Skip to content
This repository was archived by the owner on Nov 28, 2022. It is now read-only.

Commit 5d50dd9

Browse files
asaintseverasaintsever
authored
Set Vault Agent log format (#41)
1 parent 1157ff9 commit 5d50dd9

File tree

6 files changed

+24
-7
lines changed

6 files changed

+24
-7
lines changed

CHANGELOG.md

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,15 @@
11
# Changelog for Vault Sidecar Injector
22

3+
## Release v7.0.2 - 2020-11-09
4+
5+
**Changed**
6+
7+
- [VSI #40](https://github.com/Talend/vault-sidecar-injector/pull/40) - Update doc references to Helm Hub (now Artifact Hub)
8+
9+
**Added**
10+
11+
- [VSI #41](https://github.com/Talend/vault-sidecar-injector/pull/41) - New configuration value to set Vault Agent log format
12+
313
## Release v7.0.1 - 2020-10-28
414

515
Minor release with new default Vault image to address several security issues in HashiCorp Vault (CVE-2020-25816, CVE-2020-16250, CVE-2020-16251, CVE-2020-17455).

VERSION_CHART

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1 +1 @@
1-
4.1.0
1+
4.1.1

VERSION_RELEASE

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1 +1 @@
1-
7.0.1
1+
7.0.2

deploy/helm/config/injectionconfig.yaml

Lines changed: 7 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -7,6 +7,8 @@ initContainers:
77
value: "true"
88
- name: VAULT_ADDR
99
value: {{ required "Vault server's address must be specified" .Values.vault.addr | quote }}
10+
- name: VAULT_LOG_FORMAT
11+
value: {{ .Values.injectconfig.vault.log.format }}
1012
# env var set by webhook
1113
- name: VSI_SECRETS_TEMPLATES_PLACEHOLDER
1214
value: ""
@@ -39,7 +41,7 @@ initContainers:
3941
${VSI_SECRETS_TEMPLATES_PLACEHOLDER}
4042
EOF
4143
42-
docker-entrypoint.sh agent -config=vault-agent-config.hcl -exit-after-auth=true {{ include "talend-vault-sidecar-injector.vault.cert.skip.verify" .Values }} -log-level={{- .Values.injectconfig.vault.loglevel }}
44+
docker-entrypoint.sh agent -config=vault-agent-config.hcl -exit-after-auth=true {{ include "talend-vault-sidecar-injector.vault.cert.skip.verify" .Values }} -log-level={{- .Values.injectconfig.vault.log.level }}
4345
export VAULT_TOKEN=$(cat /home/vault/.vault-token)
4446
vault token revoke {{ include "talend-vault-sidecar-injector.vault.cert.skip.verify" .Values }} -self
4547
volumeMounts:
@@ -125,6 +127,8 @@ containers:
125127
value: "true"
126128
- name: VAULT_ADDR
127129
value: {{ required "Vault server's address must be specified" .Values.vault.addr | quote }}
130+
- name: VAULT_LOG_FORMAT
131+
value: {{ .Values.injectconfig.vault.log.format }}
128132
# env var set by webhook
129133
- name: VSI_JOB_WORKLOAD
130134
value: "false"
@@ -195,7 +199,7 @@ containers:
195199
EOF
196200
fi
197201
if [ "${VSI_JOB_WORKLOAD}" = "true" ]; then
198-
docker-entrypoint.sh agent -config=vault-agent-config.hcl {{ include "talend-vault-sidecar-injector.vault.cert.skip.verify" .Values }} -log-level={{- .Values.injectconfig.vault.loglevel }} &
202+
docker-entrypoint.sh agent -config=vault-agent-config.hcl {{ include "talend-vault-sidecar-injector.vault.cert.skip.verify" .Values }} -log-level={{- .Values.injectconfig.vault.log.level }} &
199203
while true; do
200204
if [ -f "/opt/talend/tvsi/vault-sidecars-signal-terminate" ]; then
201205
echo "=> exit (signal received)"
@@ -206,7 +210,7 @@ containers:
206210
sleep 2
207211
done
208212
else
209-
docker-entrypoint.sh agent -config=vault-agent-config.hcl {{ include "talend-vault-sidecar-injector.vault.cert.skip.verify" .Values }} -log-level={{- .Values.injectconfig.vault.loglevel }}
213+
docker-entrypoint.sh agent -config=vault-agent-config.hcl {{ include "talend-vault-sidecar-injector.vault.cert.skip.verify" .Values }} -log-level={{- .Values.injectconfig.vault.log.level }}
210214
fi
211215
lifecycle:
212216
preStop:

deploy/helm/values.yaml

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -76,7 +76,9 @@ injectconfig:
7676
path: "vault" # image path
7777
tag: "1.5.4" # image tag
7878
pullPolicy: Always # Pull policy for images: IfNotPresent or Always
79-
loglevel: info # Vault log level: trace, debug, info, warn, err
79+
log:
80+
level: info # Vault log level: trace, debug, info, warn, err
81+
format: json # Vault log format: standard, json
8082
resources:
8183
limits:
8284
cpu: 50m # Vault sidecar CPU resource limits

doc/Configuration.md

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -22,7 +22,8 @@ The following table lists the configurable parameters of the `Vault Sidecar Inje
2222
| injectconfig.vault.image.path | Image path | vault |
2323
| injectconfig.vault.image.pullPolicy | Pull policy for image: IfNotPresent or Always | Always |
2424
| injectconfig.vault.image.tag | Image tag | 1.5.4 |
25-
| injectconfig.vault.loglevel | Vault log level: trace, debug, info, warn, err | info |
25+
| injectconfig.vault.log.format | Vault log format: standard, json | json |
26+
| injectconfig.vault.log.level | Vault log level: trace, debug, info, warn, err | info |
2627
| injectconfig.vault.resources.limits.cpu | Vault sidecar CPU resource limits | 50m |
2728
| injectconfig.vault.resources.limits.memory | Vault sidecar memory resource limits | 50Mi |
2829
| injectconfig.vault.resources.requests.cpu | Vault sidecar CPU resource requests | 40m |

0 commit comments

Comments
 (0)