Hi. I've posted before about some auditing items with Rancher, but this question is a little different (more generic kubernetes related). I'm having a hard time figuring out what user creates a deployment.
I have auditing configured correctly on my RKE2 instance, it logs to the file specified, so this is good to go. I'm using the attached 'generic' audit-policy.yaml file (the one described on the main kubernetes site).
I'm using kubectl to connect to the cluster, and ran: kubectl create deployment blarg777 --image=rancher/hello-world
I searched the auditlog for the blarg777 entries, and see the container pulling/starting and all that, but I'm not seeing anything where I can identify WHO did that. Is that something I have misconfigured in the audit policy, or does kubernetes not know how to show that info in a useable way? Thanks for the help, and sorry for the long post.