Open eak13 opened 3 years ago
For the deployment logging, there may be a tie in with https://github.com/airshipit/airshipctl/issues/335
please assign it to me
Please ensure that this is included in the airship-core type deployment
@niharikabhavaraju - Niharika, is there an updated status, and are we close(r) to finishing?
Status: Created a PS earlier https://review.opendev.org/c/airship/treasuremap/+/783456 (abandoned this because v2 branch no longer exists), created a new PS https://review.opendev.org/c/airship/treasuremap/+/791979 with fixes of review comments in older PS. Currently I'm testing the PS by deploying test-site in treasuremap, running into an error while deploying controlplane. I'm working on fixing the error.
https://review.opendev.org/c/airship/treasuremap/+/791979 moved to master
Do we have any update on it?
@pallavgupta Once we're firmer on the logging requirements, I will update the issue accordingly. @niharikabhavaraju has done a fair amount of the development already, but we still need to nail down some of the parameter settings.
I can take this one
As an operator deploying or managing a site using Airshipctl, I want the ability to enable Kubernetes auditing so that I can diagnose and resolve problems, track deployment progress, verify security integrity, and provide a clear audit trail of K8s activities.
Treasuremap will provide a general template for enabling K8s auditing within the API server. This template should provide the following:
As a reference, see the following from Airship 1 which provides metadata level auditing based on a user provided audit policy (lines 136 - 144). https://github.com/airshipit/promenade/blob/master/charts/apiserver/values.yaml
More on Kubernetes auditing can be found here: https://kubernetes.io/docs/tasks/debug-application-cluster/audit/
Acceptance Criteria