Kubernetes is an API-driven platform. Every action happens through an API call into the kube API server. Consequently, recording and monitoring API activity is very important. While most deployments end up sending these logs to a remote destination for compliance purposes, these logs are often not easily accessible when needed. Moreover, different roles (platform, network, security) have different requirements, and many may not even have access to the logs.
Some use cases relevant to log analysis are as follows.
Calico Enterprise retains the audit logs for 1 year by default, and helps you in answering the questions above.
Calico Enterprise uses an Elasticsearch operator to deploy an Elasticsearch cluster and a Kibana instance. The Elasticsearch cluster is used to store audit logs according to specified retention settings to ensure the cluster does not run out of disk space. Elasticsearch and Kibana are integrated and managed as part of the Calico Enterprise lifecycle. By default, the audit logs and reports are stored for 1 year.
Calico policy logs are stored in elasticsearch database. These are generated offline and so do not impact the Calico data path performance. Also the low volume means upto 1 year of logs is stored by default.
Log collection is a straightforward configuration, with retention and filtering options. Hence we recommend that it should be part of your install activities. After you have configured the audit logs, you can visualize those in the kibana dashboard. Calico Enterprise offers 3 features on top of audit logs.
The following diagram shows the snapshot of reports being generated on an hourly basis. These reports are instances of a kubernetes object (GlobalReports CRD), and so can be access controlled using kubernetes RBAC in a multi-tenant deployment.
Audit logs for Calico policy are enabled by default. As an important first step, you must enable Kubernetes audit logs for pods and namespaces. Use YAML interface to configure compliance reports and global alerts. For results, use the following:
Click on the links below to learn more about Calico Enterprise Audit Logs
Get updates on blog posts, new releases and more!