kubeadm部署的k8s如何开启apiserver的审计日志

2023-09-26 本文已影响0人 wwq2020

提示

此处只是一个简单的demo,需要按照实际情况调整

创建/etc/kubernetes/audit/metadata.yaml文件,内容如下

apiVersion: audit.k8s.io/v1beta1
kind: Policy
rules:
- level: Metadata

修改/etc/kubernetes/manifest/kube-apiserver.yaml

启动参数添加

    - --audit-policy-file=/etc/kubernetes/audit/metadata.yaml
    - --audit-log-path=/var/log/kubernetes/audit.log
    - --audit-log-maxbackup=5
    - --audit-log-maxsize=100

volumes添加

  - hostPath:
      path: /etc/kubernetes/audit
      type: DirectoryOrCreate
    name: audit
  - hostPath:
      path: /data/kubernetes/audit
      type: DirectoryOrCreate
    name: auditlog

volumeMounts添加

    - mountPath: /etc/kubernetes/audit
      name: audit
    - mountPath: /var/log/kubernetes/
      name: auditlog

kubeadm部署的k8s如何开启apiserver的审计日志

提示

创建/etc/kubernetes/audit/metadata.yaml文件,内容如下

修改/etc/kubernetes/manifest/kube-apiserver.yaml

猜你喜欢

热点阅读