Part of the APISnoop suite of software, AuditLogger’s goal is to recieve Kubernetes API server events and load them into a live APISnoop database running in-cluster.
helm install auditlogger -n apisnoop chart/auditlogger**Helm values**
| Parameter | Description | Default |
|---|---|---|
| replicaCount | Pod replicas | 1 |
| postgresConnectionString | Postgres connection string for SnoopDB | postgres://apisnoop:apisnoop@snoopdb/apisnoop?sslmode=disable |
| auditEventTable | Postgres table to write live audit events to | table.audit_event |
| noDebug | Disable debug logs | false |
| image.repository | The repo where the image lives | gcr.io/apisnoop/auditlogger |
| image.tag | Specifies a tag of from the image to use | nil |
| image.pullPolicy | container pull policy | IfNotPresent |
| imagePullSecrets | References for the registry secrets to pull the container from | [] |
| nameOverride | Expand the name of the chart | "" |
| fullNameOverride | Create a FQDN for the app name | "" |
| podSecurityContext.readOnlyRootFilesystem | Set the rootfs as read-only | true |
| podSecurityContext.runAsUser | The user to run as | 1000 |
| podSecurityContext.runAsGroup | The group to run as | 1000 |
| podSecurityContext.allowPrivilegeEscalation | If the process in the container can become root | false |
| service.type | In way which the app is exposed | ClusterIP |
| service.port | The port to run the app on | 8080 |
| autoscaling.enabled | If the Pods should autoscale | false |
| autoscaling.minReplicas | Minimum amount of Pods | 2 |
| autoscaling.maxReplicas | Maximum amount of Pods | 5 |
| autoscaling.targetCPUUtilizationPercentage | How much resource should be utilized before scaling | 5 |
| annotations | declare annotations for all resources | {} |
| resources.limits.cpu | max amount of CPU | 250m |
| resources.limits.memory | max amount of memory | 40Mi |
| resources.resources.cpu | requested amount of CPU | 250m |
| resources.limits.memory | max amount of memory | 40Mi |
| nodeSelector | delcare the node labels for Pod scheduling | {} |
| tolerations | declare the toleration labels for Pod scheduling | [] |
| affinity | declare the affinity settings for the Pod scheduling | {} |
The cluster must be configured with audit policies and audit policy webhooks enabled, pointing to http://10.96.96.96:9900/events.