Water, Water, Everywhere: Making Kubernetes Audit Logs Potable
Audit logging in Kubernetes is a powerful tool that grants Kubernetes operators more insight into their clusters. Audit logs can tell us what happened in our clusters, when it happened, who did it, wh …
| Talk Title | Water, Water, Everywhere: Making Kubernetes Audit Logs Potable |
| Speakers | Kate Kuchin (Senior Systems Software Engineer, Heptio) |
| Conference | KubeCon + CloudNativeCon North America |
| Conf Tag | |
| Location | Seattle, WA, USA |
| Date | Dec 9-14, 2018 |
| URL | Talk Page |
| Slides | Talk Slides |
| Video | |
Audit logging in Kubernetes is a powerful tool that grants Kubernetes operators more insight into their clusters. Audit logs can tell us what happened in our clusters, when it happened, who did it, what resources were affected, and more. The problem is, even a fairly stagnant Kubernetes cluster generates millions of audit logs per week. And it’s up to us to distill value out of what is largely just noise. So, how can we isolate important audit events to better understand what’s going on in our clusters? In this session, we’ll first go over what Kubernetes audit logs are and what information they provide. We’ll then do a live a demo of getting audit set up on a cluster, and inspect the raw logs that are generated. And finally, we’ll talk about strategies for pulling useful information out of the deluge, so we can make sense of these millions of audit logs glean actionable insights.
