github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-09-23 19:07:55 +00:00
Code Issues Projects Releases Wiki Activity

rule(Disallowed K8s User): whitelist kube-apiserver-healthcheck

Browse Source 
kops 1.17 adds a kube-apiserver-healthcheck user: https://github.com/kubernetes/kops/tree/master/cmd/kube-apiserver-healthcheck

Logs are currently spammed with:
```
{"output":"18:02:15.466580992: Warning K8s Operation performed by user not in allowed list of users (user=kube-apiserver-healthcheck target=<NA>/<NA> verb=get uri=/healthz resp=200)","priority":"Warning","rule":"Disallowed K8s User","time":"2020-06-29T18:02:15.466580992Z", "output_fields": {"jevt.time":"18:02:15.466580992","ka.response.code":"200","ka.target.name":"<NA>","ka.target.resource":"<NA>","ka.uri":"/healthz","ka.user.name":"kube-apiserver-healthcheck","ka.verb":"get"}}
```

Signed-off-by: Antoine Deschênes <antoine.deschenes@equisoft.com>
This commit is contained in:
Antoine Deschênes
2020-06-29 14:06:32 -04:00
committed by poiana
parent 9eb0b7fb5f
commit a5cadbf5fa
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
rules/k8s_audit_rules.yaml
View File

@@ -45,7 +45,7 @@
- list: allowed_k8s_users - list: allowed_k8s_users
items: [ items: [
"minikube", "minikube-user", "kubelet", "kops", "admin", "kube", "kube-proxy", "minikube", "minikube-user", "kubelet", "kops", "admin", "kube", "kube-proxy", "kube-apiserver-healthcheck",
vertical_pod_autoscaler_users, vertical_pod_autoscaler_users,
] ]