Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Audit Policy Docs #3747

Merged
merged 1 commit into from
Nov 1, 2017
Merged

Audit Policy Docs #3747

merged 1 commit into from
Nov 1, 2017

Conversation

gambol99
Copy link
Contributor

  • adding some documentation on the audit policy

@gambol99
Audit Policy Docs
b3d4dd9 
- adding some documentation on the audit policy
@k8s-ci-robot k8s-ci-robot added cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. labels Oct 31, 2017
@chrislovecnm
Copy link
Contributor

We neee to start updating the new docs and spot using this document

@chrislovecnm
Copy link
Contributor

/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Oct 31, 2017
@k8s-github-robot
Copy link

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: chrislovecnm

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these OWNERS Files:

You can indicate your approval by writing /approve in a comment
You can cancel your approval by writing /approve cancel in a comment

@k8s-github-robot k8s-github-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Oct 31, 2017
@k8s-github-robot
Copy link

/test all [submit-queue is verifying that this PR is safe to merge]

@k8s-github-robot
Copy link

Automatic merge from submit-queue.

@k8s-github-robot k8s-github-robot merged commit 2842ed1 into kubernetes:master Nov 1, 2017
@97turbotalon
Copy link

+Note: you could use the fileAssets feature to push an advanced audit policy file on the master nodes.

Tried using fileAssests for the audit-policy file on the master and receive the following error from KOPS v1.8.0 when saving the KOPS config
error parsing config: no kind "Policy" is registered for version "audit.k8s.io/v1beta1"

Additional Information:
spec:
kubeAPIServer:
auditLogPath: /var/log/kube-apiserver-audit.log
auditLogMaxAge: 30
auditLogMaxBackups: 1
auditLogMaxSize: 100
auditPolicyFile: /srv/kubernetes/audit-policy.conf

fileAssets:

  • name: audit-policy.yaml
    path: /srv/kubernetes/audit-policy.yaml
    roles: [Master]
    content: |
    kind: Policy
    apiVersion: audit.k8s.io/v1beta1
    rules:
    - level: Metadata

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@chrislovecnm chrislovecnm chrislovecnm approved these changes

Assignees

@chrislovecnm chrislovecnm

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. lgtm "Looks good to me", indicates that a PR is ready to be merged. size/XS Denotes a PR that changes 0-9 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@gambol99 @chrislovecnm @k8s-github-robot @97turbotalon @k8s-ci-robot