New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

dynamic audit configuration #67257

Merged
merged 2 commits into from Nov 15, 2018

Conversation

@pbarker
Copy link
Contributor

pbarker commented Aug 10, 2018

What this PR does / why we need it:
Implements dynamic audit configuration feature kubernetes/enhancements#600

Special notes for your reviewer:

The PR depends on the plugins PR #70021

This PR has performance implications when the feature is enabled. This was discussed in the KEP and will be benchmarked and evaluated before moving to beta.

Integration test can be found #69902

Issues that need to be completed before beta can be found #70816

Release note:

Adds DynamicAuditing feature which allows for the configuration of audit webhooks through the use of an AuditSink API object.

@k8s-ci-robot k8s-ci-robot requested review from deads2k and fejta Aug 10, 2018

@pbarker pbarker changed the title [WIP] adds dynamic audit configuration [WIP] dynamic audit configuration Aug 10, 2018

@pbarker pbarker force-pushed the pbarker:audit branch 3 times, most recently from b4dea80 to 27b657b Aug 10, 2018

@neolit123

This comment has been minimized.

Copy link
Member

neolit123 commented Aug 10, 2018

please, change the release note from
Adds dynamic audit configuration -> Add dynamic audit configuration or even better - expand a little on what the feature does for users who don't know.

/kind feature
/sig auth

@neolit123

This comment has been minimized.

Copy link
Member

neolit123 commented Aug 10, 2018

oh and thanks for working on this! :)

@pbarker pbarker force-pushed the pbarker:audit branch from 27b657b to e9594dd Aug 10, 2018

@pbarker

This comment has been minimized.

Copy link
Contributor

pbarker commented Aug 10, 2018

@tallclair @liggitt still have a couple tests to write but functionality is working, would love some early feedback if you have time 🙏

@neolit123
Copy link
Member

neolit123 left a comment

went trough the whole DIFF.
the code seems well written to me as much as i understand the change.

added a couple of styling comments mostly.
👍

@pbarker pbarker force-pushed the pbarker:audit branch 2 times, most recently from 7a66485 to 8b94330 Aug 10, 2018

@fejta

This comment has been minimized.

Copy link
Contributor

fejta commented Aug 13, 2018

/uncc

Feel free to add me back when this is no longer wip

@k8s-ci-robot k8s-ci-robot removed the request for review from fejta Aug 13, 2018

@pbarker pbarker force-pushed the pbarker:audit branch from 8b94330 to 450fcb8 Aug 15, 2018

@pbarker pbarker changed the title [WIP] dynamic audit configuration dynamic audit configuration Aug 15, 2018

@pbarker pbarker force-pushed the pbarker:audit branch from 450fcb8 to 571aae2 Aug 15, 2018

@k8s-ci-robot k8s-ci-robot added size/XL and removed size/L labels Nov 14, 2018

@pbarker pbarker force-pushed the pbarker:audit branch 2 times, most recently from 9813c0f to 9397869 Nov 14, 2018

@pbarker

This comment has been minimized.

Copy link
Contributor

pbarker commented Nov 14, 2018

/retest

@deads2k

This comment has been minimized.

Copy link
Contributor

deads2k commented Nov 14, 2018

I only looked at the options wiring. Minor comments. Structure-wise, I think it fits in ok.

@pbarker pbarker force-pushed the pbarker:audit branch from 9397869 to 619d8f2 Nov 14, 2018

@deads2k

This comment has been minimized.

Copy link
Contributor

deads2k commented Nov 14, 2018

** deads2k ** approved these changes 13 seconds ago

for the options.

@liggitt liggitt self-assigned this Nov 14, 2018

@liggitt
Copy link
Member

liggitt left a comment

this is way easier to follow, thanks for cleaning it up

the questions around the default non-configurable namespaces chosen for recording events are the main blocker.

other than that, just a couple clarifications/comments requested

@pbarker pbarker force-pushed the pbarker:audit branch from 619d8f2 to 2ec4fa3 Nov 14, 2018

@pbarker pbarker force-pushed the pbarker:audit branch from 2ec4fa3 to 5cb70e3 Nov 15, 2018

@liggitt

This comment has been minimized.

Copy link
Member

liggitt commented Nov 15, 2018

/lgtm
/approve

@k8s-ci-robot k8s-ci-robot added the lgtm label Nov 15, 2018

@liggitt

This comment has been minimized.

Copy link
Member

liggitt commented Nov 15, 2018

tagging based on options approval in
#67257 (comment)

@liggitt liggitt added the approved label Nov 15, 2018

@k8s-ci-robot

This comment has been minimized.

Copy link
Contributor

k8s-ci-robot commented Nov 15, 2018

[APPROVALNOTIFIER] This PR is APPROVED

Approval requirements bypassed by manually added approval.

This pull-request has been approved by: liggitt, pbarker

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot

This comment has been minimized.

Copy link
Contributor

k8s-ci-robot commented Nov 15, 2018

@pbarker: The following test failed, say /retest to rerun them all:

Test name Commit Details Rerun command
pull-kubernetes-local-e2e-containerized b793c3b link /test pull-kubernetes-local-e2e-containerized

Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

@fejta-bot

This comment has been minimized.

Copy link

fejta-bot commented Nov 15, 2018

/retest
This bot automatically retries jobs that failed/flaked on approved PRs (send feedback to fejta).

Review the full test history for this PR.

Silence the bot with an /lgtm cancel comment for consistent failures.

@k8s-ci-robot k8s-ci-robot merged commit b1a52a3 into kubernetes:master Nov 15, 2018

18 checks passed

cla/linuxfoundation pbarker authorized
Details
pull-kubernetes-bazel-build Job succeeded.
Details
pull-kubernetes-bazel-test Job succeeded.
Details
pull-kubernetes-cross Skipped
pull-kubernetes-e2e-gce Job succeeded.
Details
pull-kubernetes-e2e-gce-100-performance Job succeeded.
Details
pull-kubernetes-e2e-gce-device-plugin-gpu Job succeeded.
Details
pull-kubernetes-e2e-gke Skipped
pull-kubernetes-e2e-kops-aws Job succeeded.
Details
pull-kubernetes-e2e-kubeadm-gce Skipped
pull-kubernetes-integration Job succeeded.
Details
pull-kubernetes-kubemark-e2e-gce-big Job succeeded.
Details
pull-kubernetes-local-e2e Skipped
pull-kubernetes-local-e2e-containerized Skipped
pull-kubernetes-node-e2e Job succeeded.
Details
pull-kubernetes-typecheck Job succeeded.
Details
pull-kubernetes-verify Job succeeded.
Details
tide In merge pool.
Details

@pbarker pbarker deleted the pbarker:audit branch Nov 19, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment