Pengelolaan Inventaris

Lokasi workload

Workload hanya root
Sumber log audit

Log audit Kubernetes
Operasi yang diaudit

Perubahan data (operasi CRUD)

Perubahan data (operasi CRUD)

Kolom dalam entri log yang berisi informasi audit
Metadata audit Nama kolom audit Nilai
Identitas pengguna atau layanan user

Misalnya,

"user": {
  "username": "kubernetes-admin",
  "groups":["system:masters","system:authenticated"]
}

Target

(Kolom dan nilai yang memanggil API)

 requestURI "requestURI": "/apis/system.private.gdc.goog/v1alpha1/namespaces/gpc-system/spareparts"

Tindakan

(Kolom yang berisi operasi yang dilakukan)

 verb "verb":"create"
Stempel waktu peristiwa requestReceivedTimestamp

Misalnya,

"requestReceivedTimestamp":"2022-12-22T00:28:24.763163Z"
Sumber tindakan sourceIPs

Misalnya,

"sourceIPs":["10.200.0.2"]
Hasil responseStatus

Misalnya,

"responseStatus":{"code":201,"metadata":{}}
Kolom lainnya Tidak berlaku Tidak berlaku

Contoh log

{
   "verb":"create",
   "user":{
      "username":"kubernetes-admin",
      "groups":[
         "system:masters",
         "system:authenticated"
      ]
   },
   "sourceIPs":[
      "10.200.0.2"
   ],
   "annotations":{
      "authorization.k8s.io/decision":"allow",
      "mutation.webhook.admission.k8s.io/round_0_index_2":"{\"configuration\":\"gatekeeper-mutating-webhook-configuration\",\"webhook\":\"mutation.gatekeeper.sh\",\"mutated\":false}",
      "authorization.k8s.io/reason":""
   },
   "requestReceivedTimestamp":"2022-12-22T00:28:24.763163Z",
   "_gdch_fluentbit_pod":"anthos-audit-logs-forwarder-swcss",
   "responseStatus":{
      "code": 201,
      "metadata":{}
   },
   "objectRef":{
      "namespace":"gpc-system",
      "apiGroup":"system.private.gdc.goog",
      "resource":"spareparts",
      "name":"p06186-001-1234569087a",
      "apiVersion":"v1alpha1"
   },
   "apiVersion":"audit.k8s.io/v1",
   "_gdch_cluster":"root-admin",
   "level":"Metadata",
   "requestURI":"/apis/system.private.gdc.goog/v1alpha1/namespaces/gpc-system/spareparts?fieldManager=kubectl-client-side-apply",
   "auditID":"d9aa524b-0654-4e57-813f-b176a24244f1",
   "stageTimestamp":"2022-12-22T00:28:24.779255Z",
   "stage":"ResponseComplete",
   "userAgent":"kubectl/v1.22.9 (darwin/amd64) kubernetes/2b63bf7",
   "kind":"Event",
   "_gdch_service_name":"apiserver",
   "_gdch_tenant_id":"infra-obs"
}