Enable modsecurity logging sidecar for ingress controller
What does this MR do?
Enable modsecurity logging sidecar for ingress controller
Enables a sidecar container within the ingress controller pod for streaming the modsecurity audit log.
To properly handle the multiline datastream the logging format has been changed to JSON.
This work contributes to #14707 (closed) in setting up initial logging infrastructure
Screenshots
By exposing log file as a separate container's stdout we automagically stream to kibana via #33782 (closed). Example of output log queried in kibana:
Does this MR meet the acceptance criteria?
Conformity
-
Changelog entry -
Documentation (if required) -
Code review guidelines -
Merge request performance guidelines -
Style guides -
Database guides -
Separation of EE specific content
Availability and Testing
-
Review and add/update tests for this feature/bug. Consider all test levels. See the Test Planning Process. -
Tested in all supported browsers
Security
If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:
-
Label as security and @ mention @gitlab-com/gl-security/appsec -
The MR includes necessary changes to maintain consistency between UI, API, email, or other methods -
Security reports checked/validated by a reviewer from the AppSec team
Edited by Lucas Charles