Reputation: 97
K8S Audit changes are not being saved in master after restart
i created K8S cluster (unmanaged) in google cloud. i added the following changes in the master:
--audit-dynamic-configuration --feature-gates=DynamicAuditing=true --runtime-config=auditregistration.k8s.io/v1alpha1=true
as written in : https://kubernetes.io/docs/tasks/debug-application-cluster/audit/
and everything is working as expected. but after restart these settings are not being saved.
anyone encounter this problem?
Upvotes: 0
Views: 259
Answers (1)
Reputation: 931
Assuming you are using kubeadm, this is how you apply flags to the apiserver (all of these changes should be done on the master node)
- Edit the following file:
/etc/kubernetes/manifests/kube-apiserver.yamland add these flags to the list of flags:
--audit-dynamic-configuration
--feature-gates=DynamicAuditing=true
--runtime-config=auditregistration.k8s.io/v1alpha1=true
Note that every change done to the kube-apiserver manifest causes the apiserver to restart.
- Once it is up and running execute the following command to verify flags are all set and server is up and running:
ps -ef | grep kube-apiserver. The output should contain the flags you applied.
In case of issues, see the kube-apiserver logs placed at /var/log/containers/ and search for files beginning with kube-apiserver.
Upvotes: 1
Related Questions
- Enable command line audit logging in docker container - kubernetes
- Changes made to deployment via k8 dashboard disappear
- kubernetes apiserver not starting after audit logging parameters
- Enable/Configure audit-logs in k3s cluster (using k3d to set up cluster)
- How to setup an audit policy into kube-apiserver?
- K8S Audit Sink - does it handle retry?
- K8S audit logs- where can i find status code options
- How do I set audit related flags on kubeapi-server when using kubeadm?
- How do I enable an audit log on minikube?
- apiserver not coming up after adding audit-policy-file param