-
Bug
-
Resolution: Unresolved
-
Normal
-
Logging 5.8.0
-
False
-
None
-
False
-
NEW
-
NEW
-
Bug Fix
-
-
Description of problem:
When tlsSecurityProfile is updated, logfilesmetricexporter should be reconciled to apply the changes.
How reproducible:
always
Steps to Reproduce:
- deploy logfilesmetricexporter when tlsSecurityProfile is default
$oc get apiserver/cluster -o json |jq '.spec' { "audit": { "profile": "Default" } } cat <<EOF|oc create -f - { "apiVersion": "logging.openshift.io/v1alpha1", "kind": "LogFileMetricExporter", "metadata": { "name": "instance" }, "spec": {} } EOF
- Customized the tlsSecurityProfile
oc edit apiserver/cluster and add tlsSecurityProfile
spec: audit: profile: Default tlsSecurityProfile: custom: ciphers: - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - ECDHE-RSA-AES128-GCM-SHA256 - ECDHE-ECDSA-AES128-GCM-SHA256 minTLSVersion: VersionTLS12 type: Custom
- waiting about 2 minutes , Check the tls
oc get ds/logfilesmetricexporter -o json |jq '.spec.template.spec.containers[0].args'
Actual results:
logfilesmetricexporter isn't redeployed
Expected results:
logfilesmetricexporter is redeployed, and use new tlsProfiles as below #oc get ds/logfilesmetricexporter -o json |jq '.spec.template.spec.containers[0].args' [ "-c", "/usr/local/bin/log-file-metric-exporter -verbosity=2 -dir=/var/log/pods -http=:2112 -keyFile=/etc/logfilemetricexporter/metrics/tls.key -crtFile=/etc/logfilemetricexporter/metrics/tls.crt -tlsMinVersion=VersionTLS12 -cipherSuites=ECDHE-ECDSA-CHACHA20-POLY1305,ECDHE-RSA-CHACHA20-POLY1305,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES128-GCM-SHA256" ]
