Kubernetes - Logging
Last Updated: 2024-01-27
Audit Logs
Audit logs are disabled by default in Kubernetes.
To check if it is enabled, find your kube-apiserver-
pod, and check .spec.containers[].command
, if you see this, it is enabled:
--audit-log-path=/var/log/apiserver/audit.log
--audit-policy-file=/etc/kubernetes/audit-policy.yaml
If you do not find those and want to enable audit logging, add the flags when starting the api server.