Kubernetes Auditing
The JSA DSM for Kubernetes collects auditing events from a Kubernetes master node Kube-apiserver.
To integrate Kubernetes with JSA, complete the following steps:
If automatic updates are not enabled, download and install the most recent version of RPM from the https://support.juniper.net/support/downloads onto your JSA console.
DSM Common RPM
Kubernetes Auditing DSM RPM
Configure your Kubernetes master node Kube-apiserver to send events to JSA.
Create a copy of the audit policy file.
Configure rsyslog on your Kubernetes master hosted Linux system.
If JSA does not automatically detect the log source, add a Kubernetes Auditing log source on the JSA Console.
Note:The Kubernetes auditing event payload can be over 32,000 bytes. The default JSA syslog payload length is 4,096 bytes. You can increase the JSA syslog payload size to 32,000 bytes.