Home > Mobile >  Is there a way to detect inactive Service / User Accounts in K8s cluster
Is there a way to detect inactive Service / User Accounts in K8s cluster

Time:08-06

I'd like to be able to detect inactive Service accounts and User accounts by using kubectl / rest api in my Kubernetes cluster.

like for an example idle service account that has not been used for any resource for x days and it's safe to delete it.
or a user account that didn't access the cluster for the last x days.

CodePudding user response:

I don't believe this functionality comes out of the box for ServiceAccounts or Users, unfortunately. One way you might be able to check, is by reading the api-server logs and checking if you can find authentication entries for these "subjects" (as they are called in k8s jargon).

Additionally, you can enable audit logging in k8s to be able to detect such activities. But I believe you'll have to parse the logs yourself, through an application to be able to determine which accounts are unused or safe to be deleted.

Page link:https//www.codepudding.com/Mobile/501566.html

Prev:Ansible failed_when statement
Next:nodeSelector doesn't match the target node
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding