Uploaded image for project: 'OpenShift Logging'
  1. OpenShift Logging
  2. LOG-4815

HttpReceiver requires Audit Permissions to be used

    XMLWordPrintable

Details

    • False
    • None
    • False
    • NEW
    • NEW
    • Hide
      Before this change it was necessary to create a ClusterRoleBinding to collect audit permissions for http receiver inputs. This relaxes that restriction to no longer require the ClusterRoleBinding since the endpoint already depends upon the cluster certificat authority.
      Show
      Before this change it was necessary to create a ClusterRoleBinding to collect audit permissions for http receiver inputs. This relaxes that restriction to no longer require the ClusterRoleBinding since the endpoint already depends upon the cluster certificat authority.
    • Bug Fix
    • Proposed
    • Log Collection - Sprint 245

    Description

      Description of problem:

      HCP has a limitation where it is unable to create the clusterrolebinding needed to enable audit log collection. Discussion with the logging team resolved this is an unnecessary restriction since:

      • The server already mounts cluster CA to receive logs
      • It's difficult for outside admins to have knowledge of cluster permissions
      • In future, we will add additional cert config if needed to provided additional security

      Version-Release number of selected component (if applicable):

      How reproducible:

      Steps to Reproduce:

      3. ...

      Actual results:

      Expected results:

      Additional info:

      Attachments

        Activity

          People

            jcantril@redhat.com Jeffrey Cantrill
            jcantril@redhat.com Jeffrey Cantrill
            Anping Li Anping Li
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: