{"id":73,"date":"2021-11-28T19:35:00","date_gmt":"2021-11-28T19:35:00","guid":{"rendered":"http:\/\/blog.firatyasar.com\/?p=73"},"modified":"2022-03-28T19:48:15","modified_gmt":"2022-03-28T19:48:15","slug":"kubernetes-audit-logs","status":"publish","type":"post","link":"https:\/\/blog.firatyasar.com\/?p=73","title":{"rendered":"Kubernetes Audit Logs"},"content":{"rendered":"\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" width=\"846\" height=\"494\" src=\"\/wp-content\/uploads\/2022\/03\/image-2.png\" alt=\"\" class=\"wp-image-74\" srcset=\"\/wp-content\/uploads\/2022\/03\/image-2.png 846w, \/wp-content\/uploads\/2022\/03\/image-2-300x175.png 300w, \/wp-content\/uploads\/2022\/03\/image-2-768x448.png 768w, \/wp-content\/uploads\/2022\/03\/image-2-660x385.png 660w\" sizes=\"(max-width: 846px) 100vw, 846px\" \/><\/figure>\n\n\n\n<p>Kubernetes mimarisindeki resource&#8217;lar \u00fczerinde audit log&#8217;lar\u0131 kolayl\u0131kla etkinle\u015ftirilebilir. \u00d6zellikle onpremise ortamda kurulan yal\u0131n Kubernetes cluster&#8217;lar\u0131 \u00fczerinde bu konfig\u00fcrasyonlar\u0131n yap\u0131lmas\u0131 tavsiye edilir.<\/p>\n\n\n\n<p>Audit log&#8217;lar\u0131 Kubernetes \u00fczerinde etkinle\u015ftirmek i\u00e7in a\u015fa\u011f\u0131daki ad\u0131mlar s\u0131ras\u0131yla uygulanmal\u0131d\u0131r.<\/p>\n\n\n\n<p>\u00d6ncelikle <strong>\/etc\/kubernetes<\/strong>\/ dizininde prod-audit.yaml isimli policy definition file&#8217;\u0131n\u0131 olu\u015ftural\u0131m.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>kind: Policy\nrules:\n- level: Metadata\n  namespaces: &#91;\"prod\"]\n  verbs: &#91;\"delete\"]\n  resources:\n  - group: \"\"\n    resources: &#91;\"secrets\"]<\/code><\/pre>\n\n\n\n<p>Ard\u0131ndan kubeapi-server manifesti \u00fczerinde a\u015fa\u011f\u0131daki konfig\u00fcrasyonlar\u0131 ekleyelim:<\/p>\n\n\n\n<p>\u00d6ncelikle policy dosyas\u0131,log lokasyonu ve log&#8217;lar\u0131n tutulma s\u00fcresine ili\u015fkin config&#8217;leri ekleyelim.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code> - --audit-policy-file=\/etc\/kubernetes\/prod-audit.yaml\n - --audit-log-path=\/var\/log\/prod-secrets.log\n - --audit-log-maxage=30<\/code><\/pre>\n\n\n\n<p>Ayn\u0131 definition file \u00fczerine policy lokasyonu ve log-path&#8217;ini i\u00e7eren volume ve volume mount konfig\u00fcrasyonlar\u0131n\u0131 yapal\u0131m.<\/p>\n\n\n\n<p>Volume konfig\u00fcrasyonlar\u0131:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>  - name: audit\n    hostPath:\n      path: \/etc\/kubernetes\/prod-audit.yaml\n      type: File\n\n  - name: audit-log\n    hostPath:\n      path: \/var\/log\/prod-secrets.log\n      type: FileOrCreate<\/code><\/pre>\n\n\n\n<p>Volume Mount konfig\u00fcrasyonlar\u0131:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>  - mountPath: \/etc\/kubernetes\/prod-audit.yaml\n    name: audit\n    readOnly: true\n  - mountPath: \/var\/log\/prod-secrets.log\n    name: audit-log\n    readOnly: false<\/code><\/pre>\n\n\n\n<p>Bu i\u015flemlerin ard\u0131ndan kubeapi-server manifesti \u00fczerinde yap\u0131lan de\u011fi\u015fiklikleri kaydedip, kube-apiserver&#8217;\u0131 yeniden ba\u015flatman\u0131z yeterli olacakt\u0131r. Art\u0131k kubeapi-server&#8217;\u0131n\u0131z t\u00fcm audit i\u015flemlerini belirtilen lokasyona loglay\u0131p 30 g\u00fcn burada tutacakt\u0131r.<\/p>\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Kubernetes mimarisindeki resource&#8217;lar \u00fczerinde audit log&#8217;lar\u0131 kolayl\u0131kla etkinle\u015ftirilebilir. \u00d6zellikle onpremise ortamda kurulan yal\u0131n Kubernetes cluster&#8217;lar\u0131 \u00fczerinde bu konfig\u00fcrasyonlar\u0131n yap\u0131lmas\u0131 tavsiye edilir. Audit log&#8217;lar\u0131 Kubernetes \u00fczerinde etkinle\u015ftirmek i\u00e7in a\u015fa\u011f\u0131daki ad\u0131mlar s\u0131ras\u0131yla uygulanmal\u0131d\u0131r. \u00d6ncelikle \/etc\/kubernetes\/ dizininde prod-audit.yaml isimli policy definition file&#8217;\u0131n\u0131 olu\u015ftural\u0131m. Ard\u0131ndan kubeapi-server manifesti \u00fczerinde a\u015fa\u011f\u0131daki konfig\u00fcrasyonlar\u0131 ekleyelim: \u00d6ncelikle policy dosyas\u0131,log lokasyonu ve log&#8217;lar\u0131n tutulma s\u00fcresine\u2026 <span class=\"read-more\"><a href=\"https:\/\/blog.firatyasar.com\/?p=73\">Read More &raquo;<\/a><\/span><\/p>\n","protected":false},"author":1,"featured_media":74,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[1],"tags":[35,33,34,8,32],"_links":{"self":[{"href":"https:\/\/blog.firatyasar.com\/index.php?rest_route=\/wp\/v2\/posts\/73"}],"collection":[{"href":"https:\/\/blog.firatyasar.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.firatyasar.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.firatyasar.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.firatyasar.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=73"}],"version-history":[{"count":1,"href":"https:\/\/blog.firatyasar.com\/index.php?rest_route=\/wp\/v2\/posts\/73\/revisions"}],"predecessor-version":[{"id":75,"href":"https:\/\/blog.firatyasar.com\/index.php?rest_route=\/wp\/v2\/posts\/73\/revisions\/75"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blog.firatyasar.com\/index.php?rest_route=\/wp\/v2\/media\/74"}],"wp:attachment":[{"href":"https:\/\/blog.firatyasar.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=73"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.firatyasar.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=73"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.firatyasar.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=73"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}