Membuat VM
| Kolom dalam entri log yang berisi informasi audit | ||
|---|---|---|
| Metadata audit | Nama kolom audit | Nilai |
| Identitas pengguna atau layanan | user |
Misalnya, "user": { "groups": [ "system:authenticated" ], "username": "fop-myusername" } |
|
Target (Kolom dan nilai yang memanggil API) |
objectRef |
Misalnya, "objectRef": { "apiGroup": "virtualmachine.gdc.goog", "apiVersion": "v1", "name": "vm1", "namespace": "myusername-test", "resource": "virtualmachines" } |
|
Tindakan (Kolom yang berisi operasi yang dilakukan) |
verb |
"verb": "create" |
| Stempel waktu peristiwa | requestReceivedTimestamp |
Misalnya,
|
| Sumber tindakan | _gdch_cluster |
Misalnya,
|
| Hasil | responseStatus |
Misalnya, "responseStatus": { "code": 201, "metadata": {} } |
| Kolom lainnya | Tidak berlaku | Tidak berlaku |
Contoh log
{
"_gdch_cluster": "org-1-infra",
"_gdch_fluentbit_pod": "anthos-audit-logs-forwarder-tzdxt",
"_gdch_org_id": "org-1.zone1.google.gdch.test",
"_gdch_org_name": "org-1",
"annotations": {
"authorization.k8s.io/decision": "allow",
"authorization.k8s.io/reason": "RBAC: allowed by RoleBinding \"fop-myusername-vm-admin/myusername-test\" of Role \"project-vm-admin\" to User \"fop-myusername\"",
"mutation.webhook.admission.k8s.io/round_0_index_12": "{\"configuration\":\"gatekeeper-mutating-webhook-configuration\",\"webhook\":\"mutation.gatekeeper.sh\",\"mutated\":false}"
},
"apiVersion": "audit.k8s.io/v1",
"auditID": "6b48ee52-baa4-47d1-9357-98d1bf7bee7e",
"kind": "Event",
"level": "Metadata",
"objectRef": {
"apiGroup": "virtualmachine.gdc.goog",
"apiVersion": "v1",
"name": "vm1",
"namespace": "myusername-test",
"resource": "virtualmachines"
},
"requestReceivedTimestamp": "2023-09-19T21:16:11.086606Z",
"requestURI": "/apis/virtualmachine.gdc.goog/v1/namespaces/myusername-test/virtualmachines?fieldManager=kubectl-client-side-apply",
"responseStatus": {
"code": 201,
"metadata": {}
},
"sourceIPs": [
"10.200.0.1",
"10.200.0.6"
],
"stage": "ResponseComplete",
"stageTimestamp": "2023-09-19T21:16:11.097294Z",
"user": {
"groups": [
"system:authenticated"
],
"username": "fop-myusername"
},
"userAgent": "kubectl/v1.23.5 (linux/amd64) kubernetes/c285e78",
"verb": "create"
}
Mencantumkan VM
| Kolom dalam entri log yang berisi informasi audit | ||
|---|---|---|
| Metadata audit | Nama kolom audit | Nilai |
| Identitas pengguna atau layanan | user |
Misalnya, "user": { "groups": [ "system:authenticated" ], "username": "fop-myusername" } |
|
Target (Kolom dan nilai yang memanggil API) |
objectRef |
Misalnya, "objectRef": { "apiGroup": "virtualmachine.gdc.goog", "apiVersion": "v1", "namespace": "myusername-test", "resource": "virtualmachines" } |
|
Tindakan (Kolom yang berisi operasi yang dilakukan) |
verb |
"verb": "list" |
| Stempel waktu peristiwa | requestReceivedTimestamp |
Misalnya,
|
| Sumber tindakan | _gdch_cluster |
Misalnya,
|
| Hasil | responseStatus |
Misalnya, "responseStatus": { "code": 200, "metadata": {} } |
| Kolom lainnya | Tidak berlaku | Tidak berlaku |
Contoh log
{
"_gdch_cluster": "org-1-infra",
"_gdch_fluentbit_pod": "anthos-audit-logs-forwarder-tzdxt",
"_gdch_org_id": "org-1.zone1.google.gdch.test",
"_gdch_org_name": "org-1",
"annotations": {
"authorization.k8s.io/decision": "allow",
"authorization.k8s.io/reason": "RBAC: allowed by RoleBinding \"fop-myusername-vm-admin/myusername-test\" of Role \"project-vm-admin\" to User \"fop-myusername\""
},
"apiVersion": "audit.k8s.io/v1",
"auditID": "e848a3a1-da7e-4b74-8c12-f2af066dda55",
"kind": "Event",
"level": "Metadata",
"objectRef": {
"apiGroup": "virtualmachine.gdc.goog",
"apiVersion": "v1",
"namespace": "myusername-test",
"resource": "virtualmachines"
},
"requestReceivedTimestamp": "2023-09-19T21:37:40.632532Z",
"requestURI": "/apis/virtualmachine.gdc.goog/v1/namespaces/myusername-test/virtualmachines?limit=500",
"responseStatus": {
"code": 200,
"metadata": {}
},
"sourceIPs": [
"10.200.0.1",
"10.200.0.6"
],
"stage": "ResponseComplete",
"stageTimestamp": "2023-09-19T21:37:40.639807Z",
"user": {
"groups": [
"system:authenticated"
],
"username": "fop-myusername"
},
"userAgent": "kubectl/v1.23.5 (linux/amd64) kubernetes/c285e78",
"verb": "list"
}
Mengupdate VM
Hal ini mencakup operasi mulai/berhenti. Operasi mulai ulang juga muncul sebagai dua operasi update (berhenti dan mulai) oleh akun layanan.
| Kolom dalam entri log yang berisi informasi audit | ||
|---|---|---|
| Metadata audit | Nama kolom audit | Nilai |
| Identitas pengguna atau layanan | user |
Misalnya, "user":{ "username": "fop-myname-test", "groups":[ "system: authenticated" ] } |
|
Target (Kolom dan nilai yang memanggil API) |
objectRef |
Misalnya, "objectRef": { "apiGroup": "virtualmachine.gdc.goog", "apiVersion": "v1", "name": "vm1", "namespace": "myusername-test", "resource": "virtualmachines" } |
|
Tindakan (Kolom yang berisi operasi yang dilakukan) |
verb |
"verb": "patch" |
| Stempel waktu peristiwa | requestReceivedTimestamp |
Misalnya,
|
| Sumber tindakan | _gdch_cluster |
Misalnya,
|
| Hasil | responseStatus |
Misalnya, "responseStatus": { "code": 415, "message": "the body of the request was in an unknown format - accepted media types include: application/json-patch+json, application/merge-patch+json, application/apply-patch+yaml", "metadata": {}, "reason": "UnsupportedMediaType", "status": "Failure" } |
| Kolom lainnya | Tidak berlaku | Tidak berlaku |
Contoh log
{
"_gdch_cluster": "org-1-infra",
"_gdch_fluentbit_pod": "anthos-audit-logs-forwarder-rxgp7",
"_gdch_org_id": "org-1.zone1.google.gdch.test",
"_gdch_org_name": "org-1",
"annotations": {
"authorization.k8s.io/decision": "allow",
"authorization.k8s.io/reason": "RBAC: allowed by ClusterRoleBinding \"vmm-controller\" of ClusterRole \"vmm-controller\" to ServiceAccount \"vmm-controller/vm-system\""
},
"apiVersion": "audit.k8s.io/v1",
"auditID": "f094a667-adc8-46cf-9ce7-e0f534b792a9",
"kind": "Event",
"level": "Metadata",
"objectRef": {
"apiGroup": "virtualmachine.gdc.goog",
"apiVersion": "v1",
"name": "vm1",
"namespace": "myusername-test",
"resource": "virtualmachines"
},
"requestReceivedTimestamp": "2023-09-19T21:42:20.229318Z",
"requestURI": "/apis/virtualmachine.gdc.goog/v1/namespaces/myusername-test/virtualmachines/vm1",
"responseStatus": {
"code": 415,
"message": "the body of the request was in an unknown format - accepted media types include: application/json-patch+json, application/merge-patch+json, application/apply-patch+yaml",
"metadata": {},
"reason": "UnsupportedMediaType",
"status": "Failure"
},
"sourceIPs": [
"10.201.64.17"
],
"stage": "ResponseComplete",
"stageTimestamp": "2023-09-19T21:42:20.230057Z",
"user": {
"extra": {
"authentication.kubernetes.io/pod-name": [
"vmm-controller-588b67d499-p7qzv"
],
"authentication.kubernetes.io/pod-uid": [
"b5bec7d9-d813-4c9d-a2c6-7c8b2ab7ae9c"
]
},
"groups": [
"system:serviceaccounts",
"system:serviceaccounts:vm-system",
"system:authenticated"
],
"uid": "24a689d1-aabb-4738-9576-eb3a56e5c3d4",
"username": "system:serviceaccount:vm-system:vmm-controller"
},
"userAgent": "vmm-controller/v0.0.0 (linux/amd64) kubernetes/$Format",
"verb": "patch"
}
Menghapus VM
| Kolom dalam entri log yang berisi informasi audit | ||
|---|---|---|
| Metadata audit | Nama kolom audit | Nilai |
| Identitas pengguna atau layanan | user |
Misalnya, "user": { "groups": [ "system:masters", "system:authenticated" ], "username": "kubernetes-admin" } |
|
Target (Kolom dan nilai yang memanggil API) |
objectRef |
Misalnya, "objectRef": { "apiGroup": "virtualmachine.gdc.goog", "apiVersion": "v1", "name": "vm1", "namespace": "myusername-test", "resource": "virtualmachines" } |
|
Tindakan (Kolom yang berisi operasi yang dilakukan) |
verb |
"verb": "delete" |
| Stempel waktu peristiwa | requestReceivedTimestamp |
Misalnya,
|
| Sumber tindakan | _gdch_cluster |
Misalnya,
|
| Hasil | responseStatus |
Misalnya, "responseStatus": { "code": 200, "metadata": {} } |
| Kolom lainnya | Tidak berlaku | Tidak berlaku |
Contoh log
{
"_gdch_cluster": "org-1-infra",
"_gdch_fluentbit_pod": "anthos-audit-logs-forwarder-tzdxt",
"_gdch_org_id": "org-1.zone1.google.gdch.test",
"_gdch_org_name": "org-1",
"annotations": {
"authorization.k8s.io/decision": "allow",
"authorization.k8s.io/reason": ""
},
"apiVersion": "audit.k8s.io/v1",
"auditID": "b487c3cf-3eda-4cc9-bb5f-1d9665038ee0",
"kind": "Event",
"level": "Metadata",
"objectRef": {
"apiGroup": "virtualmachine.gdc.goog",
"apiVersion": "v1",
"name": "vm1",
"namespace": "myusername-test",
"resource": "virtualmachines"
},
"requestReceivedTimestamp": "2023-09-19T20:58:25.165020Z",
"requestURI": "/apis/virtualmachine.gdc.goog/v1/namespaces/myusername-test/virtualmachines/vm1",
"responseStatus": {
"code": 200,
"metadata": {}
},
"sourceIPs": [
"10.200.0.6"
],
"stage": "ResponseComplete",
"stageTimestamp": "2023-09-19T20:58:25.181044Z",
"user": {
"groups": [
"system:masters",
"system:authenticated"
],
"username": "kubernetes-admin"
},
"userAgent": "kubectl/v1.23.5 (linux/amd64) kubernetes/c285e78",
"verb": "delete"
}
Membuat disk VM
| Kolom dalam entri log yang berisi informasi audit | ||
|---|---|---|
| Metadata audit | Nama kolom audit | Nilai |
| Identitas pengguna atau layanan | user |
Misalnya, "user": { "groups": [ "system:authenticated" ], "username": "fop-myusername" } |
|
Target (Kolom dan nilai yang memanggil API) |
objectRef |
Misalnya, "objectRef": { "apiGroup": "virtualmachine.gdc.goog", "apiVersion": "v1", "name": "vm1-boot-disk", "namespace": "myusername-test", "resource": "virtualmachinedisks" } |
|
Tindakan (Kolom yang berisi operasi yang dilakukan) |
verb |
"verb": "create" |
| Stempel waktu peristiwa | requestReceivedTimestamp |
Misalnya,
|
| Sumber tindakan | _gdch_cluster |
Misalnya,
|
| Hasil | responseStatus |
Misalnya, "responseStatus": { "code": 201, "metadata": {} } |
| Kolom lainnya | Tidak berlaku | Tidak berlaku |
Contoh log
{
"_gdch_cluster": "org-1-infra",
"_gdch_fluentbit_pod": "anthos-audit-logs-forwarder-tzdxt",
"_gdch_org_id": "org-1.zone1.google.gdch.test",
"_gdch_org_name": "org-1",
"annotations": {
"authorization.k8s.io/decision": "allow",
"authorization.k8s.io/reason": "RBAC: allowed by RoleBinding \"fop-myusername-vm-admin/myusername-test\" of Role \"project-vm-admin\" to User \"fop-myusername\"",
"mutation.webhook.admission.k8s.io/round_0_index_12": "{\"configuration\":\"gatekeeper-mutating-webhook-configuration\",\"webhook\":\"mutation.gatekeeper.sh\",\"mutated\":false}"
},
"apiVersion": "audit.k8s.io/v1",
"auditID": "b304923c-1df4-4184-bafd-40161210e85e",
"kind": "Event",
"level": "Metadata",
"objectRef": {
"apiGroup": "virtualmachine.gdc.goog",
"apiVersion": "v1",
"name": "vm1-boot-disk",
"namespace": "myusername-test",
"resource": "virtualmachinedisks"
},
"requestReceivedTimestamp": "2023-09-19T21:16:11.056904Z",
"requestURI": "/apis/virtualmachine.gdc.goog/v1/namespaces/myusername-test/virtualmachinedisks?fieldManager=kubectl-client-side-apply",
"responseStatus": {
"code": 201,
"metadata": {}
},
"sourceIPs": [
"10.200.0.1",
"10.200.0.6"
],
"stage": "ResponseComplete",
"stageTimestamp": "2023-09-19T21:16:11.071123Z",
"user": {
"groups": [
"system:authenticated"
],
"username": "fop-myusername"
},
"userAgent": "kubectl/v1.23.5 (linux/amd64) kubernetes/c285e78",
"verb": "create"
}
Mencantumkan disk VM
| Kolom dalam entri log yang berisi informasi audit | ||
|---|---|---|
| Metadata audit | Nama kolom audit | Nilai |
| Identitas pengguna atau layanan | user |
Misalnya, "user": { "groups": [ "system:authenticated" ], "username": "fop-myusername" } |
|
Target (Kolom dan nilai yang memanggil API) |
objectRef |
Misalnya, "objectRef": { "apiGroup": "virtualmachine.gdc.goog", "apiVersion": "v1", "namespace": "myusername-test", "resource": "virtualmachinedisks" } |
|
Tindakan (Kolom yang berisi operasi yang dilakukan) |
verb |
"verb": "list" |
| Stempel waktu peristiwa | requestReceivedTimestamp |
Misalnya,
|
| Sumber tindakan | _gdch_cluster |
Misalnya,
|
| Hasil | responseStatus |
Misalnya, "responseStatus": { "code": 200, "metadata": {} } |
| Kolom lainnya | Tidak berlaku | Tidak berlaku |
Contoh log
{
"_gdch_cluster": "org-1-infra",
"_gdch_fluentbit_pod": "anthos-audit-logs-forwarder-l7p8r",
"_gdch_org_id": "org-1.zone1.google.gdch.test",
"_gdch_org_name": "org-1",
"annotations": {
"authorization.k8s.io/decision": "allow",
"authorization.k8s.io/reason": "RBAC: allowed by RoleBinding \"fop-myusername-vm-admin/myusername-test\" of Role \"project-vm-admin\" to User \"fop-myusername\""
},
"apiVersion": "audit.k8s.io/v1",
"auditID": "3d71f7fd-11d0-4ed7-9d8c-a9bf9f61b46d",
"kind": "Event",
"level": "Metadata",
"objectRef": {
"apiGroup": "virtualmachine.gdc.goog",
"apiVersion": "v1",
"namespace": "myusername-test",
"resource": "virtualmachinedisks"
},
"requestReceivedTimestamp": "2023-09-19T21:18:43.108931Z",
"requestURI": "/apis/virtualmachine.gdc.goog/v1/namespaces/myusername-test/virtualmachinedisks?limit=500",
"responseStatus": {
"code": 200,
"metadata": {}
},
"sourceIPs": [
"10.200.0.1",
"10.200.0.7"
],
"stage": "ResponseComplete",
"stageTimestamp": "2023-09-19T21:18:43.137015Z",
"user": {
"groups": [
"system:authenticated"
],
"username": "fop-myusername"
},
"userAgent": "kubectl/v1.23.5 (linux/amd64) kubernetes/c285e78",
"verb": "list"
}
Menghapus disk VM
| Kolom dalam entri log yang berisi informasi audit | ||
|---|---|---|
| Metadata audit | Nama kolom audit | Nilai |
| Identitas pengguna atau layanan | user |
Misalnya, "user":{ "username": "fop-myname-test", "groups":[ "system: authenticated" ] } |
|
Target (Kolom dan nilai yang memanggil API) |
objectRef |
Misalnya, "objectRef":{ "namespace":"foo", "resource":"virtualmachinedisks", "apiGroup":"virtualmachine.gdc.goog", "name":"vm1-boot-disk", "apiVersion":"v1" } |
|
Tindakan (Kolom yang berisi operasi yang dilakukan) |
verb |
"verb":"delete" |
| Stempel waktu peristiwa | requestReceivedTimestamp |
Misalnya,
|
| Sumber tindakan | _gdch_cluster |
Misalnya,
|
| Hasil | responseStatus |
Misalnya, "responseStatus":{ "metadata":{}, "code":200 } |
| Kolom lainnya | Tidak berlaku | Tidak berlaku |
Contoh log
{
"_gdch_cluster":"org-1-infra",
"_gdch_fluentbit_pod":"anthos-audit-logs-forwarder-8z2rm",
"_gdch_service_name":"apiserver",
"apiVersion":"audit.k8s.io/v1",
"auditID":"ba0344d7-283f-4d79-aabc-e083al9b053a",
"kind":"Event",
"level":"Metadata",
"objectRef":{
"namespace":"foo",
"resource":"virtualmachinedisks",
"apiGroup":"virtualmachine.gdc.goog",
"apiVersion":"v1",
"name":"vm1-boot-disk"
},
"requestReceivedTimestamp":"2022-11-11T22:02:02.034688Z",
"requestURI":"/apis/virtualmachine.gdc.goog/v1/namespaces/foo/virtualmachinedisks/vm1-boot-disk",
"responseStatus":{
"metadata":{},
"code":200
},
"sourceIPs":["10.142.5.147"],
"stage":"ResponseComplete",
"stageTimestamp":"2022-11-11T22:02:02.045045Z",
"tsNs":1668204122074601081,
"user":{
"username": "fop-myname-test",
"groups":[
"system: authenticated"
]
},
"userAgent":"kubectl/v1.23.5 (linux/amd64) kubernetes/c285e78",
"verb":"delete"
}
Mencantumkan jenis VM
| Kolom dalam entri log yang berisi informasi audit | ||
|---|---|---|
| Metadata audit | Nama kolom audit | Nilai |
| Identitas pengguna atau layanan | user |
Misalnya, "user":{ "username": "fop-myname-test", "groups":[ "system: authenticated" ] } |
|
Target (Kolom dan nilai yang memanggil API) |
objectRef |
Misalnya, "objectRef":{ "resource":"virtualmachinetypes", "apiGroup":"virtualmachine.gdc.goog", "apiVersion":"v1" } |
|
Tindakan (Kolom yang berisi operasi yang dilakukan) |
verb |
"verb":"list" |
| Stempel waktu peristiwa | requestReceivedTimestamp |
Misalnya,
|
| Sumber tindakan | _gdch_cluster |
Misalnya,
|
| Hasil | responseStatus |
Misalnya, "responseStatus":{ "metadata":{}, "code":200 } |
| Kolom lainnya | Tidak berlaku | Tidak berlaku |
Contoh log
{
"_gdch_cluster":"org-1-infra",
"_gdch_fluentbit_pod":"anthos-audit-logs-forwarder-8z2rm",
"_gdch_service_name":"apiserver",
"annotations":{
"authorization.k8s.io/decision":"allow",
"authorization.k8s.io/reason":"RBAC: allowed by RoleBinding 'g-vm-admin-binding/foo' of Role 'g-vm-admin' to User 'fop-myname-test'"
},
"apiVersion":"audit.k8s.io/v1",
"auditID":"ba0344d7-283f-4d79-aabc-e083al9b053a",
"kind":"Event",
"level":"Metadata",
"objectRef":{
"resource":"virtualmachinetypes",
"apiGroup":"virtualmachine.gdc.goog",
"apiVersion":"v1"
},
"requestReceivedTimestamp":"2022-11-11T22:02:02.034688Z",
"requestURI":"/apis/virtualmachine.gdc.goog/v1/virtualmachinetypes?limit=500",
"responseStatus":{
"metadata":{},
"code":200
},
"sourceIPs":["10.142.5.147"],
"stage":"ResponseComplete",
"stageTimestamp":"2022-11-11T22:02:02.045045Z",
"tsNs":1668204122074601081,
"user":{
"username": "fop-myname-test",
"groups":[
"system: authenticated"
]
},
"userAgent":"kubectl/v1.23.5 (linux/amd64) kubernetes/c285e78",
"verb":"list"
}
Membuat jenis VM
| Kolom dalam entri log yang berisi informasi audit | ||
|---|---|---|
| Metadata audit | Nama kolom audit | Nilai |
| Identitas pengguna atau layanan | user |
Misalnya, "user":{ "username": "fop-myname-test", "groups":[ "system: authenticated" ] } |
|
Target (Kolom dan nilai yang memanggil API) |
objectRef |
Misalnya, "objectRef":{ "resource":"virtualmachinetypes", "apiGroup":"virtualmachine.gdc.goog", "name":"test-type", "apiVersion":"v1" } |
|
Tindakan (Kolom yang berisi operasi yang dilakukan) |
verb |
"verb":"create" |
| Stempel waktu peristiwa | requestReceivedTimestamp |
Misalnya,
|
| Sumber tindakan | _gdch_cluster |
Misalnya,
|
| Hasil | responseStatus |
Misalnya, "responseStatus":{ "metadata":{}, "code":201 } |
| Kolom lainnya | Tidak berlaku | Tidak berlaku |
Contoh log
{
"_gdch_cluster":"org-1-infra",
"_gdch_fluentbit_pod":"anthos-audit-logs-forwarder-8z2rm",
"_gdch_service_name":"apiserver",
"annotations":{
"authorization.k8s.io/decision":"allow",
"authorization.k8s.io/reason":"RBAC: allowed by ClusterRoleBinding 'g-pa-binding' of ClusterRole 'g-cluster' to User 'fop-myname-test'"
},
"apiVersion":"audit.k8s.io/v1",
"auditID":"ba0344d7-283f-4d79-aabc-e083al9b053a",
"kind":"Event",
"level":"Metadata",
"objectRef":{
"resource":"virtualmachinetypes",
"apiGroup":"virtualmachine.gdc.goog",
"name":"test-type",
"apiVersion":"v1"
},
"requestReceivedTimestamp":"2022-11-11T22:02:02.034688Z",
"requestURI":"/apis/virtualmachine.gdc.goog/v1/virtualmachinetypes?fieldManager=kubectl-client-side-apply",
"responseStatus":{
"metadata":{},
"code":201
},
"sourceIPs":["10.142.5.147"],
"stage":"ResponseComplete",
"stageTimestamp":"2022-11-11T22:02:02.045045Z",
"tsNs":1668204122074601081,
"user":{
"username": "fop-myname-test",
"groups":[
"system: authenticated"
]
},
"userAgent":"kubectl/v1.23.5 (linux/amd64) kubernetes/c285e78",
"verb":"create"
}
Menghapus jenis VM
| Kolom dalam entri log yang berisi informasi audit | ||
|---|---|---|
| Metadata audit | Nama kolom audit | Nilai |
| Identitas pengguna atau layanan | user |
Misalnya, "user":{ "username": "fop-myname-test", "groups":[ "system: authenticated" ] } |
|
Target (Kolom dan nilai yang memanggil API) |
objectRef |
Misalnya, "objectRef":{ "resource":"virtualmachinetypes", "apiGroup":"virtualmachine.gdc.goog", "name":"test-type", "apiVersion":"v1" } |
|
Tindakan (Kolom yang berisi operasi yang dilakukan) |
verb |
"verb":"delete" |
| Stempel waktu peristiwa | requestReceivedTimestamp |
Misalnya,
|
| Sumber tindakan | _gdch_cluster |
Misalnya,
|
| Hasil | responseStatus |
Misalnya, "responseStatus":{ "metadata":{}, "code":200, "status":"Success" } |
| Kolom lainnya | Tidak berlaku | Tidak berlaku |
Contoh log
{
"_gdch_cluster":"org-1-infra",
"_gdch_fluentbit_pod":"anthos-audit-logs-forwarder-8z2rm",
"_gdch_service_name":"apiserver",
"annotations":{
"authorization.k8s.io/decision":"allow",
"authorization.k8s.io/reason":"RBAC: allowed by ClusterRoleBinding 'g-pa-binding' of ClusterRole 'g-cluster' to User 'fop-myname-test'"
},
"apiVersion":"audit.k8s.io/v1",
"auditID":"ba0344d7-283f-4d79-aabc-e083al9b053a",
"kind":"Event",
"level":"Metadata",
"objectRef":{
"resource":"virtualmachinetypes",
"apiGroup":"virtualmachine.gdc.goog",
"name":"test-type",
"apiVersion":"v1"
},
"requestReceivedTimestamp":"2022-11-11T22:02:02.034688Z",
"requestURI":"/apis/virtualmachine.gdc.goog/v1/virtualmachinetypes/test-type",
"responseStatus":{
"metadata":{},
"code":200,
"status":"Success"
},
"sourceIPs":["10.142.5.147"],
"stage":"ResponseComplete",
"stageTimestamp":"2022-11-11T22:02:02.045045Z",
"tsNs":1668204122074601081,
"user":{
"username": "fop-myname-test",
"groups":[
"system: authenticated"
]
},
"userAgent":"kubectl/v1.23.5 (linux/amd64) kubernetes/c285e78",
"verb":"delete"
}
Mengupdate jenis VM
| Kolom dalam entri log yang berisi informasi audit | ||
|---|---|---|
| Metadata audit | Nama kolom audit | Nilai |
| Identitas pengguna atau layanan | user |
Misalnya, "user":{ "username": "fop-myname-test", "groups":[ "system: authenticated" ] } |
|
Target (Kolom dan nilai yang memanggil API) |
objectRef |
Misalnya, "objectRef":{ "resource":"virtualmachinetypes", "apiGroup":"virtualmachine.gdc.goog", "name":"test-type", "apiVersion":"v1" } |
|
Tindakan (Kolom yang berisi operasi yang dilakukan) |
verb |
"verb":"patch" |
| Stempel waktu peristiwa | requestReceivedTimestamp |
Misalnya,
|
| Sumber tindakan | _gdch_cluster |
Misalnya,
|
| Hasil | responseStatus |
Misalnya, "responseStatus":{ "metadata":{}, "code":200 } |
| Kolom lainnya | Tidak berlaku | Tidak berlaku |
Contoh log
{
"_gdch_cluster":"org-1-infra",
"_gdch_fluentbit_pod":"anthos-audit-logs-forwarder-8z2rm",
"_gdch_service_name":"apiserver",
"annotations":{
"authorization.k8s.io/decision":"allow",
"authorization.k8s.io/reason":"RBAC: allowed by ClusterRoleBinding 'g-pa-binding' of ClusterRole 'g-cluster' to User 'fop-myname-test'"
},
"apiVersion":"audit.k8s.io/v1",
"auditID":"ba0344d7-283f-4d79-aabc-e083al9b053a",
"kind":"Event",
"level":"Metadata",
"objectRef":{
"resource":"virtualmachinetypes",
"apiGroup":"virtualmachine.gdc.goog",
"name":"test-type",
"apiVersion":"v1"
},
"requestReceivedTimestamp":"2022-11-11T22:02:02.034688Z",
"requestURI":"/apis/virtualmachine.gdc.goog/v1/virtualmachinetypes/test-type?fieldManager=kubectl-client-side-apply",
"responseStatus":{
"metadata":{},
"code":200
},
"sourceIPs":["10.142.5.147"],
"stage":"ResponseComplete",
"stageTimestamp":"2022-11-11T22:02:02.045045Z",
"tsNs":1668204122074601081,
"user":{
"username": "fop-myname-test",
"groups":[
"system: authenticated"
]
},
"userAgent":"kubectl/v1.23.5 (linux/amd64) kubernetes/c285e78",
"verb":"patch"
}
Membuat permintaan akses VM
| Kolom dalam entri log yang berisi informasi audit | ||
|---|---|---|
| Metadata audit | Nama kolom audit | Nilai |
| Identitas pengguna atau layanan | user |
Misalnya, "user":{ "username": "fop-myname-test", "groups":[ "system: authenticated" ] } |
|
Target (Kolom dan nilai yang memanggil API) |
objectRef |
Misalnya, "objectRef":{ "namespace":"foo", "resource":"virtualmachineaccessrequests", "apiGroup":"virtualmachine.gdc.goog", "apiVersion":"v1" } |
|
Tindakan (Kolom yang berisi operasi yang dilakukan) |
verb |
"verb":"create" |
| Stempel waktu peristiwa | requestReceivedTimestamp |
Misalnya,
|
| Sumber tindakan | _gdch_cluster |
Misalnya,
|
| Hasil | responseStatus |
Misalnya, "responseStatus":{ "metadata":{}, "code":201 } |
| Kolom lainnya | Tidak berlaku | Tidak berlaku |
Contoh log
{
"_gdch_cluster":"org-1-infra",
"_gdch_fluentbit_pod":"anthos-audit-logs-forwarder-8z2rm",
"_gdch_service_name":"apiserver",
"annotations":{
"authorization.k8s.io/decision":"allow",
"authorization.k8s.io/reason":"RBAC: allowed by RoleBinding 'g-vm-admin-binding/foo' of Role 'g-vm-admin' to User 'fop-myname-test'"
},
"apiVersion":"audit.k8s.io/v1",
"auditID":"ba0344d7-283f-4d79-aabc-e083al9b053a",
"kind":"Event",
"level":"Metadata",
"objectRef":{
"namespace":"foo",
"resource":"virtualmachineaccessrequests",
"apiGroup":"virtualmachine.gdc.goog",
"apiVersion":"v1"
},
"requestReceivedTimestamp":"2022-11-11T22:02:02.034688Z",
"requestURI":"/apis/virtualmachine.gdc.goog/v1/namespaces/foo/virtualmachineaccessrequests?fieldManager=kubectl-create",
"responseStatus":{
"metadata":{},
"code":201
},
"sourceIPs":["10.142.5.147"],
"stage":"ResponseComplete",
"stageTimestamp":"2022-11-11T22:02:02.045045Z",
"tsNs":1668204122074601081,
"user":{
"username": "fop-myname-test",
"groups":[
"system: authenticated"
]
},
"userAgent":"kubectl/v1.23.5 (linux/amd64) kubernetes/c285e78",
"verb":"create"
}
Mencantumkan permintaan akses VM
| Kolom dalam entri log yang berisi informasi audit | ||
|---|---|---|
| Metadata audit | Nama kolom audit | Nilai |
| Identitas pengguna atau layanan | user |
Misalnya, "user":{ "username": "fop-myname-test", "groups":[ "system: authenticated" ] } |
|
Target (Kolom dan nilai yang memanggil API) |
objectRef |
Misalnya, "objectRef":{ "namespace":"foo", "resource":"virtualmachineaccessrequests", "apiGroup":"virtualmachine.gdc.goog", "apiVersion":"v1" } |
|
Tindakan (Kolom yang berisi operasi yang dilakukan) |
verb |
"verb":"list" |
| Stempel waktu peristiwa | requestReceivedTimestamp |
Misalnya,
|
| Sumber tindakan | _gdch_cluster |
Misalnya,
|
| Hasil | responseStatus |
Misalnya, "responseStatus":{ "metadata":{}, "code":200 } |
| Kolom lainnya | Tidak berlaku | Tidak berlaku |
Contoh log
{
"_gdch_cluster":"org-1-infra",
"_gdch_fluentbit_pod":"anthos-audit-logs-forwarder-8z2rm",
"_gdch_service_name":"apiserver",
"annotations":{
"authorization.k8s.io/decision":"allow",
"authorization.k8s.io/reason":"RBAC: allowed by RoleBinding 'g-vm-admin-binding/foo' of Role 'g-vm-admin' to User 'fop-myname-test'"
},
"apiVersion":"audit.k8s.io/v1",
"auditID":"ba0344d7-283f-4d79-aabc-e083al9b053a",
"kind":"Event",
"level":"Metadata",
"objectRef":{
"namespace":"foo",
"resource":"virtualmachineaccessrequests",
"apiGroup":"virtualmachine.gdc.goog",
"apiVersion":"v1"
},
"requestReceivedTimestamp":"2022-11-11T22:02:02.034688Z",
"requestURI":"/apis/virtualmachine.gdc.goog/v1/namespaces/foo/virtualmachineaccessrequests?limit=500",
"responseStatus":{
"metadata":{},
"code":200
},
"sourceIPs":["10.142.5.147"],
"stage":"ResponseComplete",
"stageTimestamp":"2022-11-11T22:02:02.045045Z",
"tsNs":1668204122074601081,
"user":{
"username": "fop-myname-test",
"groups":[
"system: authenticated"
]
},
"userAgent":"kubectl/v1.23.5 (linux/amd64) kubernetes/c285e78",
"verb":"list"
}
Menghapus permintaan akses VM
| Kolom dalam entri log yang berisi informasi audit | ||
|---|---|---|
| Metadata audit | Nama kolom audit | Nilai |
| Identitas pengguna atau layanan | user |
Misalnya, "user":{ "username": "fop-myname-test", "groups":[ "system: authenticated" ] } |
|
Target (Kolom dan nilai yang memanggil API) |
objectRef |
Misalnya, "objectRef":{ "namespace":"foo", "resource":"virtualmachineaccessrequests", "apiGroup":"virtualmachine.gdc.goog", "name":"vm1-jdc9c", "apiVersion":"v1" } |
|
Tindakan (Kolom yang berisi operasi yang dilakukan) |
verb |
"verb":"delete" |
| Stempel waktu peristiwa | requestReceivedTimestamp |
Misalnya,
|
| Sumber tindakan | _gdch_cluster |
Misalnya,
|
| Hasil | responseStatus |
Misalnya, "responseStatus":{ "metadata":{}, "code":200 } |
| Kolom lainnya | Tidak berlaku | Tidak berlaku |
Contoh log
{
"_gdch_cluster":"org-1-infra",
"_gdch_fluentbit_pod":"anthos-audit-logs-forwarder-8z2rm",
"_gdch_service_name":"apiserver",
"annotations":{
"authorization.k8s.io/decision":"allow",
"authorization.k8s.io/reason":"RBAC: allowed by RoleBinding 'g-vm-admin-binding/foo' of Role 'g-vm-admin' to User 'fop-myname-test'"
},
"apiVersion":"audit.k8s.io/v1",
"auditID":"ba0344d7-283f-4d79-aabc-e083al9b053a",
"kind":"Event",
"level":"Metadata",
"objectRef":{
"namespace":"foo",
"resource":"virtualmachineaccessrequests",
"apiGroup":"virtualmachine.gdc.goog",
"name":"vm1-jdc9c",
"apiVersion":"v1"
},
"requestReceivedTimestamp":"2022-11-11T22:02:02.034688Z",
"requestURI":"/apis/virtualmachine.gdc.goog/v1/namespaces/foo/virtualmachineaccessrequests/vm1-jdc9c",
"responseStatus":{
"metadata":{},
"code":200
},
"sourceIPs":["10.142.5.147"],
"stage":"ResponseComplete",
"stageTimestamp":"2022-11-11T22:02:02.045045Z",
"tsNs":1668204122074601081,
"user":{
"username": "fop-myname-test",
"groups":[
"system: authenticated"
]
},
"userAgent":"kubectl/v1.23.5 (linux/amd64) kubernetes/c285e78",
"verb":"delete"
}
Mencantumkan image VM
| Kolom dalam entri log yang berisi informasi audit | ||
|---|---|---|
| Metadata audit | Nama kolom audit | Nilai |
| Identitas pengguna atau layanan | user |
Misalnya, "user":{ "username": "system:serviceaccount:gatekeeper-system:gatekeeper-admin", "uid":"225d02e7-ee06-42c9-a561-df1945d83224", "groups":[ "system:serviceaccounts", "system:serviceaccounts:gatekeeper-system", "system: authenticated" ] } |
|
Target (Kolom dan nilai yang memanggil API) |
objectRef |
Misalnya, "objectRef":{ "resource":"virtualmachineimage", "apiGroup":"virtualmachineview.gdc.goog", "apiVersion":"v1alpha1" } |
|
Tindakan (Kolom yang berisi operasi yang dilakukan) |
verb |
"verb":"list" |
| Stempel waktu peristiwa | requestReceivedTimestamp |
Misalnya,
|
| Sumber tindakan | _gdch_cluster |
Misalnya,
|
| Hasil | responseStatus |
Misalnya, "responseStatus":{ "metadata":{}, "code":200 } |
| Kolom lainnya | Tidak berlaku | Tidak berlaku |
Contoh log
{
"_gdch_cluster":"org-1-infra",
"_gdch_fluentbit_pod":"anthos-audit-logs-forwarder-8z2rm",
"_gdch_service_name":"apiserver",
"annotations":{
"authorization.k8s.io/decision":"allow",
"authorization.k8s.io/reason":"RBAC: allowed by ClusterRoleBinding 'gatekeeper-manager-rolebinding' of ClusterRole 'gatekeeper-manager-role' to ServiceAccount 'gatekeeper-admin/gatekeeper-system'"
},
"apiVersion":"audit.k8s.io/v1",
"auditID":"ba0344d7-283f-4d79-aabc-e083al9b053a",
"kind":"Event",
"level":"Metadata",
"objectRef":{
"resource":"virtualmachineimage",
"apiGroup":"virtualmachineview.gdc.goog",
"apiVersion":"v1alpha1"
},
"requestReceivedTimestamp":"2022-11-11T22:02:02.034688Z",
"requestURI":"/apis/virtualmachineview.gdc.goog/v1alpha1/virtualmachineimage?limit=500",
"responseStatus":{
"metadata":{},
"code":200
},
"sourceIPs":["10.142.5.147"],
"stage":"ResponseComplete",
"stageTimestamp":"2022-11-11T22:02:02.045045Z",
"tsNs":1668204122074601081,
"user":{
"username": "system:serviceaccount:gatekeeper-system:gatekeeper-admin",
"uid":"225d02e7-ee06-42c9-a561-df1945d83224",
"groups":[
"system:serviceaccounts",
"system:serviceaccounts:gatekeeper-system",
"system: authenticated"
]
},
"userAgent":"gatekeeper/v3.7.0 (linux/amd64) 3ba8e93/2021-11-15T20:59:44Z",
"verb":"list"
}
Membuat impor image VM
| Kolom dalam entri log yang berisi informasi audit | ||
|---|---|---|
| Metadata audit | Nama kolom audit | Nilai |
| Identitas pengguna atau layanan | user |
Misalnya, "user":{ "username": "kubernetes-admin", "groups":[ "system:masters", "system: authenticated" ] } |
|
Target (Kolom dan nilai yang memanggil API) |
objectRef |
Misalnya, "objectRef":{ "namespace":"foo", "resource":"virtualmachineimageimports", "apiGroup":"virtualmachine.gdc.goog", "apiVersion":"v1alpha1", "name":"import-1" } |
|
Tindakan (Kolom yang berisi operasi yang dilakukan) |
verb |
"verb":"create" |
| Stempel waktu peristiwa | requestReceivedTimestamp |
Misalnya,
|
| Sumber tindakan | _gdch_cluster |
Misalnya,
|
| Hasil | responseStatus |
Misalnya, "responseStatus":{ "metadata":{}, "code":201 } |
| Kolom lainnya | Tidak berlaku | Tidak berlaku |
Contoh log
{
"_gdch_cluster":"org-1-infra",
"_gdch_fluentbit_pod":"anthos-audit-logs-forwarder-8z2rm",
"_gdch_service_name":"apiserver",
"annotations":{
"apiserver.latency.k8s.io/response-write":"1.476μs",
"authorization.k8s.io/reason":"",
"apiserver.latency.k8s.io/serialize-response-object":"71.971μs",
"authorization.k8s.io/decision":"allow",
"apiserver.latency.k8s.io/total":"7.405669466s",
"apiserver.latency.k8s.io/validating-webhook":"7.395358418s",
"apiserver.latency.k8s.io/transform-response-object":"2.358μs"
},
"apiVersion":"audit.k8s.io/v1",
"auditID":"ba0344d7-283f-4d79-aabc-e083al9b053a",
"kind":"Event",
"level":"Metadata",
"objectRef":{
"namespace":"foo",
"resource":"virtualmachineimageimports",
"apiGroup":"virtualmachine.gdc.goog",
"apiVersion":"v1alpha1",
"name":"import-1"
},
"requestReceivedTimestamp":"2022-11-11T22:02:02.034688Z",
"requestURI":"/apis/virtualmachine.gdc.goog/v1alpha1/namespaces/foo/virtualmachineimageimports?fieldManager=kubectl-client-side-apply",
"responseStatus":{
"metadata":{},
"code":201
},
"sourceIPs":["10.142.5.147"],
"stage":"ResponseComplete",
"stageTimestamp":"2022-11-11T22:02:02.045045Z",
"tsNs":1668204122074601081,
"user":{
"username": "kubernetes-admin",
"groups":[
"system:masters",
"system: authenticated"
]
},
"userAgent":"kubectl/v1.23.5 (linux/amd64) kubernetes/c285e78",
"verb":"create"
}
Mencantumkan impor image VM
| Kolom dalam entri log yang berisi informasi audit | ||
|---|---|---|
| Metadata audit | Nama kolom audit | Nilai |
| Identitas pengguna atau layanan | user |
Misalnya, "user":{ "username": "system:serviceaccount:gatekeeper-system:gatekeeper-admin", "groups":[ "system:serviceaccounts", "system:serviceaccounts:gatekeeper-system", "system: authenticated" ] } |
|
Target (Kolom dan nilai yang memanggil API) |
objectRef |
Misalnya, "objectRef":{ "resource":"virtualmachineimageimports", "apiGroup":"virtualmachine.gdc.goog", "apiVersion":"v1alpha1" } |
|
Tindakan (Kolom yang berisi operasi yang dilakukan) |
verb |
"verb":"list" |
| Stempel waktu peristiwa | requestReceivedTimestamp |
Misalnya,
|
| Sumber tindakan | _gdch_cluster |
Misalnya,
|
| Hasil | responseStatus |
Misalnya, "responseStatus":{ "metadata":{}, "code":201 } |
| Kolom lainnya | Tidak berlaku | Tidak berlaku |
Contoh log
{
"_gdch_cluster":"org-1-infra",
"_gdch_fluentbit_pod":"anthos-audit-logs-forwarder-8z2rm",
"_gdch_service_name":"apiserver",
"apiVersion":"audit.k8s.io/v1",
"auditID":"ba0344d7-283f-4d79-aabc-e083al9b053a",
"kind":"Event",
"level":"Metadata",
"objectRef":{
"resource":"virtualmachineimageimports",
"apiGroup":"virtualmachine.gdc.goog",
"apiVersion":"v1alpha1"
},
"requestReceivedTimestamp":"2022-11-11T22:02:02.034688Z",
"requestURI":"/apis/virtualmachine.gdc.goog/v1alpha1/virtualmachineimageimports?limit=500",
"responseStatus":{
"metadata":{},
"code":201
},
"sourceIPs":["10.142.5.147"],
"stage":"ResponseComplete",
"stageTimestamp":"2022-11-11T22:02:02.045045Z",
"tsNs":1668204122074601081,
"user":{
"username": "system:serviceaccount:gatekeeper-system:gatekeeper-admin",
"groups":[
"system:serviceaccounts",
"system:serviceaccounts:gatekeeper-system",
"system: authenticated"
]
},
"userAgent":"gatekeeper/v3.7.0 (linux/amd64) 3ba8e93/2021-11-15T20:59:44Z",
"verb":"list"
}
Menghapus impor image VM
| Kolom dalam entri log yang berisi informasi audit | ||
|---|---|---|
| Metadata audit | Nama kolom audit | Nilai |
| Identitas pengguna atau layanan | user |
Misalnya, "user":{ "username": "kubernetes-admin", "groups":[ "system:masters", "system: authenticated" ] } |
|
Target (Kolom dan nilai yang memanggil API) |
objectRef |
Misalnya, "objectRef":{ "namespace":"foo", "resource":"virtualmachineimageimports", "apiGroup":"virtualmachine.gdc.goog", "name":"import-1", "apiVersion":"v1alpha1" } |
|
Tindakan (Kolom yang berisi operasi yang dilakukan) |
verb |
"verb":"delete" |
| Stempel waktu peristiwa | requestReceivedTimestamp |
Misalnya,
|
| Sumber tindakan | _gdch_cluster |
Misalnya,
|
| Hasil | responseStatus |
Misalnya, "responseStatus":{ "metadata":{}, "code":200 } |
| Kolom lainnya | Tidak berlaku | Tidak berlaku |
Contoh log
{
"_gdch_cluster":"org-1-infra",
"_gdch_fluentbit_pod":"anthos-audit-logs-forwarder-8z2rm",
"_gdch_service_name":"apiserver",
"apiVersion":"audit.k8s.io/v1",
"auditID":"ba0344d7-283f-4d79-aabc-e083al9b053a",
"kind":"Event",
"level":"Metadata",
"objectRef":{
"namespace":"foo",
"resource":"virtualmachineimageimports",
"apiGroup":"virtualmachine.gdc.goog",
"name":"import-1",
"apiVersion":"v1alpha1"
},
"requestReceivedTimestamp":"2022-11-11T22:02:02.034688Z",
"requestURI":"/apis/virtualmachine.gdc.goog/v1alpha1/namespaces/foo/virtualmachineimageimports/import-1",
"responseStatus":{
"metadata":{},
"code":200
},
"sourceIPs":["10.142.5.147"],
"stage":"ResponseComplete",
"stageTimestamp":"2022-11-11T22:02:02.045045Z",
"tsNs":1668204122074601081,
"user":{
"username": "kubernetes-admin",
"groups":[
"system:masters",
"system: authenticated"
]
},
"userAgent":"kubectl/v1.23.5 (linux/amd64) kubernetes/c285e78",
"verb":"delete"
}
Mulai VM
| Kolom dalam entri log yang berisi informasi audit | ||
|---|---|---|
| Metadata audit | Nama kolom audit | Nilai |
| Identitas pengguna atau layanan | user |
Misalnya, "user": { "groups": [ "system:authenticated" ], "username": "fop-myusername" } |
|
Target (Kolom dan nilai yang memanggil API) |
requestURI |
Formatnya adalah sebagai berikut:
Dengan namespace dan name mengidentifikasi objek target. Misalnya,
|
| Stempel waktu peristiwa | requestReceivedTimestamp |
Misalnya,
|
| Sumber tindakan | _gdch_cluster |
Misalnya,
|
| Hasil | responseStatus |
Misalnya, "responseStatus": { "code": 202, "metadata": {} } |
| Kolom lainnya | Tidak berlaku | Tidak berlaku |
Contoh log
{
"_gdch_cluster": "org-1-infra",
"_gdch_fluentbit_pod": "anthos-audit-logs-forwarder-rxgp7",
"_gdch_org_id": "org-1.zone1.google.gdch.test",
"_gdch_org_name": "org-1",
"annotations": {
"authorization.k8s.io/decision": "allow",
"authorization.k8s.io/reason": "RBAC: allowed by RoleBinding \"fop-myusername-vm-admin/myusername-test\" of Role \"project-vm-admin\" to User \"fop-myusername\""
},
"apiVersion": "audit.k8s.io/v1",
"auditID": "1446c6b9-f728-4f0d-9a70-aa8361749eef",
"kind": "Event",
"level": "Metadata",
"objectRef": {
"apiGroup": "virtualmachineoperations.gdc.goog",
"apiVersion": "v1",
"name": "vm1",
"namespace": "myusername-test",
"resource": "virtualmachines",
"subresource": "start"
},
"requestReceivedTimestamp": "2023-09-19T22:27:26.787243Z",
"requestURI": "/apis/virtualmachineoperations.gdc.goog/v1/namespaces/myusername-test/virtualmachines/vm1/start",
"responseStatus": {
"code": 202,
"metadata": {}
},
"sourceIPs": [
"10.200.0.1",
"10.200.0.5"
],
"stage": "ResponseComplete",
"stageTimestamp": "2023-09-19T22:27:26.929619Z",
"user": {
"groups": [
"system:authenticated"
],
"username": "fop-myusername"
},
"userAgent": "Go-http-client/2.0",
"verb": "update"
}
Menghentikan VM
| Kolom dalam entri log yang berisi informasi audit | ||
|---|---|---|
| Metadata audit | Nama kolom audit | Nilai |
| Identitas pengguna atau layanan | user |
Misalnya, "user": { "groups": [ "system:authenticated" ], "username": "fop-myusername" } |
|
Target (Kolom dan nilai yang memanggil API) |
requestURI |
Formatnya adalah sebagai berikut:
Dengan namespace dan name mengidentifikasi objek target. Misalnya,
|
| Stempel waktu peristiwa | requestReceivedTimestamp |
Misalnya,
|
| Sumber tindakan | _gdch_cluster |
Misalnya,
|
| Hasil | responseStatus |
Misalnya, "responseStatus": { "code": 202, "metadata": {} } |
| Kolom lainnya | Tidak berlaku | Tidak berlaku |
Contoh log
{
"_gdch_cluster": "org-1-infra",
"_gdch_fluentbit_pod": "anthos-audit-logs-forwarder-rxgp7",
"_gdch_org_id": "org-1.zone1.google.gdch.test",
"_gdch_org_name": "org-1",
"annotations": {
"authorization.k8s.io/decision": "allow",
"authorization.k8s.io/reason": "RBAC: allowed by RoleBinding \"fop-myusername-vm-admin/myusername-test\" of Role \"project-vm-admin\" to User \"fop-myusername\""
},
"apiVersion": "audit.k8s.io/v1",
"auditID": "1446c6b9-f728-4f0d-9a70-aa8361749eef",
"kind": "Event",
"level": "Metadata",
"objectRef": {
"apiGroup": "virtualmachineoperations.gdc.goog",
"apiVersion": "v1",
"name": "vm1",
"namespace": "myusername-test",
"resource": "virtualmachines",
"subresource": "stop"
},
"requestReceivedTimestamp": "2023-09-19T22:27:26.787243Z",
"requestURI": "/apis/virtualmachineoperations.gdc.goog/v1/namespaces/myusername-test/virtualmachines/vm1/stop",
"responseStatus": {
"code": 202,
"metadata": {}
},
"sourceIPs": [
"10.200.0.1",
"10.200.0.5"
],
"stage": "ResponseComplete",
"stageTimestamp": "2023-09-19T22:27:26.929619Z",
"user": {
"groups": [
"system:authenticated"
],
"username": "fop-myusername"
},
"userAgent": "Go-http-client/2.0",
"verb": "update"
}
Memulai ulang VM
| Kolom dalam entri log yang berisi informasi audit | ||
|---|---|---|
| Metadata audit | Nama kolom audit | Nilai |
| Identitas pengguna atau layanan | user |
Misalnya, "user": { "groups": [ "system:authenticated" ], "username": "fop-myusername" } |
|
Target (Kolom dan nilai yang memanggil API) |
requestURI |
Formatnya adalah sebagai berikut:
Dengan namespace dan name mengidentifikasi objek target. Misalnya,
|
| Stempel waktu peristiwa | requestReceivedTimestamp |
Misalnya,
|
| Sumber tindakan | _gdch_cluster |
Misalnya,
|
| Hasil | responseStatus |
Misalnya, "responseStatus": { "code": 202, "metadata": {} } |
| Kolom lainnya | Tidak berlaku | Tidak berlaku |
Contoh log
{
"_gdch_cluster": "org-1-infra",
"_gdch_fluentbit_pod": "anthos-audit-logs-forwarder-rxgp7",
"_gdch_org_id": "org-1.zone1.google.gdch.test",
"_gdch_org_name": "org-1",
"annotations": {
"authorization.k8s.io/decision": "allow",
"authorization.k8s.io/reason": "RBAC: allowed by RoleBinding \"fop-myusername-vm-admin/myusername-test\" of Role \"project-vm-admin\" to User \"fop-myusername\""
},
"apiVersion": "audit.k8s.io/v1",
"auditID": "1446c6b9-f728-4f0d-9a70-aa8361749eef",
"kind": "Event",
"level": "Metadata",
"objectRef": {
"apiGroup": "virtualmachineoperations.gdc.goog",
"apiVersion": "v1",
"name": "vm1",
"namespace": "myusername-test",
"resource": "virtualmachines",
"subresource": "restart"
},
"requestReceivedTimestamp": "2023-09-19T22:27:26.787243Z",
"requestURI": "/apis/virtualmachineoperations.gdc.goog/v1/namespaces/myusername-test/virtualmachines/vm1/restart",
"responseStatus": {
"code": 202,
"metadata": {}
},
"sourceIPs": [
"10.200.0.1",
"10.200.0.5"
],
"stage": "ResponseComplete",
"stageTimestamp": "2023-09-19T22:27:26.929619Z",
"user": {
"groups": [
"system:authenticated"
],
"username": "fop-myusername"
},
"userAgent": "Go-http-client/2.0",
"verb": "update"
}
Menjeda VM
| Kolom dalam entri log yang berisi informasi audit | ||
|---|---|---|
| Metadata audit | Nama kolom audit | Nilai |
| Identitas pengguna atau layanan | user |
Misalnya, "user": { "groups": [ "system:authenticated" ], "username": "fop-myusername" } |
|
Target (Kolom dan nilai yang memanggil API) |
requestURI |
Formatnya adalah sebagai berikut:
Dengan namespace dan name mengidentifikasi objek target. Misalnya,
|
| Stempel waktu peristiwa | requestReceivedTimestamp |
Misalnya,
|
| Sumber tindakan | _gdch_cluster |
Misalnya,
|
| Hasil | responseStatus |
Misalnya, "responseStatus": { "code": 202, "metadata": {} } |
| Kolom lainnya | Tidak berlaku | Tidak berlaku |
Contoh log
{
"_gdch_cluster": "org-1-infra",
"_gdch_fluentbit_pod": "anthos-audit-logs-forwarder-rxgp7",
"_gdch_org_id": "org-1.zone1.google.gdch.test",
"_gdch_org_name": "org-1",
"annotations": {
"authorization.k8s.io/decision": "allow",
"authorization.k8s.io/reason": "RBAC: allowed by RoleBinding \"fop-myusername-vm-admin/myusername-test\" of Role \"project-vm-admin\" to User \"fop-myusername\""
},
"apiVersion": "audit.k8s.io/v1",
"auditID": "1446c6b9-f728-4f0d-9a70-aa8361749eef",
"kind": "Event",
"level": "Metadata",
"objectRef": {
"apiGroup": "virtualmachineoperations.gdc.goog",
"apiVersion": "v1",
"name": "vm1",
"namespace": "myusername-test",
"resource": "virtualmachines",
"subresource": "pause"
},
"requestReceivedTimestamp": "2023-09-19T22:27:26.787243Z",
"requestURI": "/apis/virtualmachineoperations.gdc.goog/v1/namespaces/myusername-test/virtualmachines/vm1/pause",
"responseStatus": {
"code": 202,
"metadata": {}
},
"sourceIPs": [
"10.200.0.1",
"10.200.0.5"
],
"stage": "ResponseComplete",
"stageTimestamp": "2023-09-19T22:27:26.929619Z",
"user": {
"groups": [
"system:authenticated"
],
"username": "fop-myusername"
},
"userAgent": "Go-http-client/2.0",
"verb": "update"
}
Melanjutkan VM
| Kolom dalam entri log yang berisi informasi audit | ||
|---|---|---|
| Metadata audit | Nama kolom audit | Nilai |
| Identitas pengguna atau layanan | user |
Misalnya, "user": { "groups": [ "system:authenticated" ], "username": "fop-myusername" } |
|
Target (Kolom dan nilai yang memanggil API) |
requestURI |
Formatnya adalah sebagai berikut:
Dengan namespace dan name mengidentifikasi objek target. Misalnya,
|
| Stempel waktu peristiwa | requestReceivedTimestamp |
Misalnya,
|
| Sumber tindakan | _gdch_cluster |
Misalnya,
|
| Hasil | responseStatus |
Misalnya, "responseStatus": { "code": 202, "metadata": {} } |
| Kolom lainnya | Tidak berlaku | Tidak berlaku |
Contoh log
{
"_gdch_cluster": "org-1-infra",
"_gdch_fluentbit_pod": "anthos-audit-logs-forwarder-rxgp7",
"_gdch_org_id": "org-1.zone1.google.gdch.test",
"_gdch_org_name": "org-1",
"annotations": {
"authorization.k8s.io/decision": "allow",
"authorization.k8s.io/reason": "RBAC: allowed by RoleBinding \"fop-myusername-vm-admin/myusername-test\" of Role \"project-vm-admin\" to User \"fop-myusername\""
},
"apiVersion": "audit.k8s.io/v1",
"auditID": "1446c6b9-f728-4f0d-9a70-aa8361749eef",
"kind": "Event",
"level": "Metadata",
"objectRef": {
"apiGroup": "virtualmachineoperations.gdc.goog",
"apiVersion": "v1",
"name": "vm1",
"namespace": "myusername-test",
"resource": "virtualmachines",
"subresource": "unpause"
},
"requestReceivedTimestamp": "2023-09-19T22:27:26.787243Z",
"requestURI": "/apis/virtualmachineoperations.gdc.goog/v1/namespaces/myusername-test/virtualmachines/vm1/unpause",
"responseStatus": {
"code": 202,
"metadata": {}
},
"sourceIPs": [
"10.200.0.1",
"10.200.0.5"
],
"stage": "ResponseComplete",
"stageTimestamp": "2023-09-19T22:27:26.929619Z",
"user": {
"groups": [
"system:authenticated"
],
"username": "fop-myusername"
},
"userAgent": "Go-http-client/2.0",
"verb": "update"
}
Meninjau tindakan akses darurat dari IO
Operator Infrastruktur (IO) memiliki izin untuk melakukan semua operasi yang diaudit VMM yang dijelaskan dalam dokumen ini. Semua tindakan mereka dicatat secara otomatis sebagai bagian dari log audit Kubernetes.
| Kolom dalam entri log yang berisi informasi audit | ||
|---|---|---|
| Metadata audit | Nama kolom audit | Nilai |
| Identitas pengguna atau layanan | user |
Misalnya, "user": { "groups": [ "system:masters", "system:authenticated" ], "username": "kubernetes-admin" } |
|
Target (Kolom dan nilai yang memanggil API) |
Resource khusus VM memiliki pola berikut untuk
|
Misalnya, "objectRef": { "resource": "vmruntimes", "apiGroup": "vm.cluster.gke.io", "apiVersion": "v1" } |
|
Tindakan (Kolom yang berisi operasi yang dilakukan) |
verb |
"verb":"list" |
| Stempel waktu peristiwa | requestReceivedTimestamp |
Misalnya,
|
| Sumber tindakan | _gdch_cluster |
Misalnya,
|
| Hasil | responseStatus |
Misalnya, "responseStatus": { "code": 200, "metadata": {} } |
| Kolom lainnya | Tidak berlaku | Tidak berlaku |
Contoh log
{
"_gdch_cluster": "org-1-infra",
"_gdch_fluentbit_pod": "anthos-audit-logs-forwarder-ztsnr",
"responseStatus": {
"code": 200,
"metadata": {}
},
"kind": "Event",
"stageTimestamp": "2022-11-30T00:47:09.475563Z",
"annotations": {
"authorization.k8s.io/decision": "allow",
"authorization.k8s.io/reason": ""
},
"sourceIPs": [
"10.200.1.109"
],
"objectRef": {
"resource": "vmruntimes",
"apiGroup": "virtualmachine.private.gdc.goog",
"apiVersion": "v1"
},
"apiVersion": "audit.k8s.io/v1",
"verb": "list",
"auditID": "fe338dca-f502-4fde-ba25-98bd29341a83",
"level": "Metadata",
"requestURI": "/apis/virtualmachine.private.gdc.goog/v1/vmruntimes",
"user": {
"groups": [
"system:masters",
"system:authenticated"
],
"username": "kubernetes-admin"
},
"stage": "ResponseComplete",
"requestReceivedTimestamp": "2022-11-30T00:47:09.472822Z",
"userAgent": "operator/v0.0.0 (linux/amd64) kubernetes/$Format",
"_gdch_service_name": "apiserver"
}