discard audit log to prevent full fs

Signed-off-by: phac008 <[email protected]>
suxess-it · Nov 25, 2024 · 838b346 · 838b346
1 parent 0ea8488
commit 838b346
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 31 deletions.
diff --git a/platform-apps/charts/vault/templates/crossplane/cp-audit.yaml b/platform-apps/charts/vault/templates/crossplane/cp-audit.yaml
@@ -10,5 +10,6 @@ spec:
     name: vault-crossplane-providerconfig
   forProvider:
     options:
-      file_path: /vault/audit/audit.log
+     # file_path: /vault/audit/audit.log
+      file_path: discard
     type: file
diff --git a/platform-apps/charts/vault/values-uibklab.yaml b/platform-apps/charts/vault/values-uibklab.yaml
@@ -96,36 +96,6 @@ vault:
             - ALL
           privileged: false
           runAsNonRoot: true
-
-      - name: audit-cleanup
-        image: hashicorp/vault:1.17.2
-        env: 
-          - name: VAULT_ADDR
-            valueFrom:
-              secretKeyRef:
-                name: sx-vault-env-vars
-                key: VAULT_ADDR  
-        command: 
-        - /bin/sh
-        - -c
-        - | 
-            while true; do
-              echo "waiting for tomorrow :-)"
-              sleep 86400  # Runs daily, after 1 day
-              echo "Truncating log file..."
-              truncate -s 0 /vault/audit/audit.log
-            done
-        volumeMounts:
-          - name: vault-root-token
-            mountPath: /vault-root-token  
-        securityContext:
-          allowPrivilegeEscalation: false
-          capabilities:
-            drop:
-            - ALL
-          privileged: false
-          runAsNonRoot: true
-
       - name: auto-unsealer
         image: hashicorp/vault:1.17.2
         env: