默认情况下是否启用?如何设置示例审核日志?
我尝试过:
minikube start --extra-config=apiserver.Authorization.Mode=RBAC --extra-config=apiserver.Audit.LogOptions.Path=/var/log/apiserver/audit.log --extra-config=apiserver.Audit.LogOptions.MaxAge=30 --extra-config=apiserver.Audit.LogOptions.MaxSize=100 --extra-config=apiserver.Audit.LogOptions.MaxBackups=5
我也在忙着通读(尝试所有选项可能要花一些时间,因为minikube start ...并不是一个快速过程):https://github.com/kubernetes/minikube/issues/1609
答案 0 :(得分:1)
据我所知以及所有可用信息:无法在minikube上启用审计日志。 它的实施right now尚在执行中,希望kube团队很快会发布此功能。
答案 1 :(得分:0)
https://github.com/kubernetes/minikube/blob/master/site/content/en/docs/Tutorials/audit-policy.md
一些解决方法:
minikube stop
mkdir -p ~/.minikube/files/etc/ssl/certs
cat <<EOF > ~/.minikube/files/etc/ssl/certs/audit-policy.yaml
# Log all requests at the Metadata level.
apiVersion: audit.k8s.io/v1
kind: Policy
rules:
- level: Metadata
EOF
minikube start \
--extra-config=apiserver.audit-policy-file=/etc/ssl/certs/audit-policy.yaml \
--extra-config=apiserver.audit-log-path=-
kubectl logs kube-apiserver-minikube -n kube-system | grep audit.k8s.io/v1