k8s audit plug-ins for AKS and GCP #243
Comments
|
Moving this into the plugins repository. |
|
Issues go stale after 90d of inactivity. Mark the issue as fresh with Stale issues rot after an additional 30d of inactivity and eventually close. If this issue is safe to close now please do so with Provide feedback via https://github.com/falcosecurity/community. /lifecycle stale |
|
/remove-lifecycle stale |
|
/help |
|
@jasondellaluce: Please ensure the request meets the requirements listed here. If this request no longer meets these requirements, the label can be removed In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
Issues go stale after 90d of inactivity. Mark the issue as fresh with Stale issues rot after an additional 30d of inactivity and eventually close. If this issue is safe to close now please do so with Provide feedback via https://github.com/falcosecurity/community. /lifecycle stale |
|
Stale issues rot after 30d of inactivity. Mark the issue as fresh with Rotten issues close after an additional 30d of inactivity. If this issue is safe to close now please do so with Provide feedback via https://github.com/falcosecurity/community. /lifecycle rotten |
|
Rotten issues close after 30d of inactivity. Reopen the issue with Mark the issue as fresh with Provide feedback via https://github.com/falcosecurity/community. |
|
@poiana: Closing this issue. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
/remove-lifecycle rotten /reopen |
|
@jasondellaluce: Reopened this issue. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
Issues go stale after 90d of inactivity. Mark the issue as fresh with Stale issues rot after an additional 30d of inactivity and eventually close. If this issue is safe to close now please do so with Provide feedback via https://github.com/falcosecurity/community. /lifecycle stale |
|
A plugin for GKE is in progress #424 |
|
Stale issues rot after 30d of inactivity. Mark the issue as fresh with Rotten issues close after an additional 30d of inactivity. If this issue is safe to close now please do so with Provide feedback via https://github.com/falcosecurity/community. /lifecycle rotten |
|
@alfredomagallon for GKE I think we should be all set now: https://github.com/falcosecurity/plugins/tree/main/plugins/k8saudit-gke So I guess the only one remaining among the requested ones is the AKS integration. cc @leogr /remove-lifecycle rotten |
|
Regarding the AKS plugin, this project was created a while ago by sysdig: https://github.com/sysdiglabs/aks-audit-log . Since it wasn't too actively maintained and we wanted to be able to make modifications (and not too familiar with C#), we created our own version in Go here : https://github.com/dfo-mpo/aks-audit-log-go . It is still a fairly young project, but we are actively using it at the moment. Not sure if our Go code fits the needs here, but if it does it could serve as a starting point or we could potentially consider giving out the codebase to the falcosecurity project (I would have to discuss this option internally first). |
|
@jemag, have you considered transforming it into a plugin? 🤔 |
|
To be honest, we never thought of it. Initially there was only the sysdig code available and doing a rewrite in Go with the same approach was the fastest route for us. I think it seems like the most reasonable route to go for in the future. The problem is we are already pretty overloaded on our side and don't really have the bandwidth to allocate to transforming it, especially since it already works for us (we are a very small team). I doubt we would be able to work on this until at least a couple of months. If anyone wants to use it as inspiration for creating a plugin in the meantime, feel free to do so. Otherwise, individuals waiting for the plugin can also use it as is in the meantime (we'll likely publish official container images in the very near future). If things change on our side and we have some time to allocate to a transformation, I'll provide an update in the issue. |
|
Thank you @jemag I believe transforming it into a plugin would not require too much for a developer already familiar with our plugin ecosystem. I totally understand your point about the bandwidth, and it's totally fair 👍 Likely, @Issif can help (as he commented here) without any significant effort from your side. |
|
Issues go stale after 90d of inactivity. Mark the issue as fresh with Stale issues rot after an additional 30d of inactivity and eventually close. If this issue is safe to close now please do so with Provide feedback via https://github.com/falcosecurity/community. /lifecycle stale |
|
Issues go stale after 90d of inactivity. Mark the issue as fresh with Stale issues rot after an additional 30d of inactivity and eventually close. If this issue is safe to close now please do so with Provide feedback via https://github.com/falcosecurity/community. /lifecycle stale |
|
/remove-lifecycle stale |
Motivation
As today most projects are multi-cloud, we would need k8saudit plug-in for at least AKS and GCP
Feature
k8s audit plug-ins for AKS and GKE
Alternatives
Today's alternative is creating a messaging stack on each CSP to send logs to the falco Web service
The text was updated successfully, but these errors were encountered: