加購管理員 (ADD)

工作負載位置

僅限根層級工作負載
稽核記錄來源

Kubernetes 稽核記錄
稽核的作業

資料變更

資料變更 (CRUD 作業)

記錄項目中包含稽核資訊的欄位
稽核中繼資料 稽核欄位名稱
使用者或服務身分 user.username

例如,假設使用者要求系統 將文字從英文翻譯成法文

"user":{
 "username":"system:serviceaccount:kube-system:
   addon-manager-controller-sa"
  }

目標

(呼叫 API 的欄位和值)

 requestURI

"requestURI":"/apis/addon.private.gdc.goog/VERSION/ namespaces/root/addonsets/root-admin/status"

動作

(包含所執行作業的欄位)

 verb

"verb":"patch"

事件時間戳記 requestReceivedTimestamp

例如,假設使用者要求系統 將文字從英文翻譯成法文

"requestReceivedTimestamp":2022-11-18T23:15:22.882546Z

動作來源 sourceIPs

例如,假設使用者要求系統 將文字從英文翻譯成法文

"sourceIPs":["10.253.132.107"]
結果 stage

例如,假設使用者要求系統 將文字從英文翻譯成法文

"stage":"RequestReceived"
其他欄位 不適用 不適用

範例記錄

{
  "kind": "Event",
  "apiVersion": "audit.k8s.io/v1",
  "level": "Metadata",
  "auditID": "8c604d8d-368c-4294-9cfa-e361b4cbbefa",
  "stage": "RequestReceived",
  
  "requestURI": "/apis/addon.private.gdc.goog/VERSION/namespaces/root/addonsets/root-admin/status",
  
  "verb": "patch",
  "user": {
    "username": "system:serviceaccount:kube-system:addon-manager-controller-sa",
    "uid": "43ee00d0-fd9a-48ff-9e74-da11e39144fe",
    "groups": [
      "system:serviceaccounts",
      "system:serviceaccounts:kube-system",
      "system:authenticated"
    ],
    "extra": {
      "authentication.kubernetes.io/pod-name": [
        "addon-manager-controller-55cc67bf8f-dr7z7"
      ],
      "authentication.kubernetes.io/pod-uid": [
        "735fc26e-a94a-4c10-a90a-86948cda9eeb"
      ]
    }
  },
  "sourceIPs": [
    "10.253.132.107"
  ],
  "userAgent": "addon-manager-cm/v0.0.0 (linux/amd64) kubernetes/$Format",
  "objectRef": {
    "resource": "addonsets",
    "namespace": "root",
    "name": "root-admin",
    "apiGroup": "addon.private.gdc.goog",
    "apiVersion": "VERSION",
    "subresource": "status"
  },
  "requestReceivedTimestamp": "2022-11-18T23:15:22.882546Z",
  "stageTimestamp": "2022-11-18T23:15:22.882546Z"
}