-
Notifications
You must be signed in to change notification settings - Fork 208
/
allrequestbodies.yaml
42 lines (42 loc) · 1.2 KB
/
allrequestbodies.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
apiVersion: audit.k8s.io/v1
kind: Policy
metadata:
name: policy
# drop managed fields from audit, this is at global scope.
omitManagedFields: true
# Don't generate audit events for all requests in RequestReceived stage.
omitStages:
- "RequestReceived"
rules:
# Don't log requests for events
- level: None
resources:
- group: ""
resources: ["events"]
# Don't log authenticated requests to certain non-resource URL paths.
- level: None
userGroups: ["system:authenticated", "system:unauthenticated"]
nonResourceURLs:
- "/api*" # Wildcard matching.
- "/version"
- "/healthz"
- "/readyz"
# Don't log requests by "system:apiserver" on apirequestcounts
- level: None
users: ["system:apiserver"]
resources:
- group: "apiserver.openshift.io"
resources: ["apirequestcounts", "apirequestcounts/*"]
namespaces: [""]
# exclude resources where the body is security-sensitive
- level: Metadata
resources:
- group: "route.openshift.io"
resources: ["routes", "routes/status"]
- resources: ["secrets"]
- level: Metadata
resources:
- group: "oauth.openshift.io"
resources: ["oauthclients"]
# catch-all rule to log all other requests with request and response payloads
- level: RequestResponse