附加服务管理器 (ADD)

工作负载位置

仅限 root 用户的工作负载
审核日志源

Kubernetes 审核日志
接受审核的操作

数据变化

数据更改(CRUD 操作)

包含审核信息的日志条目中的字段
审核元数据 审核字段名称
用户或服务身份 user.username

例如,

"user":{
 "username":"system:serviceaccount:kube-system:
   addon-manager-controller-sa"
  }

目标

(调用 API 的字段和值)

 requestURI

"requestURI":"/apis/addon.private.gdc.goog/VERSION/ namespaces/root/addonsets/root-admin/status"

操作

(包含所执行操作的字段)

 verb

"verb":"patch"

活动时间戳 requestReceivedTimestamp

例如,

"requestReceivedTimestamp":2022-11-18T23:15:22.882546Z

操作来源 sourceIPs

例如,

"sourceIPs":["10.253.132.107"]
结果 stage

例如,

"stage":"RequestReceived"
其他字段 不适用 不适用

日志示例

{
  "kind": "Event",
  "apiVersion": "audit.k8s.io/v1",
  "level": "Metadata",
  "auditID": "8c604d8d-368c-4294-9cfa-e361b4cbbefa",
  "stage": "RequestReceived",
  
  "requestURI": "/apis/addon.private.gdc.goog/VERSION/namespaces/root/addonsets/root-admin/status",
  
  "verb": "patch",
  "user": {
    "username": "system:serviceaccount:kube-system:addon-manager-controller-sa",
    "uid": "43ee00d0-fd9a-48ff-9e74-da11e39144fe",
    "groups": [
      "system:serviceaccounts",
      "system:serviceaccounts:kube-system",
      "system:authenticated"
    ],
    "extra": {
      "authentication.kubernetes.io/pod-name": [
        "addon-manager-controller-55cc67bf8f-dr7z7"
      ],
      "authentication.kubernetes.io/pod-uid": [
        "735fc26e-a94a-4c10-a90a-86948cda9eeb"
      ]
    }
  },
  "sourceIPs": [
    "10.253.132.107"
  ],
  "userAgent": "addon-manager-cm/v0.0.0 (linux/amd64) kubernetes/$Format",
  "objectRef": {
    "resource": "addonsets",
    "namespace": "root",
    "name": "root-admin",
    "apiGroup": "addon.private.gdc.goog",
    "apiVersion": "VERSION",
    "subresource": "status"
  },
  "requestReceivedTimestamp": "2022-11-18T23:15:22.882546Z",
  "stageTimestamp": "2022-11-18T23:15:22.882546Z"
}