refined-agent-67029
09/12/2022, 10:52 AMshy-actor-78724
09/13/2022, 9:32 AMkube-api:
audit_log:
configuration:
format: json
max_age: 6
max_backup: 6
max_size: 10
path: /var/log/kube-audit/audit-log.json
policy:
api_version: <http://audit.k8s.io/v1|audit.k8s.io/v1>
kind: Policy
metadata: {}
rules:
- level: None
verbs:
- watch
- list
- get
- level: None
users:
- 'system:kube-scheduler'
- 'system:kube-controller-manager'
- 'system:kube-proxy'
- 'system:serviceaccount:cattle-system:kontainer-engine'
- level: None
userGroups:
- 'system:nodes'
- 'system:masters'
- 'system:serviceaccounts:cattle-monitoring-system'
- 'system:serviceaccounts:elastic-system'
- 'system:serviceaccounts:longhorn-system'
- 'system:serviceaccounts:cattle-fleet-system'
- 'system:serviceaccounts:kube-system'
- 'system:serviceaccounts:ingress-nginx'
- level: Metadata
enabled: true
And for the logging object:
fluentbit:
filterKubernetes:
Match: kubernetes.var.log.containers.*
image:
Path: /var/log/containers/*.log,/var/log/kube-audit/audit-log.json
From there, just use whatever logging backend/frontend combination you are already feel comfortable with to create relevant reports.