I'm trying to setup alerting for failed login attempts to Kubernetes master on Google Container Engine. As we know master in managed by Google, so the only way to get logs is to fetch them from api.
So i've got an access to Kubernetes api using kubectl proxy and then tried to access /logs/kube-apiserver-audit.log. It turns out this file is empty despite the fact that /logs/kube-apiserver.log is filling up with apiserver logs.
So is there any other way to fetch the audit logs from Google Container Engine cluster? Or maybe i should enable audit log somehow?
Currently there's no way to export those logs. The only log available for the API server on GKE is /logs/kube-apiserver.log as you mentioned.
I would expect this to come in a feature release soon (there's enough of us asking about it)