Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
kube audit logs for Calico
ubuntu@ip-10-0-0-10:/etc/ssl/certs$ cat audit-policy.yaml
apiVersion: audit.k8s.io/v1beta1
kind: Policy
rules:
- level: RequestResponse
users:
- system:serviceaccount:calico-system:calico-typha
- system:serviceaccount:calico-system:calico-node
ubuntu@ip-10-0-0-10:/etc/ssl/certs$
# Note that API server pod MUST be able to reach the audit policy configuration file (hence I copied it under a mounted folder), and log file (added a mount)
ubuntu@ip-10-0-0-10:/etc/ssl/certs$ kubectl get po -n kube-system kube-apiserver-ip-10-0-0-10 -o yaml | grep audit
- --audit-policy-file=/etc/ssl/certs/audit-policy.yaml
- --audit-log-path=/var/log/calico/audit/kube-audit.log
- --audit-log-maxage=30
- --audit-log-maxsize=200
- mountPath: /var/log/calico/audit
path: /var/log/calico/audit
ubuntu@ip-10-0-0-10:/etc/ssl/certs$
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment