By default, kubler collects only request metadata.

To collect request body and response body, need to use other predefined audit policies.

There are three options:

  • audit-policy.yaml - log request metadata (requesting user, timestamp, resource, verb, etc.) but not request or response body
  • audit-policy-requests.yaml - log event metadata and request body but not response body. This does not apply for non-resource requests
  • audit-policy-full.yaml - log event metadata, request and response bodies. This does not apply for non-resource requests


There is cluster custom specification example to apply last option (request and response bodies):

spec:
  kublrAgentConfig:
    kublr:
      kube_api_server_flag:
        audit_policy_file: '--audit-policy-file=/etc/kubernetes/audit-policy-full.yaml'