Jordan Liggitt
Jordan Liggitt
The following files reference a metadata-only audit policy in order to prevent logging request/response contents for sensitive resources: * https://github.com/dev-sec/cis-kubernetes-benchmark/blob/master/controls/3_2_control_plane_logging.rb A recent [bugfix](https://github.com/kubernetes/kubernetes/pull/102040) resolves logging of subresource requests which would...
https://github.com/kubernetes-sigs/cluster-addons/blob/master/bootstrap/app/addon-manager.go#L73 references v1beta1 cronjobs which will no longer be served in 1.25+ xref https://github.com/kubernetes/kubernetes/pull/108797#issuecomment-1122510966
The following files reference a metadata-only audit policy in order to prevent logging request/response contents for sensitive resources: * https://github.com/crosscloudci/cross-cloud/blob/master/validate-cluster/cluster/gce/gci/configure-helper.sh * https://github.com/crosscloudci/cross-cloud/blob/master/master_templates-v1.13.0-ubuntu/audit-policy.yaml A recent Kubernetes [bugfix](https://github.com/kubernetes/kubernetes/pull/102040) means that audit-logging of...
Switches to use the extracted cobra-cli command since it is being removed from the github.com/spf13/cobra module (xref https://github.com/spf13/cobra/issues/1597) The first commit updates tools to the current spf13/cobra and tidies, the...
The approach taken by json-iterator and its reflect library is not long-term stable (it pins to internal details of the stdlib reflect package), and requires maintenance per go release, which...
Sweeping token-scraping of auto-generated Kubernetes token secrets in preparation for Kubernetes 1.24 showed the following code locations assume auto-generated tokens will exist: https://github.com/argoproj/argo-workflows/blob/62e0a8ce4e74d2e19f3a9c0fb5e52bd58a6b944b/workflow/controller/operator.go#L3605 https://github.com/argoproj/argo-workflows/blob/a3c326fdf0d2133d5e78ef71854499f576e7e530/server/auth/webhook/interceptor.go#L90 https://github.com/argoproj/argo-workflows/blob/a3c326fdf0d2133d5e78ef71854499f576e7e530/server/auth/gatekeeper.go#L321 That assumption is not universally...
Fixes #364 Use the v1 API to collect Ingress objects to avoid tripping metrics for use of deprecated APIs
The cluster collector fetches ingresses using the extensions/v1beta1 API, instead of the networking.k8s.io/v1 API. This triggers metrics and audit logs for use of deprecated APIs.
1. Request an OAuth token with scope `user:info user:list-projects` 2. Use the token in the cli (`oc login --token=`) 3. Attempt to log out (`oc logout`) The log out attempts...
This issue is to coordinate efforts to improve and add to the [API conventions](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md) and [API changes](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api_changes.md) documentation, based on existing issues filed, and feedback from reviewers/shadows. Questions encountered during...