Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Implemented truncating audit backend #64024

Merged
merged 1 commit into from May 18, 2018

Conversation

@loburm
Copy link
Contributor

loburm commented May 18, 2018

Fixes #60432

Introduces an optional truncating backend, disabled by default, that estimates the size of audit events and truncates events/split batches based on the configuration.

Introduce truncating audit backend that can be enabled by passing --audit-log-truncate-enabled or --audit-webhook-truncate-enabled flag to the apiserver to limit the size of individual audit events and batches of events.

I had to manually remove dependency of original PR #61711, from #60056, that's why automated cherry-pick was not used.

@loburm

This comment has been minimized.

Copy link
Contributor Author

loburm commented May 18, 2018

@loburm loburm force-pushed the loburm:truncate branch 2 times, most recently from 6e77127 to 910ad34 May 18, 2018

Implemented truncating audit backend
Signed-off-by: Mik Vyatskov <vmik@google.com>

@loburm loburm force-pushed the loburm:truncate branch from 910ad34 to 30ffcab May 18, 2018

@sttts

This comment has been minimized.

Copy link
Contributor

sttts commented May 18, 2018

/lgtm
/approve

@k8s-ci-robot k8s-ci-robot added the lgtm label May 18, 2018

@k8s-ci-robot

This comment has been minimized.

Copy link
Contributor

k8s-ci-robot commented May 18, 2018

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: loburm, sttts

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@sttts

This comment has been minimized.

Copy link
Contributor

sttts commented May 18, 2018

/assign @MaciekPytel

@MaciekPytel

This comment has been minimized.

Copy link
Contributor

MaciekPytel commented May 18, 2018

Discussed with @loburm offline and he told me this is disabled by default and there will be no change in behavior unless explicitly enabled.

@loburm Can you update release note to make it more obvious that it's opt-in?

@k8s-github-robot

This comment has been minimized.

Copy link
Contributor

k8s-github-robot commented May 18, 2018

/test all [submit-queue is verifying that this PR is safe to merge]

@loburm

This comment has been minimized.

Copy link
Contributor Author

loburm commented May 18, 2018

/kind feature
/priority critical-urgent
/sig auth

@k8s-github-robot

This comment has been minimized.

Copy link
Contributor

k8s-github-robot commented May 18, 2018

[MILESTONENOTIFIER] Milestone Pull Request Needs Approval

@MaciekPytel @loburm @sttts @kubernetes/sig-auth-misc

Action required: This pull request must have the status/approved-for-milestone label applied by a SIG maintainer.

Pull Request Labels
  • sig/auth: Pull Request will be escalated to these SIGs if needed.
  • priority/critical-urgent: Never automatically move pull request out of a release milestone; continually escalate to contributor and SIG through all available channels.
  • kind/feature: New functionality.
Help
@k8s-github-robot

This comment has been minimized.

Copy link
Contributor

k8s-github-robot commented May 18, 2018

Automatic merge from submit-queue.

@k8s-github-robot k8s-github-robot merged commit 54b3176 into kubernetes:release-1.10 May 18, 2018

16 of 18 checks passed

Submit Queue Required Github CI test is not green: pull-kubernetes-verify
Details
pull-kubernetes-kubemark-e2e-gce-big Job triggered.
Details
cla/linuxfoundation crassirostris authorized
Details
pull-kubernetes-bazel-build Job succeeded.
Details
pull-kubernetes-bazel-test Job succeeded.
Details
pull-kubernetes-cross Skipped
pull-kubernetes-e2e-gce Job succeeded.
Details
pull-kubernetes-e2e-gce-100-performance Skipped
pull-kubernetes-e2e-gce-device-plugin-gpu Job succeeded.
Details
pull-kubernetes-e2e-gke Skipped
pull-kubernetes-e2e-kops-aws Job succeeded.
Details
pull-kubernetes-integration Job succeeded.
Details
pull-kubernetes-kubemark-e2e-gce Job succeeded.
Details
pull-kubernetes-local-e2e Skipped
pull-kubernetes-local-e2e-containerized Skipped
pull-kubernetes-node-e2e Job succeeded.
Details
pull-kubernetes-typecheck Job succeeded.
Details
pull-kubernetes-verify Job succeeded.
Details
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.