From 537716e15723e7676f3c41f9bf5e1df4e4c855cf Mon Sep 17 00:00:00 2001 From: Gage Hugo Date: Wed, 2 Feb 2022 05:17:08 +0000 Subject: [PATCH] Revert "fix(log): reduces chattiness in keystone log" This reverts commit 73531436e975e6091df0f501239159c0df69e3e3. Reason for revert: When the keys are rotated, the links become broken and keystone only uses the 0 key. Change-Id: Iffc4ab5d659b01babe7b4f9ee35b0a5789dac3ec --- keystone/Chart.yaml | 2 +- keystone/templates/deployment-api.yaml | 24 +----------------------- keystone/values.yaml | 2 -- releasenotes/notes/keystone.yaml | 1 + 4 files changed, 3 insertions(+), 26 deletions(-) diff --git a/keystone/Chart.yaml b/keystone/Chart.yaml index e6c391b9e6..e30a9b3a32 100644 --- a/keystone/Chart.yaml +++ b/keystone/Chart.yaml @@ -14,7 +14,7 @@ apiVersion: v1 appVersion: v1.0.0 description: OpenStack-Helm Keystone name: keystone -version: 0.2.18 +version: 0.2.19 home: https://docs.openstack.org/keystone/latest/ icon: https://www.openstack.org/themes/openstack/images/project-mascots/Keystone/OpenStack_Project_Keystone_vertical.png sources: diff --git a/keystone/templates/deployment-api.yaml b/keystone/templates/deployment-api.yaml index b9f5701f7b..f4154932e2 100644 --- a/keystone/templates/deployment-api.yaml +++ b/keystone/templates/deployment-api.yaml @@ -61,23 +61,6 @@ spec: terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.api.timeout | default "30" }} initContainers: {{ tuple $envAll "api" $mounts_keystone_api_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} - - name: link-keys - image: {{ .Values.images.tags.keystone_api }} - imagePullPolicy: IfNotPresent - command: - - /bin/sh - - -c - args: - - set -xe; - find /etc/keystone/mounted-keys -type l -exec ln -sfn {} {{ .Values.conf.keystone.fernet_tokens.key_repository }} \; ; - chmod o-wrx {{ .Values.conf.keystone.fernet_tokens.key_repository }} ; - securityContext: - runAsUser: 0 - volumeMounts: - - name: keystone-fernet-keys - mountPath: /etc/keystone/mounted-keys - - name: post-keystone-fernet-keys - mountPath: {{ .Values.conf.keystone.fernet_tokens.key_repository }} containers: - name: keystone-api {{ tuple $envAll "keystone_api" | include "helm-toolkit.snippets.image" | indent 10 }} @@ -160,8 +143,6 @@ spec: {{- end }} {{- if eq .Values.conf.keystone.token.provider "fernet" }} - name: keystone-fernet-keys - mountPath: /etc/keystone/mounted-keys - - name: post-keystone-fernet-keys mountPath: {{ .Values.conf.keystone.fernet_tokens.key_repository }} {{- end }} - name: keystone-credential-keys @@ -190,7 +171,7 @@ spec: - name: keystone-etc secret: secretName: keystone-etc - defaultMode: 0440 + defaultMode: 0444 - name: keystone-bin configMap: name: keystone-bin @@ -201,12 +182,9 @@ spec: secretName: keystone-ldap-tls {{- end }} {{- if eq .Values.conf.keystone.token.provider "fernet" }} - - name: post-keystone-fernet-keys - emptyDir: {} - name: keystone-fernet-keys secret: secretName: keystone-fernet-keys - defaultMode: 0440 {{- end }} - name: keystone-credential-keys secret: diff --git a/keystone/values.yaml b/keystone/values.yaml index 06bdbc0043..301ff6fa84 100644 --- a/keystone/values.yaml +++ b/keystone/values.yaml @@ -163,12 +163,10 @@ pod: keystone: pod: runAsUser: 42424 - fsGroup: 42424 container: keystone_api: readOnlyRootFilesystem: true allowPrivilegeEscalation: false - runAsGroup: 42424 credential_setup: pod: runAsUser: 42424 diff --git a/releasenotes/notes/keystone.yaml b/releasenotes/notes/keystone.yaml index 8693427062..9b867186bc 100644 --- a/releasenotes/notes/keystone.yaml +++ b/releasenotes/notes/keystone.yaml @@ -34,4 +34,5 @@ keystone: - 0.2.16 Remove extra fsGroup - 0.2.17 Update default image references - 0.2.18 Remove default policy + - 0.2.19 Revert Reduce log chattiness ...