kubernetesgoogle-kubernetes-enginerbackubernetes-rbac

Is there a way to see RBAC events for GKE clusters?


I have a GKE cluster that uses a mix of Cloud IAM and cluster RBAC rules for resource access. For granularity, we use RBAC bindings for certain resources on the cluster, but I'm unable to find a place where those events are logged.

How do I see the logs for when cluster RBAC denies a user the permissions to do something? I can only see IAM related logs in Cloud Logging's audit logs. I'd like to know when the cluster itself denies access.


Solution

  • You can check the Kube API logs

    kubectl proxy &
    curl -s http://localhost:8001/logs/kube-apiserver.log
    

    While GKE logs : https://cloud.google.com/kubernetes-engine/docs/how-to/audit-logging#viewing_logs