Skip to content

Auditing

Configure Kubernetes Auditing

Karina supports the kubernetes auditing using the log backend, which writes audit events to files.

Update the kubernetes.auditing section:

kubernetes:
  auditing:
    policyFile: ./test/fixtures/audit-policy.yaml
  apiServerExtraArgs:
    "audit-log-path": /var/log/audit/cluster-audit.log
    "audit-log-maxsize": 1024
    "audit-log-maxage": 2
    "audit-log-maxbackup": 3
    "audit-log-format": legacy   # default is json

Warning

Note that auditing options are only used on provisioning, to update or add auditing to an existing cluster the configuration needs to be updated and then all master nodes rolled.

For an example policy see here

Relevant apiServerExtraArgs options:

Key Description
audit-log-path The path in the api-server pod that the audit logs are written to.
(a value of '-' indicates logging to the pod logs.)
If not specified, it defaults to /var/log/audit/cluster-audit.log
audit-log-maxage The maximum number of days to retain log files
audit-log-maxbackup The maximum number of audit log files to retain
audit-log-maxsize The maximum size in megabytes of each log file
audit-log-format Options are:
legacy indicates 1-line text format for each event
json indicates a structured json format.

See the docs for a full list of options