adding auditing docs #2431
adding auditing docs #2431
Conversation
k8s-ci-robot
added
cncf-cla: yes
|
cool! I also made an example before https://github.com/tao12345666333/practical-kubernetes/tree/main/audit |
jimangel
force-pushed
the
adding-auditing-docs
branch
from
4e3b2e5
to
7d40a91
Compare
jimangel
force-pushed
the
adding-auditing-docs
branch
from
7d40a91
to
3dd2342
Compare
| extraArgs: | ||
| audit-log-path: /var/log/kubernetes/kube-apiserver-audit.log | ||
| audit-policy-file: /etc/kubernetes/policies/audit-policy.yaml | ||
| # mount new files / directories on the control plane |
There was a problem hiding this comment.
these things always cause confusion, maybe we should add something more specific indicating "this happens in the kind node" and in extraMounts "this happens in your host"
| docker exec kind-control-plane cat /var/log/kubernetes/kube-apiserver-audit.log | ||
| {{< /codeFromInline >}} | ||
|
|
||
| ## Troubleshooting |
|
/lgtm |
k8s-ci-robot
added
the
lgtm
|
/approve Thanks |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: aojea, jimangel The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
k8s-ci-robot
added
the
approved
| - name: audit-policies | ||
| hostPath: /etc/kubernetes/policies | ||
| mountPath: /etc/kubernetes/policies | ||
| readOnly: true | ||
| pathType: "DirectoryOrCreate" | ||
| - name: "audit-logs" | ||
| hostPath: "/var/log/kubernetes" | ||
| mountPath: "/var/log/kubernetes" | ||
| readOnly: false | ||
| pathType: DirectoryOrCreate |
There was a problem hiding this comment.
Kind of a nit: There is inconsistent value definition conventions here, some quoted some not. This may be confusing to some. Awesome to see this overall!
Inspired by this twitter post, it didn't seem like audit logging was possible in KinD.
The PR introduces a solution that leverages KinD's use of
kubeadmto configure auditing for general testing. I also removed the GA roadmap item to avoid further confusion.Preview: https://deploy-preview-2431--k8s-kind.netlify.app/docs/user/auditing/
Note: The site uses navigation weights 1-4 for ordering and most tutorials are of weight 3. I used 3, but considering it's sorted alphabetically that puts this guide at the top. We might consider changing the weight to 4 to move the bottom; as it's a more advanced use of kind.(I just used 4 to move it to the bottom)./cc @BenTheElder