Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Decouple Audit logging from AntreaPolicy feature gate #5352

Merged
merged 1 commit into from
Aug 21, 2023
Merged

Decouple Audit logging from AntreaPolicy feature gate #5352

merged 1 commit into from
Aug 21, 2023

Conversation

qiyueyao
Copy link
Contributor

@qiyueyao qiyueyao commented Aug 3, 2023

Currently Audit logging is controlled by AntreaPolicy feature gate, but it also logs K8s NetworkPolicies.
This solution decouples Audit logging with the AntreaPolicy feature gate and renames the related objects.

Fixes #5340

tnqn
tnqn reviewed Aug 3, 2023
View reviewed changes
cmd/antrea-agent/agent.go
Comment on lines +436 to +439
MaxSize: int(o.config.AuditLogging.MaxSize),
MaxBackups: int(*o.config.AuditLogging.MaxBackups),
MaxAge: int(*o.config.AuditLogging.MaxAge),
Compress: *o.config.AuditLogging.Compress,
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The defaulting code in cmd/antrea-agent/options.go should be updated. Otherwise antrea-agent would panic when AntreaPolicy is disabled.
Better to test it once in case there are other issues preventing K8s policy logging from working when AntreaPolicy is disabled.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed and tested with AntreaPolicy disabled.

@qiyueyao qiyueyao force-pushed the decouple-audit-logging branch from f256b21 to d510190 Compare August 8, 2023 03:10
@qiyueyao qiyueyao requested a review from tnqn August 8, 2023 03:10
tnqn
tnqn reviewed Aug 8, 2023
View reviewed changes
pkg/agent/openflow/framework.go Outdated
@@ -152,6 +152,10 @@ func newTable(tableName string, stage binding.StageID, pipeline binding.Pipeline
return table
}

func (t *Table) GetStatus() bool {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

perhaps name it IsInitialized

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done, probably could wait until 5369 is merged.

@tnqn tnqn added the action/release-note Indicates a PR that should be included in release notes. label Aug 15, 2023
tnqn
tnqn previously approved these changes Aug 15, 2023
View reviewed changes
Copy link
Member

@tnqn tnqn left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, but perhaps it should wait for #5369 and then resolve conflicts

@antoninbas
Copy link
Contributor

#5369 has been merged, can you rebase?

@qiyueyao
Decouple Audit logging from AntreaPolicy
715d757 
Currently Audit logging is controlled by AntreaPolicy
feature gate, but it also logs K8s NetworkPolicies.

This solution decouples Audit logging with the AntreaPolicy
feature gate and renames the related objects.

Fixes antrea-io#5340

Signed-off-by: Qiyue Yao <yaoq@vmware.com>
@qiyueyao qiyueyao force-pushed the decouple-audit-logging branch from 0d3e4d6 to 715d757 Compare August 18, 2023 21:49
@qiyueyao qiyueyao requested a review from tnqn August 19, 2023 00:08
@qiyueyao
Copy link
Contributor Author

/test-all

@antoninbas antoninbas merged commit bd3c008 into antrea-io:main Aug 21, 2023
@qiyueyao qiyueyao deleted the decouple-audit-logging branch August 21, 2023 21:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@antoninbas antoninbas antoninbas approved these changes

@tnqn tnqn Awaiting requested review from tnqn

Assignees
No one assigned
Labels
action/release-note Indicates a PR that should be included in release notes.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Decouple Audit logging from the AntreaPolicy feature gate
3 participants
@qiyueyao @antoninbas @tnqn