Resource Manager (RM)

工作負載位置

根層級和機構工作負載
稽核記錄來源

Kubernetes 稽核記錄
稽核的作業

KRM API 管理平面稽核記錄 (專案)

記錄項目中包含稽核資訊的欄位
稽核中繼資料 稽核欄位名稱
使用者或服務身分 username

例如,假設使用者要求系統 將文字從英文翻譯成法文

"username":system:serviceaccount:gpc-system:fleet-admin-controller"

目標

(呼叫 API 的欄位和值)

 requestURI

"apis/resourcemanager.gdc.goog/v1/namespaces/ gpc-system/projects/istio-system

動作

(包含所執行作業的欄位)

 verb

"verb":"update"

事件時間戳記 requestReceivedTimestamp

例如,假設使用者要求系統 將文字從英文翻譯成法文

"requestReceivedTimestamp": "2022-12-22T15:46:41.028873Z"

動作來源 sourceIPs

例如,假設使用者要求系統 將文字從英文翻譯成法文

"sourceIPs":["10.253.128.178"],
結果 stage

例如,假設使用者要求系統 將文字從英文翻譯成法文

"stage": "ResponseComplete"
其他欄位
  • kind
  • objectRef

例如,假設使用者要求系統 將文字從英文翻譯成法文

"kind": "Event",
"objectRef": {
      "name": "istio-system",
      "apiVersion": "v1",
      "apiGroup": "resourcemanager.gdc.goog",
      "resourceVersion": "7812139",
      "resource": "projects",
      "uid": "7d3a3bb1-a0be-4c5c-980b-f9cd3632f6e3",
      "namespace": "gpc-system"
  },

範例記錄

{
    "stage": "ResponseComplete",
    "apiVersion": "audit.k8s.io/v1",
    "objectRef": {
      "name": "istio-system",
      "apiVersion": "v1",
      "apiGroup": "resourcemanager.gdc.goog",
      "resourceVersion": "7812139",
      "resource": "projects",
      "uid": "7d3a3bb1-a0be-4c5c-980b-f9cd3632f6e3",
      "namespace": "gpc-system"
    },
    "requestReceivedTimestamp": "2022-12-22T15:46:41.028873Z",
    "sourceIPs": [
      "10.253.128.178"
    ],
    "annotations": {
      "authorization.k8s.io/decision": "allow",
      "authorization.k8s.io/reason": "RBAC: allowed by ClusterRoleBinding \"fleet-admin-common-controller\" of ClusterRole \"fleet-admin-common-controllers-role\" to ServiceAccount \"fleet-admin-controller/gpc-system\"",
      "mutation.webhook.admission.k8s.io/round_0_index_5": "{\"configuration\":\"gatekeeper-mutating-webhook-configuration\",\"webhook\":\"mutation.gatekeeper.sh\",\"mutated\":false}"
    },
    "_gdch_cluster": "root-admin",
    "_gdch_fluentbit_pod": "anthos-audit-logs-forwarder-t4rld",
    "user": {
      "uid": "da8e839f-eca4-4a96-9058-94fa4202824f",
      "extra": {
        "authentication.kubernetes.io/pod-uid": [
          "09335650-82b0-451c-83e2-f8157e9d518c"
        ],
        "authentication.kubernetes.io/pod-name": [
          "fleet-admin-controller-75dbdf7659-ccfrn"
        ]
      },
      "groups": [
        "system:serviceaccounts",
        "system:serviceaccounts:gpc-system",
        "system:authenticated"
      ],
      "username": "system:serviceaccount:gpc-system:fleet-admin-controller"
    },
    "stageTimestamp": "2022-12-22T15:46:41.119767Z",
    "kind": "Event",
    "verb": "update",
    "requestURI": "/apis/resourcemanager.gdc.goog/v1/namespaces/gpc-system/projects/istio-system",
    "responseStatus": {
      "metadata": {},
      "code": 200
    },
    "userAgent": "fleet-admin-cm/v0.0.0 (linux/amd64) kubernetes/$Format",
    "auditID": "5aeaeab6-7371-4b63-8355-b4469e1440bb",
    "level": "Metadata",
    "_gdch_service_name": "apiserver",
    "_gdch_tenant_id": "infra-obs"
  }