Back to all scenarios
Scenario #47
Cluster Management
K8s v1.22, Azure AKS

Control Plane Overload Due to High Audit Log Volume

The control plane became overloaded and slow due to excessive audit log volume.

Find this helpful?
What Happened

A misconfigured audit policy led to high volumes of audit logs being generated, overwhelming the control plane.

Diagnosis Steps
  • 1Monitored control plane metrics and found high CPU usage due to audit logs.
  • 2Reviewed audit policy and found it was logging excessive data.
Root Cause

Overly broad audit log configuration captured too many events.

Fix/Workaround
• Refined audit policy to log only critical events.
• Restarted the API server.
Lessons Learned

Audit logging needs to be fine-tuned to prevent overload.

How to Avoid
  • 1Regularly review and refine audit logging policies.
  • 2Set alerts for high audit log volumes.
Previous ScenarioNext Scenario