It isn’t possible today to dynamically use the Kubernetes Audit Logs to monitor for exec events - managed platforms like AKS/EKS configure this for you, and typically send the logging to their own backends.
However, it should be possible to create ValidatingWebhookConfigurations that respond to exec and debug events. Initially we can take the webhook calls, and emit events onto the pods that they target .. providing an auditing service.
In the future, we should be able to use this to implement a second layer of security beyond the allowedGroups setting.
It isn’t possible today to dynamically use the Kubernetes Audit Logs to monitor for
execevents - managed platforms like AKS/EKS configure this for you, and typically send the logging to their own backends.However, it should be possible to create ValidatingWebhookConfigurations that respond to
execanddebugevents. Initially we can take the webhook calls, and emit events onto the pods that they target .. providing an auditing service.In the future, we should be able to use this to implement a second layer of security beyond the
allowedGroupssetting.