Using either kube_state_metrics or anything else I'd like to fire alerts in Prometheus AlertManager when a specific user logs in to the cluster, ie. kubeadmin or bob-smith.
Or in other words: where in Kubernetes or OpenShift is the logged-in state of a user tracked?
If you have auditing enabled, especially if you have the mechanism for either scraping its output file, scraping the logs from the apiserver's container (if you have the audit output going to stdout), or a webhook to which the apiserver can post the audit events, the you can create an alert based on whichever of those mechanisms fits into your infrastructure
There are quite a few apiserver flags which control the audit behavior
