I have a GKE cluster that uses a mix of Cloud IAM and cluster RBAC rules for resource access. For granularity, we use RBAC bindings for certain resources on the cluster, but I'm unable to find a place where those events are logged.
How do I see the logs for when cluster RBAC denies a user the permissions to do something? I can only see IAM related logs in Cloud Logging's audit logs. I'd like to know when the cluster itself denies access.
You can check the Kube API logs
kubectl proxy &
curl -s http://localhost:8001/logs/kube-apiserver.log
While GKE logs : https://cloud.google.com/kubernetes-engine/docs/how-to/audit-logging#viewing_logs