1 Antwort
- Neueste
- Die meisten Stimmen
- Die meisten Kommentare
2
Hello,
You can only use control plane audit logs to track which user ran a particular kubectl
command. Use CloudWatch Logs Insights to query through the EKS control plane log data.
The example query below will retrieve all the Kubernetes operations performed by user in your cluster.
fields @timestamp, user.username as user, verb as action, objectRef.name as object
| filter @logStream like /^kube-apiserver-audit/
| filter user.username not like 'system:'
| filter user.username not like 'eks:'
| filter verb not like 'watch'
| filter verb not like 'list'
| sort @timestamp desc
For example you can query all the activity performed by username1:
fields @logStream, @timestamp, @message
| filter @logStream like /^kube-apiserver-audit/
| filter strcontains(user.username,"username1")
| sort @timestamp desc
| limit 50
To view the logs in Amazon CloudWatch Logs, you must turn on Amazon EKS control plane logging. You can find EKS control plane logs in the /aws/eks/cluster-name/cluster log group.
References
beantwortet vor einem Jahr
Relevanter Inhalt
- AWS OFFICIALAktualisiert vor 3 Jahren
- AWS OFFICIALAktualisiert vor einem Jahr
- AWS OFFICIALAktualisiert vor einem Jahr
- Wie stelle ich externen Zugriff auf mehrere Kubernetes-Services in meinem Amazon EKS-Cluster bereit?AWS OFFICIALAktualisiert vor 2 Jahren
That worked excellent only thing is you should choose the time ranges too properly Thanks