Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add instructions for k8s audit support in >= 1.13 #608

Merged
merged 9 commits into from May 24, 2019

Conversation

Projects
3 participants
@mstemm
Copy link
Contributor

commented May 15, 2019

In K8s 1.13, there's a new mechanism for k8s audit logs using Audit
Sinks, which can be created and managed like other k8s objects.

Add instructions for enabling k8s audit logging for 1.13. The patching
script is still required, as dynamic audit is not a GA feature and needs
to be enabled. Also, the audit sink config is a template and needs to be
filled in with the cluster ip address, like the webhook config for 1.11.

fixes #611

mstemm added some commits May 15, 2019

Add instructions for k8s audit support in >= 1.13
In K8s 1.13, there's a new mechanism for k8s audit logs using Audit
Sinks, which can be created and managed like other k8s objects.

Add instructions for enabling k8s audit logging for 1.13. The patching
script is still required, as dynamic audit is not a GA feature and needs
to be enabled. Also, the audit sink config is a template and needs to be
filled in with the cluster ip address, like the webhook config for 1.11.
Also support a mix of dynamic + static log
Useful when you want to show both dynamic audit sinks as well as logging
to a file.

@mstemm mstemm requested a review from leodido May 15, 2019

@fntlnz fntlnz added this to Review in progress in Main May 17, 2019

mstemm added some commits May 21, 2019

Also include ResponseStarted
Required to grab pod exec actions.
@leodido
Copy link
Member

left a comment

Documentation looks pretty good to me. I've just changed two things.

Going to test the scripts now.

Show resolved Hide resolved examples/k8s_audit_config/README.md Outdated
Show resolved Hide resolved examples/k8s_audit_config/README.md Outdated
Show resolved Hide resolved examples/k8s_audit_config/README.md Outdated

Main automation moved this from Review in progress to Reviewer approved May 24, 2019

@leodido leodido force-pushed the add-k8s-audit-1.13 branch from dbd4076 to 611bcc6 May 24, 2019

@fntlnz

fntlnz approved these changes May 24, 2019

Copy link
Member

left a comment

LGTM

leodido and others added some commits May 24, 2019

@fntlnz fntlnz merged commit 8bd98c1 into dev May 24, 2019

1 of 5 checks passed

continuous-integration/jenkins/branch This commit cannot be built
Details
Run tests One or more tests failed
Details
Travis CI - Branch Build Failed
Details
Travis CI - Pull Request Build Failed
Details
Build Build Successful
Details

Main automation moved this from Reviewer approved to Done May 24, 2019

@leodido leodido deleted the add-k8s-audit-1.13 branch May 24, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.