Audit Logging is one of key security features provided by Kubernetes. Once enabled in kube-api, it provides a chronological record of operations performed on the cluster by users, administrators and other cluster components.
Audit logging is also a key requirement of the Kubernetes CIS benchmark.
For more details, you can refer to the upstream documentation.
KKP provides two levels of support for the Audit Logging:
Kubernetes Audit Logging is optional and is not enabled by default, since it requires additional memory and storage resources, depending on the specific configuration used.
apiVersion: audit.k8s.io/v1 kind: Policy rules: - level: Metadata
This file is stored in a ConfigMap named
audit-config on the Seed Cluster in your cluster namespace. To modify the default policy, you can edit this ConfigMap using
$ kubectl edit -n cluster-<YOUR CLUSTER ID> configmap audit-config
To enable user-cluster level Audit Logging, simply check
Audit Logging in the KKP dashboard
Create Cluster page:
For exiting clusters, you can go to the cluster page, edit your cluster and enable (or disable)
KKP also supports enabling Audit Logging on the datacenter level. In this case, the option is enforced on all user-clusters in the datacenter. The user-cluster level flag is ignored in this case.