From a5cadbf5fabe7b90b3181619dbf973902a3f2917 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Antoine=20Desch=C3=AAnes?= Date: Mon, 29 Jun 2020 14:06:32 -0400 Subject: [PATCH] rule(Disallowed K8s User): whitelist kube-apiserver-healthcheck MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit kops 1.17 adds a kube-apiserver-healthcheck user: https://github.com/kubernetes/kops/tree/master/cmd/kube-apiserver-healthcheck Logs are currently spammed with: ``` {"output":"18:02:15.466580992: Warning K8s Operation performed by user not in allowed list of users (user=kube-apiserver-healthcheck target=/ verb=get uri=/healthz resp=200)","priority":"Warning","rule":"Disallowed K8s User","time":"2020-06-29T18:02:15.466580992Z", "output_fields": {"jevt.time":"18:02:15.466580992","ka.response.code":"200","ka.target.name":"","ka.target.resource":"","ka.uri":"/healthz","ka.user.name":"kube-apiserver-healthcheck","ka.verb":"get"}} ``` Signed-off-by: Antoine DeschĂȘnes --- rules/k8s_audit_rules.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rules/k8s_audit_rules.yaml b/rules/k8s_audit_rules.yaml index e09e898a..d24a4ee6 100644 --- a/rules/k8s_audit_rules.yaml +++ b/rules/k8s_audit_rules.yaml @@ -45,7 +45,7 @@ - list: allowed_k8s_users items: [ - "minikube", "minikube-user", "kubelet", "kops", "admin", "kube", "kube-proxy", + "minikube", "minikube-user", "kubelet", "kops", "admin", "kube", "kube-proxy", "kube-apiserver-healthcheck", vertical_pod_autoscaler_users, ]