search

jetstack / kube-oidc-proxy

Reverse proxy to authenticate to managed Kubernetes API servers via OIDC.
https://jetstack.io
Apache License 2.0
477 stars 93 forks source link

Audit logs and keeping the user's identity #195

Closed Smana closed 3 years ago

Smana commented 3 years ago

Hey everyone,

I've seen that was possible to configure the proxy to store the audit logs locally, that's great because I just noticed that my audit logs in the cloud provider were not relevant as we see the serviceaccount as the user. Well I know how to stream the logs from a file to Datadog but I have a question: From my understanding the file will never be rotated, that means that we'll have an ever growing file stored locally, am I right ? What would be the best way to stream the logs according to you please ?

Note that I already configured all our EKS,GKE clusters with a kube-oidc-proxy in front of the API servers.

Smana commented 3 years ago

By the way I was wondering if that was possible to keep the user identity by forwarding headers ?

Smana commented 3 years ago

Forget about my question regarding the file rotation, there are all the flags necessary :)

Smana commented 3 years ago

I'm gonna try writing the logs to stdout and sending only relevant logs using pattern matching (only json of kind events)

Smana commented 3 years ago

I managed to get the logs sent to datadog and filter properly.