"annotations":{"authorization.k8s.io/decision":"allow","authorization.k8s.io/reason":"RBAC: allowed by ClusterRoleBinding \"gatekeeper-manager-rolebinding\" of ClusterRole \"gatekeeper-manager-role\" to ServiceAccount \"gatekeeper-admin/gatekeeper-system\""}
Exemple de journal
{"userAgent":"gatekeeper/v3.7.0 (linux/amd64) 3ba8e93/2021-11-15T20:59:44Z","sourceIPs":["10.200.0.4"],"objectRef":{"apiGroup":"resourcemanager.gdc.goog","resource":"organizations","apiVersion":"v1alpha1"},"stageTimestamp":"2022-12-06T23:05:22.590986Z","kind":"Event","apiVersion":"audit.k8s.io/v1","level":"Metadata","auditID":"38da3a00-47b8-424f-8d63-d89258e2043e","requestReceivedTimestamp":"2022-12-06T23:05:22.586546Z","verb":"list","_gdch_cluster":"root-admin","_gdch_fluentbit_pod":"anthos-audit-logs-forwarder-2j85z","stage":"ResponseComplete","responseStatus":{"code":200,"metadata":{}},"user":{"uid":"253b9e2f-fde2-4e37-ae7b-36a55d57aafb","username":"system:serviceaccount:gatekeeper-system:gatekeeper-admin","extra":{"authentication.kubernet es.io/pod-name":["gatekeeper-audit-7fd7bc5d97-x9x8b"],"authentication.kubernetes.io/pod-uid":["e62eaabc-2530-4c36-b793-a98b42c061eb"]},"groups":["system:serviceaccounts","system:serviceaccounts:gatekeeper-system","system: authenticated"]},"requestURI":"/apis/resourcemanager.gdc.goog/v1alpha1/organizations?limit=500","annotations":{"authorization.k8s.io/decision":"allow","authorization.k8s.io/reason":"RBAC: allowed by ClusterRoleBinding \"gatekeeper-manager-rolebinding\" of ClusterRole \"gatekeeper-manager-role\" to ServiceAccount \"gatekeeper-admin/gatekeeper-system\""},"_gdch_service_name":"apiserver"}
Sauf indication contraire, le contenu de cette page est régi par une licence Creative Commons Attribution 4.0, et les échantillons de code sont régis par une licence Apache 2.0. Pour en savoir plus, consultez les Règles du site Google Developers. Java est une marque déposée d'Oracle et/ou de ses sociétés affiliées.
Dernière mise à jour le 2025/09/04 (UTC).
[[["Facile à comprendre","easyToUnderstand","thumb-up"],["J'ai pu résoudre mon problème","solvedMyProblem","thumb-up"],["Autre","otherUp","thumb-up"]],[["Difficile à comprendre","hardToUnderstand","thumb-down"],["Informations ou exemple de code incorrects","incorrectInformationOrSampleCode","thumb-down"],["Il n'y a pas l'information/les exemples dont j'ai besoin","missingTheInformationSamplesINeed","thumb-down"],["Problème de traduction","translationIssue","thumb-down"],["Autre","otherDown","thumb-down"]],["Dernière mise à jour le 2025/09/04 (UTC)."],[[["\u003cp\u003eThis content details audit logs for root-only workloads, specifically focusing on operations performed on the KRM API Management Plane.\u003c/p\u003e\n"],["\u003cp\u003eAudit logs are sourced from Kubernetes audit logs, providing information on actions taken within the platform.\u003c/p\u003e\n"],["\u003cp\u003eKey fields in the audit log entries include user identity, the target of the action, the performed action (verb), the event timestamp, the source of the action, the outcome, and other relevant annotations.\u003c/p\u003e\n"],["\u003cp\u003eAn example log is included, showcasing a typical audit entry with detailed information on a "list" operation performed by a service account, along with details such as the request URI, source IP, and authorization decision.\u003c/p\u003e\n"]]],[],null,["# Organizations (ORG)\n\nPerform operations on the KRM API Management Plane\n--------------------------------------------------\n\n**Example log** \n\n {\n \"userAgent\":\"gatekeeper/v3.7.0 (linux/amd64) 3ba8e93/2021-11-15T20:59:44Z\",\n \"sourceIPs\":[\n \"10.200.0.4\"\n ],\n \"objectRef\":{\n \"apiGroup\":\"resourcemanager.gdc.goog\",\n \"resource\":\"organizations\",\n \"apiVersion\":\"v1alpha1\"\n },\n \"stageTimestamp\":\"2022-12-06T23:05:22.590986Z\",\n \"kind\":\"Event\",\n \"apiVersion\":\"audit.k8s.io/v1\",\n \"level\":\"Metadata\",\n \"auditID\":\"38da3a00-47b8-424f-8d63-d89258e2043e\",\n \"requestReceivedTimestamp\":\"2022-12-06T23:05:22.586546Z\",\n \"verb\":\"list\",\n \"_gdch_cluster\":\"root-admin\",\n \"_gdch_fluentbit_pod\":\"anthos-audit-logs-forwarder-2j85z\",\n \"stage\":\"ResponseComplete\",\n \"responseStatus\":{\n \"code\":200,\n \"metadata\":{}\n },\n \"user\":{\n \"uid\":\"253b9e2f-fde2-4e37-ae7b-36a55d57aafb\",\n \"username\":\"system:serviceaccount:gatekeeper-system:gatekeeper-admin\",\n \"extra\":{\n \"authentication.kubernet es.io/pod-name\":[\n \"gatekeeper-audit-7fd7bc5d97-x9x8b\"\n ],\n \"authentication.kubernetes.io/pod-uid\":[\n \"e62eaabc-2530-4c36-b793-a98b42c061eb\"\n ]\n },\n \"groups\":[\n \"system:serviceaccounts\",\n \"system:serviceaccounts:gatekeeper-system\",\n \"system: authenticated\"\n ]\n },\n \"requestURI\":\"/apis/resourcemanager.gdc.goog/v1alpha1/organizations?limit=500\",\n \"annotations\":{\n \"authorization.k8s.io/decision\":\"allow\",\n \"authorization.k8s.io/reason\":\"RBAC: allowed by ClusterRoleBinding \\\"gatekeeper-manager-rolebinding\\\" of ClusterRole \\\"gatekeeper-manager-role\\\" to ServiceAccount \\\"gatekeeper-admin/gatekeeper-system\\\"\"\n },\n \"_gdch_service_name\":\"apiserver\"\n }"]]