Pengelola add-on (ADD)

Lokasi workload

Workload hanya root
Sumber log audit

Log audit Kubernetes
Operasi yang diaudit

Perubahan data

Perubahan data (operasi CRUD)

Kolom dalam entri log yang berisi informasi audit
Metadata audit Nama kolom audit Nilai
Identitas pengguna atau layanan user.username

Misalnya,

"user":{
 "username":"system:serviceaccount:kube-system:
   addon-manager-controller-sa"
  }

Target

(Kolom dan nilai yang memanggil API)

 requestURI

"requestURI":"/apis/addon.private.gdc.goog/VERSION/ namespaces/root/addonsets/root-admin/status"

Tindakan

(Kolom yang berisi operasi yang dilakukan)

 verb

"verb":"patch"

Stempel waktu peristiwa requestReceivedTimestamp

Misalnya,

"requestReceivedTimestamp":2022-11-18T23:15:22.882546Z

Sumber tindakan sourceIPs

Misalnya,

"sourceIPs":["10.253.132.107"]
Hasil stage

Misalnya,

"stage":"RequestReceived"
Kolom lainnya Tidak berlaku Tidak berlaku

Contoh log

{
  "kind": "Event",
  "apiVersion": "audit.k8s.io/v1",
  "level": "Metadata",
  "auditID": "8c604d8d-368c-4294-9cfa-e361b4cbbefa",
  "stage": "RequestReceived",
  
  "requestURI": "/apis/addon.private.gdc.goog/VERSION/namespaces/root/addonsets/root-admin/status",
  
  "verb": "patch",
  "user": {
    "username": "system:serviceaccount:kube-system:addon-manager-controller-sa",
    "uid": "43ee00d0-fd9a-48ff-9e74-da11e39144fe",
    "groups": [
      "system:serviceaccounts",
      "system:serviceaccounts:kube-system",
      "system:authenticated"
    ],
    "extra": {
      "authentication.kubernetes.io/pod-name": [
        "addon-manager-controller-55cc67bf8f-dr7z7"
      ],
      "authentication.kubernetes.io/pod-uid": [
        "735fc26e-a94a-4c10-a90a-86948cda9eeb"
      ]
    }
  },
  "sourceIPs": [
    "10.253.132.107"
  ],
  "userAgent": "addon-manager-cm/v0.0.0 (linux/amd64) kubernetes/$Format",
  "objectRef": {
    "resource": "addonsets",
    "namespace": "root",
    "name": "root-admin",
    "apiGroup": "addon.private.gdc.goog",
    "apiVersion": "VERSION",
    "subresource": "status"
  },
  "requestReceivedTimestamp": "2022-11-18T23:15:22.882546Z",
  "stageTimestamp": "2022-11-18T23:15:22.882546Z"
}