kube audit logs for Calico
ubuntu@ip-10-0-0-10:/etc/ssl/certs$ cat audit-policy.yaml | |
apiVersion: audit.k8s.io/v1beta1 | |
kind: Policy | |
rules: | |
- level: RequestResponse | |
users: | |
- system:serviceaccount:calico-system:calico-typha | |
- system:serviceaccount:calico-system:calico-node | |
ubuntu@ip-10-0-0-10:/etc/ssl/certs$ | |
# Note that API server pod MUST be able to reach the audit policy configuration file (hence I copied it under a mounted folder), and log file (added a mount) | |
ubuntu@ip-10-0-0-10:/etc/ssl/certs$ kubectl get po -n kube-system kube-apiserver-ip-10-0-0-10 -o yaml | grep audit | |
- --audit-policy-file=/etc/ssl/certs/audit-policy.yaml | |
- --audit-log-path=/var/log/calico/audit/kube-audit.log | |
- --audit-log-maxage=30 | |
- --audit-log-maxsize=200 | |
- mountPath: /var/log/calico/audit | |
path: /var/log/calico/audit | |
ubuntu@ip-10-0-0-10:/etc/ssl/certs$ |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment