IBM Cloud Activity Tracker events
You can view, manage, and audit user-initiated activities in your IBM Cloud® Kubernetes Service community Kubernetes or Red Hat OpenShift cluster by using the IBM Cloud® Activity Tracker service.
IBM Cloud Kubernetes Service automatically generates cluster management events and forwards these event logs to IBM Cloud Activity Tracker. To access these logs, you must provision an instance of IBM Cloud Activity Tracker.
Cluster events
The following list of cluster events are sent to IBM Cloud Activity Tracker.
| Action | Description |
|---|---|
containers-kubernetes.cluster.config |
The Kubernetes configuration file (kubeconfig) for a cluster is requested. Depending on the request, the kubeconfig might contain administrator or network certificates and secrets to access the cluster. |
containers-kubernetes.cluster.create |
The creation of a cluster is requested. This event is sent for any type of cluster, such as clusters that are created in different infrastructure providers. |
containers-kubernetes.cluster.list |
Clusters are listed. The list might be filtered by details such as the infrastructure provider. |
containers-kubernetes.cluster.delete |
A cluster is deleted. |
containers-kubernetes.cluster.get |
Details for a cluster are returned. |
containers-kubernetes.cluster-apikey-owner.get |
The API key owner for the region and resource group that the cluster is in is returned. |
containers-kubernetes.cluster-audit-webhook.delete |
A cluster audit webhook for forwarding master API server audit logs is removed. |
containers-kubernetes.cluster-audit-webhook.get |
Audit webhooks for a cluster are listed. |
containers-kubernetes.cluster-audit-webhook.update |
A cluster audit webhook for forwarding master API server audit logs is updated. |
containers-kubernetes.cluster-ca-certificate.create |
A certificate authority (CA) for a cluster is created. |
containers-kubernetes.cluster-ca-certificate.get |
A certificate authority (CA) for a cluster is retrieved. |
containers-kubernetes.cluster-ca-certificate.rotate |
The certificate authority (CA) for a cluster is rotated. |
containers-kubernetes.image-security.enable |
Image security is enabled. |
containers-kubernetes.image-security.disable |
Image security is disabled. |
containers-kubernetes.cluster-key-state.update |
The root key in the key management service (KMS) provider that the cluster uses is updated, such as a root key being enabled, disabled, or rotated in a key management service (KMS) provider. |
containers-kubernetes.cluster-kms.enable |
A key management service (KMS) provider is enabled for a cluster. |
containers-kubernetes.cluster-master.changed |
A cluster master operation is completed. |
containers-kubernetes.cluster-master.refresh |
A cluster master refresh is requested. |
containers-kubernetes.cluster-master.update |
A cluster master update is requested. |
containers-kubernetes.cluster-private-service-endpoint.disable |
The private cloud service endpoint for a cluster is disabled. |
containers-kubernetes.cluster-private-service-endpoint.enable |
The private cloud service endpoint for a cluster is enabled. |
containers-kubernetes.cluster-public-service-endpoint.disable |
The public cloud service endpoint for a cluster is disabled. |
containers-kubernetes.cluster-public-service-endpoint.enable |
The public cloud service endpoint for a cluster is enabled. |
containers-kubernetes.cluster-pull-secret.enable |
An image pull secret to IBM Cloud Container Registry is created in the default namespace of the cluster. |
containers-kubernetes.cluster-rbac.apply |
IBM Cloud IAM service access roles are synchronized with Kubernetes RBAC roles in the cluster. This event commonly happens while retrieving the Kubernetes configuration file (kubeconfig) for a cluster (the containers-kubernetes.cluster.config event). |
containers-kubernetes.cluster-rbac.update |
The IBM Cloud IAM service access roles are synchronized with Kubernetes RBAC roles in the cluster. This event commonly happens after you update the service access role for a user in IAM. |
containers-kubernetes.cluster-rbac.status |
The status of the RBAC roles in the cluster is retrieved. |
containers-kubernetes.cluster-service.bind |
An IBM Cloud service is bound to the cluster. |
containers-kubernetes.cluster-service.list |
The IBM Cloud services that are bound to a cluster are listed. The list might be filtered by the cluster namespace. |
containers-kubernetes.cluster-service.unbind |
An IBM Cloud service is removed from the cluster. |
containers-kubernetes.cluster-ssl-certificate.update |
An update for a named SSL certificate is initiated. |
containers-kubernetes.cluster-subnet.add |
A public or private portable subnet is added to a cluster. |
containers-kubernetes.cluster-subnet.create |
A public or private subnet is created for the cluster. |
containers-kubernetes.cluster-subnet.detach |
A public or private portable subnet is detached from a cluster. |
containers-kubernetes.cluster-subnet.list |
The classic or VPC subnets for a cluster are listed. |
containers-kubernetes.cluster-user-subnet.add |
A user-managed subnet is added to the cluster. Note: User-added subnets are deprecated. |
containers-kubernetes.cluster.user-subnet.detach |
A user-managed subnet is detached from the cluster. Note: User-added subnets are deprecated. |
containers-kubernetes.cluster-user-subnet.list |
User-added subnets for a cluster are listed. Note: User-added subnets are deprecated. |
containers-kubernetes.cluster-webhook.create |
A cluster webhook, such as for Slack, is created. |
containers-kubernetes.cluster-webhook.list |
Webhooks for a cluster are listed. |
containers-kubernetes.version.update |
A master patch update is initiated for the cluster. Master patch updates are typically applied automatically by IBM to your cluster. |
Cluster account events
The following list of account events that are related to managing your clusters are sent to IBM Cloud Activity Tracker.
| Action | Description |
|---|---|
containers-kubernetes.account-api-key.reset |
The API key that is used for all clusters in the region and resource group is set to the requesting user's API key credentials. |
containers-kubernetes.account-customer-root-key.list |
Root keys from key management service instances for the IBM Cloud account are listed. |
containers-kubernetes.account-datacenter-vlan.list |
VLANs in an IBM Cloud account for a particular data center are listed. |
containers-kubernetes.account-infra-credential.delete |
Classic infrastructure credentials for managing clusters in the region and resource group are deleted. |
containers-kubernetes.account-infra-credential.get |
Details on the classic infrastructure credentials that are set for managing clusters in the region and resource group are returned. |
containers-kubernetes.account-infra-credential.set |
Classic infrastructure credentials for managing clusters in the region and resource group are set. |
containers-kubernetes.account-infra-permission.get |
Details on the compute, networking, and storage classic infrastructure permissions that are set for managing clusters in the region and resource group are returned. |
containers-kubernetes.account-key-management-service-instance.list |
Key management service instances in the IBM Cloud account are listed. |
containers-kubernetes.account-quota.get |
The quota for resources such as clusters or worker nodes for the IBM Cloud account is returned. |
containers-kubernetes.account-reservation-contract.add |
A contract for a specific term and number of worker nodes is added to a reservation. |
containers-kubernetes.account-reservation-contract.list |
Contracts for a reservation are listed. |
containers-kubernetes.account-subnet.list |
Subnets in the IBM Cloud classic infrastructure account are listed. |
containers-kubernetes.account-subnet-vlan-spanning.get |
Details on whether the IBM Cloud account has VLAN spanning enabled are returned. |
containers-kubernetes.account-user-config.get |
Details on whether a user can create in a certain region and resource group are returned. |
containers-kubernetes.account-vpc.get |
Details for a virtual private cloud (VPC) instance are returned. |
containers-kubernetes.account-vpc.list |
Virtual private cloud (VPC) instances in the IBM Cloud account are listed. |
containers-kubernetes.account-worker-reservation.create |
A reservation for worker nodes is created. |
containers-kubernetes.account-worker-reservation.get |
Details of a reservation are returned. |
containers-kubernetes.account-worker-reservation.list |
Reservations are listed. |
Cluster add-on events
The following list of the cluster add-on events are sent to IBM Cloud Activity Tracker.
| Action | Description |
|---|---|
containers-kubernetes.cluster-addon.disable |
A cluster add-on is disabled. |
containers-kubernetes.cluster-addon.enable |
A cluster add-on is enabled. |
containers-kubernetes.cluster-addon.list |
Cluster add-ons are listed. |
containers-kubernetes.cluster-addon.update |
A cluster add-on is updated. |
containers-kubernetes.cluster-addon-dashboard.start |
The Kubernetes dashboard proxy is started. |
containers-kubernetes.cluster-addon-debugtool-dashboard.start |
The diagnostics and debug tool add-on dashboard is started. |
containers-kubernetes.cluster-addon-terminal.start |
Deprecated: Starts the Kubernetes web terminal proxy. |
Fluentd logging events
The following list of Fluentd logging events for a cluster are sent to IBM Cloud Activity Tracker.
| Action | Description |
|---|---|
containers-kubernetes.cluster-logging-autoupdate.changed |
The logging update policy for the cluster is updated. |
containers-kubernetes.cluster-logging-autoupdate.get |
The details of the logging update policy for the cluster are returned. |
containers-kubernetes.cluster-logging-config.create |
A logging configuration for the cluster is created. |
containers-kubernetes.cluster-logging-config.delete |
A logging configuration is deleted from the cluster. |
containers-kubernetes.cluster-logging-config.get |
The details of a logging configuration for the cluster are returned. |
containers-kubernetes.cluster-logging-config.refresh |
The logging configuration for the cluster is refreshed. |
containers-kubernetes.cluster-logging-config.update |
A logging configuration for the cluster is updated. |
containers-kubernetes.cluster-logging-filter.create |
A logging filter configuration for the cluster is created. |
containers-kubernetes.cluster-logging-filter.delete |
A logging filter configuration is deleted from the cluster. |
containers-kubernetes.cluster-logging-filter.get |
The details of a logging filter configuration are returned. |
Ingress ALB events
The following list of Ingress application load balancer (ALB) events are sent to IBM Cloud Activity Tracker.
| Action | Description |
|---|---|
containers-kubernetes.cluster-ingress-instance.create |
An Ingress instance is created. |
containers-kubernetes.cluster-ingress-instance.delete |
An Ingress instance is delete. |
containers-kubernetes.cluster-ingress-instance.update |
An Ingress instance is update. |
containers-kubernetes.cluster-ingress-instance.list |
Ingress instances are lists. |
containers-kubernetes.cluster-ingress-instance.get |
An Ingress instance is retrieved. |
containers-kubernetes.cluster-ingress-status-state.set |
The state of the Ingress status is set. |
containers-kubernetes.cluster-ignored-ingress-status-errors.add |
An Ingress status error is added to the ignore list. |
containers-kubernetes.cluster-ignored-ingress-status-errors.remove |
An Ingress status error is removed from the ignore list. |
containers-kubernetes.cluster-alb.create |
A public or private ALB is created in the cluster. |
containers-kubernetes.cluster-alb.delete |
An ALB is disabled. |
containers-kubernetes.cluster-alb.enable |
An existing ALB is enabled in a cluster. |
containers-kubernetes.cluster-alb.get |
Details of an ALB are viewed. |
containers-kubernetes.cluster-alb-healthcheck.get |
Details of an ALB healthcheck are viewed. |
containers-kubernetes.cluster-alb-healthcheck.set |
Details of an ALB healthcheck are viewed. |
containers-kubernetes.cluster-alb.list |
ALBs in a cluster are listed. |
containers-kubernetes.cluster-alb.update |
ALB pods are updated. |
containers-kubernetes.cluster-alb-policy.get |
The status of automatic updates for Ingress ALBs is viewed. |
containers-kubernetes.cluster-alb-migration.start |
A migration of IBM Cloud Ingress ConfigMap and Ingress resources to the Kubernetes Ingress format is started. |
containers-kubernetes.cluster-alb-migration-status.get |
The status of the migration process is viewed. |
containers-kubernetes.cluster-ingress-status.get |
The status of migrated Ingress resources in a cluster is viewed. |
containers-kubernetes.cluster-alb-migration.cleanup |
Ingress resources and configmaps that are no longer needed after an Ingress migration are deleted. |
containers-kubernetes.cluster-alb-policy.update |
Automatic updates for the ALBs are enabled or disabled, or all ALB pods in a cluster are rolled back to their previously running build. |
containers-kubernetes.alb-image.list |
Supported Ingress controller images are listed. |
Ingress secret events
The following list of Ingress secret events are sent to IBM Cloud Activity Tracker.
| Action | Description |
|---|---|
containers-kubernetes.cluster-ingress-secret.get |
Details for an Ingress secret are viewed. |
containers-kubernetes.cluster-ingress-secret.list |
Ingress secrets for a cluster are listed. |
containers-kubernetes.cluster-ingress-secret.create |
An Ingress secret for a certificate is created. |
containers-kubernetes.cluster-ingress-secret.delete |
An Ingress secret is deleted from the cluster. |
containers-kubernetes.cluster-ingress-secret.update |
The certificate for an Ingress secret is updated. |
containers-kubernetes.cluster-ingress-secret-field.add |
A field in an Ingress secret is added. |
containers-kubernetes.cluster-ingress-secret-field.remove |
A field in an Ingress secret is removed. |
Observability events for logging and monitoring
The following list of the logging and monitoring configuration events are sent to IBM Cloud Activity Tracker by the IBM Cloud Kubernetes Service observability plug-in.
| Action | Description |
|---|---|
containers-kubernetes.observe-logging.create |
A Log Analysis configuration is created for the cluster. |
containers-kubernetes.observe-logging.get |
The details of a Log Analysis configuration are returned. |
containers-kubernetes.observe-logging.list |
Log Analysis configurations for a cluster are listed. |
containers-kubernetes.observe-logging.modify |
A Log Analysis configuration is updated. |
containers-kubernetes.observe-logging.remove |
A Log Analysis configuration is removed from the cluster. |
containers-kubernetes.observe-monitoring.create |
A Monitoring configuration is created for the cluster. |
containers-kubernetes.observe-monitoring.get |
The details of a Monitoring configuration are returned. |
containers-kubernetes.observe-monitoring.list |
Monitoring configurations for a cluster are listed. |
containers-kubernetes.observe-monitoring.modify |
A Monitoring configuration is updated. |
containers-kubernetes.observe-monitoring.remove |
A Monitoring configuration is removed from the cluster. |
NLB DNS events
The following list of network load balancer (NLB) DNS events are sent to IBM Cloud Activity Tracker.
| Action | Description |
|---|---|
containers-kubernetes.cluster-nlb-dns.list |
Registered NLB subdomains and NLB IP addresses are listed. |
containers-kubernetes.cluster-nlb-dns-monitor.get |
The health check monitor settings for an NLB subdomain are viewed. |
containers-kubernetes.cluster-nlb-dns-monitor.list |
The health check monitor settings for all NLB subdomains are listed. |
containers-kubernetes.cluster-nlb-dns-monitor-status.list |
The health check status for the IP addresses behind NLB subdomains in a cluster are listed. |
containers-kubernetes.cluster-nlb-dns-monitor.create |
A health check monitor for an NLB subdomain is configured. |
containers-kubernetes.cluster-ingress-secret.delete |
A secret is removed from an NLB subdomain. |
containers-kubernetes.cluster-ingress-secret.update |
Certificates for a secret are regenerated. |
containers-kubernetes.cluster-nlb-dns.create |
An NLB subdomain is created and associated with one or more NLB IP addresses (classic) or a hostname (VPC). |
containers-kubernetes.cluster-lb-hostname.delete |
The VPC load balancer hostname is removed from the DNS record for an existing NLB subdomain. |
containers-kubernetes.cluster-lb-hostname.update |
The DNS record for an NLB subdomain in a VPC cluster is updated by replacing the load balancer hostname. |
containers-kubernetes.cluster-nlb-dns.update |
A DNS record in a classic cluster is updated by adding an NLB IP address. |
containers-kubernetes.cluster-nlb-dns-monitor.update |
The health check monitor for an NLB subdomain is enabled or disabled. |
Private service endpoint allowlist events
Private service endpoint allowlists are deprecated and support ends on 10 February 2025. Migrate from allowlists to context based restrictions as soon as possible. For more information, see Migrating from a private service endpoint allowlist to context based restrictions (CBR).
The following table lists the actions related to access control lists (ACLs) and the generation of events for clusters that use a private cloud service endpoint allowlist.
| Action | Description |
|---|---|
containers-kubernetes.network.acl.delete |
The private cloud service endpoint allowlist feature for a cluster is disabled. |
containers-kubernetes.network.acl.get |
The subnet allowlist for the private cloud service endpoint of a cluster is requested. |
containers-kubernetes.network.acl.update |
The private cloud service endpoint allowlist feature for a cluster is enabled, subnets are added to the allowlist, or subnets are removed from the allowlist. |
Satellite events
See the IBM Cloud Satellite documentation.
Storage events
The following table lists the actions related to storage resources and the generation of events.
| Action | Description |
|---|---|
containers-kubernetes.storage-volume.delete |
A volume is deleted. |
containers-kubernetes.storage-volume.list |
Volumes in the IBM Cloud account or as filtered by provider are retrieved. |
containers-kubernetes.storage-volume.read |
A volume is retrieved |
containers-kubernetes.storage-volume.update |
A volume is updated. |
containers-kubernetes.storage-attachment.create |
A volume attachment is created. |
containers-kubernetes.storage-attachment.delete |
A volume attachment is deleted. |
containers-kubernetes.storage-attachment.list |
Volume attachments are retrieved. |
containers-kubernetes.storage-attachment.read |
A volume attachment is retrieved. |
Worker node and worker pool events
The following list of worker node and worker pool events are sent to IBM Cloud Activity Tracker.
| Action | Description |
|---|---|
containers-kubernetes.cluster-worker.add |
A worker node is added to the cluster. Note: Adding stand-alone worker nodes is deprecated. |
containers-kubernetes.cluster-worker.list |
The worker nodes for a cluster are listed. |
containers-kubernetes.cluster-worker-pool.create |
A worker pool is created in the cluster. |
containers-kubernetes.cluster-worker-pool.delete |
A worker pool is deleted from a cluster. |
containers-kubernetes.cluster-worker-pool.get |
The details of a worker pool in the cluster are returned. |
containers-kubernetes.cluster-worker-pool.list |
The worker pools for a cluster are listed. |
containers-kubernetes.cluster-worker-pool.rebalance |
A worker pool is rebalanced. |
containers-kubernetes.cluster-worker-pool.resize |
A worker pool is resized, to add or decrease the number of worker nodes in the pool. |
containers-kubernetes.cluster-worker-pool-autoscale.disable |
Autoscaling the worker pool is disabled. |
containers-kubernetes.cluster-worker-pool-autoscale.enable |
Autoscaling the worker pool is enabled. |
containers-kubernetes.cluster-worker-pool-label.set |
Kubernetes labels for a worker pool are set. Existing and future worker nodes in the worker pool inherit the label. |
containers-kubernetes.cluster-worker-pool-taint.set |
Kubernetes taints for a worker pool are set. Existing and future worker nodes in the worker pool inherit the taint. |
containers-kubernetes.cluster-worker-pool-zone.create |
A zone is added to a worker pool. |
containers-kubernetes.cluster-worker-pool-zone.delete |
A zone is deleted from a worker pool. |
containers-kubernetes.cluster-worker-pool-zone.get |
The details of a zone that a worker pool spans in the cluster are returned as part of cluster autoscaler operations. |
containers-kubernetes.cluster-worker-pool-zone.list |
The worker pools for a cluster in a particular zone are listed as part of cluster autoscaler operations. |
containers-kubernetes.cluster-worker-pool-zone.resize |
A worker node is added to or removed from a zone that the worker pool spans. |
containers-kubernetes.cluster-worker-pool-zone-network.add |
The networking data, such as public and private VLAN data, is added for a zone that the worker pool spans. |
containers-kubernetes.cluster-worker-pool-zone-worker.list |
The worker nodes within a zone that a the worker pool spans are listed as part of cluster autoscaler operations. |
containers-kubernetes.worker.delete |
A worker node is deleted from the cluster. |
containers-kubernetes.worker.get |
The details of a worker node in the cluster are returned. |
containers-kubernetes.worker.reboot |
A worker node is rebooted. |
containers-kubernetes.worker.reload |
A worker node is reloaded. |
containers-kubernetes.worker.replace |
A worker node is removed and another worker node of the same flavor is created in the cluster. |
containers-kubernetes.worker.update |
A worker node version is updated. |
Viewing your cluster events
To view events that are sent to IBM Cloud Activity Tracker, you select the Activity Tracker instance that matches with the location of your IBM Cloud Kubernetes Service cluster.
The following table shows the Activity Tracker location where your events are sent to. To view your events, make sure that you have an Activity Tracker instance in the location that matches your cluster location. Note that clusters in the Montreal, Toronto, and Washington, D.C. locations forward all events to the Dallas Activity Tracker location.
| IBM Cloud Kubernetes Service classic location | Activity Tracker event location |
|---|---|
| Dallas (dal10, dal12, dal13) | Dallas |
| Montreal (mon01) | Washington, D.C. |
| San Jose (sjc03, sjc04) | Dallas |
| São Paulo (sao01) | Dallas |
| Toronto (tor01) | Toronto |
| Washington, D.C. (wdc04, wdc06, wdc07) | Washington, D.C. |
| Amsterdam (ams03) | Frankfurt |
| Frankfurt (fra02, fra04, fra05) | Frankfurt |
| Milan (mil01) | Frankfurt |
| Paris (par01) | Frankfurt |
| London (lon02, lon04, lon05, lon06) | London |
| Sydney (syd01, syd04, syd05) | Sydney |
| Chennai (che01) | Chennai |
| Seoul (seo01) | Seoul |
| Osaka (osa21, osa22, osa23) | Osaka |
| Singapore (sng01) | Tokyo |
| Tokyo (tok02, tok04, tok05) | Tokyo |
| IBM Cloud Kubernetes Service VPC location | Activity Tracker event location |
|---|---|
| Dallas (us-south-1, us-south-2, us-south-3) | Dallas |
| Frankfurt (eu-de-1, eu-de-2, eu-de-3) | Frankfurt |
| London (eu-gb-1, eu-gb-2, eu-gb-3) | London |
| Madrid (eu-es-1, eu-es-2, eu-es-3) | Madrid |
| São Paulo (br-sao-1, br-sao-2, br-sao-3) | Dallas |
| Sydney (au-syd-1, au-syd-2, au-syd-3) | Sydney |
| Tokyo (jp-tok-1, jp-tok-2, jp-tok-3) | Tokyo |
| Toronto (ca-tor-1, ca-tor-2, ca-tor-3) | Toronto |
| Washington, D.C. (us-east-1, us-east-2, us-east-3) | Washington, D.C. |