Ensure the --audit-log-path argument is set

Error: The --audit-log-path argument is not set

Bridgecrew Policy ID: BC_K8S_67
Checkov Check ID: CKV_K8S_91
Severity: MEDIUM

The --audit-log-path argument is not set

Description

Enable auditing on the Kubernetes API Server and set the desired audit log path.
Auditing the Kubernetes API Server provides a security-relevant chronological set of records documenting the sequence of activities that have affected system by individual users, administrators or other components of the system. Even though currently, Kubernetes provides only basic audit capabilities, it should be enabled. You can enable it by setting an appropriate audit log path.

Fix - Buildtime

Kubernetes

  • Kind: Pod
apiVersion: v1
kind: Pod
metadata:
  creationTimestamp: null
  labels:
    component: kube-apiserver
    tier: control-plane
  name: kube-apiserver
  namespace: kube-system
spec:
  containers:
  - command:
 +  - kube-apiserver
 +  - --audit-log-path=/path/to/log
    image: gcr.io/google_containers/kube-apiserver-amd64:v1.6.0
    ...