New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

API Audit Logging #22

Closed
roberthbailey opened this Issue Jul 12, 2016 · 49 comments

Comments

Projects
None yet
@roberthbailey
Copy link
Member

roberthbailey commented Jul 12, 2016

API Audit Logging

@idvoretskyi idvoretskyi modified the milestone: v1.4 Jul 18, 2016

@amouat

This comment has been minimized.

Copy link

amouat commented Jul 26, 2016

What's the current status of this? It's not clear to me who's working on what or what the next steps are. @soltysh came up with a working PR that has had a lot of feedback and discussion: kubernetes/kubernetes#27087

@sttts

This comment has been minimized.

Copy link
Contributor

sttts commented Jul 26, 2016

@amouat in the mentioned PR @soltysh introduces what we call "basic auditing", basically access.log-style logging only without any deeper api knowledge. To my knowledge mainly log-rotation is an open issue.

kubernetes/kubernetes#29443 is the continuation by me and @soltysh describing more "advanced auditing" where the basic audit output would just be a special case. This feature issue is about the latter and will link to that proposal PR once it's more complete.

@amouat

This comment has been minimized.

Copy link

amouat commented Jul 26, 2016

Thanks!

I have to say this process is very confusing. The discussion has moved from issue #2203, to PR #27087 to this issue and then to #29443, with no clear indication on each where the current discussion is happening, or what the next steps are :(

Many thanks for you work on this though, I don't mean to sound ungrateful towards a great OS project. I just wanted to check that this issue was still moving forward.

@janetkuo

This comment has been minimized.

Copy link
Member

janetkuo commented Sep 2, 2016

@soltysh @sttts Are the docs ready? Please update the docs to https://github.com/kubernetes/kubernetes.github.io, and then add PR numbers and have the docs box checked in the issue description

@sttts

This comment has been minimized.

Copy link
Contributor

sttts commented Sep 5, 2016

@janetkuo this feature is postponed to 1.5, in 1.4 we only have kubernetes/kubernetes#27087 as a first step. Unfortunately, I lack the permissions to change the milestone.

@soltysh soltysh removed the alpha-in-1.4 label Sep 6, 2016

@soltysh soltysh modified the milestones: v1.5, v1.4 Sep 6, 2016

@soltysh

This comment has been minimized.

Copy link
Contributor

soltysh commented Sep 6, 2016

I've changed both the labels and milestone. Although it would be good to have at least the small part documented. I'll create a PR right away.

@soltysh

This comment has been minimized.

Copy link
Contributor

soltysh commented Sep 6, 2016

Created kubernetes/website#1168 for the basic audit part.

@goltermann

This comment has been minimized.

Copy link
Contributor

goltermann commented Sep 6, 2016

I added the alpha-in-1.4 label, as we got some of this done in 1.4. It might be a stretch to call it alpha, but I don't want to lose that we shipped some working pieces of this for 1.4.

@soltysh

This comment has been minimized.

Copy link
Contributor

soltysh commented Sep 6, 2016

Yeah, the some is quite a stretch here, but I'm ok with it.

@idvoretskyi

This comment has been minimized.

Copy link
Member

idvoretskyi commented Nov 3, 2016

@soltysh @sttts can you provide the actual status of the feature for the 1.5 release (is it alpha, beta, etc)?

@soltysh

This comment has been minimized.

Copy link
Contributor

soltysh commented Nov 3, 2016

Unfortunately this is stuck in alpha, no work has been done recently with it 😭

@davidopp

This comment has been minimized.

Copy link
Member

davidopp commented Nov 3, 2016

Maybe of interest to @kubernetes/sig-instrumentation ?

@idvoretskyi

This comment has been minimized.

Copy link
Member

idvoretskyi commented Nov 4, 2016

@soltysh @davidopp so, I'll target this one to the next milestone.

@idvoretskyi idvoretskyi modified the milestones: next-milestone, v1.5 Nov 4, 2016

@sandys

This comment has been minimized.

Copy link

sandys commented Nov 29, 2016

hey guys - this is very important for us since we are planning to financial services application on k8s. I realize that this may take a while to make it in. I hope im not destroying the conversation here.. but what are people using today to do this kind of logging ?

A lot of people use bastion hosts to run kubectl - are you guys logging commands on that server, etc ? it would be good to know some practical examples.

@justaugustus

This comment has been minimized.

Copy link
Member

justaugustus commented Jul 31, 2018

@tallclair @x13n @CaoShuFeng --
Feature Freeze is today. Are we planning on graduating this feature in Kubernetes 1.12?
If so, can you make sure everything is up-to-date, so I can include it on the 1.12 Feature tracking spreadsheet?

@loburm

This comment has been minimized.

Copy link

loburm commented Jul 31, 2018

@justaugustus yes this is in plans. PR is already in review:
kubernetes/kubernetes#65891

@justaugustus

This comment has been minimized.

Copy link
Member

justaugustus commented Jul 31, 2018

Thanks for the update!

/remove-stage beta
/stage stable

@zparnold

This comment has been minimized.

Copy link
Member

zparnold commented Aug 20, 2018

Hey there! @roberthbailey I'm the wrangler for the Docs this release. Is there any chance I could have you open up a docs PR against the release-1.12 branch as a placeholder? That gives us more confidence in the feature shipping in this release and gives me something to work with when we start doing reviews/edits. Thanks! If this feature does not require docs, could you please update the features tracking spreadsheet to reflect it?

@roberthbailey

This comment has been minimized.

Copy link
Member

roberthbailey commented Aug 20, 2018

@tallclair is the primary assignee; I just created the initial issue.

@tallclair

This comment has been minimized.

Copy link
Member

tallclair commented Aug 20, 2018

@loburm @x13n @CaoShuFeng - Can one of you volunteer to own the v1.12 docs for this feature?

@CaoShuFeng

This comment has been minimized.

Copy link
Member

CaoShuFeng commented Aug 21, 2018

Can one of you volunteer to own the v1.12 docs for this feature?

I will do it.

@CaoShuFeng

This comment has been minimized.

Copy link
Member

CaoShuFeng commented Aug 22, 2018

Can one of you volunteer to own the v1.12 docs for this feature?

I found that these two pull requests need document:
kubernetes/kubernetes#65862
kubernetes/kubernetes#65763
I will update the document once they get merged.

The dynamic audit documentation is here: kubernetes/website#9947

@zparnold

This comment has been minimized.

Copy link
Member

zparnold commented Aug 25, 2018

@justaugustus

This comment has been minimized.

Copy link
Member

justaugustus commented Sep 5, 2018

@CaoShuFeng @tallclair --
Any update on docs status for this feature? Are we still planning to land it for 1.12?
At this point, code freeze is upon us, and docs are due on 9/7 (2 days).
If we don't here anything back regarding this feature ASAP, we'll need to remove it from the milestone.

cc: @zparnold @jimangel @tfogo

@CaoShuFeng

This comment has been minimized.

Copy link
Member

CaoShuFeng commented Sep 6, 2018

The document is ready for review: kubernetes/website#9947

kubernetes/kubernetes#65763 not included yet.

@justaugustus

This comment has been minimized.

Copy link
Member

justaugustus commented Sep 6, 2018

Thanks for the update!

@justaugustus

This comment has been minimized.

Copy link
Member

justaugustus commented Sep 11, 2018

Dropping this from the milestone per the feedback here: kubernetes/website#9947 (comment)

/milestone v1.13

@k8s-ci-robot k8s-ci-robot modified the milestones: v1.12, v1.13 Sep 11, 2018

@tallclair

This comment has been minimized.

Copy link
Member

tallclair commented Oct 5, 2018

As this has graduated to stable I'm going to close this feature (woohoo!)

Future enhancements should be tracked as separate features (e.g. Dynamic Audit Configuration).

Thanks to everyone who worked on this! 🎉

@tallclair tallclair closed this Oct 5, 2018

@kacole2

This comment has been minimized.

Copy link
Contributor

kacole2 commented Oct 5, 2018

/milestone clear

@k8s-ci-robot k8s-ci-robot removed this from the v1.13 milestone Oct 5, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment