How to access the Kubernetes audit logs
Kubernetes Kapsule and Kosmos control plane metrics and logs are integrated into Cockpit, providing you with a centralized hub for monitoring the control plane, nodes, managed resources, and cluster system applications.
While this initial integration empowers you with the autonomy to troubleshoot issues promptly, we have taken the next step by extending the functionality, now Kubernetes audit records are also exported into Cockpit.
Kubernetes audit logs provide detailed insights into user-generated activities, actions initiated by applications using the Kubernetes API, and operations performed by the control plane.
Auditing allows cluster administrators to answer the following questions:
- What happened?
- When did the event occur?
- Who initiated the action?
- On which resource did it take place?
- Where was the occurrence observed?
- From which source was the action initiated?
- To which destination was it directed?
Audit logging in Kubernetes clusters is enabled by default for clusters with dedicated control planes. Use audit logging to keep a chronological record of calls made to the Kubernetes API server, investigate suspicious API requests, collect statistics, or create monitoring alerts for unwanted API calls.
All logs are centralized in Cockpit.
Before you start
To complete the actions presented below, you must have:
- A Scaleway account logged into the console
- Owner status or IAM permissions allowing you to perform actions in the intended Organization
- Created a Kubernetes Kapsule or Kosmos cluster
- A cluster that uses a dedicated control plane
How to enable audit logging for your clusters
Audit logging is enabled automatically for all new clusters using a dedicated control plane.
If you upgrade your cluster from a mutualized control plane to a dedicated one, audit logging will be enabled automatically for your cluster.
You can enable audit logging for all clusters using a dedicated control plane. Audit logging is enabled by default for all new clusters. If your cluster predates the introduction of this feature, follow the steps below to activate audit logs via your Scaleway console.
- In the Security and Compliance section of your Kubernetes cluster's Settings tab, enable the Audit logs feature.
- Access Grafana to view the logs on the Kubernetes Cluster Audit Logs dashboard in Cockpit and the Explore section of Cockpit/Grafana.
How to disable audit logging
How to access cluster audit logs for clusters having a dedicated control plane.
You can access your clusters audit logs in Cockpit, Scaleway's monitoring solution.
- Retrieve your Grafana credentials.
- Access Grafana to view the logs on the Kubernetes Cluster Audit Logs dashboard in Cockpit and the Explore section of Cockpit/Grafana.
How to use audit logging with mutualized control planes
Audit logging is only available for clusters using a dedicated control plane.
Note that downgrading your cluster from a dedicated to a mutualized control plane will automatically disable audit logging, ceasing the storage of any further audit logs in Cockpit.
Kubernetes audit policy
The Kubernetes audit policy defines the selection of log entries exported by the Kubernetes API server.
You can examine the Kubernetes audit policy file, which contains a list of rules, giving you complete visibility into our API server configuration and the chosen request treatments or exclusions.