Cajga
commented
8 months ago Hi @saiteja313 ,
API audit logging is enabled by default for the cloudstack, docker, tinkerbell (bare metal) and vsphere providers:
$ git remote -v
origin git@github.com:aws/eks-anywhere.git (fetch)
origin git@github.com:aws/eks-anywhere.git (push)
$ git pull
Already up to date.
$ grep api-audit.log pkg/providers/*/config/template-cp.yaml
pkg/providers/cloudstack/config/template-cp.yaml: audit-log-path: /var/log/kubernetes/api-audit.log
pkg/providers/docker/config/template-cp.yaml: audit-log-path: /var/log/kubernetes/api-audit.log
pkg/providers/tinkerbell/config/template-cp.yaml: audit-log-path: /var/log/kubernetes/api-audit.log
pkg/providers/vsphere/config/template-cp.yaml: audit-log-path: /var/log/kubernetes/api-audit.logNote: the tinkerbell (bare metal) provider got enabled in v0.17.4 with this PR
Which provider are you using and which version of EKS-A?
What would you like to be added:
Currently, this can be enabled manually following the Log Backend configuration here:
https://kubernetes.io/docs/tasks/debug/debug-cluster/audit/
EKSA Should allow configuring audit logging through EKS-A Cluster configuration file so that, manual modification to the API server config can be avoided.
Why is this needed: Security and audit purposes.
As a EKSA Admin, I want to know who deleted a application pod or retrieved a secret value from Cluster using Audit logs.