Revert "fix(log): reduces chattiness in keystone log"

This reverts commit 73531436e9. Reason for revert: When the keys are rotated, the links become broken and keystone only uses the 0 key. Change-Id: Iffc4ab5d659b01babe7b4f9ee35b0a5789dac3ec
2022-02-02 05:17:08 +00:00 · 2022-02-02 05:17:08 +00:00 · 537716e157
commit 537716e157
parent bc64fa296a
4 changed files with 3 additions and 26 deletions
--- a/keystone/Chart.yaml
+++ b/keystone/Chart.yaml
@ -14,7 +14,7 @@ apiVersion: v1
 appVersion: v1.0.0
 description: OpenStack-Helm Keystone
 name: keystone
-version: 0.2.18
+version: 0.2.19
 home: https://docs.openstack.org/keystone/latest/
 icon: https://www.openstack.org/themes/openstack/images/project-mascots/Keystone/OpenStack_Project_Keystone_vertical.png
 sources:
--- a/keystone/templates/deployment-api.yaml
+++ b/keystone/templates/deployment-api.yaml
@ -61,23 +61,6 @@ spec:
      terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.api.timeout | default "30" }}
      initContainers:
 {{ tuple $envAll "api" $mounts_keystone_api_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
-        - name: link-keys
-          image: {{ .Values.images.tags.keystone_api }}
-          imagePullPolicy: IfNotPresent
-          command:
-            - /bin/sh
-            - -c
-          args:
-            - set -xe;
-              find /etc/keystone/mounted-keys -type l -exec ln -sfn {} {{ .Values.conf.keystone.fernet_tokens.key_repository }} \; ;
-              chmod o-wrx {{ .Values.conf.keystone.fernet_tokens.key_repository }} ;
-          securityContext:
-            runAsUser: 0
-          volumeMounts:
-            - name: keystone-fernet-keys
-              mountPath: /etc/keystone/mounted-keys
-            - name: post-keystone-fernet-keys
-              mountPath: {{ .Values.conf.keystone.fernet_tokens.key_repository }}
      containers:
        - name: keystone-api
 {{ tuple $envAll "keystone_api" | include "helm-toolkit.snippets.image" | indent 10 }}
@ -160,8 +143,6 @@ spec:
 {{- end }}
 {{- if eq .Values.conf.keystone.token.provider "fernet" }}
            - name: keystone-fernet-keys
-              mountPath: /etc/keystone/mounted-keys
-            - name: post-keystone-fernet-keys
              mountPath: {{ .Values.conf.keystone.fernet_tokens.key_repository }}
 {{- end }}
            - name: keystone-credential-keys
@ -190,7 +171,7 @@ spec:
        - name: keystone-etc
          secret:
            secretName: keystone-etc
-            defaultMode: 0440
+            defaultMode: 0444
        - name: keystone-bin
          configMap:
            name: keystone-bin
@ -201,12 +182,9 @@ spec:
            secretName: keystone-ldap-tls
 {{- end }}
 {{- if eq .Values.conf.keystone.token.provider "fernet" }}
-        - name: post-keystone-fernet-keys
-          emptyDir: {}
        - name: keystone-fernet-keys
          secret:
            secretName: keystone-fernet-keys
-            defaultMode: 0440
 {{- end }}
        - name: keystone-credential-keys
          secret:
--- a/keystone/values.yaml
+++ b/keystone/values.yaml
@ -163,12 +163,10 @@ pod:
    keystone:
      pod:
        runAsUser: 42424
-        fsGroup: 42424
      container:
        keystone_api:
          readOnlyRootFilesystem: true
          allowPrivilegeEscalation: false
-          runAsGroup: 42424
    credential_setup:
      pod:
        runAsUser: 42424
--- a/releasenotes/notes/keystone.yaml
+++ b/releasenotes/notes/keystone.yaml
@ -34,4 +34,5 @@ keystone:
  - 0.2.16 Remove extra fsGroup
  - 0.2.17 Update default image references
  - 0.2.18 Remove default policy
+  - 0.2.19 Revert Reduce log chattiness
 ...