Halaman ini diterjemahkan oleh Cloud Translation API.

Domain Name System (DNS)

Lokasi workload	Workload root dan organisasi
Sumber log audit	Log audit Kubernetes
Operasi yang diaudit	Memperbarui zona Membuat atau menghapus kunci DNSSEC Mengubah kunci DNSSEC (ZSK atau KSK) untuk menandatangani data di zona DNS

Memperbarui zona

Kolom dalam entri log yang berisi informasi audit
Metadata audit	Nama kolom audit	Nilai
Identitas pengguna atau layanan	`user.username`	Misalnya, "user":{ "username": "dns@example.com" }
Target (Kolom dan nilai yang memanggil API)	`requestURI`	`"requestURI":"/api/v1/namespaces/dns-system/configmaps/gpc-coredns-external-zonefile"`
Tindakan (Kolom yang berisi operasi yang dilakukan)	`verb`	`"verb":"update"`
Stempel waktu peristiwa	`ts`	Misalnya, `"ts":2022-11-11T22:02:02.074Z`
Sumber tindakan	`sourceIPs`	Misalnya, `"sourceIPs":["10.142.5.147"]`
Hasil	`responseStatus.code`	Misalnya, "responseStatus":{ "code":200 }
Kolom lainnya	`annotations` `objectRef`	Misalnya, "annotations":{ "authorization.k8s.io/decision":"allow" }, "objectRef":{ "resourceVersion":"697063", "uid":"aed2e6f7-ca03-4bcd-9c07-167ccd4da88e", "apiVersion":"v1", "resource":"configmaps", "apiGroup":"UNKNOWN", "namespace":"dns-system", "name":"gpc-coredns-external-zonefile" }

Contoh log

{
  "_gdch_cluster":"root-admin",
  "_gdch_fluentbit_pod":"anthos-audit-logs-forwarder-7s769",
  "_gdch_service_name":"apiserver",
  "annotations":{
    "authorization.k8s.io/decision":"allow",
    "authorization.k8s.io/reason": "RBAC: allowed by ClusterRoleBinding \"dns-core-controllers-rolebinding\" of ClusterRole \"dns-core-controllers-role\" to ServiceAccount \"dns-core-controller-sa/dns-system\"",
    },
  "apiVersion":"audit.k8s.io/v1",
  "auditID":"ba0344d7-283f-4d79-aabc-e083al9b053a",
  "kind":"Event",
  "level":"Metadata",
  "objectRef":{
    "resourceVersion":"697063",
    "uid":"aed2e6f7-ca03-4bcd-9c07-167ccd4da88e",
    "apiVersion":"v1",
    "resource":"configmaps",
    "apiGroup":"UNKNOWN",
    "namespace":"dns-system",
    "name":"gpc-coredns-external-zonefile"
    },
  "requestReceivedTimestamp":"2022-11-11T22:02:02.034688Z",
  "requestURI":"/api/v1/namespaces/dns-system/configmaps/gpc-coredns-external-zonefile",
  "responseStatus":{
    "metadata":{},
    "code":200
    },
  "sourceIPs":["10.142.5.147"],
  "stage":"ResponseComplete",
  "stageTimestamp":"2022-11-11T22:02:02.045045Z",
  "ts":2022-11-11T22:02:02.074Z,
  "tsNs":1668204122074601081,
  "user":{
    "uid":"08f727c9-5e3d-403f-bf35-06ef53f9832c",
    "groups":[
      "system:serviceaccounts",
      "system:serviceaccounts:dns-system",
      "system:authenticated"
      ],
    "username": "system:serviceaccount:dns-system:dns-core-controller-sa",
    "extra": {
      "authentication.kubernetes.io/pod-name":["dns-core-controller-58c4646858-z8kmr"],
      "authentication.kubernetes.io/pod-uid":["7cfc9b72-aacc-4e86-b43f-016498055230"]
      }
    },
  "userAgent":"controller-manager/v0.0.0 (linux/amd64) kubernetes/$Format",
  "verb":"update"
}

Membuat atau menghapus kunci DNSSEC

Kolom dalam entri log yang berisi informasi audit
Metadata audit	Nama kolom audit	Nilai
Identitas pengguna atau layanan	`user.username`	Misalnya, "user":{ "username": "dns@example.com" }
Target (Kolom dan nilai yang memanggil API)	`requestURI`	`"requestURI":"/api/v1/namespaces/dns-system/secrets/gpc-coredns-external-ksks"`
Tindakan (Kolom yang berisi operasi yang dilakukan)	`verb`	`"verb":"update"`
Stempel waktu peristiwa	`ts`	Misalnya, `"ts":2022-11-11T22:02:02.074Z`
Sumber tindakan	`sourceIPs`	Misalnya, `"sourceIPs":["10.142.5.147"]`
Hasil	`responseStatus.code`	Misalnya, "responseStatus":{ "code":200 }
Kolom lainnya	`annotations` `objectRef`	Misalnya, "annotations":{ "authorization.k8s.io/decision":"allow" }, "objectRef":{ "resource": "secrets", "namespace":"dns-system", "uid":"9a9c16ca-3601-4bc9-8683-629a61ea5234", "apiVersion":"v1", "resourceVersion":"825911", "apiGroup":"UNKNOWN", "name":"gpc-coredns-external-ksks" }

Contoh log

{
  "_gdch_cluster":"root-admin",
  "_gdch_fluentbit_pod":"audit-logs-forwarder-t15kb",
  "_gdch_service_name":"apiserver",
  "annotations":{
    "authorization.k8s.io/decision":"allow",
    "authorization.k8s.io/reason":"RBAC: allowed by RoleBinding 'dns@example.com-dns-key-manager/dns-system' of Role 'dns-key-manager' to User 'dns@example.com'"
    },
  "apiVersion":"audit.k8s.io/v1",
  "auditID":"87d3d836-b5a2-487a-8480-bc8078c5b248",
  "kind":"Event",
  "level":"Metadata",
  "objectRef":{
    "resource": "secrets",
    "namespace":"dns-system",
    "uid":"9a9c16ca-3601-4bc9-8683-629a61ea5234",
    "apiVersion":"v1",
    "resourceVersion":"825911",
    "apiGroup":"UNKNOWN",
    "name":"gpc-coredns-external-ksks"
    },
  "requestReceivedTimestamp":"2022-11-11T22:02:02.034688Z",
  "requestURI":"/api/v1/namespaces/dns-system/secrets/gpc-coredns-external-ksks",
  "responseStatus":{
    "metadata":{},
    "code":200
    },
  "sourceIPs":["10.142.5.147"],
  "stage":"ResponseComplete",
  "stageTimestamp":"2022-11-11T22:02:02.045045Z",
  "ts":2022-11-11T22:02:02.074Z,
  "tsNs":1668204122074601081,
  "user":{
    "groups":[
      "system: authenticated"
      ],
    "username": "dns@example.com"
    },
  "userAgent":"gdcloud/v0.0.0 (linux/amd64) kubernetes/$Format",
  "verb":"update"
}

Mengubah kunci DNSSEC

Kolom dalam entri log yang berisi informasi audit
Metadata audit	Nama kolom audit	Nilai
Identitas pengguna atau layanan	`user.username`	Misalnya, "user":{ "username": "dns@example.com" }
Target (Kolom dan nilai yang memanggil API)	`requestURI`	`"requestURI":"/api/v1/namespaces/dns-system/configmaps/gpc-coredns-external-corefile"`
Tindakan (Kolom yang berisi operasi yang dilakukan)	`verb`	`"verb":"update"`
Stempel waktu peristiwa	`ts`	Misalnya, `"ts":2022-11-11T22:02:02.074Z`
Sumber tindakan	`sourceIPs`	Misalnya, `"sourceIPs":["10.142.5.147"]`
Hasil	`responseStatus.code`	Misalnya, "responseStatus":{ "code":200 }
Kolom lainnya	`annotations` `objectRef`	Misalnya, "annotations":{ "authorization.k8s.io/decision":"allow" }, "objectRef":{ "resourceVersion":"758987", "resource":"configmaps", "apiGroup":"UNKNOWN", "name":"gpc-coredns-external-corefile", "apiVersion":"v1", "namespace":"dns-system", "uid":"d831c851-4fa3-4£30-92f6-c68cb36b0a80" }

Contoh log

{
  "_gdch_cluster":"root-admin",
  "_gdch_fluentbit_pod":"audit-logs-forwarder-8z2rm",
  "_gdch_service_name":"apiserver",
  "annotations":{
    "authorization.k8s.io/decision":"allow",
    "authorization.k8s.io/reason":"RBAC: allowed by RoleBinding 'dns@example.com-dns-key-manager/dns-system' of Role 'dns-key-manager' to User 'dns@example.com'"
    },
  "apiVersion":"audit.k8s.io/v1",
  "auditID":"ba0344d7-283f-4d79-aabc-e083al9b053a",
  "kind":"Event",
  "level":"Metadata",
  "objectRef":{
    "resourceVersion":"758987",
    "resource":"configmaps",
    "apiGroup":"UNKNOWN",
    "name":"gpc-coredns-external- corefile",
    "apiVersion":"v1",
    "namespace":"dns-system",
    "uid":"d831c851-4fa3-4£30-92f6-c68cb36b0a80"
    },
  "requestReceivedTimestamp":"2022-11-11T22:02:02.034688Z",
  "requestURI":"/api/v1/namespaces/dns-system/configmaps/gpc-coredns-external-corefile",
  "responseStatus":{
    "metadata":{},
    "code":200
    },
  "sourceIPs":["10.142.5.147"],
  "stage":"ResponseComplete",
  "stageTimestamp":"2022-11-11T22:02:02.045045Z",
  "ts":2022-11-11T22:02:02.074Z,
  "tsNs":1668204122074601081,
  "user":{
    "groups":[
      "system: authenticated"
      ],
    "username": "dns@example.com"
    },
  "userAgent":"gdcloud/v0.0.0 (linux/amd64) kubernetes/$Format",
  "verb":"update"
}

Domain Name System (DNS) Tetap teratur dengan koleksi Simpan dan kategorikan konten berdasarkan preferensi Anda.

Memperbarui zona

Membuat atau menghapus kunci DNSSEC

Mengubah kunci DNSSEC

Domain Name System (DNS)