Auditing in Kubernetes

mba.mba98 · May 20, 2024, 10:47am

Hi… In order to include audit logs of objects other than core-api, for example cronjob what should be written in “group”. I tried using “v1” for pods but the configuration doesnt work. I thought “” may be equivalent to “v1”. Any thoughts on that. Sample configuration for cronjob is as following kindly check whether is it correct

level: Metadata
resources:
- group: “batch/v1”
  resources: [“cronjob”]

rob_kodekloud · May 20, 2024, 3:26pm

If you look at the example from the docs, you’ll see this:

  # Log all other resources in core and extensions at the Request level.
  - level: Request
    resources:
    - group: "" # core API group
    - group: "extensions" # Version of group should NOT be included.

so it should be “batch”, rather than “batch/v1”.

mba.mba98 · May 20, 2024, 3:29pm

Thanks… that is why “v1” was not working for pods