mirror of
https://github.com/edgelesssys/constellation.git
synced 2025-01-16 18:07:08 -05:00
6dc97590fe
* Enable and configure k8s audit-log * Update coordinator/kubernetes/k8sapi/kubeadm_config.go Co-authored-by: Malte Poll <mp@edgeless.systems> * add mount point for audit log dir in kubeadm conf * Mount audit policy into kube-apiserver static pod * Write default auditpolicy on cluster init / cluster join Co-authored-by: Malte Poll <mp@edgeless.systems>
34 lines
761 B
Go
34 lines
761 B
Go
package resources
|
|
|
|
import (
|
|
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
|
auditv1 "k8s.io/apiserver/pkg/apis/audit/v1"
|
|
)
|
|
|
|
// AuditPolicy defines rulesets for what should be logged in the kube-apiserver audit log.
|
|
// reference: https://kubernetes.io/docs/tasks/debug/debug-cluster/audit/ .
|
|
type AuditPolicy struct {
|
|
Policy auditv1.Policy
|
|
}
|
|
|
|
func NewDefaultAuditPolicy() *AuditPolicy {
|
|
return &AuditPolicy{
|
|
Policy: auditv1.Policy{
|
|
TypeMeta: v1.TypeMeta{
|
|
APIVersion: "audit.k8s.io/v1",
|
|
Kind: "Policy",
|
|
},
|
|
Rules: []auditv1.PolicyRule{
|
|
{
|
|
Level: auditv1.LevelMetadata,
|
|
},
|
|
},
|
|
},
|
|
}
|
|
}
|
|
|
|
// Marshal marshals the audit policy as a YAML document.
|
|
func (p *AuditPolicy) Marshal() ([]byte, error) {
|
|
return MarshalK8SResources(p)
|
|
}
|