Description
What happened (please include outputs or screenshots):
Kubernetes-client creates debug log lines for all REST API call response bodies. When using kubernetes-client to create kubernetes Secret objects, this presents an issue as the raw contents of the secret are logged.
The issue can be worked around by forcing kubernetes-client to never generate debug logs via log configuration (e.g. logging.dictConfig).
What you expected to happen:
Calling client.CoreV1Api().create_namespaced_secret() must never log the raw secret.
How to reproduce it (as minimally and precisely as possible):
body = client.V1Secret(
metadata=client.V1ObjectMeta(name=secret_name),
data={"secret_value": base64.b64encode(secret_value.encode()).decode('utf-8')}
core_client = client.CoreV1Api()
core_client.create_namespaced_secret(settings.K8S_NAMESPACE, body)
Anything else we need to know?:
This appears to be the offending line:
python/kubernetes/client/rest.py
Lines 234 to 235 in 7a278c7
Environment:
- Kubernetes version (
kubectl version): v1.30.0 - OS (e.g., MacOS 10.13.6): Linux 33b1220370b0 6.4.16-linuxkit #1 SMP PREEMPT Thu Nov 16 10:49:20 UTC 2023 aarch64 GNU/Linux
- Python version (
python --version): Python 3.11.3 - Python client version (
pip list | grep kubernetes): 29.0.0