Why Your Kubernetes Audit Logs Are a Compliance Goldmine

Episode notes

In this episode of DevOps Daily, Lucas and Luna dig into Kubernetes audit logs — the overlooked data source that can save your organization from a compliance disaster. They walk through a real case of a fintech startup that caught an insider data exfiltration attempt only because they had enabled audit logging on their clusters. Lucas explains the three tiers of audit policies (Metadata, Request, and RequestResponse) and why most teams never get past the default Metadata level. Luna pushes back on the cost argument, pointing out that storing audit logs is cheap compared to the legal fees of a breach investigation. They also cover how to ship logs to an external SIEM, why you should never rely on Kubernetes etcd as a long-term log store, and a practical rule of thumb: turn on RequestResponse for any namespace handling PII or payment data. If you're running Kubernetes in production and haven't looked at your audit log configuration this quarter, this episode is for you.