Dynamic Host Configuration Protocol (DHCP)

Workload location

Root only workloads

Audit log source Kubernetes audit logs
Audited operations CRUD operations to the DHCP config

CRUD operations to the DHCP config

The CRUD operations include data changes to the DHCP config logged in the audit log server.

Fields in the log entry that contain audit information
Audit metadata Audit field name Value
User or service identity userAgent, user_name

For example,

"userAgent": "kubectl/v1.23.5 (linux/amd64) kubernetes/c285e78",
"user": {
  "username": "kubernetes-admin"
}
        

Target

(Fields and values that call the API)

requestURI

For example,

"requestURI": "/api/v1/namespaces/gpc-system/configmaps/gpc-dhcp-conf?fieldManager=kubectl-edit"
        

Action

(Fields containing the performed operation)

verb

For example,

"verb": "patch"

Event timestamp requestReceivedTimestamp

For example,

"requestReceivedTimestamp": "2022-12-13T06:59:55.681994Z"

Source of action _gdch_service_name

For example,

 "_gdch_service_name": "apiserver"
        

Outcome code

For example,

"responseStatus": {
    "code": 200,
  }
        

Example log

{
  "_gdch_cluster": "root-admin",
  "_gdch_fluentbit_pod": "anthos-audit-logs-forwarder-2z87b",
  "_gdch_service_name": "apiserver",
  "annotations": {
    "authorization_k8s_io_decision": "allow",
    "authorization_k8s_io_reason": ""
  },
  "apiGroup": "UNKNOWN",
  "apiVersion": "audit.k8s.io/v1",
  "auditID": "8841cec6-1557-4278-8ba2-1f89b7953a81",
  "cluster": "root-admin",
  "auditID": "069120c2-c182-4e8f-b863-9c640885bf2b",
  "fluentbit_pod": "anthos-audit-logs-forwarder-2z87b",
  "kind": "Event",
  "level": "Metadata",
  "objectRef": {
    "apiGroup": "UNKNOWN",
    "apiVersion": "v1",
    "name": "gpc-dhcp-conf",
    "namespace": "gpc-system",
    "resource": "configmaps"
  },
  "requestReceivedTimestamp": "2022-12-13T06:59:55.681994Z",
  "requestURI": "/api/v1/namespaces/gpc-system/configmaps/gpc-dhcp-conf?fieldManager=kubectl-edit",
  "responseStatus": {
    "code": 200
  },
  "service_name": "apiserver",
  "stage": "ResponseComplete",
  "stageTimestamp": "2022-12-13T06:59:55.699551Z",
  "userAgent": "kubectl/v1.23.5 (linux/amd64) kubernetes/c285e78",
  "user": {
    "username": "kubernetes-admin"
  },
  "verb": "patch",
  "Detected": "fields",
  "Time": "1670915285440",
  "tsNs": "1670915285440328017"
}