Halaman ini diterjemahkan oleh Cloud Translation API.

Layanan Database

Lokasi workload	Hanya workload organisasi
Sumber log audit	Log audit Kubernetes
Operasi yang diaudit	Membuat resource DBClusters Memperbarui resource DBClusters Menambahkan patch pada resource DBClusters Mencantumkan resource DBClusters Membuat Cadangan Memperbarui Cadangan Menghapus cadangan List Backups Membuat BackupPlan Memperbarui BackupPlan Menghapus BackupPlan List BackupPlans Membuat Impor Menghapus Impor Mencantumkan Impor Membuat Ekspor Memperbarui Ekspor Menghapus Ekspor Ekspor Daftar Membuat Pemulihan Memperbarui Pemulihan Menghapus Pemulihan Mencantumkan Pemulihan

DBClusters

Kolom dalam entri log yang berisi informasi audit
Metadata audit	Nama kolom audit	Nilai
Identitas pengguna	`user.username`	Misalnya, "user":{"username":"kubernetes-admin"}
Target (Kolom dan nilai yang memanggil API)	`objectRef`	Misalnya, "objectRef":{ "name":"emuv2", "namespace":"obs-system", "resource":"dbclusters", "apiGroup":"postgresql.dbadmin.gdc.goog", "apiVersion":"v1" }
Tindakan (Kolom yang berisi operasi yang dilakukan)	`verb`	`"verb":"create"` `"verb":"update"` `"verb":"patch"` `"verb":"list"`
Stempel waktu peristiwa	`requestReceivedTimestamp`	Misalnya, `"requestReceivedTimestamp":"2022-11-11T22:02:02.034688Z"`
Sumber tindakan	`sourceIPs`	Misalnya, `["10.200.0.7"]`
Hasil	`responseStatus`	Misalnya, "responseStatus":{ "metadata":{}, "code":201 }
Kolom lainnya	`annotations`	Misalnya, "annotations":{ "mutation.webhook.admission.k8s.io/round_0_index_24": "{\"configuration\":\"mutating-webhook-configurati on\",\"webhook\":\"mdbcluster.postgresql.dbadmin.gdc.goog\",\"mutated\":true}", "authorization.k8s.io/decision": "allow", "authorization.k8s.io/reason":""}

Contoh log

{
  "userAgent": "kubectl/v1.24.2 (linux/amd64) kubernetes/f66044f",
  "apiVersion": "audit.k8s.io/v1",
  "stageTimestamp": "2022-12-02T23:55:23.818903Z",
  "_gdch_cluster": "org-1-admin",
  "level": "Metadata",
  "auditID": "9365cb9f-9403-446a-a88a-f91b88284acf",
  "verb": "create",
  "stage": "ResponseComplete",
  "requestURI": "/a pis/postgresql.dbadmin.gdc.goog/v1/namespaces/obs-system/dbclusters?fieldManager-kubectl -client-side-apply&fieldValidation=Strict",
  "responseStatus": {
    "metadata": {},
    "code": 201
  },
  "annotations": {
    "mutation.webhook.admission.k8s.io/round_0_index_24": "{\"configuration\":\"mutating-webhook-configurati on\",\"webhook\":\"mdbcluster.postgresql.dbadmin.gdc.goog\",\"mutated\":true}",
    "authorization.k8s.io/decision": "allow",
    "authorization.k8s.io/reason": ""
  },
  "_gdch_fluentbit_pod": "anthos-audit-logs-forwarder-t21dm",
  "objectRef": {
    "name": "emuv2",
    "namespace": "obs-system",
    "resource": "dbclusters",
    "apiGrou p": "postgresql.dbadmin.gdc.goog",
    "apiVersion": "v1"
  },
  "sourceIPs": [
    "10.200.0.7"
  ],
  "kind": "Event",
  "user": {
    "username": "kubernetes-admin",
    "groups": [
      "system:masters",
      "system:authenticated"
    ]
  },
  "requestReceivedTimestamp": "2022-12-02T23:55:23.739779Z",
  "_gdch_service_name": "apiserver"
}

Cadangan

Kolom dalam entri log yang berisi informasi audit
Metadata audit	Nama kolom audit	Nilai
Identitas pengguna	`user.username`	Misalnya, "user":{"username":"system:serviceaccount:ods-fleet-system: fleet-controller-manager"}
Target (Kolom dan nilai yang memanggil API)	`objectRef`	Misalnya, "objectRef": { "apiGroup": "postgresql.dbadmin.gdc.goog", "apiVersion": "v1", "resource": "backups", "namespace": "obs-system", "resourceVersion": "3189223", "name": "backup1", "uid": "3b5f6255-9a6d-4556-94b3-9956a5e6c8c2" }
Tindakan (Kolom yang berisi operasi yang dilakukan)	`verb`	`"verb":"create"` `"verb":"update"` `"verb":"delete"` `"verb":"list"`
Stempel waktu peristiwa	`requestReceivedTimestamp`	Misalnya, `"requestReceivedTimestamp":"2022-11-11T22:02:02.034688Z"`
Sumber tindakan	`sourceIPs`	Misalnya, `["10.200.0.7"]`
Hasil	`responseStatus`	Misalnya, "responseStatus":{ "metadata":{}, "code":200 }
Kolom lainnya	`annotations`	Misalnya, "annotations":{ "authorization.k8s.io/reason": "RBAC: allowed by Cluster RoleBinding \"fleet -manager-rolebinding\" of Cluster Role \"fleet-manager-role\" to ServiceAccount \"fleet-controller-manager/ods-fleet-system\"", "authorization.k8s.io/decision": "allow" }

Contoh log

{
  "responseStatus": {
    "metadata": {},
    "code": 200
  },
  "_gdch_cluster": "org-1-admin",
  "userAgent": "manager/v0.0.0 (linux/amd64) kubernetes/$Format",
  "_gdch_fluentbit_pod": "anthos-audit-logs-forwarder-q2pvd",
  "annotations": {
    "authorization.k8s.io/reason": "RBAC: allowed by Cluster RoleBinding \"fleet -manager-rolebinding\" of Cluster Role \"fleet-manager-role\" to ServiceAccount \"fleet-controller-manager/ods-fleet-system\"",
    "authorization.k8s.io/decision": "allow"
  },
  "requestURI": "/apis/postgresql.dbadmin.gdc.goog/v1/namespaces/obs-system/backups/backup1",
  "kind": "Event",
  "leve 1": "Metadata",
  "verb": "update",
  "apiVersion": "audit.k8s.io/v1",
  "requestReceived Timestamp": "2022-12-03T02:10:57.714186Z",
  "stageTimestamp": "2022-12-03T02:10:57.801287Z",
  "auditID": "9b2721c8-db96-491b-90ce-4771979dceb3",
  "user": {
    "groups": [
      "system:serviceaccounts",
      "system:serviceaccounts:ods -fleet-system",
      "system: authenticated"
    ],
    "extra": {
      "authentication.kubernetes.io/pod-name": [
        "fleet-controller-manager-659bc596c4-v6zll"
      ],
      "authentication.kubernetes.io/pod-uid": [
        "6000181a-2050-497e-be3f-313456b88902"
      ]
    },
    "username": "system:serviceaccount:ods-fleet-system: fleet-controller-m anager",
    "uid": "66743ae3-eb0e-4608-9dea-2e6e33da24f1"
  },
  "stage": "ResponseComplete",
  "sourceIPs": [
    "10.253.165.17"
  ],
  "objectRef": {
    "apiGroup": "postgresql.dbadmin.gdc.goog",
    "apiVersion": "v1",
    "resource": "backups",
    "namespace": "obs-system",
    "resourceVersion": "3189223",
    "name": "backup1",
    "ui d": "3b5f6255-9a6d-4556-94b3-9956a5e6c8c2"
  },
  "_gdch_service_name": "apiserver"
}

BackupPlan

Kolom dalam entri log yang berisi informasi audit
Metadata audit	Nama kolom audit	Nilai
Identitas pengguna	`user.username`	Misalnya, "user":{"username":"kubernetes-admin", "groups":["system:masters","system:authenticated"]}
Target (Kolom dan nilai yang memanggil API)	`objectRef`	Misalnya, "objectRef": { "name": "backupplan1", "apiGroup": "postgresql.dbadmin.gdc.goog", "apiVersion": "v1", "namespace": "obs-system", "resource": "backupplans" }
Tindakan (Kolom yang berisi operasi yang dilakukan)	`verb`	`"verb":"create"` `"verb":"update"` `"verb":"delete"` `"verb":"list"`
Stempel waktu peristiwa	`requestReceivedTimestamp`	Misalnya, `"requestReceivedTimestamp":"2022-11-11T22:02:02.034688Z"`
Sumber tindakan	`sourceIPs`	Misalnya, `["10.200.0.7"]`
Hasil	`responseStatus`	Misalnya, "responseStatus":{ "metadata":{}, "code":200 }
Kolom lainnya	`annotations`	Misalnya, "annotations": { "authorization.k8s.io/reason": "", "authorization.k8s.io/deci sion": "allow" }

Contoh log

{
  "apiVersion": "audit.k8s.io/v1",
  "stageTimestamp": "2022-12-03T00:13:15.939390Z",
  "requestURI": "/apis/postgresql.dbadmin.gdc.goog/v1/namespaces/obs-system/backupplans?fieldManager-kubectl -client-side-apply&fieldValidation=Strict",
  "kind": "Event",
  "level": "Metadata",
  "auditID": "5841cc4f-74d0-44e3-b8 2b-a84fadaf492b",
  "responseStatus": {
    "metadata": {},
    "code": 201
  },
  "stage": "ResponseComplete",
  "_gdch_fluentbit_pod": "anthos-audit-logs-forwarder-9x9pd",
  "userAgent": "kubectl/v1.24.2 (linux/amd64) kubernetes/f66044f",
  "verb": "create",
  "annotations": {
    "authorization.k8s.io/reason": "",
    "authorization.k8s.io/deci sion": "allow"
  },
  "user": {
    "groups": [
      "system:masters",
      "system: authenticated"
    ],
    "username": "kubernetes-admin"
  },
  "_gdch_cluster": "org-1-admin",
  "objectRef": {
    "name": "backupplan1",
    "apiGroup": "postgresql.dbadmin.gdc.goog",
    "apiVersion": "v1",
    "namespace": "obs-system",
    "resource": "backupplans"
  },
  "sourceIPs": [
    "10.200.0.7"
  ],
  "requestReceivedTimestamp": "2022-12-03T00:13:15.921957Z",
  "_gdch_service_name": "apiserver"
}

Impor

Kolom dalam entri log yang berisi informasi audit
Metadata audit	Nama kolom audit	Nilai
Identitas pengguna	`user.username`	Misalnya, "user":{"groups":["system: masters", "system: authenticated"], "username": "kubernetes-admin"}
Target (Kolom dan nilai yang memanggil API)	`objectRef`	Misalnya, "objectRef": { "resource": "imports", "apiVersion": "v1", "apiGroup": "postgresql.dbadmin.gdc.goog", "name": "import-1", "namespace": "obs-system" },
Tindakan (Kolom yang berisi operasi yang dilakukan)	`verb`	`"verb":"create"` `"verb":"delete"` `"verb":"list"`
Stempel waktu peristiwa	`requestReceivedTimestamp`	Misalnya, `"requestReceivedTimestamp":"2022-11-11T22:02:02.034688Z"`
Sumber tindakan	`sourceIPs`	Misalnya, `["10.200.0.7"]`
Hasil	`responseStatus`	Misalnya, "responseStatus":{ "metadata":{}, "code":201 }
Kolom lainnya	`annotations`	Misalnya, "annotations": { "mutation.webhook.admission.k8s.io/round_@_index_26": "{\"configuration\":\"mutating-webhook-configuration\", \"webhook\":\"import.postgresql.dbadmin.gdc.goog\",\"mutated\":true}", "authorization.k8s.io/decision": "allow", "authorization.k8s.io/reason": "" }

Contoh log

{
  "verb": "create",
  "apiVersion": "audit.k8s.io/v1",
  "requestReceived Timestamp": "2022-12-03T02:22:14.605452Z",
  "requestURI": "/apis/postgresql.dbadmin.gdc.goog/v1/namespaces/obs-system/imports?fieldManager-kubectl -client-side-apply&fieldValidation=Strict",
  "stageTimestamp": "2022-12-03T 02:22:14.637697Z",
  "_gdch_cluster": "org-1-admin",
  "annotations": {
    "mutation.webhook.admission.k8s.io/round_@_index_26": "{\"configuration\":\"mutating-webhook-configuration\", \"webhook\":\"mimport.postgresql.dbadmin.gdc.goog\",\"mutated\":true}",
    "authorization.k8s.io/decision": "allow",
    "a uthorization.k8s.io/reason": ""
  },
  "kind": "Event",
  "level": "Metadata",
  "auditID": "d04e1c23-13fa-4d18-bec7-31d652531151",
  "stage": "ResponseComplete",
  "responseStatus": {
    "metadata": {},
    "code": 201
  },
  "objectRef": {
    "resource": "imports",
    "apiVersion": "v1",
    "apiGroup": "postgresql.dbadmin.gdc.goo g",
    "name": "import-1",
    "namespace": "obs-system"
  },
  "_gdch_fluentbit_pod": "anthos-audit-logs-forwarder-9x9pd",
  "sourceIPs": [
    "10.200.0.7"
  ],
  "user": {
    "groups": [
      "system: masters",
      "system: authenticated"
    ],
    "username": "kubernetes-admin"
  },
  "userAgent": "kubectl/v1.24.2 (linux/amd64) kubernetes/f66044 f",
  "_gdch_service_name": "apiserver"
}

Ekspor

Kolom dalam entri log yang berisi informasi audit
Metadata audit	Nama kolom audit	Nilai
Identitas pengguna	`user.username`	Misalnya, "user":{"groups":["system: masters", "system: authenticated"], "username": "kubernetes-admin"}
Target (Kolom dan nilai yang memanggil API)	`objectRef`	Misalnya, "objectRef": { "apiVersio n": "v1", "apiGroup": "postgresql.dbadmin.gdc.goog", "namespace": "obs-system", "resource": "exports", "name": "export1" }
Tindakan (Kolom yang berisi operasi yang dilakukan)	`verb`	`"verb":"create"` `"verb":"update"` `"verb":"delete"` `"verb":"list"`
Stempel waktu peristiwa	`requestReceivedTimestamp`	Misalnya, `"requestReceivedTimestamp":"2022-12-03T07:41:29.462690Z"`
Sumber tindakan	`sourceIPs`	Misalnya, `["10.200.0.7"]`
Hasil	`responseStatus`	Misalnya, "responseStatus":{ "metadata":{}, "code":201 }
Kolom lainnya	`annotations`	Misalnya, "annotations": { "authorization.k8s.io/reason": "", "mutation.webhook.admission.k8s.io/round_0_index_25": "{\"configuration\":\"mutating-webhook-configuratio n\",\"webhook\":\"mexport.postgresql.dbadmin.gdc.goog\",\"mutated\":true}", "authorization.k8s.io/decision": "allow" }

Contoh log

{
  "apiVersion": "audit.k8s.io/v1",
  "userAgent": "kubectl/v1.24.2 (linux/amd64) kubernetes/f66044f",
  "requestURI": "/apis/postgresql.dbadmin.gdc.goog/v1/namespaces/obs-system/exports?fieldManager=kubectl-client-side-apply&fieldValidation=Strict",
  "stageTimestamp": "2022-12-03T07:41:29.532729Z",
  "kind": "Event",
  "level": "Metadata",
  "_gdch_cluster": "org-1-admin",
  "stage": "ResponseComplete",
  "_gdc h_fluentbit_pod": "anthos-audit-logs-forwarder-9x9pd",
  "verb": "create",
  "requestReceivedTimestamp": "2022-12-03T07:41:29.462690Z",
  "responseStatus": {
    "code": 201,
    "metadata": {}
  },
  "objectRef": {
    "apiVersio n": "v1",
    "apiGroup": "postgresql.dbadmin.gdc.goog",
    "namespace": "obs-system",
    "resource": "exports",
    "name": "export1"
  },
  "user": {
    "groups": [
      "system:masters",
      "system: authenticated"
    ],
    "username": "kube rnetes-admin"
  },
  "sourceIPs": [
    "10.200.0.7"
  ],
  "annotations": {
    "authorization.k8s.io/reason": "",
    "mutation.webhook.admission.k8s.io/round_0_index_25": "{\"configuration\":\"mutating-webhook-configuratio n\",\"webhook\":\"mexport.postgresql.dbadmin.gdc.goog\",\"mutated\":true}",
    "authorization.k8s.io/decision": "allow"
  },
  "auditID": "2537d860-affd-420d-adec-13a270c1dcb2",
  "_gdch_service_name": "apiserver"
}

Pulihkan

Kolom dalam entri log yang berisi informasi audit
Metadata audit	Nama kolom audit	Nilai
Identitas pengguna	`user.username`	Misalnya, "user": { "groups": [ "system:serviceaccounts", "system:serviceaccounts:ods- fleet-system", "system: authenticated" ], "extra": { "authentication.kubernetes.io/pod-name": [ "fleet-controller-manager-659bc596c4-v6z11" ], "authentication.kubernetes.io/pod-uid": [ "6000181a-2050-497e-be3f-313456b88902" ] }, "username": "system:serviceaccount:ods-fleet-system: fleet-controller-manager", "uid": "6 6743ae3-eb0e-4608-9dea-2e6e33da24f1" }
Target (Kolom dan nilai yang memanggil API)	`objectRef`	Misalnya, "objectRef": { "apiGroup": "postgresql.dbadmin.gdc.goog", "name": "restore1", "subresource": "status", "uid": "9408379e-7c72-4052-b279-369f6457408a", "namespace": "obs-system", "apiVersion": "v1", "resource": "restores", "resourceVersion": "326530" }
Tindakan (Kolom yang berisi operasi yang dilakukan)	`verb`	`"verb":"create"` `"verb":"update"` `"verb":"delete"` `"verb":"list"`
Stempel waktu peristiwa	`requestReceivedTimestamp`	Misalnya, `"requestReceivedTimestamp":"2022-12-03T02:33:06.498531Z"`
Sumber tindakan	`sourceIPs`	Misalnya, `["18.253.165.17"]`
Hasil	`responseStatus`	Misalnya, "responseStatus":{ "metadata":{}, "code":200 }
Kolom lainnya	`annotations`	Misalnya, "annotations": { "authorization.k8s.io/reason": "RBAC: allowed by ClusterRoleBinding \"fleet-manager-rolebinding\" of Cluster Role \"fleet-manager-role\" to Service Account \"fleet-controller-manager/ods-fleet-system\"", "authorization.k8s.io/decision": "allow" }

Contoh log

{
  "_gdch_cluster": "org-1-admin",
  "_gdch_fluentbit_pod": "anthos-audit-logs-forwarder-q2pvd",
  "level": "Metadata",
  "requestURI": "/apis/postgresql.dbadmin.gdc.goog/v1/namespaces/obs-system/restores/restore1/status",
  "kind": "Event",
  "user": {
    "groups": [
      "system:serviceaccounts",
      "system:serviceaccounts:ods- fleet-system",
      "system: authenticated"
    ],
    "extra": {
      "authentication.kubernetes.io/pod-name": [
        "fleet-controller-manager-659bc596c4-v6z11"
      ],
      "authentication.kubernetes.io/pod-uid": [
        "6000181a-2050-497e-be3f-313456b88902"
      ]
    },
    "username": "system:serviceaccount:ods-fleet-system: fleet-controller-manager",
    "uid": "6 6743ae3-eb0e-4608-9dea-2e6e33da24f1"
  },
  "annotations": {
    "authorization.k8s.io/reason": "RBAC: allowed by ClusterRoleBinding \"fleet-manager-rolebinding\" of Cluster Role \"fleet-manager-role\" to Service Account \"fleet-controller-manager/ods-fleet-system\"",
    "authorization.k8s.io/decision": "allow"
  },
  "apiv ersion": "audit.k8s.io/v1",
  "responseStatus": {
    "code": 200,
    "metadata": {}
  },
  "stageTimestamp": "2022-12-03T02:33:06.504990Z",
  "verb": "update",
  "userAgent": "manager/v0.0.0 (linux/amd64) kubernetes/$Format",
  "auditID": "8cd077e4-776f-4179-933c-7e44951a59cf",
  "sourceIPs": [
    "18.253.165.17"
  ],
  "stage": "ResponseComplete",
  "requestReceivedTimestamp": "2022-12-03T02:33:06.498531Z",
  "objectRef": {
    "apiGroup": "postgresql.dbadmin.gdc.goog",
    "name": "restore1",
    "subresource": "status",
    "uid": "9408379e-7c72-4052-b279-369f6457408a",
    "namespace": "obs-system",
    "apiVersion": "v1",
    "resource": "restores",
    "resourceVersion": "326530"
  }
}```

Layanan Database Tetap teratur dengan koleksi Simpan dan kategorikan konten berdasarkan preferensi Anda.

DBClusters

Cadangan

BackupPlan

Impor

Ekspor

Pulihkan

Layanan Database