Chris Stryczynski
Reputation: 33991
How do I enable an audit log on minikube?
Is it enabled by default? How could I set up an example audit log?
I've tried:
minikube start --extra-config=apiserver.Authorization.Mode=RBAC --extra-config=apiserver.Audit.LogOptions.Path=/var/log/apiserver/audit.log --extra-config=apiserver.Audit.LogOptions.MaxAge=30 --extra-config=apiserver.Audit.LogOptions.MaxSize=100 --extra-config=apiserver.Audit.LogOptions.MaxBackups=5
I'm also busy reading through (trying out all the options might take a while as minikube start ... is not a quick process): https://github.com/kubernetes/minikube/issues/1609
Upvotes: 4
Views: 1854
Answers (2)
Chris Stryczynski
Reputation: 33991
https://github.com/kubernetes/minikube/blob/master/site/content/en/docs/Tutorials/audit-policy.md
A bit of a workaround:
minikube stop
mkdir -p ~/.minikube/files/etc/ssl/certs
cat <<EOF > ~/.minikube/files/etc/ssl/certs/audit-policy.yaml
# Log all requests at the Metadata level.
apiVersion: audit.k8s.io/v1
kind: Policy
rules:
- level: Metadata
EOF
minikube start \
--extra-config=apiserver.audit-policy-file=/etc/ssl/certs/audit-policy.yaml \
--extra-config=apiserver.audit-log-path=-
kubectl logs kube-apiserver-minikube -n kube-system | grep audit.k8s.io/v1
Upvotes: 1
Related Questions
- Enable command line audit logging in docker container - kubernetes
- Enable/Configure audit-logs in k3s cluster (using k3d to set up cluster)
- How do I send audit logs to webhook in minikube
- How to setup an audit policy into kube-apiserver?
- Minikube - /var/log/kubeproxy.log: No such file or directory
- Minikube log rotation
- How do I set audit related flags on kubeapi-server when using kubeadm?
- enable audit logging in GKE
- How do I enable audit logging for Google Container Engine?
- Kubernetes Logs - How to get logs for kube-system pods