Kubernetes Audit Logs
Definition
Kubernetes Audit Logs are a critical component for monitoring and tracking the activities within a Kubernetes cluster. They provide a chronological record of actions taken by users, applications, and other entities interacting with the Kubernetes API server. These logs are essential for security auditing, compliance, and troubleshooting, as they capture detailed information about each request made to the API server, including the user identity, request parameters, and response status.
Secure Settings Example
apiVersion: audit.k8s.io/v1
kind: Policy
rules:
- level: Metadata
resources:
- group: ""
resources: ["pods", "services"]
users: ["system:serviceaccount:kube-system:default"]
- level: RequestResponse
resources:
- group: "apps"
resources: ["deployments"]
verbs: ["create", "update", "patch"]
- level: None
resources:
- group: ""
resources: ["events"]
Insecure Settings Example
apiVersion: audit.k8s.io/v1
kind: Policy
rules:
- level: None
resources:
- group: ""
resources: ["pods", "services", "deployments"]