AKS Kubernetes audit log all activites performed by user

Christoffer Vig 1 Reputation point

Hi, I tried to set both the kube-audit and the kube-audit-admin log levels but I found that the data logged did not include information on the object that was create/modified, only the user. Information on modified deployments, pods, secrets, configmaps are especially interesting. I queried the AzureDiagnostics table but could not find this information. Is there any way to get the metadata on what actions were performed?

Azure Kubernetes Service (AKS)
Azure Kubernetes Service (AKS)
An Azure service that provides serverless Kubernetes, an integrated continuous integration and continuous delivery experience, and enterprise-grade security and governance.
1,841 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Nadav Ben Haim 496 Reputation points Microsoft Employee

    Hi @Christoffer Vig
    I'm not sure this is possible now.
    You can follow this link -> https://kubernetes.io/docs/tasks/debug/debug-cluster/audit/ to try and execute it yourself,
    without integration with Azure Montior.

    I do know there is a roadmap item to give users more visibility and to better support this in the future.
    If I've helped you please accept this answer so it will help more users.

    1 person found this answer helpful.
    0 comments No comments

  2. risolis 8,701 Reputation points

    Hello @Christoffer Vig

    Thank you for your heads up.

    I would like to provide the next post which seems very similar for what you were describing previously.... So please direct yourself down below:


    I hope you can find this useful to overcome your concern.

    Looking forward to your feedback,


    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    1 person found this answer helpful.
    0 comments No comments