0

I want to enable auditing on the Kubernetes cluster for the api-server component.

What I have tried:

  • Edit /etc/kubernetes/manifests/kube-apiserver.yaml
...
- --audit-policy-file=/etc/kubernetes/audit-policy.yaml
- --audit-log-path=/var/log/kubernetes/kube-apiserver-audit.log
- --audit-log-maxage=3
- --audit-log-maxbackup=10
- --audit-log-maxsize=100
  • Edit /etc/kubernetes/kubeadm-config.yaml
extraArgs:
  ...
  audit-log-path: /var/log/kubernetes/kube-apiserver-audit.log
  audit-policy-file: /etc/kubernetes/audit-policy.yaml
  audit-log-maxage: "3"
  audit-log-maxbackup: "10"
  audit-log-maxsize: "100"
extraVolumes:
    ...
 - name: audit
    hostPath: /etc/kubernetes/audit-policy.yaml
    mountPath: /etc/kubernetes/audit-policy.yaml
    readOnly: true
    pathType: File
    - name: audit-log
    hostPath: /var/log/kubernetes/audit/
    mountPath: /var/log/kubernetes/audit/
    readOnly: false
    pathType: DirectoryOrCreate
  • Set this in kubeadm-config with
kubectl edit cm -n kube-system kubeadm-config

Thank you.

alexgdi
  • 1
  • 2

0 Answers0