真题解析
Last updated
Last updated
# vim /etc/kubernetes/logpolicy/sample-policy.yaml
apiVersion: audit.k8s.io/v1
kind: Policy
# 不要在 RequestReceived 阶段为任何请求生成审计事件。
omitStages:
- "RequestReceived"
rules:
- level: RequestResponse
resources:
- group: "batch"
resources: ["cronjobs"]
- level: Request
resources:
- group: ""
resources: ["persistentvolumes"]
namespaces: ["front-apps"]
- level: Metadata
resources:
- group: ""
resources: ["configmaps", "secrets"]
- level: Metadata
omitStages: # 看实际环境中的文件开头是否有 omitStages 项,有则添加此项
- "RequestReceived"# vim /etc/kubernetes/manifests/kube-apiserver.yaml
- --audit-policy-file=/etc/kubernetes/logpolicy/sample-policy.yaml
- --audit-log-path=/var/log/kubernetes/kubernetes-logs.txt
- --audit-log-maxage=30
- --audit-log-maxbackup=10# 如果是 Pod 形式启动的 kube-apiserver,需确认是否挂载审计日志
# 配置 hostPath
volumes:
- name: audit
hostPath:
path: /etc/kubernetes/logpolicy/sample-policy.yaml
type: File
- name: audit-log
hostPath:
path: /var/log/kubernetes/
type: DirectoryOrCreate
# 挂载数据卷
volumeMounts:
- mountPath: /etc/kubernetes/logpolicy/sample-policy.yaml
name: audit
readOnly: true
- mountPath: /var/log/kubernetes/
name: audit-log
readOnly: false# 若 kube-apiserver 是 Pod 形式启动,则会自动重启
# 需查看状态是否正常
watch kubectl get po -n kube-system# 有日志输出则代表正常
tail -100f /var/log/kubernetes/kubernetes-logs.txt