AKS cluster does not have platform diagnostic logging enabled Affecting Container service in Azure

Snyk CCSS

Logging / Best Practices

Is your enviroment affected by this misconfiguration?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Frameworks

CIS-Controls

Snyk ID SNYK-CC-00520
credit Snyk Research Team

Report a new misconfiguration Found a mistake?

Description

Missing insights into workload states of the AKS cluster makes it difficult to detect and remedy performance issues.

How to fix?

Set items of properties.logs with category as cluster-autoscaler, kube-apiserver, kube-scheduler, and kube-controller-manager where properties.logs[ITEM].enabled to true.

ARM

managedclusters

Terraform

References

concepts-diagnostics
resource-manager-diagnostic-settings?tabs=json
DataConnectorsAzureKubernetes_Deploy.json
managedclusters?tabs=json

AKS cluster does not have platform diagnostic logging enabled Affecting Container service in Azure

Severity

Description

How to fix?

ARM

Terraform

References