< img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=3131724&fmt=gif" />
  1. Documentation / 
  2. v3.4 / 
  3. Enable Pluggable Components / 
  4. Kube AI Hub Audit Logs

Documentation

Last updated:
    Edit

    Kube AI Hub Audit Logs

    The Kube AI Hub Auditing Log System provides a security-relevant chronological set of records documenting the sequence of activities related to individual users, managers, or other components of the system. Each request to Kube AI Hub generates an event that is then written to a webhook and processed according to a certain rule.

    For more information, see Auditing Log Query.

    Enable Auditing Logs Before Installation

    Installing on Linux

    When you implement multi-node installation Kube AI Hub on Linux, you need to create a configuration file, which lists all Kube AI Hub components.

    1. In the tutorial of Installing Kube AI Hub on Linux, you create a default file config-sample.yaml. Modify the file by executing the following command:

      vi config-sample.yaml

      Note

      If you adopt All-in-One Installation, you do not need to create a config-sample.yaml file as you can create a cluster directly. Generally, the all-in-one mode is for users who are new to Kube AI Hub and look to get familiar with the system. If you want to enable Auditing in this mode (for example, for testing purposes), refer to the following section to see how Auditing can be installed after installation.

    2. In this file, navigate to auditing and change false to true for enabled. Save the file after you finish.

      auditing:
  enabled: true # Change "false" to "true".

      Note

      By default, KubeKey will install Elasticsearch internally if Auditing is enabled. For a production environment, it is highly recommended that you set the following values in config-sample.yaml if you want to enable Auditing, especially externalElasticsearchHost and externalElasticsearchPort. Once you provide the following information before installation, KubeKey will integrate your external Elasticsearch directly instead of installing an internal one.
      es:  # Storage backend for logging, tracing, events and auditing.
  elasticsearchMasterReplicas: 1   # The total number of master nodes. Even numbers are not allowed.
  elasticsearchDataReplicas: 1     # The total number of data nodes.
  elasticsearchMasterVolumeSize: 4Gi   # The volume size of Elasticsearch master nodes.
  elasticsearchDataVolumeSize: 20Gi    # The volume size of Elasticsearch data nodes.
  logMaxAge: 7                     # Log retention day in built-in Elasticsearch. It is 7 days by default.
  elkPrefix: logstash              # The string making up index names. The index name will be formatted as ks-<elk_prefix>-log.
  externalElasticsearchHost: # The Host of external Elasticsearch.
  externalElasticsearchPort: # The port of external Elasticsearch.

    3. Create a cluster using the configuration file:

      ./kk create cluster -f config-sample.yaml

    Installing on Kubernetes

    As you install Kube AI Hub on Kubernetes, you can enable Kube AI Hub Auditing first in the cluster-configuration.yaml file.

    1. Download the file cluster-configuration.yaml and edit it.

      vi cluster-configuration.yaml

    2. In this local cluster-configuration.yaml file, navigate to auditing and enable Auditing by changing false to true for enabled. Save the file after you finish.

      auditing:
  enabled: true # Change "false" to "true".

      Note

      By default, ks-installer will install Elasticsearch internally if Auditing is enabled. For a production environment, it is highly recommended that you set the following values in cluster-configuration.yaml if you want to enable Auditing, especially externalElasticsearchHost and externalElasticsearchPort. Once you provide the following information before installation, ks-installer will integrate your external Elasticsearch directly instead of installing an internal one.
      es:  # Storage backend for logging, tracing, events and auditing.
  elasticsearchMasterReplicas: 1   # The total number of master nodes. Even numbers are not allowed.
  elasticsearchDataReplicas: 1     # The total number of data nodes.
  elasticsearchMasterVolumeSize: 4Gi   # The volume size of Elasticsearch master nodes.
  elasticsearchDataVolumeSize: 20Gi    # The volume size of Elasticsearch data nodes.
  logMaxAge: 7                     # Log retention day in built-in Elasticsearch. It is 7 days by default.
  elkPrefix: logstash              # The string making up index names. The index name will be formatted as ks-<elk_prefix>-log.
  externalElasticsearchHost: # The Host of external Elasticsearch.
  externalElasticsearchPort: # The port of external Elasticsearch.

    3. Execute the following commands to start installation:

      kubectl apply -f https://github.com/kubesphere/ks-installer/releases/download/v3.4.1/kubesphere-installer.yaml

kubectl apply -f cluster-configuration.yaml

    Enable Auditing Logs After Installation

    1. Log in to the console as admin. Click Platform in the upper-left corner and select Cluster Management.

    2. Click CRDs and enter clusterconfiguration in the search bar. Click the result to view its detail page.

      Info

      A Custom Resource Definition (CRD) allows users to create a new type of resources without adding another API server. They can use these resources like any other native Kubernetes objects.

    3. In Custom Resources, click on the right of ks-installer and select Edit YAML.

    4. In this YAML file, navigate to auditing and change false to true for enabled. After you finish, click OK in the lower-right corner to save the configuration.

      auditing:
  enabled: true # Change "false" to "true".

      Note

      By default, Elasticsearch will be installed internally if Auditing is enabled. For a production environment, it is highly recommended that you set the following values in this yaml file if you want to enable Auditing, especially externalElasticsearchHost and externalElasticsearchPort. Once you provide the following information, Kube AI Hub will integrate your external Elasticsearch directly instead of installing an internal one.
      es:  # Storage backend for logging, tracing, events and auditing.
  elasticsearchMasterReplicas: 1   # The total number of master nodes. Even numbers are not allowed.
  elasticsearchDataReplicas: 1     # The total number of data nodes.
  elasticsearchMasterVolumeSize: 4Gi   # The volume size of Elasticsearch master nodes.
  elasticsearchDataVolumeSize: 20Gi    # The volume size of Elasticsearch data nodes.
  logMaxAge: 7                     # Log retention day in built-in Elasticsearch. It is 7 days by default.
  elkPrefix: logstash              # The string making up index names. The index name will be formatted as ks-<elk_prefix>-log.
  externalElasticsearchHost: # The Host of external Elasticsearch.
  externalElasticsearchPort: # The port of external Elasticsearch.

    5. You can use the web kubectl to check the installation process by executing the following command:

      kubectl logs -n kubesphere-system $(kubectl get pod -n kubesphere-system -l 'app in (ks-install, ks-installer)' -o jsonpath='{.items[0].metadata.name}') -f

      Note

      You can find the web kubectl tool by clicking in the lower-right corner of the console.

    Verify the Installation of the Component

      Verify that you can use the Audit Log Search function from the Toolbox in the lower-right corner.

      Execute the following command to check the status of Pods:

      kubectl get pod -n kubesphere-logging-system

      The output may look as follows if the component runs successfully:

      NAME                                                              READY   STATUS      RESTARTS   AGE
elasticsearch-logging-curator-elasticsearch-curator-159872n9g9g   0/1     Completed   0          2d10h
elasticsearch-logging-curator-elasticsearch-curator-159880tzb7x   0/1     Completed   0          34h
elasticsearch-logging-curator-elasticsearch-curator-1598898q8w7   0/1     Completed   0          10h
elasticsearch-logging-data-0                                      1/1     Running     1          2d20h
elasticsearch-logging-data-1                                      1/1     Running     1          2d20h
elasticsearch-logging-discovery-0                                 1/1     Running     1          2d20h
fluent-bit-6v5fs                                                  1/1     Running     1          2d20h
fluentbit-operator-5bf7687b88-44mhq                               1/1     Running     1          2d20h
kube-auditing-operator-7574bd6f96-p4jvv                           1/1     Running     1          2d20h
kube-auditing-webhook-deploy-6dfb46bb6c-hkhmx                     1/1     Running     1          2d20h
kube-auditing-webhook-deploy-6dfb46bb6c-jp77q                     1/1     Running     1          2d20h
      Previous : Kube AI Hub Alerting
      What’s on this Page