Skip to content
hands-on lab

Kubernetes Cluster Auditing

Difficulty: Beginner
Duration: Up to 35 minutes
Students: 64
Start lab
Get guided in a real environmentPractice with a step-by-step scenario in a real, provisioned environment.
Learn and validateUse validations to check your solutions every step of the way.
See resultsTrack your knowledge and monitor your progress.
About
Author

Description

Kubernetes Auditing allows you to track the requests made to the API server in your cluster. This includes activities performed by users, applications, and the control plane. This data consists of chronological records that are stored in an audit log. The specific data captured and stored is defined in the audit policy. The audit log can be used to troubleshoot issues, monitor the cluster, and investigate security incidents.

Learning objectives

Upon completion of this lab, you will be able to:

  • Create an audit policy
  • Enable auditing in the Kubernetes cluster
  • Customize an audit policy
  • Locate and view audit logs

Intended audience

  • Candidates for the Certified Kubernetes Security Specialist (CKS) exam
  • DevOps Engineers
  • Security Practitioners

Prerequisites

Familiarity with the following will be beneficial but is not required:

  • Kubernetes Pods
  • kubectl output formatting

The following content can be used to fulfill the prerequisites:

Updates

June 26th, 2025 - Updated to run Kubernetes 1.33

July 13th, 2024 - Updated cluster to Kubernetes 1.30

Environment before

Environment after

Covered topics

Containers
DevOps
Security
Deployment
Compute
Operating System
Kubernetes
Linux
Hands-on Lab UUID

Lab steps

Connecting to the Kubernetes Cluster
Enabling Kubernetes Cluster Auditing
Customize Audit Policy

Lab Rules