kubernetes
/
apiserver
mirror of https://github.com/kubernetes/apiserver.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
5,088 Commits 29 Branches 1,436 Tags 31 MiB
Commit Graph

46 Commits

Author SHA1 Message Date
Abu Kashem 450b7e8f12 rename audit Checker interface 
Kubernetes-commit: 27f150351475adaef416bd893403e7066b70d33a
 2021-03-24 13:07:21 -04:00
Alexi Kessler 80b28d7c2c Update doc description for --audit-log-maxbackup 
Per https://pkg.go.dev/gopkg.in/natefinch/lumberjack.v1 a value of 0 will retain all logs. Not understanding this led to an outage for my team.

Kubernetes-commit: 94977dce8d13ec1e8b4bd8b449f555af685c3ab6
 2021-07-22 09:42:30 -04:00
Andrew Rynhard bfbd0aaa7d Do not try to create an audit log file named "-" 
That PR fixes --audit-log-path=- support.
It now logs to stdout as in 1.21.

Kubernetes-commit: 7728428f017350d5fb9a91e6e5dc3ccf86348478
 2021-07-23 14:26:28 +00:00
Juan Antonio Osorio Robles 332add01ef Ensure audit log permissions are restricted 
While the apiserver audit options merely use the lumberjack logger in
order to write the appropriate log files, this library has very loose
permissions by default for these files [1]. However, this library will
respect the permissions that the file has, if it exists already. This is
also the most tested scenario in the library [2].

So, let's follow the pattern marked in the library's tests and
pre-create the audit log file with an appropriate mode.

[1] https://github.com/natefinch/lumberjack/blob/v2.0/lumberjack.go#L280
[2] https://github.com/natefinch/lumberjack/blob/v2.0/linux_test.go

Signed-off-by: Juan Antonio Osorio Robles <jaosorior@redhat.com>

Kubernetes-commit: 42df7bc5b3aa26bf545b6392b557833c7162c472
 2020-10-08 09:38:57 +03:00
xiongzhongliang fbe8ccc9bd Optimize some codes 
Kubernetes-commit: 4a24a08f936a295bf332b9567bea182e2feff554
 2021-02-28 01:00:09 +08:00
carlory 146083d06b deprecate audit.k8s.io/v1[alpha|beta]1 versions 
Kubernetes-commit: cad9c245b84fd16cbb5bf240622af07ce7bc3585
 2021-02-08 11:22:29 +08:00
Stefan Bueringer c8433b21e4 fix staticcheck: vendor/k8s.io/apiserver/pkg/server 
Kubernetes-commit: ed0adcb65e92198177bf23db97807b3312d6be29
 2020-11-17 11:58:13 +01:00
Abu Kashem 5254108841 make backoff parameters configurable for webhook 
Currently webhook retry backoff parameters are hard coded, we want
to have the ability to configure the backoff parameters for webhook
retry logic.

Kubernetes-commit: 53a1307f68ccf6c9ffd252eeea2b333e818c1103
 2020-10-30 11:25:32 -04:00
卢振兴10069964 3e37d6db5c add audit-log-compress to apiserver 
Kubernetes-commit: 9470f64a4f8af6439cb6c5c35335121446faade3
 2020-08-18 11:26:07 +08:00
Andrew Sy Kim 6746ccadda apiserver: support egress selection name 'controlplane' and deprecate 'master' 
Signed-off-by: Andrew Sy Kim <kim.andrewsy@gmail.com>

Kubernetes-commit: a0aebf96ec2eef6517e2611335f0e6c9375dd807
 2020-10-26 10:24:16 -04:00
David Eads a3201bc883 remove dynamic audit 
Kubernetes-commit: ed4e6f10265ae32b1c2c0b254a4d2c20590cfadd
 2020-05-27 14:04:09 -04:00
Davanum Srinivas 5879417a28 switch over k/k to use klog v2 
Signed-off-by: Davanum Srinivas <davanum@gmail.com>

Kubernetes-commit: 442a69c3bdf6fe8e525b05887e57d89db1e2f3a5
 2020-04-17 15:25:06 -04:00
Jefftree 13613a1c15 Address comment and remove if condition 
Kubernetes-commit: 61fa4e6c098559b65fe28c1bf55cb817697e38e5
 2020-02-27 17:18:57 -08:00
Jefftree 28f8e6670e audit webhook use network proxy 
Kubernetes-commit: cd57b830c142e2b9938ff801619070cf601c1422
 2019-12-19 12:29:37 -08:00
Patrick Barker 3039935d60 adds dynamic audit integration test 
Kubernetes-commit: d995047366153d86f0061b829ee4e7657f17996b
 2018-10-16 16:17:33 -06:00
Daniel Kłobuszewski 877329b0f3 Add option to k8s apiserver to reject incoming requests upon audit failure 
Kubernetes-commit: 7a10f4eda725f55bec9893eb1c03f2402dbcd32f
 2018-07-03 14:40:55 +02:00
WanLinghao f78d7e624c fix a description error in DynamicAuditing feature 
Kubernetes-commit: 84aa00c03df00eade6615ca009fa9b2943a98b8c
 2018-11-17 01:49:02 +08:00
Patrick Barker 9fd62b6f47 adds dynamic audit configuration 
Kubernetes-commit: eb89d3dddd3792b0a6cd724e64bbbc11d6c15380
 2018-10-18 21:34:17 -05:00
Davanum Srinivas 2710b17b80 Move from glog to klog 
- Move from the old github.com/golang/glog to k8s.io/klog
- klog as explicit InitFlags() so we add them as necessary
- we update the other repositories that we vendor that made a similar
change from glog to klog
  * github.com/kubernetes/repo-infra
  * k8s.io/gengo/
  * k8s.io/kube-openapi/
  * github.com/google/cadvisor
- Entirely remove all references to glog
- Fix some tests by explicit InitFlags in their init() methods

Change-Id: I92db545ff36fcec83afe98f550c9e630098b3135

Kubernetes-commit: 954996e231074dc7429f7be1256a579bedd8344c
 2018-11-09 13:49:10 -05:00
Chao Wang f8fa426bd3 Use `audit.k8s.io/v1` as default value of option --audit-webhook-version and --audit-log-version in release 1.13 
Kubernetes-commit: 9671a035f7e7308ac804b4637af19bac2ecce0f4
 2018-10-31 17:22:37 +08:00
Marian Lobur 7dbcbd39e2 Remove deprecated legacy audit logging code. 
Kubernetes-commit: 3f730d4c255e7c8ee67a020eed0b8f0a8f634750
 2018-07-05 13:57:17 +02:00
Tim Allclair 8e1390d9d4 Synchronous & unbatched audit log writes 
Kubernetes-commit: c9670d0652f8d7da662f71caac6fca2044296ae6
 2018-03-15 00:44:46 -07:00
Cao Shufeng b40373204e use Audit v1 api and add it to some unit tests 
Kubernetes-commit: 716dc87a1095027f9ab08ee59abfffab1d15ec29
 2018-07-27 14:06:29 +08:00
Cao Shufeng 8fe5561ce7 [trivial] fix option help message. 
s/andif/and if/

Kubernetes-commit: 42b93ab7244765dd744257a793b0b9c138146bb3
 2018-06-13 09:07:34 +08:00
Tim Allclair 554c4f1986 Fix MaxAge default audit log option 
Kubernetes-commit: 3dae49c6977526aba09dc070639ebc789b458411
 2018-06-18 14:36:50 -07:00
Mik Vyatskov 53e0783ab7 Implemented truncating audit backend 
Signed-off-by: Mik Vyatskov <vmik@google.com>

Kubernetes-commit: 52fae991305e3252ccc5c9c86a9b7abc04c149af
 2018-03-23 16:13:34 +01:00
Mik Vyatskov b2b70701e1 Make advanced audit output version configurable. 
Signed-off-by: Mik Vyatskov <vmik@google.com>

Kubernetes-commit: ad25d1f9ec398e5f9e91fd225cbbfdc5aa00973f
 2018-02-19 21:15:49 +01:00
Tim Allclair d89e8e9460 Fix default auditing options. 
- Log backend defaults to blocking mode (backwards compatability)
- Fix webhook validation
- Add options test

Kubernetes-commit: e004257919d779d56f27ad84c7f33799cc7ab580
 2018-03-02 15:16:37 -08:00
Cao Shufeng 6466b038b4 fix option --audit-webhook-initial-backoff 
Before this change, --audit-webhook-initial-backoff has no effect

Kubernetes-commit: 5bc5cd1b2ccb0b9fb5e652b579b4fb379428cb56
 2018-03-10 17:44:20 +08:00
Mik Vyatskov 9169f6d300 Add buffering to the log audit backend 
Signed-off-by: Mik Vyatskov <vmik@google.com>

Kubernetes-commit: 881e6d4f6f905079b2c27299e7b631b6903b6815
 2018-02-22 19:52:33 +01:00
Mik Vyatskov 8977dcee4a Make audit batch webhook backend configurable 
Signed-off-by: Mik Vyatskov <vmik@google.com>

Kubernetes-commit: 7e717ef3a6a57d31251ccee94d9e2dd29a70c27b
 2017-11-30 18:47:48 +01:00
Dr. Stefan Schimanski a063c5336d apiserver: avoid panics on nil sub-option structs 
Kubernetes-commit: b153268da79d2acf14e042945959801c3dba8221
 2017-09-09 21:44:32 +00:00
Cao Shufeng d2f7a0c820 Log a warning when --audit-policy-file not passed to apiserver 
Kubernetes-commit: 3b91f1cc0d32278a9baf2a4b9b4e416cbfb2457f
 2017-09-09 21:44:31 +00:00
Cao Shufeng 0c7ac2906f set AdvancedAuditing feature gate to true by default 
Kubernetes-commit: 1388426898f46de5e8730c3f71ce3ccaf50337b8
 2017-09-09 21:44:30 +00:00
Maciej Szulik 3c2866020c Switch audit output to v1beta1 
Kubernetes-commit: f3487f08c6c2444adde9ba110263c9132769332b
 2017-09-03 14:04:14 +00:00
Cao Shufeng e74487ab1a set --audit-log-format default to json 
Updates: https://github.com/kubernetes/kubernetes/issues/48561

Kubernetes-commit: 130f5d10adf13492f3435ab85a50d357a6831f6e
 2017-08-29 13:18:49 +00:00
Dr. Stefan Schimanski 24a3b34c79 audit: disable new v1beta1 types until incompatible changes are done 
Kubernetes-commit: 1dc251a1604b1576258f123ac8dd8390bba2e4a9
 2017-08-29 13:16:13 +00:00
huangjiuyuan 530dec4a81 adding validations on kube-apiserver audit log options 
Signed-off-by: huangjiuyuan <jiuyuan.huang@daocloud.io>

Kubernetes-commit: 21d0f815645ca3452719faf1ad69c63a9c3f3db2
 2017-07-19 03:49:08 +00:00
Cao Shufeng 8bc6800aeb support json output for log backend of advanced audit 
Kubernetes-commit: bc94370e9cbf3e54dc7dab1dbfc7404815eafb4c
 2017-07-16 04:08:41 +00:00
Cao Shufeng 924adf12df Add Validate() function for audit options 
Kubernetes-commit: cf8e3ccf1959942342ed0c10f6b43d46beb65e04
 2017-07-05 08:39:49 +00:00
Eric Chiang be1a712a68 apiserver: add a webhook implementation of the audit backend 
Kubernetes-commit: a88e0187f9f6083ed68d18e939a776c44c728e4b
 2017-06-13 20:47:30 +00:00
Tim St. Clair 8ff532a4cb Implement audit policy logic 
Kubernetes-commit: a5de309ee261aea15bb1cc12647b32640c2ac196
 2017-06-13 20:47:28 +00:00
Dr. Stefan Schimanski f7d766d92d audit: add audit event to the context and fill in handlers 
Kubernetes-commit: 0b5bcb021932355b3ff7c2b45fb579f4adad84bf
 2017-06-13 20:47:28 +00:00
xiangpengzhao 1512c30ca6 Delete "hard-coded" default value in flags usage. 
Kubernetes-commit: 420caf200cdb1ba41d6af43c5695c29de2082851
 2017-04-29 20:35:54 +00:00
deads2k 1e6581d944 use - to indicate audit log goes to system out 
Kubernetes-commit: 91f461283ec25dd43d55db97f981723a94f208b8
 2017-03-31 20:37:15 +00:00
deads2k d3c1c03062 move auditoptions to separate struct 2017-02-13 07:36:42 -05:00