This topic describes audit logging in Tanzu Kubernetes Grid.
In Tanzu Kubernetes Grid, you can access the following audit logs:
auditd. See System Audit Logs for Nodes below.
Kubernetes audit logs record requests to the Kubernetes API server. To enable Kubernetes auditing on a management or workload cluster, set the
ENABLE_AUDIT_LOGGING variable to
true before you deploy the cluster.
To access these logs in Tanzu Kubernetes Grid, navigate to
/var/log/kubernetes/audit.log on the control plane node. If you deploy Fluent Bit on the cluster, it will forward the logs to your log destination. For instructions, see Implement Log Forwarding with Fluent Bit.
To view the audit policy and audit backend configuration, navigate to:
/etc/kubernetes/audit-policy.yaml on the control plane node
~/.config/tanzu/tkg/providers/ytt/03_customizations/audit-logging/audit_logging.yaml on your machine
When you deploy a management or workload cluster,
auditd is enabled on the cluster by default. You can access your system audit logs on each node in the cluster by navigating to
If you deploy Fluent Bit on the cluster, it will forward these audit logs to your log destination. For instructions, see Implement Log Forwarding with Fluent Bit.