Overview
In some cases, it might be necessary to see which requests are being made through your cluster's kube-apiserver.
If you have enabled the fluent-bit platform application, then the audit logs will be available in the Grafana Logging Dashboard.
However, if you have not installed that component, you can still access the audit logs on the running cluster.
The audit logs are stored in a different location than the stdout pod logs of the kube-apiserver, so this article will show you how to find the location of them.
Solution
The audit logs for the API server are stored in the directory /var/log/audit/kube-apiserver-audit.log on the apiserver nodes. To find the nodes where the kube-apiserver is running, you can use the following command:
kubectl get pods -n kube-system -o wide
The output should resemble the following (other pods removed from this example):
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES kube-apiserver-ip-10-0-160-205.us-west-2.compute.internal 1/1 Running 0 83m 10.0.160.205 ip-10-0-160-205.us-west-2.compute.internal <none> <none>
Once you determine the correct nodes, you can ssh into the host machine and retrieve them from /var/log/kubernetes/audit.