We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
We found in our service that the log of ALB controller pod show the credentials in plain text:
kubectl -n kube-system logs alb-controller-757b79b8c5-v44gd --since 30m -f ... I0416 15:42:15.529115 1 controller.go:236] kubebuilder/controller "level"=1 "msg"="Successfully Reconciled" "controller"="alb-ingress-controller" "request"={"Namespace":"pipelines","Name":"dashboard"} I0416 15:42:15.899854 1 listener.go:236] pipelines/dashboard: Auto-detected and added 1 certificates to listener I0416 15:42:15.899977 1 log.go:30] pipelines/dashboard: listener defaultActions needs modification: [{ I0416 15:42:15.899984 1 log.go:30] pipelines/dashboard: FixedResponseConfig: { I0416 15:42:15.899987 1 log.go:30] pipelines/dashboard: ContentType: "text/plain", I0416 15:42:15.899990 1 log.go:30] pipelines/dashboard: StatusCode: "404" I0416 15:42:15.899993 1 log.go:30] pipelines/dashboard: }, I0416 15:42:15.899996 1 log.go:30] pipelines/dashboard: Order: 2, I0416 15:42:15.899999 1 log.go:30] pipelines/dashboard: Type: "fixed-response" I0416 15:42:15.900002 1 log.go:30] pipelines/dashboard: },{ I0416 15:42:15.900005 1 log.go:30] pipelines/dashboard: AuthenticateOidcConfig: { I0416 15:42:15.900008 1 log.go:30] pipelines/dashboard: AuthenticationRequestExtraParams: { I0416 15:42:15.900010 1 log.go:30] pipelines/dashboard: I0416 15:42:15.900013 1 log.go:30] pipelines/dashboard: }, I0416 15:42:15.900016 1 log.go:30] pipelines/dashboard: AuthorizationEndpoint: "https://company.okta.com/oauth2/default/v1/authorize", I0416 15:42:15.900019 1 log.go:30] pipelines/dashboard: ClientId: "0oa1ik4j1of9YfoD30h8", I0416 15:42:15.900022 1 log.go:30] pipelines/dashboard: Issuer: "https://company.okta.com/oauth2/default", I0416 15:42:15.900026 1 log.go:30] pipelines/dashboard: OnUnauthenticatedRequest: "authenticate", I0416 15:42:15.900028 1 log.go:30] pipelines/dashboard: Scope: "openid", I0416 15:42:15.900031 1 log.go:30] pipelines/dashboard: SessionCookieName: "company-dashboard", I0416 15:42:15.900035 1 log.go:30] pipelines/dashboard: SessionTimeout: 28800, I0416 15:42:15.900038 1 log.go:30] pipelines/dashboard: TokenEndpoint: "https://company.okta.com/oauth2/default/v1/token", I0416 15:42:15.900041 1 log.go:30] pipelines/dashboard: UserInfoEndpoint: "https://company.okta.com/oauth2/default/v1/userinfo" I0416 15:42:15.900043 1 log.go:30] pipelines/dashboard: }, I0416 15:42:15.900046 1 log.go:30] pipelines/dashboard: Order: 1, I0416 15:42:15.900049 1 log.go:30] pipelines/dashboard: Type: "authenticate-oidc" I0416 15:42:15.900052 1 log.go:30] pipelines/dashboard: }] => [{ I0416 15:42:15.900055 1 log.go:30] pipelines/dashboard: AuthenticateOidcConfig: { I0416 15:42:15.900057 1 log.go:30] pipelines/dashboard: AuthenticationRequestExtraParams: { I0416 15:42:15.900060 1 log.go:30] pipelines/dashboard: I0416 15:42:15.900063 1 log.go:30] pipelines/dashboard: }, I0416 15:42:15.900065 1 log.go:30] pipelines/dashboard: AuthorizationEndpoint: "https://company.okta.com/oauth2/default/v1/authorize", I0416 15:42:15.900068 1 log.go:30] pipelines/dashboard: ClientId: "<HERE SHOW THE CREDENTIAL>", I0416 15:42:15.900071 1 log.go:30] pipelines/dashboard: ClientSecret: "<HERE SHOW THE CREDENTIAL>", I0416 15:42:15.900074 1 log.go:30] pipelines/dashboard: Issuer: "https://company.okta.com/oauth2/default", I0416 15:42:15.900077 1 log.go:30] pipelines/dashboard: OnUnauthenticatedRequest: "authenticate", I0416 15:42:15.900080 1 log.go:30] pipelines/dashboard: Scope: "openid", I0416 15:42:15.900082 1 log.go:30] pipelines/dashboard: SessionCookieName: "company-dashboard", I0416 15:42:15.900085 1 log.go:30] pipelines/dashboard: SessionTimeout: 28800, I0416 15:42:15.900088 1 log.go:30] pipelines/dashboard: TokenEndpoint: "https://company.okta.com/oauth2/default/v1/token", I0416 15:42:15.900091 1 log.go:30] pipelines/dashboard: UserInfoEndpoint: "https://company.okta.com/oauth2/default/v1/userinfo" I0416 15:42:15.900093 1 log.go:30] pipelines/dashboard: }, I0416 15:42:15.900096 1 log.go:30] pipelines/dashboard: Order: 1, I0416 15:42:15.900099 1 log.go:30] pipelines/dashboard: Type: "authenticate-oidc" I0416 15:42:15.900102 1 log.go:30] pipelines/dashboard: },{ I0416 15:42:15.900104 1 log.go:30] pipelines/dashboard: FixedResponseConfig: { I0416 15:42:15.900107 1 log.go:30] pipelines/dashboard: ContentType: "text/plain", I0416 15:42:15.900110 1 log.go:30] pipelines/dashboard: StatusCode: "404" I0416 15:42:15.900113 1 log.go:30] pipelines/dashboard: }, I0416 15:42:15.900116 1 log.go:30] pipelines/dashboard: Order: 2, I0416 15:42:15.900118 1 log.go:30] pipelines/dashboard: Type: "fixed-response" I0416 15:42:15.900121 1 log.go:30] pipelines/dashboard: }] ...
The text was updated successfully, but these errors were encountered:
Hi, thanks for reporting this. To temporarily mitigate this issue, you can set "-v=1" at controller's flags.
Will cut a new release with fix today.
Sorry, something went wrong.
Successfully merging a pull request may close this issue.
We found in our service that the log of ALB controller pod show the credentials in plain text:
The text was updated successfully, but these errors were encountered: