| 工作負載位置 |
僅限根層級工作負載 |
| 稽核記錄來源 | |
| 稽核的作業 |
資料變更 (CRUD 作業) |
資料變更 (CRUD 作業)
| 記錄項目中包含稽核資訊的欄位 | ||
|---|---|---|
| 稽核中繼資料 | 稽核欄位名稱 | 值 |
| 使用者或服務身分 | user |
例如,假設使用者要求系統 將文字從英文翻譯成法文 "user": { "username": "kubernetes-admin", "groups":["system:masters","system:authenticated"] } |
|
目標 (呼叫 API 的欄位和值) |
requestURI |
"requestURI": "/apis/system.private.gdc.goog/v1alpha1/namespaces/gpc-system/spareparts" |
|
動作 (包含所執行作業的欄位) |
verb |
"verb":"create" |
| 事件時間戳記 | requestReceivedTimestamp |
例如,假設使用者要求系統 將文字從英文翻譯成法文
|
| 動作來源 | sourceIPs |
例如,假設使用者要求系統 將文字從英文翻譯成法文
|
| 結果 | responseStatus |
例如,假設使用者要求系統 將文字從英文翻譯成法文
|
| 其他欄位 | 不適用 | 不適用 |
範例記錄
{
"verb":"create",
"user":{
"username":"kubernetes-admin",
"groups":[
"system:masters",
"system:authenticated"
]
},
"sourceIPs":[
"10.200.0.2"
],
"annotations":{
"authorization.k8s.io/decision":"allow",
"mutation.webhook.admission.k8s.io/round_0_index_2":"{\"configuration\":\"gatekeeper-mutating-webhook-configuration\",\"webhook\":\"mutation.gatekeeper.sh\",\"mutated\":false}",
"authorization.k8s.io/reason":""
},
"requestReceivedTimestamp":"2022-12-22T00:28:24.763163Z",
"_gdch_fluentbit_pod":"anthos-audit-logs-forwarder-swcss",
"responseStatus":{
"code": 201,
"metadata":{}
},
"objectRef":{
"namespace":"gpc-system",
"apiGroup":"system.private.gdc.goog",
"resource":"spareparts",
"name":"p06186-001-1234569087a",
"apiVersion":"v1alpha1"
},
"apiVersion":"audit.k8s.io/v1",
"_gdch_cluster":"root-admin",
"level":"Metadata",
"requestURI":"/apis/system.private.gdc.goog/v1alpha1/namespaces/gpc-system/spareparts?fieldManager=kubectl-client-side-apply",
"auditID":"d9aa524b-0654-4e57-813f-b176a24244f1",
"stageTimestamp":"2022-12-22T00:28:24.779255Z",
"stage":"ResponseComplete",
"userAgent":"kubectl/v1.22.9 (darwin/amd64) kubernetes/2b63bf7",
"kind":"Event",
"_gdch_service_name":"apiserver",
"_gdch_tenant_id":"infra-obs"
}