Audit logs ensures your Kubernetes remain secure and away from unauthorized access. It includes the requested URL path, the HTTP method, and the user information sending the request.

Kubernetes audit logs are turned off by default. The default settings allow users to store Kubernetes events in the backend database for up to one hour. But it can be insufficient when you are looking to track unauthorized access.

The kube-apiserver is responsible for auditing a Kubernetes cluster. So whenever a request creates a namespace, it is sent over to it for logging and auditing.

It means that by integrating Kubernetes audit logs, you can figure out the answers to the following –

What happened?

Who did it?

When did it happen?

What was the location of such an occurrence?

Monitoring refers to logging the data related to a system’s resource consumption and performance output. In the case of Kubernetes, monitoring aims to ensure that your clusters are performing to the best of their capacities and the end-users are facing a smooth experience while using your product.

Monitoring the components in the K8s control plane is important to keep resource consumption under control. The control plane is the core of K8s, these components keep the system running and so are vital to correct K8s operations. Kubernetes API, kubelet, etcd, controller-manager, kube-proxy and kube-dns make up the control plane.

Control plane components can output metrics in a format that can be used by Prometheus, the most common K8s monitoring tool.