提示
此处只是一个简单的demo,需要按照实际情况调整
创建/etc/kubernetes/audit/metadata.yaml文件,内容如下
apiVersion: audit.k8s.io/v1beta1
kind: Policy
rules:
- level: Metadata
修改/etc/kubernetes/manifest/kube-apiserver.yaml
启动参数添加
- --audit-policy-file=/etc/kubernetes/audit/metadata.yaml
- --audit-log-path=/var/log/kubernetes/audit.log
- --audit-log-maxbackup=5
- --audit-log-maxsize=100
volumes添加
- hostPath:
path: /etc/kubernetes/audit
type: DirectoryOrCreate
name: audit
- hostPath:
path: /data/kubernetes/audit
type: DirectoryOrCreate
name: auditlog
volumeMounts添加
- mountPath: /etc/kubernetes/audit
name: audit
- mountPath: /var/log/kubernetes/
name: auditlog
网友评论