Audit in Kubernetes Now, and in the Future [B]

Quoting Wikipedia an audit is a systematic and independent examination of (…) records. Now think for a second, how much information is floating through your Kubernetes cluster. Deployments, Jobs a …

Quoting Wikipedia “an audit is a systematic and independent examination of (…) records”. Now think for a second, how much information is floating through your Kubernetes cluster. Deployments, Jobs and many other controllers creating and destroying Pods. Administrators creating Users, granting Roles. Users creating and modifying ConfigMaps, Secrets and many, many others. You can limit actions performed by a single User creating Roles, controllers can be assigned ServiceAccounts, etc, of course. But even with all that in place, are you sure you can easily trace when a change was introduced, and most importantly who performed it? This is when auditing comes into play. During this presentation, I will introduce what auditing is, and what you can expect from one of the best hidden features of Kubernetes, and why should you care. I don’t like just talking about ideas, so we’ll also walk through a live demo showcasing the audit feature. With all the current state laid out, I will discuss the future evolution of this feature. Most importantly, I will cover the scope of the information that should be gathered during processing each request. What policies should be implemented to provide reasonable balance between performance and accountability. Lastly, I will cover the most sensitive topic, how to store all that information. After this session you will understand how auditing in Kubernetes works, and how to leverage it to stay informed about what goes on in your cluster. Furthermore, I am hoping this presentation will foster a discussion about advanced audit feature and its shape in Kubernetes.