AuditConfigs

An AuditConfig custom resource (CR) is used to send K10 audit event logs to a cloud object store by using a reference to a Location Profile.

Creating an Audit Config

When creating an AuditConfig, you first need to create a Location Profile that points to a cloud object store.

With a Location Profile already defined, you can now create an Audit Config by executing the following commands:

$ cat <<EOF >>sample-audit-config.yaml
apiVersion: config.kio.kasten.io/v1alpha1
kind: AuditConfig
metadata:
  name: sample-audit-config
  namespace: kasten-io
spec:
  profile:
    name: audit-s3
    namespace: kasten-io
EOF

$ kubectl apply -f sample-audit-config.yaml
auditconfig.config.kio.kasten.io/sample-audit-config created

# Make sure it is initialized and validated properly
$ kubectl get auditconfigs.config.kio.kasten.io --namespace kasten-io -w
NAME                STATUS    AGE
sample-config       Success   5s

The AuditConfig can assume four different statuses:

Status

Meaning

Pending

Created and waiting for Location Profile

UpdateRequested

Audit Config or Location Profile has changed

DeleteRequested

Stop sending logs to this Location Profile

Success

Sending logs to this Location Profile

Updating an Audit Config

To update an AuditConfig, edit the spec portion using your preferred method for submitting resource changes with kubectl.

$ kubectl apply -f sample-audit-config-changed.yaml
auditconfig.config.kio.kasten.io/sample-audit-config configured

Once the change is submitted, K10 will re-validate the audit config and update .status.validation accordingly.

$ kubectl get auditconfigs.config.kio.kasten.io --namespace kasten-io -w
NAME                    STATUS    AGE
sample-audit-config     Success   7s

This action will trigger the extended audit mechanism to update and send logs to the updated Location Profile.

Deleting an Audit Config

You can delete an AuditConfig using the following command:

# Delete audit config "sample-audit-config" for K10 installed in "kasten-io"
$ kubectl delete auditconfigs.config.kio.kasten.io sample-audit-config --namespace kasten-io
auditconfig.config.kio.kasten.io "sample-audit-config" deleted

This action will trigger the extended audit mechanism to stop sending logs to this Location Profile.