Is it possible to log individual shell commands executed after login to pod via kubectl exec? If auditing shell commands is possible, how to configure kubernetes auditing for that?
Auditing of Shell commands executed via kubectl exec [closed]
Asked Answered
Your question is too abroad for a single post, please read the stackoverflow.com/help/on-topic and correct it. –
Naturism
Edited the question to make it crisp. Can someone take this question? –
Satisfactory
Your question is still hard to answer because it's not going in the direction of best practices. Usually logs are for system events/errors, in order to monitor a shell you'd have to configure like you would configure a linux for that. But this does not apply to every case. Add to the question your current state and what you plan to achieve. –
Naturism
Using Kubernetes auditing, there are some limitations and considerations as Kubernetes does not natively log the actual commands run inside the pod after login. Instead, Kubernetes auditing can log the fact that a kubectl exec command was issued, but the exact shell commands executed within the session would not be logged by Kubernetes itself.
A way to achieve this would be to create sidecar containers for each pod that monitors executed commands and logs them. You can combine this with the use of auditd inside the container.
© 2022 - 2024 — McMap. All rights reserved.