You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Since tap is a security-sensitive feature, we should log uses of tap to the audit log. Given the "secure by default" design goal, this auditing should be enabled in the default configuration. We should use Kubernetes' standard configuration mechanisms (see https://kubernetes.io/docs/tasks/debug-application-cluster/audit/) to control (e.g. allow disabling) of auditing for the tap feature.
The text was updated successfully, but these errors were encountered:
All attempts to use the tap feature should be logged in the audit log. The audit log entries must include, at least the start/end time, user, and the arguments used for the tap. We probably need at least two entries: one for when the tap started and one for when the tap ended. We may also want to include the users's source IP address and/or any other tracing information we can collect.
When each proxy is tapped, the proxy should also log the start and end of the tap. That is, both the controller and each proxy involved in the tap should independently log the start and end of the tap.
Since tap is a security-sensitive feature, we should log uses of tap to the audit log. Given the "secure by default" design goal, this auditing should be enabled in the default configuration. We should use Kubernetes' standard configuration mechanisms (see https://kubernetes.io/docs/tasks/debug-application-cluster/audit/) to control (e.g. allow disabling) of auditing for the tap feature.
The text was updated successfully, but these errors were encountered: