github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-06-29 16:17:32 +00:00
Code Issues Projects Releases Wiki Activity

docs(examples): k8s audit config

Browse Source
This commit is contained in:
Leo Di Donato 2019-05-24 12:13:36 +02:00 committed by Lorenzo Fontana
parent f2adedec2f
commit f3e4d7cce0
1 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
examples/k8s_audit_config/README.md
View File

@ -1,8 +1,9 @@
# Introduction
This page describes how to get K8s Audit Logging working with Falco for either K8s 1.11, using static audit policies/sinks, or 1.13, with dynamic audit policies/sinks using AuditSink objects.
This page describes how to get [Kubernetes Auditing](https://kubernetes.io/docs/tasks/debug-application-cluster/audit) working with Falco.
Either using static audit backends in Kubernetes 1.11, or in Kubernetes 1.13 with dynamic sink which configures webhook backends through an AuditSink API object.
## K8s 1.11 Instructions
## Instructions for Kubernetes 1.11
The main steps are:
@ -56,7 +57,7 @@ $
K8s audit events will then be routed to the falco daemonset within the cluster, which you can observe via `kubectl logs -f $(kubectl get pods -l app=falco-example -o jsonpath={.items[0].metadata.name})`.
## K8s 1.13 Instructions
## Instructions for Kubernetes 1.13
The main steps are: