Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Change default value for --audit-log-path flag of gardener-apiserver … #6204

Merged
merged 1 commit into from Jun 27, 2022
Merged

Change default value for --audit-log-path flag of gardener-apiserver … #6204

merged 1 commit into from Jun 27, 2022

Conversation

vpnachev
Copy link
Member

How to categorize this PR?
/area control-plane
/kind bug

What this PR does / why we need it:
Change default value for --audit-log-path flag of gardener-apiserver to /tmp/audit.log.

Follow up on #6184 as k8s.io/apiserver expects the directory of the file to exist, but we cannot expect /tmp/audit to exist in any OCI image. I will try to reproduce and open an issue upstream for this.

Which issue(s) this PR fixes:
Fixes #

Special notes for your reviewer:
There is an option this issue to be fixed via the Dockerfile, but it is highly specific to the current default path.

RUN mkdir /tmp/audit
FROM gcr.io/distroless/static-debian11:nonroot AS test-distroless
COPY --from=builder --chown=nonroot:nonroot /tmp/audit /tmp/audit

@rfranzke please, remove the release notes from #6184 once this is merged.

Release note:

The default value for `--audit-log-path` of Gardener API Server was changed from `/var/lib/audit.log` to `/tmp/audit.log` so that a `nonroot` user can access it without additional permissions.

@vpnachev
Change default value for --audit-log-path flag of gardener-apiserver …
0041dc8 
…to /tmp/audit.log

Signed-off-by: Vladimir Nachev <vladimir.nachev@sap.com>
@gardener-prow gardener-prow bot added area/control-plane Control plane related kind/bug Bug labels Jun 27, 2022
@gardener-prow gardener-prow bot added size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. cla: yes Indicates the PR's author has signed the cla-assistant.io CLA. labels Jun 27, 2022
@rfranzke
Copy link
Member

/assign
/milestone v1.50

@gardener-prow gardener-prow bot added this to the v1.50 milestone Jun 27, 2022
@rfranzke rfranzke added the component/gardener Gardener label Jun 27, 2022
@rfranzke
Copy link
Member

/lgtm
/approve

@gardener-prow
Copy link
Contributor

gardener-prow bot commented Jun 27, 2022

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: rfranzke

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@gardener-prow gardener-prow bot added lgtm Indicates that a PR is ready to be merged. approved Indicates a PR has been approved by an approver from all required OWNERS files. labels Jun 27, 2022
@gardener-prow gardener-prow bot merged commit c2635e7 into gardener:master Jun 27, 2022
@vpnachev vpnachev deleted the g-api/change-default-audit-log-path branch June 27, 2022 13:54
@vpnachev
Copy link
Member Author

I will try to reproduce and open an issue upstream for this.

I've opened kubernetes/kubernetes#110813 to try to fix this issue. If it is approved and merged, I will also cherry-pick it to the currently support release branches.

krgostev pushed a commit to krgostev/gardener that referenced this pull request Jul 5, 2022
@vpnachev
Change default value for --audit-log-path flag of gardener-apiserver …
d3e5d0a 
…to /tmp/audit.log (gardener#6204)

Signed-off-by: Vladimir Nachev <vladimir.nachev@sap.com>
vpnachev added a commit to vpnachev/gardener that referenced this pull request Aug 22, 2022
@vpnachev
Revert "Change default value for --audit-log-path flag of gardener-ap…
0faf13c 
…iserver to /tmp/audit.log (gardener#6204)"

This reverts commit c2635e7.
@vpnachev vpnachev mentioned this pull request Aug 22, 2022
Merged
gardener-prow bot pushed a commit that referenced this pull request Aug 22, 2022
@vpnachev
Gardener API server now uses dedicated folder for the audit logs (#6557)
8fa3f19 
* Bump k8s.io dependencies to 0.24.4

* run "make revenor"

* Revert "Change default value for --audit-log-path flag of gardener-apiserver to /tmp/audit.log (#6204)"

This reverts commit c2635e7.
@Gerrit91 Gerrit91 mentioned this pull request Jun 15, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@danielfoehrKn danielfoehrKn Awaiting requested review from danielfoehrKn

@wyb1 wyb1 Awaiting requested review from wyb1

Assignees

@rfranzke rfranzke

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. area/control-plane Control plane related cla: yes Indicates the PR's author has signed the cla-assistant.io CLA. component/gardener Gardener kind/bug Bug lgtm Indicates that a PR is ready to be merged. size/XS Denotes a PR that changes 0-9 lines, ignoring generated files.
Projects
None yet
Milestone
v1.50
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@vpnachev @rfranzke