Monitor Kubernetes ConfigMaps & Secrets in GCP

Md. Minhazul HaqueMd. Minhazul Haque
1 min read

It is quite common to lose the integrity of configmaps/secrets for the following reasons:

  • You have a large team with more than 5 people

  • You do not use any Config/Secret Management Tool

  • Lack of team collaboration

Anyway, that's not the point. All you need is to run the following query in the Logging service to find out which users made changes to which configmap or secret.

protoPayload.@type = "type.googleapis.com/google.cloud.audit.AuditLog" AND protoPayload.serviceName = "k8s.io"
resource.type="k8s_cluster"
protoPayload.authenticationInfo.principalEmail !~ "system" AND protoPayload.authenticationInfo.principalEmail !~ "gserviceaccount"
protoPayload.methodName="io.k8s.core.v1.configmaps.update" OR protoPayload.methodName="io.k8s.core.v1.secrets.update"
0
Subscribe to my newsletter

Read articles from Md. Minhazul Haque directly inside your inbox. Subscribe to the newsletter, and don't miss out.

GCPKubernetesconfigmapsecrets

Written by

Md. Minhazul Haque
Md. Minhazul Haque

DevOps Engineer | Kubernetes | Python | Terraform | AWS | GCP