K
Q

export K8S logs in managed cluster

2/3/2020

in unmanaged cluster in order to export the k8s audit log we can use the AuditSink object and redirect the logs to any webhook we would like to . in order to do so we should changed the API server. in managed cluster the API server is not accessible - is there any way to send the data to webhook as well? if you can add an example it will be great since i saw the sub/pub option of GCP for example and it seems that i cant use my webhook

-- inza
audit
kubernetes

Similar Questions

kubectl diff fails on AKS
services “kubernetes-dashboard” not found when accessing kubernetes UI interface
Cross cluster communication in Kubernetes
Teamcity pass kubernetes service account key with configuration parameter not working

1 Answer

2/3/2020

Within a managed GKE cluster, the audit logs are sent to Stackdriver Logging. At this time, there is no way to send the logs directly from GKE to a webhook; however, there is a workaround.

You can export the GKE Audit logs from Stackdriver Logging to Pub/Sub using a log sink. You will need to define which GKE Audit logs you will like to export to Pub/Sub.

Once the logs are exported to Pub/Sub, you will then be able to push them from Pub/Sub using your webhook. Cloud Pub/Sub is highly programmable and you can control the data you exchange. Please take a look at this link for an example about webhooks in Cloud Pub/Sub.

-- Gustavo
Source: StackOverflow