I'd like to be able to detect inactive Service accounts and User accounts by using kubectl / rest api in my Kubernetes cluster.
like for an example idle service account that has not been used for any resource for x days and it's safe to delete it.
or a user account that didn't access the cluster for the last x days.
CodePudding user response:
I don't believe this functionality comes out of the box for ServiceAccounts
or Users
, unfortunately. One way you might be able to check, is by reading the api-server
logs and checking if you can find authentication entries for these "subjects" (as they are called in k8s jargon).
Additionally, you can enable audit logging in k8s to be able to detect such activities. But I believe you'll have to parse the logs yourself, through an application to be able to determine which accounts are unused or safe to be deleted.