Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

audit: reduce noise in logging export #2111

Open
spiffxp opened this issue May 28, 2021 · 8 comments
Open

audit: reduce noise in logging export #2111

spiffxp opened this issue May 28, 2021 · 8 comments
Labels
area/audit Audit of project resources, audit followup issues, code in audit/ lifecycle/frozen Indicates that an issue or PR should not be auto-closed due to staleness. priority/backlog Higher priority than priority/awaiting-more-evidence. sig/k8s-infra Categorizes an issue or PR as relevant to SIG K8s Infra.

Comments

@spiffxp
Copy link
Member

spiffxp commented May 28, 2021
edited
Loading

#2102 introduced export of logging resources to the audit script. Based on review of the first audit job PR that used this (#2094) there is some noise we should filter out to ease review burden.

empty metrics.json

Currently there are lots of services/logging/metrics.json files with content []. If there are no metrics, we shouldn't export them.

e2e test logs

Logs appear to be showing up for all pods used in e2e tests. For example audit/projects/k8s-infra-e2e-boskos-010/services/logging/logs.json has a diff that looks like:

   "projects/k8s-infra-e2e-boskos-010/logs/events",
   "projects/k8s-infra-e2e-boskos-010/logs/externalname-service",
-  "projects/k8s-infra-e2e-boskos-010/logs/externalsvc",
-  "projects/k8s-infra-e2e-boskos-010/logs/filler-pod-0d464eed-160c-4f37-963b-36a011030391",
-  "projects/k8s-infra-e2e-boskos-010/logs/filler-pod-31c7c414-74fa-49ca-8a8f-48c571c143a3",
   "projects/k8s-infra-e2e-boskos-010/logs/filler-pod-3638847c-8c6c-47dc-9c89-32c571411622",
   "projects/k8s-infra-e2e-boskos-010/logs/filler-pod-b6d92649-31d0-4d9a-8634-f0f8fe06ebbe",
# ...
   "projects/k8s-infra-e2e-boskos-010/logs/test-container-subpath-projected-fwgf",
+  "projects/k8s-infra-e2e-boskos-010/logs/test-container-subpath-projected-2v7w",
+  "projects/k8s-infra-e2e-boskos-010/logs/test-container-subpath-projected-fwgf",

We should either choose to ignore/filter these out, or determine how to configure our e2e tests to not send any logs. I swear we had done this a while ago, but we only ever verified by way of costs going down.

/wg k8s-infra
/area infra/auditing
/priority important-longterm
/milestone v1.22
@k8s-ci-robot k8s-ci-robot added wg/k8s-infra area/audit Audit of project resources, audit followup issues, code in audit/ priority/important-longterm Important over the long term, but may not be staffed and/or may need multiple releases to complete. labels May 28, 2021
@k8s-ci-robot k8s-ci-robot added this to the v1.22 milestone May 28, 2021
@spiffxp spiffxp mentioned this issue May 28, 2021
Merged
@spiffxp
Copy link
Member Author

spiffxp commented Jun 8, 2021

#2133 removed export of logs for k8s-infra-e2e projects as a start

Should survey remaining log churn in audit PR's to track down what can be done

@spiffxp
Copy link
Member Author

spiffxp commented Jun 9, 2021

Log noise that seems like it shouldn't be present:

  • addition of projects/{project}/logs/cloudaudit.googleapis.com%2Fsystem_event
    • shouldn't this log always be present?
    • example projects: k8s-staging-sig-storage, k8s-release-test-prod
  • removal of projects/{project}/logs/cloudaudit.googleapis.com%2Fsystem_event
    • shouldn't this log always be present?
    • example projects: k8s-artifacts-prod, k8s-cip-test-prod

gcloud logging logs list --help says Only logs that contain log entries are listed.

Every project has at least these two buckets

$ gcloud logging buckets list
LOCATION  BUCKET_ID  RETENTION_DAYS  LIFECYCLE_STATE  LOCKED  CREATE_TIME  UPDATE_TIME
global    _Default   30              ACTIVE
global    _Required  400             ACTIVE           True

And at least these two sinks that route to them

$ gcloud logging sinks list --format=yaml
---
destination: logging.googleapis.com/projects/spiffxp-gke-dev/locations/global/buckets/_Required
filter: LOG_ID("cloudaudit.googleapis.com/activity") OR LOG_ID("externalaudit.googleapis.com/activity")
  OR LOG_ID("cloudaudit.googleapis.com/system_event") OR LOG_ID("externalaudit.googleapis.com/system_event")
  OR LOG_ID("cloudaudit.googleapis.com/access_transparency") OR LOG_ID("externalaudit.googleapis.com/access_transparency")
name: _Required
---
destination: logging.googleapis.com/projects/spiffxp-gke-dev/locations/global/buckets/_Default
filter: NOT LOG_ID("cloudaudit.googleapis.com/activity") AND NOT LOG_ID("externalaudit.googleapis.com/activity")
  AND NOT LOG_ID("cloudaudit.googleapis.com/system_event") AND NOT LOG_ID("externalaudit.googleapis.com/system_event")
  AND NOT LOG_ID("cloudaudit.googleapis.com/access_transparency") AND NOT LOG_ID("externalaudit.googleapis.com/access_transparency")
name: _Default

So are we losing system_event logs because nothing has happened to generate a log entry there in 400 days?

@spiffxp spiffxp mentioned this issue Jun 30, 2021
Merged
@spiffxp
Copy link
Member Author

spiffxp commented Aug 3, 2021

/remove-priority important-longterm
/priority backlog
It's annoying but it's not really creating a lot of additional review burden for me at this point

@k8s-ci-robot k8s-ci-robot added priority/backlog Higher priority than priority/awaiting-more-evidence. and removed priority/important-longterm Important over the long term, but may not be staffed and/or may need multiple releases to complete. labels Aug 3, 2021
@spiffxp
Copy link
Member Author

spiffxp commented Aug 3, 2021

/milestone clear

@k8s-ci-robot k8s-ci-robot removed this from the v1.22 milestone Aug 3, 2021
@k8s-ci-robot k8s-ci-robot added sig/k8s-infra Categorizes an issue or PR as relevant to SIG K8s Infra. and removed wg/k8s-infra labels Sep 29, 2021
@k8s-triage-robot
Copy link

The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Mark this issue or PR as fresh with /remove-lifecycle stale
  • Mark this issue or PR as rotten with /lifecycle rotten
  • Close this issue or PR with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

@k8s-ci-robot k8s-ci-robot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Dec 28, 2021
@ameukam
Copy link
Member

ameukam commented Jan 3, 2022

/remove-lifecycle stale

@k8s-ci-robot k8s-ci-robot removed the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Jan 3, 2022
@k8s-triage-robot
Copy link

The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Mark this issue or PR as fresh with /remove-lifecycle stale
  • Mark this issue or PR as rotten with /lifecycle rotten
  • Close this issue or PR with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

@k8s-ci-robot k8s-ci-robot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Apr 3, 2022
@ameukam
Copy link
Member

ameukam commented Apr 4, 2022

/remove-lifecycle stale
/lifecycle frozen

@k8s-ci-robot k8s-ci-robot added lifecycle/frozen Indicates that an issue or PR should not be auto-closed due to staleness. and removed lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. labels Apr 4, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/audit Audit of project resources, audit followup issues, code in audit/ lifecycle/frozen Indicates that an issue or PR should not be auto-closed due to staleness. priority/backlog Higher priority than priority/awaiting-more-evidence. sig/k8s-infra Categorizes an issue or PR as relevant to SIG K8s Infra.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@spiffxp @ameukam @k8s-ci-robot @k8s-triage-robot