i created ubuntu machine that will receive the audit log from my cluster. i created config file in order to configure the webhook backend for k8s auditing.
apiVersion: v1
kind: Config
clusters:
- cluster:
server: http://34.68.115.34
name: webcluster
contexts:
- context:
cluster: webcluster
user: ""
name: default-context
current-context: default-context
preferences: {}
users: []i didnt find any option to configure the relevant authentication in case of using https. what is the solution for that?
You can use basic auth for http or certificate for https. When kube api server communicates to the webhook it will present the client certificate to the webhook webserver to authenticate itself. You need to have cacert in your webhook webserver to successfully authenticate kuernetes api server. The same cacert you will need to use to generate the client certificate and add that client cert into the kubeconfig file.
Basic Auth:
apiVersion: v1
kind: Config
preferences: {}
clusters:
- name: example-cluster
cluster:
server: http://10.1.35.4
users:
- name: example-user
user:
username: some-user
password: some-password
contexts:
- name: example-context
context:
cluster: example-cluster
user: example-user
current-context: example-contextCertificate:
apiVersion: v1
kind: Config
preferences: {}
clusters:
- name: example-cluster
cluster:
server: https://10.1.35.4
users:
- name: example-user
user:
client-certificate-data: <redacted>
client-key-data: <redacted>
contexts:
- name: example-context
context:
cluster: example-cluster
user: example-user
current-context: example-context