May 18, 2023
@michi-covalent michi-covalent merged commit 0fbe861 into main May 18, 2023
16 checks passed
@michi-covalent michi-covalent deleted the pr/michi/no-secret branch May 18, 2023 19:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@asauber asauber asauber approved these changes

Assignees
No one assigned
Labels
ready-to-merge This PR has passed all tests and received consensus from code owners to merge.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@michi-covalent @asauber