Review kubernetes components generated audit events.

[OlleLarsson]

Problem statement: Kubernetes consists of many components or entities that generates a lot of audit events.

Some of these requests could probably be considered noise and does not really contribute in any meaningful way in an eventual audit log review.

Your task is to go through what audit events are generated by the core Kubernetes entities (kube-controller, kubelet, csi-controller(openstack/upcloud), apiserver, etc.)) and determine what events can be safely ignored. Look at what audit log rules (see audit_policy_custom_rules in the kubespray repo) currently apply and determine if any rules should be changed, added or removed.

It is probably a good idea to note down what events are generated, how frequent they are and what they say. If we do this it will be easier in hindsight to go back and figure out why a certain audit log rule is there and looks the way it does.

Definition of done:

• Generated audit events has been reviewed (and preferably noted down)
• Kubernetes audit log policy file has been updated accordingly