K8s Audit Logs
Definition
K8s Audit Logs are a critical component of Kubernetes security, providing a chronological record of actions taken within a Kubernetes cluster. These logs capture detailed information about each request made to the Kubernetes API server, including the user, the action performed, and the response. This data is essential for monitoring, troubleshooting, and forensic analysis, helping to ensure compliance with security policies and detect unauthorized access or anomalies.
Secure Settings Example
apiVersion: audit.k8s.io/v1
kind: Policy
rules:
- level: Metadata
resources:
- group: ""
resources: ["pods", "services"]
- level: RequestResponse
users: ["system:serviceaccount:kube-system:default"]
verbs: ["create", "update", "delete"]
- level: None
users: ["system:anonymous"]
Insecure Settings Example
apiVersion: audit.k8s.io/v1
kind: Policy
rules:
- level: None
resources:
- group: ""
resources: ["pods", "services"]
- level: None
users: ["system:serviceaccount:kube-system:default"]
- level: None
verbs: ["create", "update", "delete"]