Halaman ini diterjemahkan oleh Cloud Translation API.

Pengelolaan Inventaris

Lokasi workload	Workload hanya root
Sumber log audit	Log audit Kubernetes
Operasi yang diaudit	Perubahan data (operasi CRUD)

Perubahan data (operasi CRUD)

Kolom dalam entri log yang berisi informasi audit
Metadata audit	Nama kolom audit	Nilai
Identitas pengguna atau layanan	`user`	Misalnya, "user": { "username": "kubernetes-admin", "groups":["system:masters","system:authenticated"] }
Target (Kolom dan nilai yang memanggil API)	`requestURI`	`"requestURI": "/apis/system.private.gdc.goog/v1alpha1/namespaces/gpc-system/spareparts"`
Tindakan (Kolom yang berisi operasi yang dilakukan)	`verb`	`"verb":"create"`
Stempel waktu peristiwa	`requestReceivedTimestamp`	Misalnya, `"requestReceivedTimestamp":"2022-12-22T00:28:24.763163Z"`
Sumber tindakan	`sourceIPs`	Misalnya, `"sourceIPs":["10.200.0.2"]`
Hasil	`responseStatus`	Misalnya, `"responseStatus":{"code":201,"metadata":{}}`
Kolom lainnya	Tidak berlaku	Tidak berlaku

Contoh log

{
   "verb":"create",
   "user":{
      "username":"kubernetes-admin",
      "groups":[
         "system:masters",
         "system:authenticated"
      ]
   },
   "sourceIPs":[
      "10.200.0.2"
   ],
   "annotations":{
      "authorization.k8s.io/decision":"allow",
      "mutation.webhook.admission.k8s.io/round_0_index_2":"{\"configuration\":\"gatekeeper-mutating-webhook-configuration\",\"webhook\":\"mutation.gatekeeper.sh\",\"mutated\":false}",
      "authorization.k8s.io/reason":""
   },
   "requestReceivedTimestamp":"2022-12-22T00:28:24.763163Z",
   "_gdch_fluentbit_pod":"anthos-audit-logs-forwarder-swcss",
   "responseStatus":{
      "code": 201,
      "metadata":{}
   },
   "objectRef":{
      "namespace":"gpc-system",
      "apiGroup":"system.private.gdc.goog",
      "resource":"spareparts",
      "name":"p06186-001-1234569087a",
      "apiVersion":"v1alpha1"
   },
   "apiVersion":"audit.k8s.io/v1",
   "_gdch_cluster":"root-admin",
   "level":"Metadata",
   "requestURI":"/apis/system.private.gdc.goog/v1alpha1/namespaces/gpc-system/spareparts?fieldManager=kubectl-client-side-apply",
   "auditID":"d9aa524b-0654-4e57-813f-b176a24244f1",
   "stageTimestamp":"2022-12-22T00:28:24.779255Z",
   "stage":"ResponseComplete",
   "userAgent":"kubectl/v1.22.9 (darwin/amd64) kubernetes/2b63bf7",
   "kind":"Event",
   "_gdch_service_name":"apiserver",
   "_gdch_tenant_id":"infra-obs"
}