Install Kubernetes Audit Logging
The integration allows auditing of:
- Creation and destruction of pods, services, deployments, and daemon sets
- Creating/updating/removing config maps or secrets
- Attempts to subscribe to changes to any endpoint
To enable the Kubernetes Audit Logging feature, use the admission-controller chart. The admission controller is in the process of being deprecated and replaced, however the Kubernetes Audit Logging feature is still supported.
Prerequisites
Recommended: Set up a service account with minimal priviledge, such as a
Standard
role.Or: Use a custom role with the following permissions for Sysdig Secure:
Deployment
Recommended: Replace
helm install
withhelm upgrade --install
.To enable Kubernetes audit logging in your existing Sysdig Secure Helm install command, add the following flags:
--set admissionController.sysdig.secureAPIToken=<my key> --set admissionController.enabled=true \ --set admissionController.features.k8sAuditDetections=true \ --set scanner.enabled=false
For additional configuration options, including on-premises, using a proxy etc., see the admission-controller readme.
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.