I’m digging into getting our Kubernetes auditing rules just right for our downstream clusters. I notice that when a user does something going through the Rancher authentication proxy, the audit logs attach Impersonation Headers to the message which provide a field impersonatedUser_extra_username with the regular user name (which is super helpful). However, when the user goes direct to the cluster nodes with kubectl, the user is still logged in the Rancher internal format (c-sdsaf2, for example), but there are no impersonation headers. Is this correct?
It’s just a general question. I won’t post any example messages at this time just because they’re so long and I’d have a lot of redaction to do on them.