Information
Send logs and metrics to a remote aggregator to mitigate the risk of local tampering in the event of a breach.
Exporting logs and metrics to a dedicated, persistent datastore such as Cloud Operations for GKE ensures availability of audit data following a cluster security event, and provides a central location for analysis of log and metric data collated from multiple sources.
Solution
Using Google Cloud Console:To enable Logging:
- Go to Kubernetes Engine by visiting: https://console.cloud.google.com/kubernetes/list
- Select the cluster for which Logging is disabled.
- Under the details pane, within the Features section, click on the pencil icon named Edit logging
- Check the box next to Enable Logging
- In the drop-down Components box, select the components to be logged.
- Click SAVE CHANGES and wait for the cluster to update.
To enable Cloud Monitoring:
- Go to Kubernetes Engine by visiting: https://console.cloud.google.com/kubernetes/list
- Select the cluster for which Logging is disabled.
- Under the details pane, within the Features section, click on the pencil icon named Edit Cloud Monitoring
- Check the box next to Enable Cloud Monitoring
- In the drop-down Components box, select the components to be logged.
- Click SAVE CHANGES and wait for the cluster to update.
Using Command Line:To enable Logging for an existing cluster, run the following command:
gcloud container clusters update <cluster_name> --zone <compute_zone> --logging=<components_to_be_logged>
See
https://cloud.google.com/sdk/gcloud/reference/container/clusters/update#--logging
for a list of available components for logging.
To enable Cloud Monitoring for an existing cluster, run the following command:
gcloud container clusters update <cluster_name> --zone <compute_zone> --monitoring=<components_to_be_logged>
See
https://cloud.google.com/sdk/gcloud/reference/container/clusters/update#--monitoring
for a list of available components for Cloud Monitoring.