K
Q

Somehow my deployment was gone, is there any place which tracked the ‘gone/delete’ operation?

6/12/2019

I deployed a deployment nginx in Kubernetes cluster as below. The deployments shows as below:

[root@iZwz97twzbvh62zh76pk8zZ zzx]# k get deployment nginx
NAME    DESIRED   CURRENT   UP-TO-DATE   AVAILABLE   AGE
nginx   2         2         2            1           7s

The deployment template is as below:

apiVersion: apps/v1 # for versions before 1.9.0 use apps/v1beta2
kind: Deployment
metadata:
  name: nginx
spec:
  selector:
    matchLabels:
      app: nginx
  replicas: 2 # tells deployment to run 2 pods matching the template
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
      - name: nginx
        image: nginx:1.17.0
        ports:
        - containerPort: 80

Somehow the deployment nginx was gone, I wonder whether there is any place which tracked the ‘gone/delete’ operation?

-- zzxwill
kubernetes

Similar Questions

ASP.net Core OData serving HTTPS in Kubernetes with a certificate provided by an Ingress
How to run once an openshift job with configmap
Kubernetes pod cannot resolve host?
How to enable HTTPS for Google Kubernetes Engine using Console

1 Answer

6/13/2019

There has to be another audit log, related to the user operation that trigger initially 'delete deployment' action on your Kubernetes cluster.

The audit log you pasted is only a part of this delete operation chain, coming from system component: kubelet, responsible for deleting Pods -> ReplicaSet belonging to your Deployment resource.

So look for audit log containing this piece of information:

  authorizationInfo: [
   0: {
    granted:  true     
    permission:  "io.k8s.extensions.v1beta1.deployments.delete"
    resource:  "extensions/v1beta1/namespaces/default/deployments/nginx"     
   }
 ]
-- Nepomucen
Source: StackOverflow