Container Audit Overview
What Is Container Audit?
Keep track of the operations and activities in your container clusters, gaining insight into every phase of the container lifecycle, including creating, starting, stopping, and destroying containers; as well as the communication and transmission between containers. Find and handle security problems through audit and analysis in a timely manner, ensuring the security and stability of container clusters.
Audit Objects
- Cluster container: Kubernetes audit logs, Kubernetes events, container logs, and container commands
- Independent container: container logs and container commands
- SWR image repository: image repository logs
Scenario
If an abnormal operation or activity occurs in the container environment, you can analyze container audit logs to locate the occurrence time, track the event, and work out a solution.
Description
To enable container audit, the following conditions must be met:
- The cluster container or independent container has been connected to HSS, and is protected by the container edition.
For more information, see Installing an Agent in a Cluster and Enabling Container Protection.
- Meet the prerequisites for certain audit objects, as shown in Table 1.
Table 1 Audit prerequisites Object
Audit Object
Audit Prerequisite
User-built or third-party cloud cluster
Kubernetes audit logs
- Enable the cluster intrusion detection policy.
For details, see Configuring Policies.
- Enable API server audit.
For details, see Enabling the API Server Audit Function.
Huawei Cloud CCE clusters
Kubernetes audit logs
On the CCE console, enable the collection of Kubernetes events, Kubernetes audit logs, and container logs. For details, see Configuring CCE Logs.
Kubernetes audit events
Container logs
SWR private image repository
Image repository logs
You have used SWR and granted the operation permission (CTSOperatePolicy) for HSS. For details, see Authorization.
- Enable the cluster intrusion detection policy.
After container audit is enabled, operation and activity logs in the cluster are recorded on the HSS console. For details about how to view audit logs, see Viewing Container Audit Logs.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot