kubernetes
/
website
mirror of https://github.com/kubernetes/website.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Update audit.md (#6381) 

Fix format.
pull/6680/head
Stewart-YU 2017-12-14 03:25:11 +08:00 committed by Zach Corleissen
parent 24ddb9eca7
commit 3908be3173
1 changed files with 108 additions and 87 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
docs/tasks/debug-application-cluster/audit.md
View File

@ -359,6 +359,7 @@ Note that this example requries json format output support in Kubernetes 1.8.
1. install [fluentd, fluent-plugin-forest and fluent-plugin-rewrite-tag-filter][fluentd_install_doc] in the kube-apiserver node 1. install [fluentd, fluent-plugin-forest and fluent-plugin-rewrite-tag-filter][fluentd_install_doc] in the kube-apiserver node
1. create a config file for fluentd 1. create a config file for fluentd
```shell
$ cat <<EOF > /etc/fluentd/config $ cat <<EOF > /etc/fluentd/config
# fluentd conf runs in the same host with kube-apiserver # fluentd conf runs in the same host with kube-apiserver
<source> <source>
@ -404,12 +405,20 @@ Note that this example requries json format output support in Kubernetes 1.8.
include_time_key true include_time_key true
</template> </template>
</match> </match>
```
1. start fluentd 1. start fluentd
```shell
$ fluentd -c /etc/fluentd/config -vv $ fluentd -c /etc/fluentd/config -vv
```
1. start kube-apiserver with the following options: 1. start kube-apiserver with the following options:
```shell
--audit-policy-file=/etc/kubernetes/audit-policy.yaml --audit-log-path=/var/log/kube-audit --audit-log-format=json --audit-policy-file=/etc/kubernetes/audit-policy.yaml --audit-log-path=/var/log/kube-audit --audit-log-format=json
```
1. check audits for different namespaces in /var/log/audit-*.log 1. check audits for different namespaces in /var/log/audit-*.log
#### Use logstash to collect and distribute audit events from webhook backend #### Use logstash to collect and distribute audit events from webhook backend
@ -421,6 +430,7 @@ different users into different files.
1. install [logstash][logstash_install_doc] 1. install [logstash][logstash_install_doc]
1. create config file for logstash 1. create config file for logstash
```shell
$ cat <<EOF > /etc/logstash/config $ cat <<EOF > /etc/logstash/config
input{ input{
http{ http{
@ -447,11 +457,17 @@ different users into different files.
path=>"/var/log/kube-audit-%{[event][user][username]}/audit" path=>"/var/log/kube-audit-%{[event][user][username]}/audit"
} }
} }
```
1. start logstash 1. start logstash
```shell
$ bin/logstash -f /etc/logstash/config --path.settings /etc/logstash/ $ bin/logstash -f /etc/logstash/config --path.settings /etc/logstash/
```
1. create a [kubeconfig file](/docs/tasks/access-application-cluster/authenticate-across-clusters-kubeconfig/) for kube-apiserver webhook audit backend 1. create a [kubeconfig file](/docs/tasks/access-application-cluster/authenticate-across-clusters-kubeconfig/) for kube-apiserver webhook audit backend
```shell
$ cat <<EOF > /etc/kubernetes/audit-webhook-kubeconfig $ cat <<EOF > /etc/kubernetes/audit-webhook-kubeconfig
apiVersion: v1 apiVersion: v1
clusters: clusters:
@ -468,9 +484,14 @@ different users into different files.
preferences: {} preferences: {}
users: [] users: []
EOF EOF
```
1. start kube-apiserver with the following options: 1. start kube-apiserver with the following options:
```shell
--audit-policy-file=/etc/kubernetes/audit-policy.yaml --audit-webhook-config-file=/etc/kubernetes/audit-webhook-kubeconfig --audit-policy-file=/etc/kubernetes/audit-policy.yaml --audit-webhook-config-file=/etc/kubernetes/audit-webhook-kubeconfig
```
1. check audits in logstash node's directories /var/log/kube-audit-*/audit 1. check audits in logstash node's directories /var/log/kube-audit-*/audit
Note that in addition to file output plugin, logstash has a variety of outputs that Note that in addition to file output plugin, logstash has a variety of outputs that