Auditing is not working anymore #39
Comments
|
i'll take a look. we've informally deprecated the audit capability, with the thinking that it's much better to be done that the API server layer anyways. What are you looking to get out of kube-oidc-proxy for audit that the API server doesn't have? |
|
The kube-oidc-proxy audit logging was at hand and I didn't need to make changes at the fluentd/fluentbit logging solution. |
|
@rmaihge can you please provide your full policy file? i'm looking at this now. hoping to include whatever fix is needed in the release i'm working on now |
|
The policy file used is: |
mlbiam
added a commit
to mlbiam/kube-oidc-proxy
that referenced
this issue
Nov 28, 2023
…user the user to the impersonated user if impersonation headers sent
|
@rmaihge give |
mlbiam
added a commit
to mlbiam/kube-oidc-proxy
that referenced
this issue
Nov 28, 2023
…ver make it to the audit handler
|
Bug solved. |
|
This fix was included in the 1.0.6 release that was cut last week |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hello,
Using the latest version of kube-oidc-proxy the auditing is not working anymore.
Please check my setup for running the application:
`
root@oidc-proxy-kube-oidc-proxy-5fdb8f4d78-wkc9q:/# ps -ef|grep oidc
root 1 0 0 13:03 ? 00:00:06 kube-oidc-proxy --secure-port=443 --tls-cert-file=/etc/oidc/tls/crt.pem --tls-private-key-file=/etc/oidc/tls/key.pem --oidc-client-id=xxxxxxxx --oidc-issuer-url=https://example.com --oidc-username-claim=sub --oidc-ca-file
=/etc/oidc/oidc-ca.pem --oidc-groups-claim=groups --oidc-signing-algs=RS256 --audit-log-path=/dev/stdout --audit-policy-file=/audit/audit.yaml
root@oidc-proxy-kube-oidc-proxy-5fdb8f4d78-wkc9q:/# cat audit/audit.yaml
apiVersion: audit.k8s.io/v1
kind: Policy
rules:
`
It is not clear for me from what version is this happening.
Can you please check and advice?
Thank you!
The text was updated successfully, but these errors were encountered: