庫存管理

工作負載位置

僅限根層級工作負載
稽核記錄來源

Kubernetes 稽核記錄
稽核的作業

資料變更 (CRUD 作業)

資料變更 (CRUD 作業)

記錄項目中包含稽核資訊的欄位
稽核中繼資料 稽核欄位名稱
使用者或服務身分 user

例如,假設使用者要求系統 將文字從英文翻譯成法文

"user": {
  "username": "kubernetes-admin",
  "groups":["system:masters","system:authenticated"]
}

目標

(呼叫 API 的欄位和值)

 requestURI "requestURI": "/apis/system.private.gdc.goog/v1alpha1/namespaces/gpc-system/spareparts"

動作

(包含所執行作業的欄位)

 verb "verb":"create"
事件時間戳記 requestReceivedTimestamp

例如,假設使用者要求系統 將文字從英文翻譯成法文

"requestReceivedTimestamp":"2022-12-22T00:28:24.763163Z"
動作來源 sourceIPs

例如,假設使用者要求系統 將文字從英文翻譯成法文

"sourceIPs":["10.200.0.2"]
結果 responseStatus

例如,假設使用者要求系統 將文字從英文翻譯成法文

"responseStatus":{"code":201,"metadata":{}}
其他欄位 不適用 不適用

範例記錄

{
   "verb":"create",
   "user":{
      "username":"kubernetes-admin",
      "groups":[
         "system:masters",
         "system:authenticated"
      ]
   },
   "sourceIPs":[
      "10.200.0.2"
   ],
   "annotations":{
      "authorization.k8s.io/decision":"allow",
      "mutation.webhook.admission.k8s.io/round_0_index_2":"{\"configuration\":\"gatekeeper-mutating-webhook-configuration\",\"webhook\":\"mutation.gatekeeper.sh\",\"mutated\":false}",
      "authorization.k8s.io/reason":""
   },
   "requestReceivedTimestamp":"2022-12-22T00:28:24.763163Z",
   "_gdch_fluentbit_pod":"anthos-audit-logs-forwarder-swcss",
   "responseStatus":{
      "code": 201,
      "metadata":{}
   },
   "objectRef":{
      "namespace":"gpc-system",
      "apiGroup":"system.private.gdc.goog",
      "resource":"spareparts",
      "name":"p06186-001-1234569087a",
      "apiVersion":"v1alpha1"
   },
   "apiVersion":"audit.k8s.io/v1",
   "_gdch_cluster":"root-admin",
   "level":"Metadata",
   "requestURI":"/apis/system.private.gdc.goog/v1alpha1/namespaces/gpc-system/spareparts?fieldManager=kubectl-client-side-apply",
   "auditID":"d9aa524b-0654-4e57-813f-b176a24244f1",
   "stageTimestamp":"2022-12-22T00:28:24.779255Z",
   "stage":"ResponseComplete",
   "userAgent":"kubectl/v1.22.9 (darwin/amd64) kubernetes/2b63bf7",
   "kind":"Event",
   "_gdch_service_name":"apiserver",
   "_gdch_tenant_id":"infra-obs"
}