github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-27 05:27:21 +00:00
Code Issues Projects Releases Wiki Activity

Don't audit log tokens in TokenReviews

Browse Source
This commit is contained in:
Tim St. Clair 2017-06-22 13:38:44 -07:00
parent 8b0cd5b9c5
commit dcdcb19c47
No known key found for this signature in database
GPG Key ID: 434D16BCEF479EAB
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
cluster/gce/gci/configure-helper.sh
View File

@ -568,12 +568,14 @@ rules:
- group: "" # core - group: "" # core
resources: ["events"] resources: ["events"]
# Secrets & ConfigMaps can contain sensitive & binary data, # Secrets, ConfigMaps, and TokenReviews can contain sensitive & binary data,
# so only log at the Metadata level. # so only log at the Metadata level.
- level: Metadata - level: Metadata
resources: resources:
- group: "" # core - group: "" # core
resources: ["secrets", "configmaps"] resources: ["secrets", "configmaps"]
- group: authentication.k8s.io
resources: ["tokenreviews"]
# Get repsonses can be large; skip them. # Get repsonses can be large; skip them.
- level: Request - level: Request
verbs: ["get", "list", "watch"] verbs: ["get", "list", "watch"]