A Kubernetes audit log forwarder that receives audit events from Kubernetes API servers via webhook, enriches them with metadata annotations, and forwards them to configured outputs. This project is part of the Gardener ecosystem for managing Kubernetes clusters.
The auditlog-forwarder acts as a webhook endpoint that:
- Receives Kubernetes audit events from API servers
- Processes events through configurable processors (annotation injection, filtering, etc.)
- Forwards enriched events to multiple outputs (HTTP endpoints, OTLP, etc.)
- Webhook Integration: Seamless integration with Kubernetes audit webhook functionality
- Annotation Injection: Enrich audit events with custom metadata for better observability
- Multiple Backends: Forward to multiple destinations simultaneously (work in progress)
- TLS Security: Mutual TLS support for secure communication
- Configurable Processing: Pluggable processor architecture for extensible event handling
┌─────────────────┐ HTTP POST ┌──────────────────────┐ Forward ┌─────────────────┐
│ Kubernetes API │────────────────────▶│ auditlog-forwarder │─────────────────▶│ Backend 1 │
│ Server │ /audit endpoint │ │ │ (HTTPS) │
└─────────────────┘ │ - Receive events │ └─────────────────┘
│ - Process & enrich │
│ - Forward to all │ Forward ┌─────────────────┐
│ outputs │─────────────────▶│ Backend N │
│ │ │ (HTTPS) │
└──────────────────────┘ └─────────────────┘
For developers looking to get started quickly, please refer to the Getting Started Locally guide. This guide provides step-by-step instructions for setting up and running the project locally with a complete KinD-based development environment.
# Run all tests
make test
# Verify code conventions
make check# Generate deepcopy and default functions
make generatePlease see CONTRIBUTING.md for guidelines on how to contribute to this project.