This topic describes audit logging in Tanzu Kubernetes Grid.
In Tanzu Kubernetes Grid, you can access the following audit logs:
auditd
. See System Audit Logs for Nodes below.Kubernetes audit logs record requests to the Kubernetes API server. To enable Kubernetes auditing on a management or workload cluster, set the ENABLE_AUDIT_LOGGING
variable to true
before you deploy the cluster.
To access these logs in Tanzu Kubernetes Grid, navigate to /var/log/kubernetes/audit.log
on the control plane node. If you deploy Fluent Bit on the cluster, it will forward the logs to your log destination. For instructions, see Implement Log Forwarding with Fluent Bit.
To view the audit policy and audit backend configuration, navigate to:
/etc/kubernetes/audit-policy.yaml
on the control plane node~/.config/tanzu/tkg/providers/ytt/03_customizations/audit-logging/audit_logging.yaml
on your machineWhen you deploy a management or workload cluster, auditd
is enabled on the cluster by default. You can access your system audit logs on each node in the cluster by navigating to /var/log/audit/audit.log
.
If you deploy Fluent Bit on the cluster, it will forward these audit logs to your log destination. For instructions, see Implement Log Forwarding with Fluent Bit.