-
Notifications
You must be signed in to change notification settings - Fork 23
/
Copy pathadv-audit.yaml
42 lines (37 loc) · 1.01 KB
/
adv-audit.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
# https://www.outcoldsolutions.com/docs/monitoring-kubernetes/v4/audit/
apiVersion: audit.k8s.io/v1beta1
kind: Policy
rules:
# Do not log from kube-system accounts
- level: None
userGroups:
- system:serviceaccounts:kube-system
- level: None
users:
- system:apiserver
- system:kube-scheduler
- system:volume-scheduler
- system:kube-controller-manager
- system:node
# Do not log from collector
- level: None
users:
- system:serviceaccount:collectorforkubernetes:collectorforkubernetes
# Don't log nodes communications
- level: None
userGroups:
- system:nodes
# Don't log these read-only URLs.
- level: None
nonResourceURLs:
- /healthz*
- /version
- /swagger*
# Log configmap and secret changes in all namespaces at the metadata level.
- level: Metadata
resources:
- resources: ["secrets", "configmaps"]
# We want to catch a little more then outcoldsolutions specified ;)
- level: RequestResponse
omitStages:
- RequestReceived