Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use kube-audit-admin instead of kube-audit #2450

Open
BernieWhite opened this issue Sep 29, 2023 · 0 comments
Open

Use kube-audit-admin instead of kube-audit #2450

BernieWhite opened this issue Sep 29, 2023 · 0 comments
Labels
good first issue Good for newcomers help wanted Extra attention is needed pillar: cost-optimization Aligned to the Cost Optimization pillar. rule: azure-kubernetes-service Rules for Azure Kubernetes Service

Comments

@BernieWhite
Copy link
Collaborator

BernieWhite commented Sep 29, 2023
edited

Existing rule

None

Suggested rule

Create a new rule Azure.AKS.AuditAdmin to flag when the kube-audit log is collected with diagnostic settings.

When kube-audit is enabled, this can significantly increase cost for monitoring AKS clusters.

Instead enable collection for kube-audit-admin, which excludes the get and list audit events, but includes changes.

Pillar

Cost Optimization

Additional context

Related to #2249
@BernieWhite BernieWhite added rule: azure-kubernetes-service Rules for Azure Kubernetes Service pillar: cost-optimization Aligned to the Cost Optimization pillar. labels Sep 29, 2023
@BernieWhite BernieWhite added help wanted Extra attention is needed good first issue Good for newcomers labels Nov 9, 2023
@BernieWhite BernieWhite added good first issue Good for newcomers and removed good first issue Good for newcomers labels May 20, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
good first issue Good for newcomers help wanted Extra attention is needed pillar: cost-optimization Aligned to the Cost Optimization pillar. rule: azure-kubernetes-service Rules for Azure Kubernetes Service
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@BernieWhite