api-server audit logs
Definition
API-server audit logs are detailed records of requests made to an API server, capturing information such as the requestor, the action performed, and the response. These logs are crucial for monitoring and analyzing access patterns, detecting anomalies, and ensuring compliance with security policies. Properly configured audit logs enable organizations to trace unauthorized access attempts and investigate security incidents effectively.
Secure Settings Example
# Example configuration for Kubernetes API server audit logging
apiVersion: audit.k8s.io/v1
kind: Policy
rules:
- level: Metadata
users: ["system:authenticated"]
verbs: ["create", "update", "delete"]
resources:
- group: ""
resources: ["pods", "services"]
- level: RequestResponse
users: ["admin"]
verbs: ["get"]
resources:
- group: ""
resources: ["secrets"]
Insecure Settings Example
# Example of insecure audit logging configuration
apiVersion: audit.k8s.io/v1
kind: Policy
rules:
- level: None
users: ["system:authenticated"]
verbs: ["create", "update", "delete"]
resources:
- group: ""
resources: ["pods", "services"]