As a Kubernetes administrator, I'm interested in hearing your practical experiences with audit logging when investigating incidents or setting up audits. Do you find the existing audit logs sufficient to trace interactive `kubectl exec` sessions, audit port-forwards, or reconstruct the exact requests and responses that occurred? Is this a major hurdle or something that can be overlooked? Also, what tools or workflows do you use to manage these challenges? I've heard of a tool called rexec for monitoring exec sessions, but I'm curious about other options you might recommend.
5 Answers
Teleport seems to be one of the closest solutions available currently for these logging challenges. Just keep that in mind when looking for options.
We use Falco for more in-depth runtime monitoring, but it definitely doesn’t cover everything. It helps with some aspects, but gaps still exist.
There are several tools out there, like Teleport, StrongDM, Octelium, and Kviklet, which aim to address these logging issues. Each has its strengths, so it’s worth exploring a few.
One of my biggest frustrations is reconstructing the chain of events. For instance, if pod X is acting up, I want to find out who created it and the reason behind it—basically, a detailed log of its creation and relationships. With tools like `systemd-analyze`, I can get great visibility, but in Kubernetes, it's not as straightforward due to the complexity of nested objects and controllers.
Recently, I noticed that the Kubernetes Security Profiles Operator added support for some logging features, which might be beneficial. However, I believe it's focused more on application-specific policy enforcement.
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures