EKS provides out-of-the-box audit dashboards and can automatically configure dashboards of audit overview, K8s object operation overview, and aggregated search for the clusters with cluster auditing enabled. With user-defined filters and built-in CLS global search, EKS makes it convenient for you to observe and search for cluster operations, so as to promptly find and locate problems.
Four dashboards are configured in Auditing Search, namely Audit Overview, K8s Object Operation Overview, Aggregated Search, and Global Search. Follow the steps below to enter the Auditing Search page to use the features:
If you want to observe the operations of the API server in the entire cluster, you can set filters on the Audit Overview page to view the aggregated statistics of the core audit logs and display the data comparison within a period, for example, core audit log statistics, distribution, important operation trends.
You can customize up to ten filters as needed .
You can modify the custom fields of the filters .
You can view more statistics on this page as shown below:
When you need to troubleshoot issues with K8s objects (such as a certain workload), you can switch to the K8s Object Operation Overview tab, where you can set filters to view the operation overview, operators, and audit log lists of various types of K8s objects .
If you want to observe the distribution trend of audit logs in a certain dimension, you can set filters on the Aggregated Search tab to view the sequence diagrams of important operations, including user, namespace, operation type, status code, resource type, and audit log list.
The global search dashboard with built-in CLS search and analysis makes it convenient for you to quickly search all audit logs in the TKE console .
You can configure alarms based on the preset dashboards as instructed below, so that alarms will be triggered when the configured conditions are reached: