系統 - K3s - Enable Audit Event


參考資訊:
https://docs.k3s.io/security/hardening-guide
https://www.airplane.dev/blog/kubernetes-audit-logs
https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/

NXP S32G3:

# mkdir -p -m 700 /var/lib/rancher/k3s/server/logs
# vim /var/lib/rancher/k3s/server/audit.yaml
    apiVersion: audit.k8s.io/v1
    kind: Policy
    rules:
    - level: Metadata

# /etc/init.d/k3s-server
    #!/usr/bin/env bash
    ### BEGIN INIT INFO
    # Provides:          k3s-server
    # Required-Start:    networking
    # Required-Stop:
    # Default-Start:     S
    # Default-Stop:      0 6
    # Short-Description: Start the k3s server
    # Description:       Wrapper for starting / stopping the k3s server.
    #                    Runs when domU boots / shuts down on systems using SysV.
    ### END INIT INFO
    # SPDX-License-Identifier: BSD-3-Clause
    #
    # Copyright 2022 NXP

    # Source function library.
    . /etc/init.d/functions

    K3S_SERVER_CONFIG="/etc/default/k3s-server"
    K3S_CONF_FILE="/etc/rancher/k3s/config-server.yaml"
    BINDIR_PATH="/usr/bin/"
    LOG_FILE="/var/log/k3s-server.log"
    K3S_DATA_PATH="/var/lib/rancher/k3s/data"

    # shellcheck disable=SC1090
    [ -f "${K3S_SERVER_CONFIG}" ] && . "${K3S_SERVER_CONFIG}"

    start_server() {
        CMD_ARGS=()
        if [ -f "${K3S_CONF_FILE}" ]; then
            CMD_ARGS+=("--config=${K3S_CONF_FILE}")
        fi

        ${BINDIR_PATH}/k3s server '--kube-apiserver-arg=audit-log-path=/var/lib/rancher/k3s/server/logs/audit.log' '--kube-apiserver-arg=audit-policy-file=/var/lib/rancher/k3s/server/audit.yaml' "${CMD_ARGS[@]}" > "${LOG_FILE}" 2>&1 &
    }

    stop_server() {
        kill -9 $(ps aux | grep '[k]3s server' | awk '{print $2}') 2> /dev/null || true
        ${BINDIR_PATH}/k3s-killall.sh > /dev/null 2>&1
    }
    case "$1" in
    start)
        echo "Starting the k3s server"
        start_server
        ;;
    stop)
        echo "Stopping the k3s server"
        stop_server
        ;;
    restart)
        echo "Restarting the k3s server"
        stop_server
        start_server
        ;;
    status)
        status "k3s-server"
        exit $?
        ;;
    *)
        echo "Usage: /etc/init.d/k3s-server {start|stop|restart|status}"
        exit 1
        ;;
    esac

    exit 0

P.S. 主要更動是附加如下兩個參數

--kube-apiserver-arg='audit-log-path=/var/lib/rancher/k3s/server/logs/audit.log'
--kube-apiserver-arg='audit-policy-file=/var/lib/rancher/k3s/server/audit.yaml'