AuditConfigs
An AuditConfig
custom resource (CR) is used to send K10 audit event logs
to a cloud object store by using a reference to a
Location Profile.
Creating an Audit Config
When creating an AuditConfig
, you first need to
create a Location Profile that points to a cloud
object store.
With a Location Profile already defined, you can now create an Audit Config by executing the following commands:
$ cat <<EOF >>sample-audit-config.yaml
apiVersion: config.kio.kasten.io/v1alpha1
kind: AuditConfig
metadata:
name: sample-audit-config
namespace: kasten-io
spec:
profile:
name: audit-s3
namespace: kasten-io
EOF
$ kubectl apply -f sample-audit-config.yaml
auditconfig.config.kio.kasten.io/sample-audit-config created
# Make sure it is initialized and validated properly
$ kubectl get auditconfigs.config.kio.kasten.io --namespace kasten-io -w
NAME STATUS AGE
sample-config Success 5s
The AuditConfig
can assume four different statuses:
Status |
Meaning |
---|---|
Pending |
Created and waiting for Location Profile |
UpdateRequested |
Audit Config or Location Profile has changed |
DeleteRequested |
Stop sending logs to this Location Profile |
Success |
Sending logs to this Location Profile |
Updating an Audit Config
To update an AuditConfig
, edit the spec
portion using your preferred
method for submitting resource changes with kubectl
.
$ kubectl apply -f sample-audit-config-changed.yaml
auditconfig.config.kio.kasten.io/sample-audit-config configured
Once the change is submitted, K10 will re-validate the audit config and update
.status.validation
accordingly.
$ kubectl get auditconfigs.config.kio.kasten.io --namespace kasten-io -w
NAME STATUS AGE
sample-audit-config Success 7s
This action will trigger the extended audit mechanism to update and send logs to the updated Location Profile.
Deleting an Audit Config
You can delete an AuditConfig
using the following command:
# Delete audit config "sample-audit-config" for K10 installed in "kasten-io"
$ kubectl delete auditconfigs.config.kio.kasten.io sample-audit-config --namespace kasten-io
auditconfig.config.kio.kasten.io "sample-audit-config" deleted
This action will trigger the extended audit mechanism to stop sending logs to this Location Profile.