Description
Kubernetes Auditing allows you to track the requests made to the API server in your cluster. This includes activities performed by users, applications, and the control plane. This data consists of chronological records that are stored in an audit log. The specific data captured and stored is defined in the audit policy. The audit log can be used to troubleshoot issues, monitor the cluster, and investigate security incidents.
Learning objectives
Upon completion of this lab, you will be able to:
- Create an audit policy
- Enable auditing in the Kubernetes cluster
- Customize an audit policy
- Locate and view audit logs
Intended audience
- Candidates for the Certified Kubernetes Security Specialist (CKS) exam
- DevOps Engineers
- Security Practitioners
Prerequisites
Familiarity with the following will be beneficial but is not required:
- Kubernetes Pods
kubectl
output formatting
The following content can be used to fulfill the prerequisites:
Updates
July 13th, 2024 - Updated cluster to Kubernetes 1.30
Environment before
Environment after
About the author
![Avatar](https://assets.cloudacademy.com/bakery/media/uploads/instructors/Screenshot_2024-02-22_at_3.29.28PM.png)
Daniel is a Cloud Engineer with experience as an AWS Engineer and Operations Specialist. He holds the AWS DevOps Engineer Professional, AWS Developer Associate, AWS SysOps Administrator Associate, Certified Kubernetes Administrator, Microsoft Certified: Azure Administrator Associate, and HashiCorp Certified: Terraform Associate certifications. Daniel is focused on lab operations and enjoys continuously building his knowledge.