Why Kubernetes Audit Logging Stays Blind in Production

Episode notes

Lucas and Luna dive into a persistent blind spot in Kubernetes security: audit logging that sounds comprehensive but routinely misses critical events. They walk through a real incident at a mid-size fintech where a malicious pod went undetected for 11 days because the cluster had default audit-log settings — no metadata level set, no dynamic webhook hooked up, and logs streaming to a stdout sidecar that nobody watched. The episode explains the three metadata levels (Metadata, Request, RequestResponse), why most teams stop at Metadata, and how that misses request bodies containing stolen tokens. They also discuss the new Kubernetes 1.31 dynamic audit policy feature and why it's not yet a silver bullet. If you rely on default audit logging for compliance, this is the episode that shows why your auditor probably wouldn't catch a real attack. #Kubernetes #AuditLogging #CloudSecurity #DevOps #K8sSecurity #IncidentResponse #Fintech #Compliance #DynamicAudit #PodSecurity #ContainerSecurity #SRE #Monitoring #Technology #FexingoBusiness #BusinessPodcast #DevOpsDaily #KubernetesAudit Keep every episode free: buymeacoffee.com/fexingo