Updated on 2024-11-12 GMT+08:00

Collecting Kubernetes Audit Logs

CCE supports logging for master nodes. On the Kubernetes Events tab, you can select the audit component whose logs to be reported to LTS.

Constraints

  • Huawei Cloud clusters must be of v1.21.7-r0 or later, v1.23.5-r0 or later, or v1.25.
  • There is required LTS resource quota. For details about the default LTS quota, see Basic Resources.

Kubernetes Audit Logs

Table 1 Kubernetes audit logs

Log Type

Component

Log Stream

Description

Control plane audit logs

audit

audit-{{clusterID}}

An audit log is a chronological record of user operations on Kubernetes APIs and control plane activities for security.

Enabling Log Collection for an On-Premises Cluster

Cloud Native Logging is not installed in a cluster.

When installing Cloud Native Logging, you can select control plane audit logs to create a default log collection policy, so that this add-on collects logs and reports them to LTS. For details about the add-on installation, see Log Collection.

Cloud Native Logging has been installed in a cluster.

  1. Access the fleet console. In the navigation pane, choose Container Clusters. Then, click the cluster name to access the cluster console. In the navigation pane, choose Logging.
  2. Click View Log Collection Policies in the upper right corner. All log collection policies reported to LTS in the current cluster are displayed.
  3. Click Create Log Policy and configure parameters as required.

    Policy Template: If no log collection policy is selected during add-on installation or the log collection policy is deleted, you can use this option to create a default log collection policy.

  4. On the Logging page, click the Control Plane Audit Logs tab. Select the log stream configured in the log policy to view the logs reported to LTS.

Enabling Log Collection for a Huawei Cloud Cluster

Enabling log collection during cluster creation

  1. Log in to the CCE console.
  2. Click Buy Cluster from the top menu.
  3. On the Add-on Configuration page, check the box of Enable logging for Control Plane Audit Logs.

Enabling log collection for an existing cluster

  1. Access the fleet console. In the navigation pane, choose Container Clusters. Then, click the cluster name to access the cluster console. In the navigation pane, choose Logging.
  2. Click the Control Plane Audit Logs tab, select the audit component, and click Enable Logging.

Viewing Control Plane Audit Logs

Viewing control plane audit logs on the UCS console

  1. Access the fleet console. In the navigation pane, choose Container Clusters. Then, click the cluster name to access the cluster console. In the navigation pane, choose Logging.
  2. Click the Control Plane Audit Logs tab and select a component for which you want to enable audit logs. For details about operations on LTS, see LTS User Guide.

Viewing control plane audit logs on the TLS console

  1. Log in to the LTS console and choose Log Management.
  2. Query the log group by cluster ID and click the log group name to view the log stream. For details, see LTS User Guide.

Disabling Log Collection of a Huawei Cloud Cluster

  1. Access the fleet console. In the navigation pane, choose Container Clusters. Then, click the cluster name to access the cluster console. In the navigation pane, choose Logging.
  2. Click the Control Plane Audit Logs tab and click Configure Control Plane Audit Logs to modify the log settings.

  3. Deselect audit and click OK.

    After you disable control plane audit logging, logs are no longer written to the original log stream, but the existing logs will not be deleted and expenses may be incurred for this.