I have created a k8s cluster in GKE. But I want to configure API server for k8s audit purposes so I have to set --audit-policy-file flag and --audit-webhook-config-file flags as arguments in the API server. How do I do that?

CodePudding user response：

I am afraid it's not possible.

Please keep in mind that there are some differences between On-Premise Kubernetes cluster and GKE cluster. Most important is that GKE master is managed completely by Google and you cannot reach it or change anything there. For example in Vulnerability and patch management documentation you can find information:

GKE control plane components are managed by a team of Google site reliability engineers, and are kept up to date with the latest security patches. This includes patches to the host operating system, Kubernetes components, and containers running on the control plane VMs.

In short, you cannot change Audit Policy for GKE, however in GKE Audit Policy you have information on how it works.

Audit Logs are pre configured by Google and the only thing you can do is filtering. There is also a Data Access Log which is disabled by default. You can enable it to get more information, however it's extra cost.

The last thing I want to mention, that there is already a Feature Request asking for an overwrite audit-policy-file. More details you can find in report - Adjusting audit log levels