scottk/kubernetes
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/kubernetes.git synced 2025-10-31 18:28:13 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add new api groups to the GCE advanced audit policy

Browse Source
This commit is contained in:
Mik Vyatskov
2017-09-12 22:23:45 +02:00
parent be78d113b1
commit a9fb3c8efb
1 changed files with 10 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
cluster/gce/gci/configure-helper.sh
View File

@@ -485,6 +485,8 @@ function create-master-audit-policy {
local -r known_apis='
- group: "" # core
- group: "admissionregistration.k8s.io"
- group: "apiextensions.k8s.io"
- group: "apiregistration.k8s.io"
- group: "apps"
- group: "authentication.k8s.io"
- group: "authorization.k8s.io"
@@ -492,6 +494,7 @@ function create-master-audit-policy {
- group: "batch"
- group: "certificates.k8s.io"
- group: "extensions"
- group: "metrics"
- group: "networking.k8s.io"
- group: "policy"
- group: "rbac.authorization.k8s.io"
@@ -547,6 +550,13 @@ rules:
resources:
- group: "" # core
resources: ["namespaces", "namespaces/status", "namespaces/finalize"]
# Don't log HPA fetching metrics.
- level: None
users:
- system:kube-controller-manager
verbs: ["get", "list"]
resources:
- group: "metrics"
# Don't log these read-only URLs.
- level: None