機構 (ORG)

工作負載位置

僅限根層級工作負載
稽核記錄來源

Kubernetes 稽核記錄
稽核的作業

對 KRM API 管理平面執行作業

對 KRM API 管理平面執行作業

記錄項目中包含稽核資訊的欄位
稽核中繼資料 稽核欄位名稱
使用者或服務身分 user

例如,假設使用者要求系統 將文字從英文翻譯成法文

"user":{"uid": "253b9e2f-fde2-4e37-ae7b-36a55d57aafb", "username": "system:serviceaccount: gatekeeper-system: gatekeeper-admin", "extra": {"authentication.kubernet es.io/pod-name": [ "gatekeeper-audit-7fd7bc5d97-x9x8b"], "authentication.kubernetes.io/pod-uid":["e62eaabc-2530-4c36-b793-a98b42c061eb"]}, "groups":["system: serviceaccounts", "system: serviceacc ounts: gatekeeper-system", "system: authenticated"]}

目標

(呼叫 API 的欄位和值)

 requestURI

例如,假設使用者要求系統 將文字從英文翻譯成法文

"requestURI":"/apis/resourcemanager.gdc.goog/v1"

動作

(包含所執行作業的欄位)

 verb "verb":"list"
事件時間戳記 requestReceivedTimestamp

例如,假設使用者要求系統 將文字從英文翻譯成法文

"requestReceivedTimestamp":"2022-12-06T23:05:22.586546Z"
動作來源 sourceIPs

例如,假設使用者要求系統 將文字從英文翻譯成法文

"sourceIPs":["10.200.0.4"]
結果 responseStatus

例如,假設使用者要求系統 將文字從英文翻譯成法文

"responseStatus":{"code":200, "metadata":{}}
其他欄位 annotations

例如,假設使用者要求系統 將文字從英文翻譯成法文

"annotations":{"authorization.k8s.io/decision": "allow","authorization.k8s.io/reason": "RBAC: allowed by ClusterRoleBinding \"gatekeeper-manager-rolebinding\" of ClusterRole \"gatekeeper-manager-role\" to ServiceAccount \"gatekeeper-admin/gatekeeper-system\""}

範例記錄

{
   "userAgent":"gatekeeper/v3.7.0 (linux/amd64) 3ba8e93/2021-11-15T20:59:44Z",
   "sourceIPs":[
      "10.200.0.4"
   ],
   "objectRef":{
      "apiGroup":"resourcemanager.gdc.goog",
      "resource":"organizations",
      "apiVersion":"v1alpha1"
   },
   "stageTimestamp":"2022-12-06T23:05:22.590986Z",
   "kind":"Event",
   "apiVersion":"audit.k8s.io/v1",
   "level":"Metadata",
   "auditID":"38da3a00-47b8-424f-8d63-d89258e2043e",
   "requestReceivedTimestamp":"2022-12-06T23:05:22.586546Z",
   "verb":"list",
   "_gdch_cluster":"root-admin",
   "_gdch_fluentbit_pod":"anthos-audit-logs-forwarder-2j85z",
   "stage":"ResponseComplete",
   "responseStatus":{
      "code":200,
      "metadata":{}
   },
   "user":{
      "uid":"253b9e2f-fde2-4e37-ae7b-36a55d57aafb",
      "username":"system:serviceaccount:gatekeeper-system:gatekeeper-admin",
      "extra":{
         "authentication.kubernet es.io/pod-name":[
            "gatekeeper-audit-7fd7bc5d97-x9x8b"
         ],
         "authentication.kubernetes.io/pod-uid":[
            "e62eaabc-2530-4c36-b793-a98b42c061eb"
         ]
      },
      "groups":[
         "system:serviceaccounts",
         "system:serviceaccounts:gatekeeper-system",
         "system: authenticated"
      ]
   },
   "requestURI":"/apis/resourcemanager.gdc.goog/v1alpha1/organizations?limit=500",
   "annotations":{
      "authorization.k8s.io/decision":"allow",
      "authorization.k8s.io/reason":"RBAC: allowed by ClusterRoleBinding \"gatekeeper-manager-rolebinding\" of ClusterRole \"gatekeeper-manager-role\" to ServiceAccount \"gatekeeper-admin/gatekeeper-system\""
   },
   "_gdch_service_name":"apiserver"
}