Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

k8s_audit_rules: kube-apiserver-healthcheck user whitelist #1286

Merged
merged 1 commit into from
Jun 30, 2020
Merged

k8s_audit_rules: kube-apiserver-healthcheck user whitelist #1286

merged 1 commit into from
Jun 30, 2020

Conversation

antoinedeschenes
Copy link
Contributor

@antoinedeschenes antoinedeschenes commented Jun 29, 2020
edited by leogr
Loading

What type of PR is this?

/kind bug
/kind rule-update

Any specific area of the project related to this PR?

/area rules

What this PR does / why we need it:

kops 1.17 adds a kube-apiserver-healthcheck user: https://github.com/kubernetes/kops/tree/master/cmd/kube-apiserver-healthcheck

Logs are currently spammed with:

{"output":"18:02:15.466580992: Warning K8s Operation performed by user not in allowed list of users (user=kube-apiserver-healthcheck target=<NA>/<NA> verb=get uri=/healthz resp=200)","priority":"Warning","rule":"Disallowed K8s User","time":"2020-06-29T18:02:15.466580992Z", "output_fields": {"jevt.time":"18:02:15.466580992","ka.response.code":"200","ka.target.name":"<NA>","ka.target.resource":"<NA>","ka.uri":"/healthz","ka.user.name":"kube-apiserver-healthcheck","ka.verb":"get"}}

Which issue(s) this PR fixes:

Fixes #

Special notes for your reviewer:

Does this PR introduce a user-facing change?:

NONE

rule(list allowed_k8s_users): whitelisted kube-apiserver-healthcheck user created by kops >= 1.17.0 for the kube-apiserver-healthcheck sidecar

@poiana poiana requested review from fntlnz and Kaizhe June 29, 2020 18:08
@poiana
Copy link
Contributor

poiana commented Jun 29, 2020

Welcome @antoinedeschenes! It looks like this is your first PR to falcosecurity/falco 🎉

@poiana poiana added the size/XS label Jun 29, 2020
Kaizhe
Kaizhe suggested changes Jun 29, 2020
View reviewed changes
rules/k8s_audit_rules.yaml Outdated Show resolved Hide resolved
@antoinedeschenes
rule(Disallowed K8s User): whitelist kube-apiserver-healthcheck
9e93251 
kops 1.17 adds a kube-apiserver-healthcheck user: https://github.com/kubernetes/kops/tree/master/cmd/kube-apiserver-healthcheck

Logs are currently spammed with:
```
{"output":"18:02:15.466580992: Warning K8s Operation performed by user not in allowed list of users (user=kube-apiserver-healthcheck target=<NA>/<NA> verb=get uri=/healthz resp=200)","priority":"Warning","rule":"Disallowed K8s User","time":"2020-06-29T18:02:15.466580992Z", "output_fields": {"jevt.time":"18:02:15.466580992","ka.response.code":"200","ka.target.name":"<NA>","ka.target.resource":"<NA>","ka.uri":"/healthz","ka.user.name":"kube-apiserver-healthcheck","ka.verb":"get"}}
```

Signed-off-by: Antoine Deschênes <[email protected]>
@Kaizhe
Copy link
Contributor

Kaizhe commented Jun 29, 2020

/lgtm

@poiana poiana added the lgtm label Jun 29, 2020
@poiana
Copy link
Contributor

poiana commented Jun 29, 2020

LGTM label has been added.

Git tree hash: fde094bc20583e607f6174b67b6c2dfda7fca0c8

@Kaizhe
Copy link
Contributor

Kaizhe commented Jun 29, 2020

@antoinedeschenes thank you for the contribution!

@antoinedeschenes antoinedeschenes requested a review from Kaizhe June 29, 2020 19:20
@poiana
Copy link
Contributor

poiana commented Jun 30, 2020

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: fntlnz, Kaizhe, leodido

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@poiana
Copy link
Contributor

poiana commented Jun 30, 2020

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: fntlnz, Kaizhe, leodido

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@poiana poiana merged commit a5cadbf into falcosecurity:master Jun 30, 2020
@leogr leogr added this to the 0.24.0 milestone Jul 15, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@fntlnz fntlnz fntlnz approved these changes

@Kaizhe Kaizhe Kaizhe approved these changes

@leodido leodido leodido approved these changes

Assignees

@leodido leodido

@Kaizhe Kaizhe

@fntlnz fntlnz

Labels
approved area/rules dco-signoff: yes kind/bug kind/rule-update lgtm release-note size/XS
Projects
None yet
Milestone
0.24.0
Development

Successfully merging this pull request may close these issues.
6 participants
@antoinedeschenes @poiana @Kaizhe @leodido @fntlnz @leogr