Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2024-10-01 01:36:09 -04:00
Code Issues Packages Projects Releases Wiki Activity
cff735b0ee
constellation/bootstrapper/internal/kubernetes/k8sapi/resources/auditpolicy.go

42 lines
993 B
Go
Raw Normal View History

add license headers sed -i '1i/*\nCopyright (c) Edgeless Systems GmbH\n\nSPDX-License-Identifier: AGPL-3.0-only\n*/\n' `grep -rL --include='*.go' 'DO NOT EDIT'` gofumpt -w .
2022-09-05 03:06:08 -04:00
/*
Copyright (c) Edgeless Systems GmbH
SPDX-License-Identifier: AGPL-3.0-only
*/
Enable and configure k8s audit-log (#160) * Enable and configure k8s audit-log * Update coordinator/kubernetes/k8sapi/kubeadm_config.go Co-authored-by: Malte Poll <mp@edgeless.systems> * add mount point for audit log dir in kubeadm conf * Mount audit policy into kube-apiserver static pod * Write default auditpolicy on cluster init / cluster join Co-authored-by: Malte Poll <mp@edgeless.systems>
2022-05-20 11:30:37 -04:00
package resources
import (
Upgrade go module to v2
2022-09-21 07:47:57 -04:00
"github.com/edgelesssys/constellation/v2/internal/kubernetes"
Enable and configure k8s audit-log (#160) * Enable and configure k8s audit-log * Update coordinator/kubernetes/k8sapi/kubeadm_config.go Co-authored-by: Malte Poll <mp@edgeless.systems> * add mount point for audit log dir in kubeadm conf * Mount audit policy into kube-apiserver static pod * Write default auditpolicy on cluster init / cluster join Co-authored-by: Malte Poll <mp@edgeless.systems>
2022-05-20 11:30:37 -04:00
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
auditv1 "k8s.io/apiserver/pkg/apis/audit/v1"
)
// AuditPolicy defines rulesets for what should be logged in the kube-apiserver audit log.
// reference: https://kubernetes.io/docs/tasks/debug/debug-cluster/audit/ .
type AuditPolicy struct {
Policy auditv1.Policy
}
Document exported funcs,types,interfaces and enable check. (#475) * Include EXC0014 and fix issues. * Include EXC0012 and fix issues. Signed-off-by: Fabian Kammel <fk@edgeless.systems> Co-authored-by: Otto Bittner <cobittner@posteo.net>
2022-11-09 09:57:54 -05:00
// NewDefaultAuditPolicy create a new default Constellation audit policty.
Enable and configure k8s audit-log (#160) * Enable and configure k8s audit-log * Update coordinator/kubernetes/k8sapi/kubeadm_config.go Co-authored-by: Malte Poll <mp@edgeless.systems> * add mount point for audit log dir in kubeadm conf * Mount audit policy into kube-apiserver static pod * Write default auditpolicy on cluster init / cluster join Co-authored-by: Malte Poll <mp@edgeless.systems>
2022-05-20 11:30:37 -04:00
func NewDefaultAuditPolicy() *AuditPolicy {
return &AuditPolicy{
Policy: auditv1.Policy{
TypeMeta: v1.TypeMeta{
APIVersion: "audit.k8s.io/v1",
Kind: "Policy",
},
Rules: []auditv1.PolicyRule{
{
Level: auditv1.LevelMetadata,
},
},
},
}
}
// Marshal marshals the audit policy as a YAML document.
func (p *AuditPolicy) Marshal() ([]byte, error) {
Move cloud metadata packages and kubernetes resources marshaling to internal Decouples cloud provider metadata packages from kubernetes related code Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-08-29 08:30:20 -04:00
return kubernetes.MarshalK8SResources(p)
Enable and configure k8s audit-log (#160) * Enable and configure k8s audit-log * Update coordinator/kubernetes/k8sapi/kubeadm_config.go Co-authored-by: Malte Poll <mp@edgeless.systems> * add mount point for audit log dir in kubeadm conf * Mount audit policy into kube-apiserver static pod * Write default auditpolicy on cluster init / cluster join Co-authored-by: Malte Poll <mp@edgeless.systems>
2022-05-20 11:30:37 -04:00
}
Reference in New Issue Copy Permalink