Containers-roadmap: EKS Control Plane Logs

Created on 6 Dec 2018  路  19Comments  路  Source: aws/containers-roadmap

View Kubernetes API Server and Audit Logs in your account.

EKS
Source
picture pauncejones
👍211

Most helpful comment

Just shipped! You can now send Kubernetes control plane logs from your EKS clusters to CloudWatch Logs.

picture tabern on 5 Apr 2019
🎉17 🚀9 👍98 👀1

All 19 comments

Would this include apiserver audit logs?

swestcott picture swestcott on 12 Dec 2018
👍16

Would be nice to be able to push the logs into an Elasticsearch service running on aws.

brynmathias picture brynmathias on 12 Dec 2018
👍8

If it goes to cloudwatch it would be more flexible than elasticsearch - would also follow the ECS pattern.

jesse-peters picture jesse-peters on 12 Dec 2018
👍13 👎1

Is this going to include other control plane components such scheduler, kubelet and controller-manager? Also interested in logs from iam authenticator pod for auditing purposes.

vijaykatam picture vijaykatam on 4 Jan 2019
👍22

Is there an ETA for this feature?

tiffanycitra picture tiffanycitra on 18 Feb 2019

@tiffanycitra
From the README:

A: Because job zero is security and operational stability, we can't provide specific target dates for features.

However given this has just moved to Coming Soon, that's a good sign! 馃槄

tdmalone picture tdmalone on 22 Feb 2019
👍4

+1

sankareds picture sankareds on 11 Mar 2019
👎2 👀11

How is it supposed to be PCI compliant if I can't get an audit log (k8s events / api logs)

max-lobur picture max-lobur on 3 Apr 2019
👍4

Our migration to EKS has come to a halt due to this. From security and audit perspective i have no way to know who did what. So this has become a blocker for us.

pc-rshetty picture pc-rshetty on 3 Apr 2019
👍2

Just shipped! You can now send Kubernetes control plane logs from your EKS clusters to CloudWatch Logs.

tabern picture tabern on 5 Apr 2019
🎉17 🚀9 👍98 👀1

Super awesome! Thanks to everyone involved!

nickschuch picture nickschuch on 5 Apr 2019
🎉1

thank you very much AWS EKS team

pc-rshetty picture pc-rshetty on 5 Apr 2019
🎉1

Thank you for this!

bnutt picture bnutt on 5 Apr 2019
🎉1

Can you enable this with cloudformation yet? The API yes: https://docs.aws.amazon.com/eks/latest/APIReference/API_CreateCluster.html

StevenACoffman picture StevenACoffman on 8 Apr 2019

@pc-rshetty so happy to hear that this unblocked you!
@StevenACoffman - yes. I've opened https://github.com/aws/containers-roadmap/issues/242 to track this.

tabern picture tabern on 8 Apr 2019
👍1

Side note, this isn't available within troposphere yet. I already opened a ticket there.

See (or vote) - https://github.com/cloudtools/troposphere/issues/1362

rtkgjacobs picture rtkgjacobs on 8 Apr 2019

@tabern yeah our Security and compliance had refused to let us migrate if this was not in place. so thank you very much. We moved couple into EKS but to move all existing production workload we need it to be fool proof.

pc-rshetty picture pc-rshetty on 8 Apr 2019
🎉1

Today i saw on our prod cloudwatch(we did not configure master logs yet) that kube-controller-manager, authenticator, kube-apiserver-audit logs showingup. I haven't researched on it yet but is it due to this new feature(some kind of default )

pc-rshetty picture pc-rshetty on 9 Apr 2019

ok sorry , i just checked our devops went superfast and enabled it :) so that explains why we see the logs now.

pc-rshetty picture pc-rshetty on 9 Apr 2019
Was this page helpful?
0 / 5 - 0 ratings

Related issues

ORESoftware picture ORESoftware  路  3Comments
clareliguori picture clareliguori  路  3Comments
sarath9985 picture sarath9985  路  3Comments
tabern picture tabern  路  3Comments
MartinDevillers picture MartinDevillers  路  3Comments