New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
add dynamic audit policy controller #460
add dynamic audit policy controller #460
Conversation
/test e2e-agnostic-upgrade |
/retest |
The pod still tries to access |
ObservedConfig: runtime.RawExtension{Raw: []byte(withDefaultsProvidedAPIServerArgsJSON)}, | ||
}, | ||
expectedAPIServerArguments: map[string][]string{ | ||
"api-audiences": {"https://now.something.different"}, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
can we preserve this part of the test about api-audiences?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
just leave the test, but remove the lines with audit policy. That should work, shouldn't it?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I can try it.
c33ffc8
to
7e95cc2
Compare
012a273
to
126851e
Compare
ObservedConfig: runtime.RawExtension{Raw: []byte(emptyAPIServerArgsJSON)}, | ||
}, | ||
expectedAPIServerArguments: map[string][]string{ | ||
"audit-policy-file": {"/var/run/configmaps/audit/default.yaml"}, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
just remove this line only
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
And line 180 too
126851e
to
60a7a13
Compare
--tls-min-version=VersionTLS12 \ | ||
--v=2 | ||
--cors-allowed-origins='//127\.0\.0\.1(:|$)' \ | ||
--cors-allowed-origins='//localhost(:|$)' \ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
move left every but the first green line
--tls-cipher-suites=TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305 \ | ||
--tls-min-version=VersionTLS13 \ | ||
--v=2 | ||
--audit-policy-file=/var/run/configmaps/audit/policy.yaml \ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
remove this line
--v=2 | ||
--audit-policy-file=/var/run/configmaps/audit/policy.yaml \ | ||
--cors-allowed-origins='//127\.0\.0\.1(:|$)' \ | ||
--cors-allowed-origins='//localhost(:|$)' \ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
move left from here on
/hold |
4096ae0
to
8047b34
Compare
@stlaz Put back in WIP till tests are passing and squashed. |
/test e2e-agnostic |
/hold cancel |
/test e2e-agnostic-ipv6 |
/test e2e-agnostic |
/test e2e-agnostic-ipv6 |
@EmilyM1: The following test failed, say
Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
/lgtm |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: EmilyM1, stlaz The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Removes static elements of audit policy and allows for dynamic creation with groups specified.