This Terraform example deploys a Cloud Function with a Trigger and scraps the Kubernetes cluster audit logs from Cloud Logging group and stores the logs in the Object Storage bucket.
Cloud Logging group can be created with Yandex Data Streams support, so your audit logs can be forwarded to Yandex Data Stream in parallel. See Creating a log group using CLI instruction for more information.
Prerequisites:
- ✅ Cluster of Managed K8s
- ✅ Cloud Logging logging group
- ✅ Terraform
- If you apply this module from Russian Federation – create the
~/.terraformrcfile and specify Yandex Cloud network mirror:
cat ~/.terraformrc
provider_installation {
network_mirror {
url = "https://terraform-network-mirror.storage.yandexcloud.net/"
}
}
- Fill out the fields in the
provider.tffile: specify the token for authentication, or use service account key file. - Create a
private.auto.tfvarsfile and fill the required variables. (see example ofprivate.auto.tfvarsfile below) - Run:
terraform init
terraform apply
Example of private.auto.tfvars file:
cloud_id = "b1g3xxxxxxxxxxxxxxxx"
folder_id = "b1g7xxxxxxxxxxxxxxxx"
cluster_id = "catsxxxxxxxxxxxxxxxx"
logging_group_id = "e23oxxxxxxxxxxxxxxxx"
storage_bucket_name = "audit-log-bucket-xxxxxx"