Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Audit events fails for secret creation #1211

Open
2 tasks done
baykann opened this issue Dec 24, 2024 · 0 comments
Open
2 tasks done

Audit events fails for secret creation #1211

baykann opened this issue Dec 24, 2024 · 0 comments
Labels
bug Something isn't working

Comments

@baykann
Copy link

baykann commented Dec 24, 2024

Kyverno Version

1.12

Kubernetes Version

1.28

Kubernetes Platform

EKS

Description

With the Kyverno policy shared below, we aim to achieve the following:

For the following Kubernetes objects:
Deployment
Pod
Service
ConfigMap
Secret
We want to generate events for create, update, and delete actions.

While we successfully generate events for all actions except the create action of the Secret object, we can generate events for delete and update actions for the Secret object without any issues.

This behavior occurs with Helm chart version 3.3.3 and app version v1.13.1.

apiVersion: kyverno.io/v2beta1
kind: ClusterPolicy
metadata:
  name: z-audit-events
  annotations:
    policies.kyverno.io/title: Audit Events for Update and Delete
    policies.kyverno.io/category: Audit
    policies.kyverno.io/description: >-
      Generates Kubernetes Events when CREATE, UPDATE or DELETE operations are performed on resources.
      The log message includes operation type, resource name, and the username performing the action.
spec:
  background: false
  rules:
  - name: audit-events
    match:
      any:
      - resources:
          kinds:
          - Deployment
          - Pod
          - Service
          - ConfigMap
          - Secret
          operations:
          - CREATE
          - DELETE
          - UPDATE
    generate:
      apiVersion: v1
      kind: Event
      name: "audit.{{ random('[a-z0-9]{6}') }}"
      namespace: "{{request.namespace}}"
      synchronize: false
      data:
        firstTimestamp: "{{ time_now_utc() }}"
        involvedObject:
          apiVersion: v1
          kind: "{{ request.kind.kind }}"
          name: "{{ request.name }}"
          namespace: "{{ request.namespace }}"
        lastTimestamp: "{{ time_now_utc() }}"
        message: "{{ request.operation }} operation on {{ request.kind.kind }}/{{ request.name }} was performed by {{ request.userInfo.username }}"
        reason: Audit
        source:
          component: kyverno
        type: Warning

Steps to reproduce

1.Kyverno was installed in Kubernetes using Helm chart version 3.3.3 and app version v1.13.1.
2.The Kyverno ClusterPolicy shared above was created.
3.A dummy Secret object was created, and the events were monitored using the command:
kubectl get events --watch
4. The create event for the Secret object is not generated, while the update and delete events are successfully generated.

Expected behavior

LAST SEEN       TYPE        REASON        OBJECT                          MESSAGE
0s                      Warning   Audit              secret/dummy-secret    CREATE operation on Secret/dummy-secret was performed by kubernetes-admin

Screenshots

image Delete action can be seen but create is not

Kyverno logs

No response

Slack discussion

No response

Troubleshooting

  • I have read and followed the documentation AND the troubleshooting guide.
  • I have searched other issues in this repository and mine is not recorded.
@baykann baykann added the bug Something isn't working label Dec 24, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@baykann