Hi
During training for CKS I stumpled upon a catch-all rule which just doesn’t fit in my brain. This was in a training simulator which gave me a minus for leaving out the rule.
apiVersion: audit.k8s.io/v1 # This is required.
kind: Policy
# Don't generate audit events for all requests in RequestReceived stage.
omitStages:
- "RequestReceived"
rules:
# Log pod changes at RequestResponse level
- level: RequestResponse
resources:
- group: ""
# Resource "pods" doesn't match requests to any subresource of pods,
# which is consistent with the RBAC policy.
resources: ["pods"]
...
....
...
# A catch-all rule to prevent logging anything else
- level: None
I mean, what’s the point of having this rule, since the default is already “None”.