Kubernetes Audit with Elasticsearch and Kibana
Audit logs: The key to finding Kubernetes events in an API server
Create a cluster with feature logging (self-hosted Elasticsearch/Kibana) enabled.
Download the audit-dashboard file you need:
for Kibana 5.x (Kublr 1.9 or earlier)
for Kibana 6.x (Kublr 1.10 or newer)
for Centralized logging
Open Kibana (click the link from the cluster’s overview page) and import the file with audit-dashboard:
- Log into Kibana (with user/password from the Kube Config File)
- Navigate Management > Saved Objects
- Click on Import > Select the required file
- The audit-dashboard should be created with a name corresponding to the file name
- Navigate to the Dashboard menu and click on audit-dashboard
Note: If you find import errors, you’ll need to import the dashboard again.