So there's this page about auditing-logs and I'm very confused about:
The k8s.io service is used for Kubernetes audit logs. These logs are generated by the Kubernetes API Server component and they contain information about actions performed using the Kubernetes API. For example, any changes you make on a Kubernetes resource by using the kubectl command are recorded by the k8s.io service. For more information, see Auditing in the Kubernetes documentation.
The container.googleapis.com service is used for GKE control plane audit logs. These logs are generated by the GKE internal components and they contain information about actions performed using the GKE API. For example, any changes you perform on a GKE cluster configuration using a gcloud command are recorded by the container.googleapis.com service.
which one shall I pick to get:
/var/log/kube-apiserver.log- API Server, responsible for serving the API/var/log/kube-controller-manager.log- Controller that manages replication controllers
or these are all similar to EKS where audit logs means a separate thing ?
Audit (audit) – Kubernetes audit logs provide a record of the individual users, administrators, or system components that have affected your cluster. For more information, see Auditing in the Kubernetes documentation.
3条答案
按热度按时间w9apscun1#
如果集群仍然存在,您应该能够在GKE上执行以下操作
AFAIK,无法获取已删除群集的服务器日志。
yv5phkfx2#
你不能。GKE不提供它们。审计日志是不同的,那些是API操作的记录。
6gpjuf903#
Logs for GKE control-plane components are available since November 29, 2022 for clusters with versions 1.22.0 and later.
You simply need to activate it on the clusters. Either via CLI:
or in web-console under "Features -> Cloud Logging" (as usual). See documentation .
Note the notes in the solutions documentation, especially about reaching the
logging.googleapis.com/write_requestsquota ( quick link ).