1

Using Kubernetes' kubectl I can execute arbitrary commands on any pod such as kubectl exec pod-id-here -c container-id -- malicious_command --steal=creditcards

Should that ever happen, I would need to be able to pull up a log saying who executed the command and what command they executed. This includes if they decided to run something else by simply running /bin/bash and then stealing data through the tty.

How would I see which authenticated user executed the command as well as the command they executed?

nathanjosiah
  • 4,441
  • 4
  • 35
  • 47

1 Answers1

1

Audit logging is not currently offered, but the Kubernetes community is working to get it available in the 1.4 release, which should come around the end of September.

Alex Robinson
  • 12,633
  • 2
  • 38
  • 55
  • I saw this in my research but they barely got the initial plan together 9 days ago. I know of several businesses including WePay that would have to be PCI compliant and they are using Kubernetes. Would businesses that require full compliance not be able to use Kubernetes? – nathanjosiah Jul 22 '16 at 06:51
  • 1
    If you ran your application in a container with just the binary (e.g. built from scratch rather than from a fully featured OS like debian or even alpine linux) then the only thing you'd be able to kubectl exec in the container is what was already running. I suppose you could execute it with different commands, but you could also build a binary that takes no flags so that that wasn't possible either. I guess I'm trying to say that audit logging is *one* way to address the compliance requirement, but it likely isn't the only way to do so. – Robert Bailey Jul 23 '16 at 05:50