2

Running a GKE cluster with 1.8.1 - when I look at /logs/kube-apiserver-audit.log, it's completely empty. I've taken actions like creating deployments and deleting pods that have been visible in audit logs for clusters I've provisioned outside of GKE.

Is there a better way to view or access these kinds of events with GKE?

Rob Scott
  • 23
  • 1
  • 2
  • > when I look at `/logs/kube-apiserver-audit.log` Where do you look at this file in GKE setup? ā€“ Mik Vyatskov Nov 02 '17 at 13:22
  • 1
    I was running `kubectl proxy`, then viewing those logs from localhost. That meant the full URL was `http://127.0.0.1:8001/logs/kube-apiserver-audit.log`. The full apiserver log at `http://127.0.0.1:8001/logs/kube-apiserver.log` was full of events as expected. ā€“ Rob Scott Nov 03 '17 at 14:25

1 Answers1

1

That would be because Container Engine 1.8 release does not enable the audit logging feature yet. From Release Notes:

KNOWN ISSUE: Audit Logging, a beta feature in Kubernetes 1.8, is currently not enabled on Container Engine.

It will probably be enabled at some point in the future, Iā€™d keep an eye on the Release Notes.

ahmet alp balkan
  • 42,679
  • 38
  • 138
  • 214