This topic describes audit logging in Tanzu Kubernetes Grid.
In Tanzu Kubernetes Grid, you can access the following audit logs:
auditd. See System Audit Logs for Nodes below.
Kubernetes audit logs record requests to the Kubernetes API server. To enable Kubernetes auditing on a management or Tanzu Kubernetes cluster, set the
ENABLE_AUDIT_LOGGING variable to
true before you deploy the cluster.
To access these logs in Tanzu Kubernetes Grid, navigate to
/var/log/kubernetes/audit.log on the control plane node. If you deploy Fluent Bit on the cluster, it will forward the logs to your log destination. For instructions, see Implementing Log Forwarding with Fluent Bit.
To view the audit policy and audit backend configuration, navigate to:
/etc/kubernetes/audit-policy.yamlon the control plane node
~/.config/tanzu/tkg/providers/ytt/03_customizations/audit-logging/audit_logging.yamlon your machine
When you deploy a management or Tanzu Kubernetes cluster,
auditd is enabled on the cluster by default. You can access your system audit logs on each node in the cluster by navigating to
If you deploy Fluent Bit on the cluster, it will forward these audit logs to your log destination. For instructions, see Implementing Log Forwarding with Fluent Bit.