k3s API server audit logging is not configured. There is no `--audit-log-path` or `--audit-policy-file` flag in the k3s server configuration.
Without audit logs, there is no record of who did what to the cluster — making incident investigation and compliance difficult.
Suggested approach:
- Create an audit policy file (start with `metadata` level for most resources, `request` level for secrets and RBAC)
- Add `--kube-apiserver-arg audit-log-path=...` and `--kube-apiserver-arg audit-policy-file=...` to k3s config
- Optionally feed audit logs into the existing OTel pipeline for centralized storage in Betterstack
k3s API server audit logging is not configured. There is no `--audit-log-path` or `--audit-policy-file` flag in the k3s server configuration.
Without audit logs, there is no record of who did what to the cluster — making incident investigation and compliance difficult.
Suggested approach: