apiserver

Commit Graph

Author	SHA1	Message	Date
carlory	146083d06b	deprecate audit.k8s.io/v1[alpha\|beta]1 versions Kubernetes-commit: cad9c245b84fd16cbb5bf240622af07ce7bc3585	2021-02-08 11:22:29 +08:00
Jiaxin Shan	dfad5032fb	Fix ALPHA stability level reference link Kubernetes-commit: e01a21469b9719f7d0e84021c032cd8f0016b5d2	2021-01-31 15:37:07 -08:00
yoyinzyc	6f3753addf	add context to metric in apiserver/audit Kubernetes-commit: 4ba3f1a982227a30b083f6359e76a616e9eabfd1	2021-01-20 12:04:41 -08:00
lala123912	cebcef9fb1	staging/src/k8s.io/apiserver/pkg/audit/policy/reader.go migrate logs to structured logging Kubernetes-commit: eb8f8368bc33a46c0ec595e3f015979420b49a5c	2021-01-21 11:43:30 +08:00
Abu Kashem	50cce843c9	Take into account latency incurred in server filters apiserver_request_duration_seconds does not take into account the time a request spends in the server filters. If a filter takes longer then the latency incurred will not be reflected in the apiserver latency metrics. For example, the amount of time a request spends in priority and fairness machineries or in shuffle queues will not be accounted for. - Add a server filter that attaches request received timestamp to the request context very early in in the handler chain (as soon as net/http hands over control to us). - Use the above received timestamp in the apiserver latency metrics apiserver_request_duration_seconds. - Use the above received timestamp in the audit layer to set RequestReceivedTimestamp. Kubernetes-commit: d74ab9e1a4929be208d4529fd12b76d3fcd5d546	2020-09-18 16:46:07 -04:00
Stephen Solka	5f7ddf0f68	prefer NoError/Error over Nil/NotNil Kubernetes-commit: 203679cc6105ea490e75af1efa83497b771d7d36	2020-07-18 20:23:35 -04:00
David Eads	9fd9fcfad5	remove-api Kubernetes-commit: e857adbdfdba795ceca870f194d8d8a296bbdc21	2020-05-27 14:27:08 -04:00
Davanum Srinivas	5879417a28	switch over k/k to use klog v2 Signed-off-by: Davanum Srinivas <davanum@gmail.com> Kubernetes-commit: 442a69c3bdf6fe8e525b05887e57d89db1e2f3a5	2020-04-17 15:25:06 -04:00
Monis Khan	1873d19869	Allow handlers early in the request chain to set audit annotations This change adds the generic ability for request handlers that run before WithAudit to set annotations in the audit.Event.Annotations map. Note that this change does not use this capability yet. Determining which handlers should set audit annotations and what keys and values should be used requires further discussion (this data will become part of our public API). Signed-off-by: Monis Khan <mok@vmware.com> Kubernetes-commit: 0bc62112adf270ef4efada37286319c229324c7b	2020-03-19 20:02:37 -04:00
Guangming Wang	ab9ec5ee43	fix: replace TrimLeft with TrimPrefix and TrimRight with TrimSuffix Kubernetes-commit: 51b7ef2c87e3321668fedecbbc02c1a16357033d	2019-12-02 21:27:15 +08:00
Mike Danese	44b9fc84ab	migrate callers to g/g/uuid Kubernetes-commit: a4ca9e6c93e45b4a97e7d04df37362299088f64a	2019-11-04 23:15:20 -08:00
Jordan Liggitt	a653e5ab1a	Export UserInfo conversion, use authnv1.UserInfo in audit Kubernetes-commit: 0e787a4b78a849fa66a02126721dd185e7c00955	2019-09-09 08:54:54 -04:00
Han Kang	3e6e1db500	add some documentation around the metrics stability migration changes for clarity Kubernetes-commit: 4e5d906c4d008f914b0ede26ea91533d6343dec5	2019-08-26 19:15:30 -07:00
Han Kang	b9084e350a	migrate kube-apiserver metrics to stability framework Kubernetes-commit: 466980dd747e06e55451301c624eecccfa505123	2019-08-22 15:38:42 -07:00
Haowei Cai	70c200c6a0	audit & admission: associate annotation with audit level Kubernetes-commit: 318226f3403f56aaf796af3f439c13674aa2b7ab	2019-05-31 15:36:29 -07:00
Mehdy Bohlool	6c13576bf2	Add port to ServiceResolvers Kubernetes-commit: 11f37d757fc0b710245446c80a8c9578ce2c02f1	2019-03-01 16:32:50 -08:00
Mehdy Bohlool	f06a9dc218	Add port to ServiceReference of Admission Webhooks, ConversionWebhooks and AuditSync with defaulter and validator Kubernetes-commit: 404e2f7a30626f02b55180bccf6a5f16bcbbfa82	2019-03-01 14:35:42 -08:00
leigh capili	7762f62741	Refactor loops over SupportedMediaTypes() where mediaType is used to match a single SerializerInfo{} We have an existing helper function for this: runtime.SerializerInfoForMediaType() This is common prep-work for encoding runtime.Objects into JSON/YAML for transmission over the wire or writing to ComponentConfigs. Kubernetes-commit: 47e52d2981dc2a5c5950042f50688cf24dd92eda	2019-04-04 19:01:01 -06:00
David Eads	22712db708	make audit metadata work for custom resources Kubernetes-commit: 9d41c0099adc9a9328209075421eb42681bd4b09	2019-02-26 14:37:58 -05:00
Patrick Barker	2ca48066d7	Audit test utils fix (#74276 ) * changes audit e2e event version scheme; adds internal audit to common audit scheme; removes unneeded comments * add more detail to audit missing events in e2e/integration tests * adds version priority to audit scheme; updates comment Kubernetes-commit: 9e4f8d6fae3a43833dbe9edcefd9170aa97496d7	2019-02-22 01:19:51 -07:00
Roy Lenferink	4c9524b9fb	Updated OWNERS files to include link to docs Kubernetes-commit: b43c04452f3b563473b5c2a765d4ac18cc0ff58f	2019-01-30 20:05:00 +01:00
Daniel Kłobuszewski	877329b0f3	Add option to k8s apiserver to reject incoming requests upon audit failure Kubernetes-commit: 7a10f4eda725f55bec9893eb1c03f2402dbcd32f	2018-07-03 14:40:55 +02:00
Patrick Barker	9fd62b6f47	adds dynamic audit configuration Kubernetes-commit: eb89d3dddd3792b0a6cd724e64bbbc11d6c15380	2018-10-18 21:34:17 -05:00
Davanum Srinivas	2710b17b80	Move from glog to klog - Move from the old github.com/golang/glog to k8s.io/klog - klog as explicit InitFlags() so we add them as necessary - we update the other repositories that we vendor that made a similar change from glog to klog * github.com/kubernetes/repo-infra * k8s.io/gengo/ * k8s.io/kube-openapi/ * github.com/google/cadvisor - Entirely remove all references to glog - Fix some tests by explicit InitFlags in their init() methods Change-Id: I92db545ff36fcec83afe98f550c9e630098b3135 Kubernetes-commit: 954996e231074dc7429f7be1256a579bedd8344c	2018-11-09 13:49:10 -05:00
Patrick Barker	f3b69c3f89	adds dynamic audit plugins Kubernetes-commit: 8eb2150689159bd011aec189cf77e5b15fbcb22b	2018-10-18 21:34:02 -05:00
Jordan Liggitt	e206313b1e	audit subproject owners/reviewers Kubernetes-commit: 4fe30e92fa655b08f819bc449ca6002a7ccd3eea	2018-11-02 12:46:56 -04:00
David Eads	3aa496e8ef	allow audit policy to be loaded from any byte source Kubernetes-commit: 5d46ff41d85a825d508d8c9ec32b90a27de18350	2018-09-13 14:25:16 -04:00
Christoph Blecker	92e87e143a	Update gofmt for go1.11 Kubernetes-commit: 97b2992dc191a357e2167eff5035ce26237a4799	2018-10-05 12:59:38 -07:00
Cao Shufeng	b40373204e	use Audit v1 api and add it to some unit tests Kubernetes-commit: 716dc87a1095027f9ab08ee59abfffab1d15ec29	2018-07-27 14:06:29 +08:00
Cao Shufeng	28497af6f8	upgrade advanced Audit to stable Kubernetes-commit: 6d2c2ef1697aa2671358e383e258735eeb26e65c	2018-07-06 13:35:20 +08:00
xuzhonghu	bc8364d7ab	Add String method to audit.Backend interface Kubernetes-commit: 416a478cf6e4ea2aaecf5108aade563c9fc3fc53	2018-07-18 17:35:08 +08:00
Mikhail Mazurskiy	0f7bbcadfb	Add missing error handling in schema-related code Kubernetes-commit: bfe313d5f351dfae086a85a97e7103183173e5b5	2018-06-03 14:59:58 +10:00
xuzhonghu	895382e183	limit User-Agent max length 1024 and add ...TRUNCATED suffix Kubernetes-commit: f0b1f1c2f67877ddb2eceac5eb7c9c4ea22b4b6b	2018-06-20 11:15:09 +08:00
xuzhonghu	c739da1f02	logging user-agent in audit Kubernetes-commit: d066d547cce64a4f02bb05d718bc53fe71d06ad3	2018-06-06 10:53:03 +08:00
Cao Shufeng	69b26e07a7	avoid duplicate status in audit events Fixes: https://github.com/kubernetes/kubernetes/issues/60108 Kubernetes-commit: 4d20c38c337525f8105969a582ce421f52d09c8e	2018-04-25 10:13:51 +08:00
Kubernetes Publisher	627fa76a8b	sync: initially remove files BUILD /BUILD BUILD.bazel /BUILD.bazel	2018-03-15 09:38:17 +00:00
Tim Allclair	d89e8e9460	Fix default auditing options. - Log backend defaults to blocking mode (backwards compatability) - Fix webhook validation - Add options test Kubernetes-commit: e004257919d779d56f27ad84c7f33799cc7ab580	2018-03-02 15:16:37 -08:00
hzxuzhonghu	7fb69020af	fix typo and remove inaccurate TODO Kubernetes-commit: d94925af8854031f1548466c655afd3119613785	2018-02-23 09:27:37 +08:00
Jeff Grafton	1ab12b2dc8	Autogenerated: hack/update-bazel.sh Kubernetes-commit: ef56a8d6bb3800ab7803713eafc4191e8202ad6e	2018-02-16 13:43:01 -08:00
Cao Shufeng	01b15f1056	fix invalid match rules for advanced audit policy When users or groups are set in a rule, this rule should not match attribute with unauthorized request where user and group are nil. Kubernetes-commit: 9a7acaae1d5015886cc7c3bc46fc3d973045dc2a	2018-02-06 14:05:57 +08:00
hzxuzhonghu	5dc3326df1	add test case Kubernetes-commit: cc135e985ccde88ac662b33ef81dd71de3ad0520	2017-11-08 16:20:16 +08:00
hzxuzhonghu	a94f246093	audit support wildcard matching subresources Kubernetes-commit: 6e83d88be906c174ab3860eec70f2a4aec0ecb48	2017-11-08 16:03:26 +08:00
Cao Shufeng	d49980e0ed	run hack/update-all.sh Kubernetes-commit: c512a078e92bcabcca01a83d0367aa8235562e12	2018-01-26 10:32:48 +08:00
Cao Shufeng	8af8554968	add Annotations to audit event Kubernetes-commit: 97b0d99a33d71250bc7f967135c435e62343d9b8	2018-01-08 12:00:33 +08:00
Cao Shufeng	2a2505e824	remove duplicated import Kubernetes-commit: 4e7398b67b12390486012dd6f9d708dd64f961f3	2018-01-11 19:15:11 +08:00
Jeff Grafton	c8a97ee31a	Autogenerate BUILD files Kubernetes-commit: efee0704c60a2ee3049268a41535aaee7f661f6c	2017-12-23 13:06:26 -08:00
Cao Shufeng	d3301ca8d8	[advanced audit]add a policy wide omitStage Kubernetes-commit: d75c0f0e21af8229ed3147e9a798441221c03574	2017-10-27 10:01:01 +08:00
Eric Chiang	f3797a6c71	audit policy: reject audit policy files without apiVersion and kind Kubernetes-commit: fa40bc8f18f7c153910d048bbafefc430fe9bd11	2017-10-19 17:27:29 -07:00
Jeff Grafton	f4dbe23125	update BUILD files Kubernetes-commit: aee5f457dbfd70c2d15c33e392dce6a3ca710116	2017-10-12 13:52:10 -07:00
Cao Shufeng	f7e881914a	support micro time for advanced audit Kubernetes-commit: 817bc6954ca9af02013fd8f492f8ef865c217b0d	2017-09-25 11:56:30 +08:00

1 2

79 Commits