2 unstable releases
new 0.2.0 | Oct 18, 2024 |
---|---|
0.1.0 | Jul 8, 2024 |
#14 in #audit
200KB
432 lines
Kubernetes Audit Log Explorer (KALE)
Assuming you've got some audit logs:
$ cat data
{"kind":"Event","apiVersion":"audit.k8s.io/v1","level":"Metadata","auditID":"ec95c2ca-00d4-40b9-93b4-78a6eb1242c7","stage":"ResponseComplete","requestURI":"..."
{"kind":"Event","apiVersion":"audit.k8s.io/v1","level":"Metadata","auditID":"2f8eb783-8d8b-4540-92db-899f5f0f126a","stage":"ResponseComplete","requestURI":"..."
{"kind":"Event","apiVersion":"audit.k8s.io/v1","level":"Metadata","auditID":"cddf4c0e-9eda-4e17-b9bf-a0af05132186","stage":"ResponseComplete","requestURI":"..."
kale
will accept them via stdin:
$ kale < data
or you can tail them in on the fly using a tool like awslogs:
$ awslogs get /aws/eks/YOUR-CLUSTER-LOG-GROUP 'kube-apiserver-audit.*' -G -S -s1h | kale
Keybinds
Key | Effect |
---|---|
ESC or Q |
Quit |
Up and Down |
Scroll the list of logs |
PageUp and PageDown |
Scroll the Request/Response window |
Screenshots
Dependencies
~10–18MB
~225K SLoC