Kubernetes Kapsule and Kosmos control plane metrics and logs are integrated into Cockpit, providing you with a centralized hub for monitoring the control plane, nodes, managed resources, and cluster system applications.
While this initial integration empowers you with the autonomy to troubleshoot issues promptly, we have taken the next step by extending the functionality, now Kubernetes audit records are also exported into Cockpit.
Kubernetes audit logs provide detailed insights into user-generated activities, actions initiated by applications using the Kubernetes API, and operations performed by the control plane.
Auditing allows cluster administrators to answer the following questions:
Audit logging in Kubernetes clusters is enabled by default for clusters with dedicated control planes. Use audit logging to keep a chronological record of calls made to the Kubernetes API server, investigate suspicious API requests, collect statistics, or create monitoring alerts for unwanted API calls.
All logs are centralized in Cockpit.
Monitoring calls to the kube-apiserver is a matter of security compliance and perhaps a hard requirement for some of the certifications you are keen to obtain.
Cockpit dashboard updates
Starting April 2024, a new version of Cockpit will be released.
In this version, the concept of regionalization will be introduced to offer you more flexibility and resilience for seamless monitoring. If you have created customized dashboards with data for your Scaleway resources before April 2024, you will need to update your queries in Grafana, with the new regionalized data sources.
To complete the actions presented below, you must have:
Audit logging is enabled automatically for all new clusters using a dedicated control plane.
If you upgrade your cluster from a mutualized control plane to a dedicated one, audit logging will be enabled automatically for your cluster.
You can enable audit logging for all clusters using a dedicated control plane. Audit logging is enabled by default for all new clusters. If your cluster predates the introduction of this feature, follow the steps below to activate audit logs via your Scaleway console.
Audit logs are automatically enabled by default for all new clusters using dedicated control planes.
If you are not sure whether audit logs for your cluster are enabled, you can verify the status of the feature from the clusters Security tab at any time.
The audit log feature is automatically disabled when downgrading your cluster from a dedicated to a mutualized control plane. This means no further audit logs will be stored in Cockpit once downgraded.
You can access your clusters audit logs in Cockpit, Scaleway’s monitoring solution.
Audit logs are automatically enabled by default for all clusters using dedicated control planes.
Audit logging is only available for clusters using a dedicated control plane.
Note that downgrading your cluster from a dedicated to a mutualized control plane will automatically disable audit logging, ceasing the storage of any further audit logs in Cockpit.
Audit logging results in increased memory consumption for the API server, as it needs to store additional information for each audited request.
Be aware that audit logging is a feature specifically designed for clusters using a dedicated control plane. If you decide to downgrade to a mutualized control plane, the feature will be automatically deactivated for the cluster.
The Kubernetes audit policy defines the selection of log entries exported by the Kubernetes API server.
You can examine the Kubernetes audit policy file, which contains a list of rules, giving you complete visibility into our API server configuration and the chosen request treatments or exclusions.