Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[FEAT] - Audit Log forwarding for central cluster audit logs #415

Closed
IvoGoman opened this issue Aug 5, 2024 · 2 comments · Fixed by #465
Closed

[FEAT] - Audit Log forwarding for central cluster audit logs #415

IvoGoman opened this issue Aug 5, 2024 · 2 comments · Fixed by #465
Assignees
@IvoGoman @uwe-mayer
Labels
feature internal

Comments

@IvoGoman
Copy link
Contributor

IvoGoman commented Aug 5, 2024
edited by uwe-mayer
Loading

Priority

(Medium) I'm annoyed but I'll live

Description

It is necessary to forward the audit logs of our central cluster to the internal logsink we are using for the other clusters.
This is required to drive the RBAC adoption.

We need to investigate how to ship logs from the gardener api server to octobus/elastic search.

Reference Issues

No response
@github-project-automation github-project-automation bot moved this to Sprint Backlog in Greenhouse Core Roadmap Aug 5, 2024
@IvoGoman IvoGoman mentioned this issue Aug 5, 2024
Open
4 tasks
@uwe-mayer uwe-mayer self-assigned this Aug 16, 2024
@uwe-mayer
Copy link
Contributor

uwe-mayer commented Aug 16, 2024
edited
Loading

It seems Gardener only supports audit log forwarding to SAP BTP Audit Log Service atm:
https://github.tools.sap/kubernetes/gardener-extension-shoot-auditlog-service/issues/135

To unblock us from proceeding with #388
we will forward all TeamRoleBindingController Admission Requests on Greenhouse Custom Resources to Octobus and audit log priviledge escalation there.

@uwe-mayer uwe-mayer mentioned this issue Aug 21, 2024
Merged
11 tasks
@github-project-automation github-project-automation bot moved this from In progress to Done in Greenhouse Core Roadmap Aug 23, 2024
@uwe-mayer uwe-mayer reopened this Aug 23, 2024
@IvoGoman
Copy link
Contributor Author

Closing in favor of #485

@uwe-mayer uwe-mayer mentioned this issue Aug 30, 2024
Merged
11 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@IvoGoman IvoGoman

@uwe-mayer uwe-mayer

Labels
feature internal
Projects
Greenhouse Core Roadmap
Status: Done
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat(webhook): Log all admission requests of CRDs cloudoperators/greenhouse
2 participants
@IvoGoman @uwe-mayer