Auditing K10
Independent of whether the dashboard, CLI, or API is used to access K10, the usage translates into native Kubernetes API calls. K10 usage can therefore be transparently audited using the Kubernetes Auditing feature without requiring any additional changes. When viewing auditing logs, there are two things to be aware of:
Authentication Mode
For correct user attribution, we depend on K10 to be set up with OIDC or token-based authentication.
OIDC: When OIDC is enabled, Kubernetes user impersonation will be used based on the email address extracted from the provided OIDC token.
Token-based Authentication: When token-based authentication is enabled, the token is used directly for making API calls.
Request Attribution
Note that there are two callers of K10 and Kubernetes APIs in the K10 system. Actions triggered by the dashboard, CLI, or API will be attributed to the user that initiated them. Other system actions (e.g., validation of a Profile or Policy) will be attributed to the K10 Service Account (SA).