hands-on lab

Kubernetes Cluster Auditing

Beginner

Up to 35m

Get guided in a real environmentPractice with a step-by-step scenario in a real, provisioned environment.

Learn and validateUse validations to check your solutions every step of the way.

See resultsTrack your knowledge and monitor your progress.

Description

Kubernetes Auditing allows you to track the requests made to the API server in your cluster. This includes activities performed by users, applications, and the control plane. This data consists of chronological records that are stored in an audit log. The specific data captured and stored is defined in the audit policy. The audit log can be used to troubleshoot issues, monitor the cluster, and investigate security incidents.

Learning objectives

Upon completion of this lab, you will be able to:

Create an audit policy
Enable auditing in the Kubernetes cluster
Customize an audit policy
Locate and view audit logs

Intended audience

Candidates for the Certified Kubernetes Security Specialist (CKS) exam
DevOps Engineers
Security Practitioners

Prerequisites

Familiarity with the following will be beneficial but is not required:

Kubernetes Pods
kubectl output formatting

The following content can be used to fulfill the prerequisites:

Introduction to Kubernetes

Updates

July 13th, 2024 - Updated cluster to Kubernetes 1.30

Environment before

Environment after

About the author

Daniel Wood, opens in a new tab

Lab Operations Engineer

Students

1,004

Labs

Daniel is a Cloud Engineer with experience as an AWS Engineer and Operations Specialist. He holds the AWS DevOps Engineer Professional, AWS Developer Associate, AWS SysOps Administrator Associate, Certified Kubernetes Administrator, Microsoft Certified: Azure Administrator Associate, and HashiCorp Certified: Terraform Associate certifications. Daniel is focused on lab operations and enjoys continuously building his knowledge.