Skip to content
This repository has been archived by the owner on Nov 28, 2022. It is now read-only.

Commit

Permalink
Set Vault Agent log format (#41)
Browse files Browse the repository at this point in the history
  • Loading branch information
@asaintsever
asaintsever authored Nov 9, 2020
1 parent 1157ff9 commit 5d50dd9
Show file tree
Hide file tree
Showing 6 changed files with 24 additions and 7 deletions.
10 changes: 10 additions & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,15 @@
# Changelog for Vault Sidecar Injector

## Release v7.0.2 - 2020-11-09

**Changed**

- [VSI #40](https://github.com/Talend/vault-sidecar-injector/pull/40) - Update doc references to Helm Hub (now Artifact Hub)

**Added**

- [VSI #41](https://github.com/Talend/vault-sidecar-injector/pull/41) - New configuration value to set Vault Agent log format

## Release v7.0.1 - 2020-10-28

Minor release with new default Vault image to address several security issues in HashiCorp Vault (CVE-2020-25816, CVE-2020-16250, CVE-2020-16251, CVE-2020-17455).
Expand Down
2 changes: 1 addition & 1 deletion VERSION_CHART
View file
Original file line number Diff line number Diff line change
@@ -1 +1 @@
4.1.0
4.1.1
2 changes: 1 addition & 1 deletion VERSION_RELEASE
View file
Original file line number Diff line number Diff line change
@@ -1 +1 @@
7.0.1
7.0.2
10 changes: 7 additions & 3 deletions deploy/helm/config/injectionconfig.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,8 @@ initContainers:
value: "true"
- name: VAULT_ADDR
value: {{ required "Vault server's address must be specified" .Values.vault.addr | quote }}
- name: VAULT_LOG_FORMAT
value: {{ .Values.injectconfig.vault.log.format }}
# env var set by webhook
- name: VSI_SECRETS_TEMPLATES_PLACEHOLDER
value: ""
Expand Down Expand Up @@ -39,7 +41,7 @@ initContainers:
${VSI_SECRETS_TEMPLATES_PLACEHOLDER}
EOF
docker-entrypoint.sh agent -config=vault-agent-config.hcl -exit-after-auth=true {{ include "talend-vault-sidecar-injector.vault.cert.skip.verify" .Values }} -log-level={{- .Values.injectconfig.vault.loglevel }}
docker-entrypoint.sh agent -config=vault-agent-config.hcl -exit-after-auth=true {{ include "talend-vault-sidecar-injector.vault.cert.skip.verify" .Values }} -log-level={{- .Values.injectconfig.vault.log.level }}
export VAULT_TOKEN=$(cat /home/vault/.vault-token)
vault token revoke {{ include "talend-vault-sidecar-injector.vault.cert.skip.verify" .Values }} -self
volumeMounts:
Expand Down Expand Up @@ -125,6 +127,8 @@ containers:
value: "true"
- name: VAULT_ADDR
value: {{ required "Vault server's address must be specified" .Values.vault.addr | quote }}
- name: VAULT_LOG_FORMAT
value: {{ .Values.injectconfig.vault.log.format }}
# env var set by webhook
- name: VSI_JOB_WORKLOAD
value: "false"
Expand Down Expand Up @@ -195,7 +199,7 @@ containers:
EOF
fi
if [ "${VSI_JOB_WORKLOAD}" = "true" ]; then
docker-entrypoint.sh agent -config=vault-agent-config.hcl {{ include "talend-vault-sidecar-injector.vault.cert.skip.verify" .Values }} -log-level={{- .Values.injectconfig.vault.loglevel }} &
docker-entrypoint.sh agent -config=vault-agent-config.hcl {{ include "talend-vault-sidecar-injector.vault.cert.skip.verify" .Values }} -log-level={{- .Values.injectconfig.vault.log.level }} &
while true; do
if [ -f "/opt/talend/tvsi/vault-sidecars-signal-terminate" ]; then
echo "=> exit (signal received)"
Expand All @@ -206,7 +210,7 @@ containers:
sleep 2
done
else
docker-entrypoint.sh agent -config=vault-agent-config.hcl {{ include "talend-vault-sidecar-injector.vault.cert.skip.verify" .Values }} -log-level={{- .Values.injectconfig.vault.loglevel }}
docker-entrypoint.sh agent -config=vault-agent-config.hcl {{ include "talend-vault-sidecar-injector.vault.cert.skip.verify" .Values }} -log-level={{- .Values.injectconfig.vault.log.level }}
fi
lifecycle:
preStop:
Expand Down
4 changes: 3 additions & 1 deletion deploy/helm/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -76,7 +76,9 @@ injectconfig:
path: "vault" # image path
tag: "1.5.4" # image tag
pullPolicy: Always # Pull policy for images: IfNotPresent or Always
loglevel: info # Vault log level: trace, debug, info, warn, err
log:
level: info # Vault log level: trace, debug, info, warn, err
format: json # Vault log format: standard, json
resources:
limits:
cpu: 50m # Vault sidecar CPU resource limits
Expand Down
3 changes: 2 additions & 1 deletion doc/Configuration.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,8 @@ The following table lists the configurable parameters of the `Vault Sidecar Inje
| injectconfig.vault.image.path | Image path | vault |
| injectconfig.vault.image.pullPolicy | Pull policy for image: IfNotPresent or Always | Always |
| injectconfig.vault.image.tag | Image tag | 1.5.4 |
| injectconfig.vault.loglevel | Vault log level: trace, debug, info, warn, err | info |
| injectconfig.vault.log.format | Vault log format: standard, json | json |
| injectconfig.vault.log.level | Vault log level: trace, debug, info, warn, err | info |
| injectconfig.vault.resources.limits.cpu | Vault sidecar CPU resource limits | 50m |
| injectconfig.vault.resources.limits.memory | Vault sidecar memory resource limits | 50Mi |
| injectconfig.vault.resources.requests.cpu | Vault sidecar CPU resource requests | 40m |
Expand Down

0 comments on commit 5d50dd9

Please sign in to comment.