Kube-apiserver performs auditing.
Based on audit policy you can define what events should be recorded and what data they should include.
None
- don’t log events that match this rule.
Metadata
- log request metadata (requesting user, timestamp, resource, verb, etc.) but not request or response body.
Request
- log event metadata and request body but not response body. This does not apply for non-resource requests.
RequestResponse
- log event metadata, request and response bodies. This does not apply for non-resource requests.
You can pass a file with the policy to kube-apiserver using the --audit-policy-file
flag
Here is an example of the policy manifest
To read audit logs on GKE you should
1) start proxy to your API server
kubectl proxy
2) curl a log file
curl http://127.0.0.1:8001/logs/kube-apiserver-audit.log