In case you’re wondering the volume of logs you get from a 2 node kubernetes cluster with only 1 control plane node and 1 worker node running…. Back of the napkin math is ~500 requests/minute.

If you’re logging the at the minimum level (metadata) for the request and response (Technically the RequestReceived and ResponseComplete), this is roughly the volume of logs you’re getting per request. Note, sometimes you don’t need both.

A single request/response at the metadata level

This minimal logging equates to about 1.3KB of data per RequestRecieved/ResponseComplete pair

Some data for an empty minikube cluster with one control plane node and one worker node:

kubectl get nodes ; kubectl get all
  • 1.3KB of data x 500 Requests per Minute = ~650KB of logs per minute
  • 650KB of logs per minute X 60 minutes = ~39MB of logs per hour
  • 39MB of logs per hour x 24 hours = ~0.936GB of logs per day

So rounding up, you can expect ~1GB of logs per 24 hours in an EMPTY cluster without any tuning of logging. using a SUPER basic log everything approach.

sample audit policy

Audit policy in use

apiVersion: audit.k8s.io/v1
kind: Policy
rules:
  # Log all requests at metadata level
  - level: Metadata