Lack of Visibility into API Activity
Without proper audit logging, critical actions performed via the Kubernetes API remain untracked. This makes it difficult to monitor, detect, or trace malicious activity, unauthorized changes, or abnormal behavior in the cluster.
Missing logs prevent root cause analysis during incidents and hinder compliance with regulatory requirements for data access and modifications.
Attackers or malicious insiders can exploit the lack of monitoring to perform unauthorized actions, potentially compromising the entire cluster without detection.
Insufficient Log Retention and Management
Failing to define clear log retention policies results in either excessive log storage, which may become costly and difficult to manage, or premature deletion of important audit logs.
Critical evidence may be lost before it can be reviewed or archived, affecting compliance and post-incident investigation.
Incomplete audit trails make it challenging to detect and respond to security incidents in a timely manner.
