Document well-known audit annotations #29479
Comments
tallclair
added
the
kind/feature
k8s-ci-robot
added
the
needs-triage
|
/help |
|
@tallclair: Please ensure the request meets the requirements listed here. If this request no longer meets these requirements, the label can be removed In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
k8s-ci-robot
added
the
help wanted
|
/sig auth |
k8s-ci-robot
added
the
sig/auth
|
@sftim @tallclair Is the idea to create a new reference page or just add the annotations to the above page? I guess I am trying to understand the reasoning for creating a new page vs adding the annotations to the page references above. In either case, I would love to help with this and take a first attempt at it 😃 |
|
I think that page (https://kubernetes.io/docs/reference/labels-annotations-taints/) would be more useful if it were reorganized with headings for each of the resources the annotations apply to, and then we could just add a section for audit events.
|
|
I like that idea. I'll work on implementing something along those lines 😃 |
|
/assign |
|
The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs. This bot triages issues and PRs according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle stale |
k8s-ci-robot
added
the
lifecycle/stale
|
The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs. This bot triages issues and PRs according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle rotten |
k8s-ci-robot
added
lifecycle/rotten
|
/lifecycle frozen |
k8s-ci-robot
added
triage/accepted
|
@borkod are you working on this? If not, please unassign yourself? |
|
BTW, SIG Docs has a “no cookie licking” convention - anyone is welcome to work on any issue. If you're planning to start, it's still polite to get in touch with anyone who has expressed an intent to help or who has opened an existing PR. |
|
This issue has not been updated in over 1 year, and should be re-triaged. You can:
For more details on the triage process, see https://www.kubernetes.dev/docs/guide/issue-triage/ /remove-triage accepted |
|
/triage accepted |
k8s-ci-robot
added
triage/accepted
|
This issue has not been updated in over 1 year, and should be re-triaged. You can:
For more details on the triage process, see https://www.kubernetes.dev/docs/guide/issue-triage/ /remove-triage accepted |
k8s-ci-robot
added
needs-triage
|
/triage accepted Looking at the page, the annotations listed in the issue description still need to be added to https://kubernetes.io/docs/reference/labels-annotations-taints/. It might be helpful for someone looking to take on this work if there were some suggestions on how to get more information about these annotations for documenting. |
k8s-ci-robot
added
triage/accepted
|
If anyone knows how to learn more about the missing details (beyond “look in the source code”), please comment here. |
|
Hi @tallclair , PTAL at the PR #47268 . I've documented |
|
The Pr: #47268 only added 2 annotations , there are still 14 remaining. so reopening this. |
|
@Ritikaa96: Reopened this issue. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
github-project-automation
bot
moved this from Closed / Done
to Needs Triage
in SIG Auth
|
FYI k8s.io/deprecated , k8s.io/removed-release are registered now, we can tick mark them in the task list. |
|
/triage accepted |
|
Raised a PR for apiserver-latency-k8s.io/total here PTAL |
|
Hi , As per kubernetes/kubernetes#123919 , one more audit annotation is to be recorded: |
|
Added annotation :
PTAL |
|
Hi seems like there is one more annotation logged in audit entry : see Reference |
Similar to https://kubernetes.io/docs/reference/labels-annotations-taints/ (should probably be a separate page though).
The current (2023-02-08) list of well-known audit annotations is:
authorization.k8s.io/decisionauthorization.k8s.io/reasonpodsecuritypolicy.policy.k8s.io/admit-policypodsecuritypolicy.policy.k8s.io/validate-policyauthentication.k8s.io/stale-tokenauthentication.k8s.io/legacy-tokenapiserver.latency.k8s.io/transform-response-objectapiserver.latency.k8s.io/etcdapiserver.latency.k8s.io/serialize-response-objectapiserver.latency.k8s.io/response-writeapiserver.latency.k8s.io/mutating-webhookapiserver.latency.k8s.io/validating-webhookapiserver.latency.k8s.io/totalk8s.io/deprecatedk8s.io/removed-releaseThe text was updated successfully, but these errors were encountered: