Uploaded image for project: 'OpenShift Logging'
  1. OpenShift Logging
  2. LOG-4815

HttpReceiver requires Audit Permissions to be used

XMLWordPrintable

    • False
    • Hide

      None

      Show
      None
    • False
    • NEW
    • NEW
    • Hide
      Before this change it was necessary to create a ClusterRoleBinding to collect audit permissions for http receiver inputs. This relaxes that restriction to no longer require the ClusterRoleBinding since the endpoint already depends upon the cluster certificat authority.
      Show
      Before this change it was necessary to create a ClusterRoleBinding to collect audit permissions for http receiver inputs. This relaxes that restriction to no longer require the ClusterRoleBinding since the endpoint already depends upon the cluster certificat authority.
    • Bug Fix
    • Proposed
    • Log Collection - Sprint 245

      Description of problem:

      HCP has a limitation where it is unable to create the clusterrolebinding needed to enable audit log collection. Discussion with the logging team resolved this is an unnecessary restriction since:

      • The server already mounts cluster CA to receive logs
      • It's difficult for outside admins to have knowledge of cluster permissions
      • In future, we will add additional cert config if needed to provided additional security

      Version-Release number of selected component (if applicable):

      How reproducible:

      Steps to Reproduce:

      3. ...

      Actual results:

      Expected results:

      Additional info:

              jcantril@redhat.com Jeffrey Cantrill
              jcantril@redhat.com Jeffrey Cantrill
              Anping Li Anping Li
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: