简体繁体 English

发现 kube.netes 集群 kube-apiserver 的“审计日志路径”

[英]Discovering the 'audit-log-path' for a kubernetes cluster kube-apiserver

原文 2023-01-12 20:08:45 6 1 kubernetes/ kube-apiserver/ rke

I am reviewing my rke installation:我正在检查我的 rke 安装：

https://docs.rke2.io/security/cis_self_assessment123#1219 https://docs.rke2.io/security/cis_self_assessment123#1219

The instruction works, makes sense, but shouldn't I be able to check this by running a kubectl describe po -n kube-system kube-apiserver-{my-ip} .该指令有效，有道理，但我不应该通过运行kubectl describe po -n kube-system kube-apiserver-{my-ip}来检查它。 I did a describe po on the resource, expecting to see the audit-log-path , but it was not there.我在资源上做了describe po ，希望看到audit-log-path ，但它不在那里。 How can I discover this setting if it isn't in the pod description.如果它不在广告连播描述中，我如何才能发现此设置。 Is ps the best way? ps是最好的方法吗？ The only way?唯一的办法？

1 个解决方案

Audit backends stores audit logs to an external persistent storage.审计后端将审计日志存储到外部持久存储中。 There are two backends available for kube-apiserver: Log backend, stores logs to a director in the filesystem. kube-apiserver 有两个后端可用：日志后端，将日志存储到文件系统中的一个控制器。 Webhook backend, which pushes logs to an external storage using HTTP API. Since you are trying to store data locally we will be using the log backend. Webhook 后端，使用 HTTP API 将日志推送到外部存储。由于您尝试在本地存储数据，我们将使用日志后端。 As mentioned in the doc provided by you --audit-log-path is used for setting up the path for your audit log files and if haven't provided any path it will go to the standard output /var/log/kube.netes/audit/audit.log and persistent volumes should be used for storing these logs, so you can get the path details by using below command正如您提供的文档中所述 --audit-log-path 用于设置审计日志文件的路径，如果没有提供任何路径，它将 go 到标准 output /var/log/kube.netes/audit/audit.log和持久卷应该用于存储这些日志，因此您可以使用以下命令获取路径详细信息

Kubectl get pv (In most cases audit will be the keyword so you can find the path using this) Kubectl get pv （在大多数情况下audit将是关键字，因此您可以使用它找到路径）

References:参考：