Audit Policy
It is a policy which allows events to to logged/recorded in the way we want.
The granularity can be defined in the policy definition for various resource types and could be namespaced as well.
Each event can be classified into the following stages:
- RequestRecieved
- ResponseStarted
- ResponseComplete
- Panic
Now each stage can be associated with an Audit Level like:
- None
- Metadata
- Request
- RequestResponse
In the policy definition file, we would define a set of rules consisting of a
- level : One of the above audit levels
resources:
- groups: "" - this defines the core API group.
resources: ["endpoints", "services"]
Audit level information can be either stored in a Log Backend or sent to a WebHook backend.
Log backends could be as simple as hostPath to the API-Server Pod as a volumeMount.
WebHook backend configuration can be set in the apiserver by passing relevant flags to it.