Skip to content

Compliance & Auditing

🎯 Learning Objectives

  • Implement audit logging
  • Understand compliance frameworks
  • Learn security scanning and policies
  • Master compliance reporting
  • Troubleshoot audit and compliance issues

Compliance and auditing are essential for enterprise deployments. Understanding audit logging, compliance frameworks, and security scanning ensures regulatory compliance.

Compliance Requirements

Different industries have different requirements (HIPAA, PCI-DSS, SOC 2). Understand your compliance needs.

Audit Logs

Audit logs are critical for security investigations. Ensure proper retention and protection.

Audit Logging

Audit Policy

# /etc/kubernetes/audit-policy.yaml
apiVersion: audit.k8s.io/v1
kind: Policy
rules:
- level: Metadata
  namespaces: ["kube-system"]
- level: RequestResponse
  verbs: ["create", "update", "patch", "delete"]
  resources:
  - group: ""
    resources: ["secrets", "configmaps"]
- level: Request
  verbs: ["get", "list", "watch"]
  resources:
  - group: ""
    resources: ["pods", "services"]

Audit Levels

  • None: Don't log
  • Metadata: Log metadata only
  • Request: Log request and response metadata
  • RequestResponse: Log full request and response

Enabling Audit Logging

# API server flags
--audit-log-path=/var/log/kubernetes/audit.log
--audit-policy-file=/etc/kubernetes/audit-policy.yaml
--audit-log-maxage=30
--audit-log-maxbackup=10
--audit-log-maxsize=100

Audit Log Management

Rotate audit logs regularly. Consider forwarding to centralized logging system.

Compliance Frameworks

CIS Kubernetes Benchmark

The CIS Kubernetes Benchmark provides security best practices.

Key Areas: - Control plane components - etcd configuration - Worker node configuration - Policies - Networking

CIS Compliance

Use tools like kube-bench to check CIS compliance.

Security Scanning

# Scan images for vulnerabilities
trivy image nginx:latest

# Scan cluster configuration
kube-score score deployment.yaml

# Check RBAC permissions
kubectl-who-can create pods

Vulnerability Management

Regularly scan images and cluster configuration for vulnerabilities. Patch promptly.

Best Practices

Production Recommendations

  1. Enable comprehensive audit logging
  2. Implement compliance frameworks
  3. Regular security scanning
  4. Document compliance procedures
  5. Review audit logs regularly
  6. Implement automated compliance checks

Next Chapter: Advanced Monitoring & Metrics