Membuat VM
| Kolom dalam entri log yang berisi informasi audit | ||
|---|---|---|
| Metadata audit | Nama kolom audit | Nilai |
| Identitas pengguna atau layanan | user |
Misalnya, "user": { "groups": [ "system:authenticated" ], "username": "fop-myusername" } |
|
Target (Kolom dan nilai yang memanggil API) |
objectRef |
Misalnya, "objectRef": { "apiGroup": "virtualmachine.gdc.goog", "apiVersion": "v1", "name": "vm1", "namespace": "myusername-test", "resource": "virtualmachines" } |
|
Tindakan (Kolom yang berisi operasi yang dilakukan) |
verb |
"verb": "create" |
| Stempel waktu peristiwa | requestReceivedTimestamp |
Misalnya,
|
| Sumber tindakan | _gdch_cluster |
Misalnya,
|
| Hasil | responseStatus |
Misalnya, "responseStatus": { "code": 201, "metadata": {} } |
| Kolom lainnya | Tidak berlaku | Tidak berlaku |
Contoh log
{
"_gdch_cluster": "org-infrastructure-cluster",
"_gdch_fluentbit_pod": "anthos-audit-logs-forwarder-tzdxt",
"_gdch_org_id": "zone1.google.gdch.test",
"_gdch_org_name": "root",
"annotations": {
"authorization.k8s.io/decision": "allow",
"authorization.k8s.io/reason": "RBAC: allowed by RoleBinding \"fop-myusername-vm-admin/myusername-test\" of Role \"project-vm-admin\" to User \"fop-myusername\"",
"mutation.webhook.admission.k8s.io/round_0_index_12": "{\"configuration\":\"gatekeeper-mutating-webhook-configuration\",\"webhook\":\"mutation.gatekeeper.sh\",\"mutated\":false}"
},
"apiVersion": "audit.k8s.io/v1",
"auditID": "6b48ee52-baa4-47d1-9357-98d1bf7bee7e",
"kind": "Event",
"level": "Metadata",
"objectRef": {
"apiGroup": "virtualmachine.gdc.goog",
"apiVersion": "v1",
"name": "vm1",
"namespace": "myusername-test",
"resource": "virtualmachines"
},
"requestReceivedTimestamp": "2023-09-19T21:16:11.086606Z",
"requestURI": "/apis/virtualmachine.gdc.goog/v1/namespaces/myusername-test/virtualmachines?fieldManager=kubectl-client-side-apply",
"responseStatus": {
"code": 201,
"metadata": {}
},
"sourceIPs": [
"10.200.0.1",
"10.200.0.6"
],
"stage": "ResponseComplete",
"stageTimestamp": "2023-09-19T21:16:11.097294Z",
"user": {
"groups": [
"system:authenticated"
],
"username": "fop-myusername"
},
"userAgent": "kubectl/v1.23.5 (linux/amd64) kubernetes/c285e78",
"verb": "create"
}
Mencantumkan VM
| Kolom dalam entri log yang berisi informasi audit | ||
|---|---|---|
| Metadata audit | Nama kolom audit | Nilai |
| Identitas pengguna atau layanan | user |
Misalnya, "user": { "groups": [ "system:authenticated" ], "username": "fop-myusername" } |
|
Target (Kolom dan nilai yang memanggil API) |
objectRef |
Misalnya, "objectRef": { "apiGroup": "virtualmachine.gdc.goog", "apiVersion": "v1", "namespace": "myusername-test", "resource": "virtualmachines" } |
|
Tindakan (Kolom yang berisi operasi yang dilakukan) |
verb |
"verb": "list" |
| Stempel waktu peristiwa | requestReceivedTimestamp |
Misalnya,
|
| Sumber tindakan | _gdch_cluster |
Misalnya,
|
| Hasil | responseStatus |
Misalnya, "responseStatus": { "code": 200, "metadata": {} } |
| Kolom lainnya | Tidak berlaku | Tidak berlaku |
Contoh log
{
"_gdch_cluster": "org-infrastructure-cluster",
"_gdch_fluentbit_pod": "anthos-audit-logs-forwarder-tzdxt",
"_gdch_org_id": "zone1.google.gdch.test",
"_gdch_org_name": "root",
"annotations": {
"authorization.k8s.io/decision": "allow",
"authorization.k8s.io/reason": "RBAC: allowed by RoleBinding \"fop-myusername-vm-admin/myusername-test\" of Role \"project-vm-admin\" to User \"fop-myusername\""
},
"apiVersion": "audit.k8s.io/v1",
"auditID": "e848a3a1-da7e-4b74-8c12-f2af066dda55",
"kind": "Event",
"level": "Metadata",
"objectRef": {
"apiGroup": "virtualmachine.gdc.goog",
"apiVersion": "v1",
"namespace": "myusername-test",
"resource": "virtualmachines"
},
"requestReceivedTimestamp": "2023-09-19T21:37:40.632532Z",
"requestURI": "/apis/virtualmachine.gdc.goog/v1/namespaces/myusername-test/virtualmachines?limit=500",
"responseStatus": {
"code": 200,
"metadata": {}
},
"sourceIPs": [
"10.200.0.1",
"10.200.0.6"
],
"stage": "ResponseComplete",
"stageTimestamp": "2023-09-19T21:37:40.639807Z",
"user": {
"groups": [
"system:authenticated"
],
"username": "fop-myusername"
},
"userAgent": "kubectl/v1.23.5 (linux/amd64) kubernetes/c285e78",
"verb": "list"
}
Mengupdate VM
Hal ini mencakup operasi mulai/berhenti. Operasi mulai ulang juga muncul sebagai dua operasi update (berhenti dan mulai) oleh akun layanan.
| Kolom dalam entri log yang berisi informasi audit | ||
|---|---|---|
| Metadata audit | Nama kolom audit | Nilai |
| Identitas pengguna atau layanan | user |
Misalnya, "user":{ "username": "fop-myname-test", "groups":[ "system: authenticated" ] } |
|
Target (Kolom dan nilai yang memanggil API) |
objectRef |
Misalnya, "objectRef": { "apiGroup": "virtualmachine.gdc.goog", "apiVersion": "v1", "name": "vm1", "namespace": "myusername-test", "resource": "virtualmachines" } |
|
Tindakan (Kolom yang berisi operasi yang dilakukan) |
verb |
"verb": "patch" |
| Stempel waktu peristiwa | requestReceivedTimestamp |
Misalnya,
|
| Sumber tindakan | _gdch_cluster |
Misalnya,
|
| Hasil | responseStatus |
Misalnya, "responseStatus": { "code": 415, "message": "the body of the request was in an unknown format - accepted media types include: application/json-patch+json, application/merge-patch+json, application/apply-patch+yaml", "metadata": {}, "reason": "UnsupportedMediaType", "status": "Failure" } |
| Kolom lainnya | Tidak berlaku | Tidak berlaku |
Contoh log
{
"_gdch_cluster": "org-infrastructure-cluster",
"_gdch_fluentbit_pod": "anthos-audit-logs-forwarder-rxgp7",
"_gdch_org_id": "zone1.google.gdch.test",
"_gdch_org_name": "root",
"annotations": {
"authorization.k8s.io/decision": "allow",
"authorization.k8s.io/reason": "RBAC: allowed by ClusterRoleBinding \"vmm-controller\" of ClusterRole \"vmm-controller\" to ServiceAccount \"vmm-controller/vm-system\""
},
"apiVersion": "audit.k8s.io/v1",
"auditID": "f094a667-adc8-46cf-9ce7-e0f534b792a9",
"kind": "Event",
"level": "Metadata",
"objectRef": {
"apiGroup": "virtualmachine.gdc.goog",
"apiVersion": "v1",
"name": "vm1",
"namespace": "myusername-test",
"resource": "virtualmachines"
},
"requestReceivedTimestamp": "2023-09-19T21:42:20.229318Z",
"requestURI": "/apis/virtualmachine.gdc.goog/v1/namespaces/myusername-test/virtualmachines/vm1",
"responseStatus": {
"code": 415,
"message": "the body of the request was in an unknown format - accepted media types include: application/json-patch+json, application/merge-patch+json, application/apply-patch+yaml",
"metadata": {},
"reason": "UnsupportedMediaType",
"status": "Failure"
},
"sourceIPs": [
"10.201.64.17"
],
"stage": "ResponseComplete",
"stageTimestamp": "2023-09-19T21:42:20.230057Z",
"user": {
"extra": {
"authentication.kubernetes.io/pod-name": [
"vmm-controller-588b67d499-p7qzv"
],
"authentication.kubernetes.io/pod-uid": [
"b5bec7d9-d813-4c9d-a2c6-7c8b2ab7ae9c"
]
},
"groups": [
"system:serviceaccounts",
"system:serviceaccounts:vm-system",
"system:authenticated"
],
"uid": "24a689d1-aabb-4738-9576-eb3a56e5c3d4",
"username": "system:serviceaccount:vm-system:vmm-controller"
},
"userAgent": "vmm-controller/v0.0.0 (linux/amd64) kubernetes/$Format",
"verb": "patch"
}
Menghapus VM
| Kolom dalam entri log yang berisi informasi audit | ||
|---|---|---|
| Metadata audit | Nama kolom audit | Nilai |
| Identitas pengguna atau layanan | user |
Misalnya, "user": { "groups": [ "system:masters", "system:authenticated" ], "username": "kubernetes-admin" } |
|
Target (Kolom dan nilai yang memanggil API) |
objectRef |
Misalnya, "objectRef": { "apiGroup": "virtualmachine.gdc.goog", "apiVersion": "v1", "name": "vm1", "namespace": "myusername-test", "resource": "virtualmachines" } |
|
Tindakan (Kolom yang berisi operasi yang dilakukan) |
verb |
"verb": "delete" |
| Stempel waktu peristiwa | requestReceivedTimestamp |
Misalnya,
|
| Sumber tindakan | _gdch_cluster |
Misalnya,
|
| Hasil | responseStatus |
Misalnya, "responseStatus": { "code": 200, "metadata": {} } |
| Kolom lainnya | Tidak berlaku | Tidak berlaku |
Contoh log
{
"_gdch_cluster": "org-infrastructure-cluster",
"_gdch_fluentbit_pod": "anthos-audit-logs-forwarder-tzdxt",
"_gdch_org_id": "zone1.google.gdch.test",
"_gdch_org_name": "root",
"annotations": {
"authorization.k8s.io/decision": "allow",
"authorization.k8s.io/reason": ""
},
"apiVersion": "audit.k8s.io/v1",
"auditID": "b487c3cf-3eda-4cc9-bb5f-1d9665038ee0",
"kind": "Event",
"level": "Metadata",
"objectRef": {
"apiGroup": "virtualmachine.gdc.goog",
"apiVersion": "v1",
"name": "vm1",
"namespace": "myusername-test",
"resource": "virtualmachines"
},
"requestReceivedTimestamp": "2023-09-19T20:58:25.165020Z",
"requestURI": "/apis/virtualmachine.gdc.goog/v1/namespaces/myusername-test/virtualmachines/vm1",
"responseStatus": {
"code": 200,
"metadata": {}
},
"sourceIPs": [
"10.200.0.6"
],
"stage": "ResponseComplete",
"stageTimestamp": "2023-09-19T20:58:25.181044Z",
"user": {
"groups": [
"system:masters",
"system:authenticated"
],
"username": "kubernetes-admin"
},
"userAgent": "kubectl/v1.23.5 (linux/amd64) kubernetes/c285e78",
"verb": "delete"
}
Membuat disk VM
| Kolom dalam entri log yang berisi informasi audit | ||
|---|---|---|
| Metadata audit | Nama kolom audit | Nilai |
| Identitas pengguna atau layanan | user |
Misalnya, "user": { "groups": [ "system:authenticated" ], "username": "fop-myusername" } |
|
Target (Kolom dan nilai yang memanggil API) |
objectRef |
Misalnya, "objectRef": { "apiGroup": "virtualmachine.gdc.goog", "apiVersion": "v1", "name": "vm1-boot-disk", "namespace": "myusername-test", "resource": "virtualmachinedisks" } |
|
Tindakan (Kolom yang berisi operasi yang dilakukan) |
verb |
"verb": "create" |
| Stempel waktu peristiwa | requestReceivedTimestamp |
Misalnya,
|
| Sumber tindakan | _gdch_cluster |
Misalnya,
|
| Hasil | responseStatus |
Misalnya, "responseStatus": { "code": 201, "metadata": {} } |
| Kolom lainnya | Tidak berlaku | Tidak berlaku |
Contoh log
{
"_gdch_cluster": "org-infrastructure-cluster",
"_gdch_fluentbit_pod": "anthos-audit-logs-forwarder-tzdxt",
"_gdch_org_id": "zone1.google.gdch.test",
"_gdch_org_name": "root",
"annotations": {
"authorization.k8s.io/decision": "allow",
"authorization.k8s.io/reason": "RBAC: allowed by RoleBinding \"fop-myusername-vm-admin/myusername-test\" of Role \"project-vm-admin\" to User \"fop-myusername\"",
"mutation.webhook.admission.k8s.io/round_0_index_12": "{\"configuration\":\"gatekeeper-mutating-webhook-configuration\",\"webhook\":\"mutation.gatekeeper.sh\",\"mutated\":false}"
},
"apiVersion": "audit.k8s.io/v1",
"auditID": "b304923c-1df4-4184-bafd-40161210e85e",
"kind": "Event",
"level": "Metadata",
"objectRef": {
"apiGroup": "virtualmachine.gdc.goog",
"apiVersion": "v1",
"name": "vm1-boot-disk",
"namespace": "myusername-test",
"resource": "virtualmachinedisks"
},
"requestReceivedTimestamp": "2023-09-19T21:16:11.056904Z",
"requestURI": "/apis/virtualmachine.gdc.goog/v1/namespaces/myusername-test/virtualmachinedisks?fieldManager=kubectl-client-side-apply",
"responseStatus": {
"code": 201,
"metadata": {}
},
"sourceIPs": [
"10.200.0.1",
"10.200.0.6"
],
"stage": "ResponseComplete",
"stageTimestamp": "2023-09-19T21:16:11.071123Z",
"user": {
"groups": [
"system:authenticated"
],
"username": "fop-myusername"
},
"userAgent": "kubectl/v1.23.5 (linux/amd64) kubernetes/c285e78",
"verb": "create"
}
Mencantumkan disk VM
| Kolom dalam entri log yang berisi informasi audit | ||
|---|---|---|
| Metadata audit | Nama kolom audit | Nilai |
| Identitas pengguna atau layanan | user |
Misalnya, "user": { "groups": [ "system:authenticated" ], "username": "fop-myusername" } |
|
Target (Kolom dan nilai yang memanggil API) |
objectRef |
Misalnya, "objectRef": { "apiGroup": "virtualmachine.gdc.goog", "apiVersion": "v1", "namespace": "myusername-test", "resource": "virtualmachinedisks" } |
|
Tindakan (Kolom yang berisi operasi yang dilakukan) |
verb |
"verb": "list" |
| Stempel waktu peristiwa | requestReceivedTimestamp |
Misalnya,
|
| Sumber tindakan | _gdch_cluster |
Misalnya,
|
| Hasil | responseStatus |
Misalnya, "responseStatus": { "code": 200, "metadata": {} } |
| Kolom lainnya | Tidak berlaku | Tidak berlaku |
Contoh log
{
"_gdch_cluster": "org-infrastructure-cluster",
"_gdch_fluentbit_pod": "anthos-audit-logs-forwarder-l7p8r",
"_gdch_org_id": "zone1.google.gdch.test",
"_gdch_org_name": "root",
"annotations": {
"authorization.k8s.io/decision": "allow",
"authorization.k8s.io/reason": "RBAC: allowed by RoleBinding \"fop-myusername-vm-admin/myusername-test\" of Role \"project-vm-admin\" to User \"fop-myusername\""
},
"apiVersion": "audit.k8s.io/v1",
"auditID": "3d71f7fd-11d0-4ed7-9d8c-a9bf9f61b46d",
"kind": "Event",
"level": "Metadata",
"objectRef": {
"apiGroup": "virtualmachine.gdc.goog",
"apiVersion": "v1",
"namespace": "myusername-test",
"resource": "virtualmachinedisks"
},
"requestReceivedTimestamp": "2023-09-19T21:18:43.108931Z",
"requestURI": "/apis/virtualmachine.gdc.goog/v1/namespaces/myusername-test/virtualmachinedisks?limit=500",
"responseStatus": {
"code": 200,
"metadata": {}
},
"sourceIPs": [
"10.200.0.1",
"10.200.0.7"
],
"stage": "ResponseComplete",
"stageTimestamp": "2023-09-19T21:18:43.137015Z",
"user": {
"groups": [
"system:authenticated"
],
"username": "fop-myusername"
},
"userAgent": "kubectl/v1.23.5 (linux/amd64) kubernetes/c285e78",
"verb": "list"
}
Menghapus disk VM
| Kolom dalam entri log yang berisi informasi audit | ||
|---|---|---|
| Metadata audit | Nama kolom audit | Nilai |
| Identitas pengguna atau layanan | user |
Misalnya, "user":{ "username": "fop-myname-test", "groups":[ "system: authenticated" ] } |
|
Target (Kolom dan nilai yang memanggil API) |
objectRef |
Misalnya, "objectRef":{ "namespace":"foo", "resource":"virtualmachinedisks", "apiGroup":"virtualmachine.gdc.goog", "name":"vm1-boot-disk", "apiVersion":"v1" } |
|
Tindakan (Kolom yang berisi operasi yang dilakukan) |
verb |
"verb":"delete" |
| Stempel waktu peristiwa | requestReceivedTimestamp |
Misalnya,
|
| Sumber tindakan | _gdch_cluster |
Misalnya,
|
| Hasil | responseStatus |
Misalnya, "responseStatus":{ "metadata":{}, "code":200 } |
| Kolom lainnya | Tidak berlaku | Tidak berlaku |
Contoh log
{
"_gdch_cluster":"org-infrastructure-cluster",
"_gdch_fluentbit_pod":"anthos-audit-logs-forwarder-8z2rm",
"_gdch_service_name":"apiserver",
"apiVersion":"audit.k8s.io/v1",
"auditID":"ba0344d7-283f-4d79-aabc-e083al9b053a",
"kind":"Event",
"level":"Metadata",
"objectRef":{
"namespace":"foo",
"resource":"virtualmachinedisks",
"apiGroup":"virtualmachine.gdc.goog",
"apiVersion":"v1",
"name":"vm1-boot-disk"
},
"requestReceivedTimestamp":"2022-11-11T22:02:02.034688Z",
"requestURI":"/apis/virtualmachine.gdc.goog/v1/namespaces/foo/virtualmachinedisks/vm1-boot-disk",
"responseStatus":{
"metadata":{},
"code":200
},
"sourceIPs":["10.142.5.147"],
"stage":"ResponseComplete",
"stageTimestamp":"2022-11-11T22:02:02.045045Z",
"tsNs":1668204122074601081,
"user":{
"username": "fop-myname-test",
"groups":[
"system: authenticated"
]
},
"userAgent":"kubectl/v1.23.5 (linux/amd64) kubernetes/c285e78",
"verb":"delete"
}
Mencantumkan jenis VM
| Kolom dalam entri log yang berisi informasi audit | ||
|---|---|---|
| Metadata audit | Nama kolom audit | Nilai |
| Identitas pengguna atau layanan | user |
Misalnya, "user":{ "username": "fop-myname-test", "groups":[ "system: authenticated" ] } |
|
Target (Kolom dan nilai yang memanggil API) |
objectRef |
Misalnya, "objectRef":{ "resource":"virtualmachinetypes", "apiGroup":"virtualmachine.gdc.goog", "apiVersion":"v1" } |
|
Tindakan (Kolom yang berisi operasi yang dilakukan) |
verb |
"verb":"list" |
| Stempel waktu peristiwa | requestReceivedTimestamp |
Misalnya,
|
| Sumber tindakan | _gdch_cluster |
Misalnya,
|
| Hasil | responseStatus |
Misalnya, "responseStatus":{ "metadata":{}, "code":200 } |
| Kolom lainnya | Tidak berlaku | Tidak berlaku |
Contoh log
{
"_gdch_cluster":"org-infrastructure-cluster",
"_gdch_fluentbit_pod":"anthos-audit-logs-forwarder-8z2rm",
"_gdch_service_name":"apiserver",
"annotations":{
"authorization.k8s.io/decision":"allow",
"authorization.k8s.io/reason":"RBAC: allowed by RoleBinding 'g-vm-admin-binding/foo' of Role 'g-vm-admin' to User 'fop-myname-test'"
},
"apiVersion":"audit.k8s.io/v1",
"auditID":"ba0344d7-283f-4d79-aabc-e083al9b053a",
"kind":"Event",
"level":"Metadata",
"objectRef":{
"resource":"virtualmachinetypes",
"apiGroup":"virtualmachine.gdc.goog",
"apiVersion":"v1"
},
"requestReceivedTimestamp":"2022-11-11T22:02:02.034688Z",
"requestURI":"/apis/virtualmachine.gdc.goog/v1/virtualmachinetypes?limit=500",
"responseStatus":{
"metadata":{},
"code":200
},
"sourceIPs":["10.142.5.147"],
"stage":"ResponseComplete",
"stageTimestamp":"2022-11-11T22:02:02.045045Z",
"tsNs":1668204122074601081,
"user":{
"username": "fop-myname-test",
"groups":[
"system: authenticated"
]
},
"userAgent":"kubectl/v1.23.5 (linux/amd64) kubernetes/c285e78",
"verb":"list"
}
Membuat jenis VM
| Kolom dalam entri log yang berisi informasi audit | ||
|---|---|---|
| Metadata audit | Nama kolom audit | Nilai |
| Identitas pengguna atau layanan | user |
Misalnya, "user":{ "username": "fop-myname-test", "groups":[ "system: authenticated" ] } |
|
Target (Kolom dan nilai yang memanggil API) |
objectRef |
Misalnya, "objectRef":{ "resource":"virtualmachinetypes", "apiGroup":"virtualmachine.gdc.goog", "name":"test-type", "apiVersion":"v1" } |
|
Tindakan (Kolom yang berisi operasi yang dilakukan) |
verb |
"verb":"create" |
| Stempel waktu peristiwa | requestReceivedTimestamp |
Misalnya,
|
| Sumber tindakan | _gdch_cluster |
Misalnya,
|
| Hasil | responseStatus |
Misalnya, "responseStatus":{ "metadata":{}, "code":201 } |
| Kolom lainnya | Tidak berlaku | Tidak berlaku |
Contoh log
{
"_gdch_cluster":"org-infrastructure-cluster",
"_gdch_fluentbit_pod":"anthos-audit-logs-forwarder-8z2rm",
"_gdch_service_name":"apiserver",
"annotations":{
"authorization.k8s.io/decision":"allow",
"authorization.k8s.io/reason":"RBAC: allowed by ClusterRoleBinding 'g-pa-system-binding' of ClusterRole 'g-system-cluster-admin' to User 'fop-myname-test'"
},
"apiVersion":"audit.k8s.io/v1",
"auditID":"ba0344d7-283f-4d79-aabc-e083al9b053a",
"kind":"Event",
"level":"Metadata",
"objectRef":{
"resource":"virtualmachinetypes",
"apiGroup":"virtualmachine.gdc.goog",
"name":"test-type",
"apiVersion":"v1"
},
"requestReceivedTimestamp":"2022-11-11T22:02:02.034688Z",
"requestURI":"/apis/virtualmachine.gdc.goog/v1/virtualmachinetypes?fieldManager=kubectl-client-side-apply",
"responseStatus":{
"metadata":{},
"code":201
},
"sourceIPs":["10.142.5.147"],
"stage":"ResponseComplete",
"stageTimestamp":"2022-11-11T22:02:02.045045Z",
"tsNs":1668204122074601081,
"user":{
"username": "fop-myname-test",
"groups":[
"system: authenticated"
]
},
"userAgent":"kubectl/v1.23.5 (linux/amd64) kubernetes/c285e78",
"verb":"create"
}
Menghapus jenis VM
| Kolom dalam entri log yang berisi informasi audit | ||
|---|---|---|
| Metadata audit | Nama kolom audit | Nilai |
| Identitas pengguna atau layanan | user |
Misalnya, "user":{ "username": "fop-myname-test", "groups":[ "system: authenticated" ] } |
|
Target (Kolom dan nilai yang memanggil API) |
objectRef |
Misalnya, "objectRef":{ "resource":"virtualmachinetypes", "apiGroup":"virtualmachine.gdc.goog", "name":"test-type", "apiVersion":"v1" } |
|
Tindakan (Kolom yang berisi operasi yang dilakukan) |
verb |
"verb":"delete" |
| Stempel waktu peristiwa | requestReceivedTimestamp |
Misalnya,
|
| Sumber tindakan | _gdch_cluster |
Misalnya,
|
| Hasil | responseStatus |
Misalnya, "responseStatus":{ "metadata":{}, "code":200, "status":"Success" } |
| Kolom lainnya | Tidak berlaku | Tidak berlaku |
Contoh log
{
"_gdch_cluster":"org-infrastructure-cluster",
"_gdch_fluentbit_pod":"anthos-audit-logs-forwarder-8z2rm",
"_gdch_service_name":"apiserver",
"annotations":{
"authorization.k8s.io/decision":"allow",
"authorization.k8s.io/reason":"RBAC: allowed by ClusterRoleBinding 'g-pa-system-binding' of ClusterRole 'g-system-cluster-admin' to User 'fop-myname-test'"
},
"apiVersion":"audit.k8s.io/v1",
"auditID":"ba0344d7-283f-4d79-aabc-e083al9b053a",
"kind":"Event",
"level":"Metadata",
"objectRef":{
"resource":"virtualmachinetypes",
"apiGroup":"virtualmachine.gdc.goog",
"name":"test-type",
"apiVersion":"v1"
},
"requestReceivedTimestamp":"2022-11-11T22:02:02.034688Z",
"requestURI":"/apis/virtualmachine.gdc.goog/v1/virtualmachinetypes/test-type",
"responseStatus":{
"metadata":{},
"code":200,
"status":"Success"
},
"sourceIPs":["10.142.5.147"],
"stage":"ResponseComplete",
"stageTimestamp":"2022-11-11T22:02:02.045045Z",
"tsNs":1668204122074601081,
"user":{
"username": "fop-myname-test",
"groups":[
"system: authenticated"
]
},
"userAgent":"kubectl/v1.23.5 (linux/amd64) kubernetes/c285e78",
"verb":"delete"
}
Mengupdate jenis VM
| Kolom dalam entri log yang berisi informasi audit | ||
|---|---|---|
| Metadata audit | Nama kolom audit | Nilai |
| Identitas pengguna atau layanan | user |
Misalnya, "user":{ "username": "fop-myname-test", "groups":[ "system: authenticated" ] } |
|
Target (Kolom dan nilai yang memanggil API) |
objectRef |
Misalnya, "objectRef":{ "resource":"virtualmachinetypes", "apiGroup":"virtualmachine.gdc.goog", "name":"test-type", "apiVersion":"v1" } |
|
Tindakan (Kolom yang berisi operasi yang dilakukan) |
verb |
"verb":"patch" |
| Stempel waktu peristiwa | requestReceivedTimestamp |
Misalnya,
|
| Sumber tindakan | _gdch_cluster |
Misalnya,
|
| Hasil | responseStatus |
Misalnya, "responseStatus":{ "metadata":{}, "code":200 } |
| Kolom lainnya | Tidak berlaku | Tidak berlaku |
Contoh log
{
"_gdch_cluster":"org-infrastructure-cluster",
"_gdch_fluentbit_pod":"anthos-audit-logs-forwarder-8z2rm",
"_gdch_service_name":"apiserver",
"annotations":{
"authorization.k8s.io/decision":"allow",
"authorization.k8s.io/reason":"RBAC: allowed by ClusterRoleBinding 'g-pa-system-binding' of ClusterRole 'g-system-cluster-admin' to User 'fop-myname-test'"
},
"apiVersion":"audit.k8s.io/v1",
"auditID":"ba0344d7-283f-4d79-aabc-e083al9b053a",
"kind":"Event",
"level":"Metadata",
"objectRef":{
"resource":"virtualmachinetypes",
"apiGroup":"virtualmachine.gdc.goog",
"name":"test-type",
"apiVersion":"v1"
},
"requestReceivedTimestamp":"2022-11-11T22:02:02.034688Z",
"requestURI":"/apis/virtualmachine.gdc.goog/v1/virtualmachinetypes/test-type?fieldManager=kubectl-client-side-apply",
"responseStatus":{
"metadata":{},
"code":200
},
"sourceIPs":["10.142.5.147"],
"stage":"ResponseComplete",
"stageTimestamp":"2022-11-11T22:02:02.045045Z",
"tsNs":1668204122074601081,
"user":{
"username": "fop-myname-test",
"groups":[
"system: authenticated"
]
},
"userAgent":"kubectl/v1.23.5 (linux/amd64) kubernetes/c285e78",
"verb":"patch"
}
Membuat permintaan akses VM
| Kolom dalam entri log yang berisi informasi audit | ||
|---|---|---|
| Metadata audit | Nama kolom audit | Nilai |
| Identitas pengguna atau layanan | user |
Misalnya, "user":{ "username": "fop-myname-test", "groups":[ "system: authenticated" ] } |
|
Target (Kolom dan nilai yang memanggil API) |
objectRef |
Misalnya, "objectRef":{ "namespace":"foo", "resource":"virtualmachineaccessrequests", "apiGroup":"virtualmachine.gdc.goog", "apiVersion":"v1" } |
|
Tindakan (Kolom yang berisi operasi yang dilakukan) |
verb |
"verb":"create" |
| Stempel waktu peristiwa | requestReceivedTimestamp |
Misalnya,
|
| Sumber tindakan | _gdch_cluster |
Misalnya,
|
| Hasil | responseStatus |
Misalnya, "responseStatus":{ "metadata":{}, "code":201 } |
| Kolom lainnya | Tidak berlaku | Tidak berlaku |
Contoh log
{
"_gdch_cluster":"org-infrastructure-cluster",
"_gdch_fluentbit_pod":"anthos-audit-logs-forwarder-8z2rm",
"_gdch_service_name":"apiserver",
"annotations":{
"authorization.k8s.io/decision":"allow",
"authorization.k8s.io/reason":"RBAC: allowed by RoleBinding 'g-vm-admin-binding/foo' of Role 'g-vm-admin' to User 'fop-myname-test'"
},
"apiVersion":"audit.k8s.io/v1",
"auditID":"ba0344d7-283f-4d79-aabc-e083al9b053a",
"kind":"Event",
"level":"Metadata",
"objectRef":{
"namespace":"foo",
"resource":"virtualmachineaccessrequests",
"apiGroup":"virtualmachine.gdc.goog",
"apiVersion":"v1"
},
"requestReceivedTimestamp":"2022-11-11T22:02:02.034688Z",
"requestURI":"/apis/virtualmachine.gdc.goog/v1/namespaces/foo/virtualmachineaccessrequests?fieldManager=kubectl-create",
"responseStatus":{
"metadata":{},
"code":201
},
"sourceIPs":["10.142.5.147"],
"stage":"ResponseComplete",
"stageTimestamp":"2022-11-11T22:02:02.045045Z",
"tsNs":1668204122074601081,
"user":{
"username": "fop-myname-test",
"groups":[
"system: authenticated"
]
},
"userAgent":"kubectl/v1.23.5 (linux/amd64) kubernetes/c285e78",
"verb":"create"
}
Mencantumkan permintaan akses VM
| Kolom dalam entri log yang berisi informasi audit | ||
|---|---|---|
| Metadata audit | Nama kolom audit | Nilai |
| Identitas pengguna atau layanan | user |
Misalnya, "user":{ "username": "fop-myname-test", "groups":[ "system: authenticated" ] } |
|
Target (Kolom dan nilai yang memanggil API) |
objectRef |
Misalnya, "objectRef":{ "namespace":"foo", "resource":"virtualmachineaccessrequests", "apiGroup":"virtualmachine.gdc.goog", "apiVersion":"v1" } |
|
Tindakan (Kolom yang berisi operasi yang dilakukan) |
verb |
"verb":"list" |
| Stempel waktu peristiwa | requestReceivedTimestamp |
Misalnya,
|
| Sumber tindakan | _gdch_cluster |
Misalnya,
|
| Hasil | responseStatus |
Misalnya, "responseStatus":{ "metadata":{}, "code":200 } |
| Kolom lainnya | Tidak berlaku | Tidak berlaku |
Contoh log
{
"_gdch_cluster":"org-infrastructure-cluster",
"_gdch_fluentbit_pod":"anthos-audit-logs-forwarder-8z2rm",
"_gdch_service_name":"apiserver",
"annotations":{
"authorization.k8s.io/decision":"allow",
"authorization.k8s.io/reason":"RBAC: allowed by RoleBinding 'g-vm-admin-binding/foo' of Role 'g-vm-admin' to User 'fop-myname-test'"
},
"apiVersion":"audit.k8s.io/v1",
"auditID":"ba0344d7-283f-4d79-aabc-e083al9b053a",
"kind":"Event",
"level":"Metadata",
"objectRef":{
"namespace":"foo",
"resource":"virtualmachineaccessrequests",
"apiGroup":"virtualmachine.gdc.goog",
"apiVersion":"v1"
},
"requestReceivedTimestamp":"2022-11-11T22:02:02.034688Z",
"requestURI":"/apis/virtualmachine.gdc.goog/v1/namespaces/foo/virtualmachineaccessrequests?limit=500",
"responseStatus":{
"metadata":{},
"code":200
},
"sourceIPs":["10.142.5.147"],
"stage":"ResponseComplete",
"stageTimestamp":"2022-11-11T22:02:02.045045Z",
"tsNs":1668204122074601081,
"user":{
"username": "fop-myname-test",
"groups":[
"system: authenticated"
]
},
"userAgent":"kubectl/v1.23.5 (linux/amd64) kubernetes/c285e78",
"verb":"list"
}
Menghapus permintaan akses VM
| Kolom dalam entri log yang berisi informasi audit | ||
|---|---|---|
| Metadata audit | Nama kolom audit | Nilai |
| Identitas pengguna atau layanan | user |
Misalnya, "user":{ "username": "fop-myname-test", "groups":[ "system: authenticated" ] } |
|
Target (Kolom dan nilai yang memanggil API) |
objectRef |
Misalnya, "objectRef":{ "namespace":"foo", "resource":"virtualmachineaccessrequests", "apiGroup":"virtualmachine.gdc.goog", "name":"vm1-jdc9c", "apiVersion":"v1" } |
|
Tindakan (Kolom yang berisi operasi yang dilakukan) |
verb |
"verb":"delete" |
| Stempel waktu peristiwa | requestReceivedTimestamp |
Misalnya,
|
| Sumber tindakan | _gdch_cluster |
Misalnya,
|
| Hasil | responseStatus |
Misalnya, "responseStatus":{ "metadata":{}, "code":200 } |
| Kolom lainnya | Tidak berlaku | Tidak berlaku |
Contoh log
{
"_gdch_cluster":"org-infrastructure-cluster",
"_gdch_fluentbit_pod":"anthos-audit-logs-forwarder-8z2rm",
"_gdch_service_name":"apiserver",
"annotations":{
"authorization.k8s.io/decision":"allow",
"authorization.k8s.io/reason":"RBAC: allowed by RoleBinding 'g-vm-admin-binding/foo' of Role 'g-vm-admin' to User 'fop-myname-test'"
},
"apiVersion":"audit.k8s.io/v1",
"auditID":"ba0344d7-283f-4d79-aabc-e083al9b053a",
"kind":"Event",
"level":"Metadata",
"objectRef":{
"namespace":"foo",
"resource":"virtualmachineaccessrequests",
"apiGroup":"virtualmachine.gdc.goog",
"name":"vm1-jdc9c",
"apiVersion":"v1"
},
"requestReceivedTimestamp":"2022-11-11T22:02:02.034688Z",
"requestURI":"/apis/virtualmachine.gdc.goog/v1/namespaces/foo/virtualmachineaccessrequests/vm1-jdc9c",
"responseStatus":{
"metadata":{},
"code":200
},
"sourceIPs":["10.142.5.147"],
"stage":"ResponseComplete",
"stageTimestamp":"2022-11-11T22:02:02.045045Z",
"tsNs":1668204122074601081,
"user":{
"username": "fop-myname-test",
"groups":[
"system: authenticated"
]
},
"userAgent":"kubectl/v1.23.5 (linux/amd64) kubernetes/c285e78",
"verb":"delete"
}
Mencantumkan image VM
| Kolom dalam entri log yang berisi informasi audit | ||
|---|---|---|
| Metadata audit | Nama kolom audit | Nilai |
| Identitas pengguna atau layanan | user |
Misalnya, "user":{ "username": "system:serviceaccount:gatekeeper-system:gatekeeper-admin", "uid":"225d02e7-ee06-42c9-a561-df1945d83224", "groups":[ "system:serviceaccounts", "system:serviceaccounts:gatekeeper-system", "system: authenticated" ] } |
|
Target (Kolom dan nilai yang memanggil API) |
objectRef |
Misalnya, "objectRef":{ "resource":"virtualmachineimage", "apiGroup":"virtualmachineview.gdc.goog", "apiVersion":"v1alpha1" } |
|
Tindakan (Kolom yang berisi operasi yang dilakukan) |
verb |
"verb":"list" |
| Stempel waktu peristiwa | requestReceivedTimestamp |
Misalnya,
|
| Sumber tindakan | _gdch_cluster |
Misalnya,
|
| Hasil | responseStatus |
Misalnya, "responseStatus":{ "metadata":{}, "code":200 } |
| Kolom lainnya | Tidak berlaku | Tidak berlaku |
Contoh log
{
"_gdch_cluster":"org-infrastructure-cluster",
"_gdch_fluentbit_pod":"anthos-audit-logs-forwarder-8z2rm",
"_gdch_service_name":"apiserver",
"annotations":{
"authorization.k8s.io/decision":"allow",
"authorization.k8s.io/reason":"RBAC: allowed by ClusterRoleBinding 'gatekeeper-manager-rolebinding' of ClusterRole 'gatekeeper-manager-role' to ServiceAccount 'gatekeeper-admin/gatekeeper-system'"
},
"apiVersion":"audit.k8s.io/v1",
"auditID":"ba0344d7-283f-4d79-aabc-e083al9b053a",
"kind":"Event",
"level":"Metadata",
"objectRef":{
"resource":"virtualmachineimage",
"apiGroup":"virtualmachineview.gdc.goog",
"apiVersion":"v1alpha1"
},
"requestReceivedTimestamp":"2022-11-11T22:02:02.034688Z",
"requestURI":"/apis/virtualmachineview.gdc.goog/v1alpha1/virtualmachineimage?limit=500",
"responseStatus":{
"metadata":{},
"code":200
},
"sourceIPs":["10.142.5.147"],
"stage":"ResponseComplete",
"stageTimestamp":"2022-11-11T22:02:02.045045Z",
"tsNs":1668204122074601081,
"user":{
"username": "system:serviceaccount:gatekeeper-system:gatekeeper-admin",
"uid":"225d02e7-ee06-42c9-a561-df1945d83224",
"groups":[
"system:serviceaccounts",
"system:serviceaccounts:gatekeeper-system",
"system: authenticated"
]
},
"userAgent":"gatekeeper/v3.7.0 (linux/amd64) 3ba8e93/2021-11-15T20:59:44Z",
"verb":"list"
}
Membuat impor image VM
| Kolom dalam entri log yang berisi informasi audit | ||
|---|---|---|
| Metadata audit | Nama kolom audit | Nilai |
| Identitas pengguna atau layanan | user |
Misalnya, "user":{ "username": "kubernetes-admin", "groups":[ "system:masters", "system: authenticated" ] } |
|
Target (Kolom dan nilai yang memanggil API) |
objectRef |
Misalnya, "objectRef":{ "namespace":"foo", "resource":"virtualmachineimageimports", "apiGroup":"virtualmachine.gdc.goog", "apiVersion":"v1alpha1", "name":"import-1" } |
|
Tindakan (Kolom yang berisi operasi yang dilakukan) |
verb |
"verb":"create" |
| Stempel waktu peristiwa | requestReceivedTimestamp |
Misalnya,
|
| Sumber tindakan | _gdch_cluster |
Misalnya,
|
| Hasil | responseStatus |
Misalnya, "responseStatus":{ "metadata":{}, "code":201 } |
| Kolom lainnya | Tidak berlaku | Tidak berlaku |
Contoh log
{
"_gdch_cluster":"org-infrastructure-cluster",
"_gdch_fluentbit_pod":"anthos-audit-logs-forwarder-8z2rm",
"_gdch_service_name":"apiserver",
"annotations":{
"apiserver.latency.k8s.io/response-write":"1.476μs",
"authorization.k8s.io/reason":"",
"apiserver.latency.k8s.io/serialize-response-object":"71.971μs",
"authorization.k8s.io/decision":"allow",
"apiserver.latency.k8s.io/total":"7.405669466s",
"apiserver.latency.k8s.io/validating-webhook":"7.395358418s",
"apiserver.latency.k8s.io/transform-response-object":"2.358μs"
},
"apiVersion":"audit.k8s.io/v1",
"auditID":"ba0344d7-283f-4d79-aabc-e083al9b053a",
"kind":"Event",
"level":"Metadata",
"objectRef":{
"namespace":"foo",
"resource":"virtualmachineimageimports",
"apiGroup":"virtualmachine.gdc.goog",
"apiVersion":"v1alpha1",
"name":"import-1"
},
"requestReceivedTimestamp":"2022-11-11T22:02:02.034688Z",
"requestURI":"/apis/virtualmachine.gdc.goog/v1alpha1/namespaces/foo/virtualmachineimageimports?fieldManager=kubectl-client-side-apply",
"responseStatus":{
"metadata":{},
"code":201
},
"sourceIPs":["10.142.5.147"],
"stage":"ResponseComplete",
"stageTimestamp":"2022-11-11T22:02:02.045045Z",
"tsNs":1668204122074601081,
"user":{
"username": "kubernetes-admin",
"groups":[
"system:masters",
"system: authenticated"
]
},
"userAgent":"kubectl/v1.23.5 (linux/amd64) kubernetes/c285e78",
"verb":"create"
}
Mencantumkan impor image VM
| Kolom dalam entri log yang berisi informasi audit | ||
|---|---|---|
| Metadata audit | Nama kolom audit | Nilai |
| Identitas pengguna atau layanan | user |
Misalnya, "user":{ "username": "system:serviceaccount:gatekeeper-system:gatekeeper-admin", "groups":[ "system:serviceaccounts", "system:serviceaccounts:gatekeeper-system", "system: authenticated" ] } |
|
Target (Kolom dan nilai yang memanggil API) |
objectRef |
Misalnya, "objectRef":{ "resource":"virtualmachineimageimports", "apiGroup":"virtualmachine.gdc.goog", "apiVersion":"v1alpha1" } |
|
Tindakan (Kolom yang berisi operasi yang dilakukan) |
verb |
"verb":"list" |
| Stempel waktu peristiwa | requestReceivedTimestamp |
Misalnya,
|
| Sumber tindakan | _gdch_cluster |
Misalnya,
|
| Hasil | responseStatus |
Misalnya, "responseStatus":{ "metadata":{}, "code":201 } |
| Kolom lainnya | Tidak berlaku | Tidak berlaku |
Contoh log
{
"_gdch_cluster":"org-infrastructure-cluster",
"_gdch_fluentbit_pod":"anthos-audit-logs-forwarder-8z2rm",
"_gdch_service_name":"apiserver",
"apiVersion":"audit.k8s.io/v1",
"auditID":"ba0344d7-283f-4d79-aabc-e083al9b053a",
"kind":"Event",
"level":"Metadata",
"objectRef":{
"resource":"virtualmachineimageimports",
"apiGroup":"virtualmachine.gdc.goog",
"apiVersion":"v1alpha1"
},
"requestReceivedTimestamp":"2022-11-11T22:02:02.034688Z",
"requestURI":"/apis/virtualmachine.gdc.goog/v1alpha1/virtualmachineimageimports?limit=500",
"responseStatus":{
"metadata":{},
"code":201
},
"sourceIPs":["10.142.5.147"],
"stage":"ResponseComplete",
"stageTimestamp":"2022-11-11T22:02:02.045045Z",
"tsNs":1668204122074601081,
"user":{
"username": "system:serviceaccount:gatekeeper-system:gatekeeper-admin",
"groups":[
"system:serviceaccounts",
"system:serviceaccounts:gatekeeper-system",
"system: authenticated"
]
},
"userAgent":"gatekeeper/v3.7.0 (linux/amd64) 3ba8e93/2021-11-15T20:59:44Z",
"verb":"list"
}
Menghapus impor image VM
| Kolom dalam entri log yang berisi informasi audit | ||
|---|---|---|
| Metadata audit | Nama kolom audit | Nilai |
| Identitas pengguna atau layanan | user |
Misalnya, "user":{ "username": "kubernetes-admin", "groups":[ "system:masters", "system: authenticated" ] } |
|
Target (Kolom dan nilai yang memanggil API) |
objectRef |
Misalnya, "objectRef":{ "namespace":"foo", "resource":"virtualmachineimageimports", "apiGroup":"virtualmachine.gdc.goog", "name":"import-1", "apiVersion":"v1alpha1" } |
|
Tindakan (Kolom yang berisi operasi yang dilakukan) |
verb |
"verb":"delete" |
| Stempel waktu peristiwa | requestReceivedTimestamp |
Misalnya,
|
| Sumber tindakan | _gdch_cluster |
Misalnya,
|
| Hasil | responseStatus |
Misalnya, "responseStatus":{ "metadata":{}, "code":200 } |
| Kolom lainnya | Tidak berlaku | Tidak berlaku |
Contoh log
{
"_gdch_cluster":"org-infrastructure-cluster",
"_gdch_fluentbit_pod":"anthos-audit-logs-forwarder-8z2rm",
"_gdch_service_name":"apiserver",
"apiVersion":"audit.k8s.io/v1",
"auditID":"ba0344d7-283f-4d79-aabc-e083al9b053a",
"kind":"Event",
"level":"Metadata",
"objectRef":{
"namespace":"foo",
"resource":"virtualmachineimageimports",
"apiGroup":"virtualmachine.gdc.goog",
"name":"import-1",
"apiVersion":"v1alpha1"
},
"requestReceivedTimestamp":"2022-11-11T22:02:02.034688Z",
"requestURI":"/apis/virtualmachine.gdc.goog/v1alpha1/namespaces/foo/virtualmachineimageimports/import-1",
"responseStatus":{
"metadata":{},
"code":200
},
"sourceIPs":["10.142.5.147"],
"stage":"ResponseComplete",
"stageTimestamp":"2022-11-11T22:02:02.045045Z",
"tsNs":1668204122074601081,
"user":{
"username": "kubernetes-admin",
"groups":[
"system:masters",
"system: authenticated"
]
},
"userAgent":"kubectl/v1.23.5 (linux/amd64) kubernetes/c285e78",
"verb":"delete"
}
Membuat kebijakan akses eksternal
| Kolom dalam entri log yang berisi informasi audit | ||
|---|---|---|
| Metadata audit | Nama kolom audit | Nilai |
| Identitas pengguna atau layanan | user |
Misalnya, "user": { "groups": [ "system:masters", "system:authenticated" ], "username": "kubernetes-admin" } |
|
Target (Kolom dan nilai yang memanggil API) |
objectRef |
Misalnya, "objectRef": { "apiGroup": "virtualmachine.gdc.goog", "apiVersion": "v1", "name": "vm1", "namespace": "myusername-test", "resource": "virtualmachineexternalaccesses" } |
|
Tindakan (Kolom yang berisi operasi yang dilakukan) |
verb |
"verb": "create" |
| Stempel waktu peristiwa | requestReceivedTimestamp |
Misalnya,
|
| Sumber tindakan | _gdch_cluster |
Misalnya,
|
| Hasil | responseStatus |
Misalnya, "responseStatus": { "code": 201, "metadata": {} } |
| Kolom lainnya | Tidak berlaku | Tidak berlaku |
Contoh log
{
"_gdch_cluster": "org-infrastructure-cluster",
"_gdch_fluentbit_pod": "anthos-audit-logs-forwarder-tzdxt",
"_gdch_org_id": "zone1.google.gdch.test",
"_gdch_org_name": "root",
"annotations": {
"authorization.k8s.io/decision": "allow",
"authorization.k8s.io/reason": "",
"mutation.webhook.admission.k8s.io/round_0_index_12": "{\"configuration\":\"gatekeeper-mutating-webhook-configuration\",\"webhook\":\"mutation.gatekeeper.sh\",\"mutated\":false}"
},
"apiVersion": "audit.k8s.io/v1",
"auditID": "07306f01-f06e-44bf-ae6d-45447b14ea23",
"kind": "Event",
"level": "Metadata",
"objectRef": {
"apiGroup": "virtualmachine.gdc.goog",
"apiVersion": "v1",
"name": "vm1",
"namespace": "myusername-test",
"resource": "virtualmachineexternalaccesses"
},
"requestReceivedTimestamp": "2023-09-20T16:58:09.485136Z",
"requestURI": "/apis/virtualmachine.gdc.goog/v1/namespaces/myusername-test/virtualmachineexternalaccesses?fieldManager=kubectl-create",
"responseStatus": {
"code": 201,
"metadata": {}
},
"sourceIPs": [
"10.200.0.6"
],
"stage": "ResponseComplete",
"stageTimestamp": "2023-09-20T16:58:09.501959Z",
"user": {
"groups": [
"system:masters",
"system:authenticated"
],
"username": "kubernetes-admin"
},
"userAgent": "kubectl/v1.23.5 (linux/amd64) kubernetes/c285e78",
"verb": "create"
}
Mencantumkan kebijakan akses eksternal
| Kolom dalam entri log yang berisi informasi audit | ||
|---|---|---|
| Metadata audit | Nama kolom audit | Nilai |
| Identitas pengguna atau layanan | user |
Misalnya, "user": { "groups": [ "system:masters", "system:authenticated" ], "username": "kubernetes-admin" } |
|
Target (Kolom dan nilai yang memanggil API) |
objectRef |
Misalnya, "objectRef": { "apiGroup": "virtualmachine.gdc.goog", "apiVersion": "v1", "namespace": "myusername-test", "resource": "virtualmachineexternalaccesses" } |
|
Tindakan (Kolom yang berisi operasi yang dilakukan) |
verb |
"verb": "list" |
| Stempel waktu peristiwa | requestReceivedTimestamp |
Misalnya,
|
| Sumber tindakan | _gdch_cluster |
Misalnya,
|
| Hasil | responseStatus |
Misalnya, "responseStatus": { "code": 200, "metadata": {} } |
| Kolom lainnya | Tidak berlaku | Tidak berlaku |
Contoh log
{
"_gdch_cluster": "org-infrastructure-cluster",
"_gdch_fluentbit_pod": "anthos-audit-logs-forwarder-tzdxt",
"_gdch_org_id": "zone1.google.gdch.test",
"_gdch_org_name": "root",
"annotations": {
"authorization.k8s.io/decision": "allow",
"authorization.k8s.io/reason": ""
},
"apiVersion": "audit.k8s.io/v1",
"auditID": "a7396e5b-eeee-4821-9b59-c50c98de8137",
"kind": "Event",
"level": "Metadata",
"objectRef": {
"apiGroup": "virtualmachine.gdc.goog",
"apiVersion": "v1",
"namespace": "myusername-test",
"resource": "virtualmachineexternalaccesses"
},
"requestReceivedTimestamp": "2023-09-20T17:06:35.634144Z",
"requestURI": "/apis/virtualmachine.gdc.goog/v1/namespaces/myusername-test/virtualmachineexternalaccesses?limit=500",
"responseStatus": {
"code": 200,
"metadata": {}
},
"sourceIPs": [
"10.200.0.6"
],
"stage": "ResponseComplete",
"stageTimestamp": "2023-09-20T17:06:35.637132Z",
"user": {
"groups": [
"system:masters",
"system:authenticated"
],
"username": "kubernetes-admin"
},
"userAgent": "kubectl/v1.23.5 (linux/amd64) kubernetes/c285e78",
"verb": "list"
}
Memperbarui kebijakan akses eksternal
Hal ini mencakup operasi mulai/berhenti. Operasi mulai ulang juga muncul sebagai dua operasi update (berhenti dan mulai) oleh akun layanan.
| Kolom dalam entri log yang berisi informasi audit | ||
|---|---|---|
| Metadata audit | Nama kolom audit | Nilai |
| Identitas pengguna atau layanan | user |
Misalnya, "user":{ "groups": [ "system:masters", "system:authenticated" ], "username": "kubernetes-admin" } |
|
Target (Kolom dan nilai yang memanggil API) |
objectRef |
Misalnya, "objectRef": { "apiGroup": "virtualmachine.gdc.goog", "apiVersion": "v1", "name": "vm1", "namespace": "myusername-test", "resource": "virtualmachineexternalaccesses" } |
|
Tindakan (Kolom yang berisi operasi yang dilakukan) |
verb |
"verb": "patch" |
| Stempel waktu peristiwa | requestReceivedTimestamp |
Misalnya,
|
| Sumber tindakan | _gdch_cluster |
Misalnya,
|
| Hasil | responseStatus |
Misalnya, "responseStatus": { "code": 200, "metadata": {} } |
| Kolom lainnya | Tidak berlaku | Tidak berlaku |
Contoh log
{
"_gdch_cluster": "org-infrastructure-cluster",
"_gdch_fluentbit_pod": "anthos-audit-logs-forwarder-tzdxt",
"_gdch_org_id": "zone1.google.gdch.test",
"_gdch_org_name": "root",
"annotations": {
"authorization.k8s.io/decision": "allow",
"authorization.k8s.io/reason": "",
"mutation.webhook.admission.k8s.io/round_0_index_12": "{\"configuration\":\"gatekeeper-mutating-webhook-configuration\",\"webhook\":\"mutation.gatekeeper.sh\",\"mutated\":false}"
},
"apiVersion": "audit.k8s.io/v1",
"auditID": "e42f6bbb-f192-4119-a674-66e0d1826dfa",
"kind": "Event",
"level": "Metadata",
"objectRef": {
"apiGroup": "virtualmachine.gdc.goog",
"apiVersion": "v1",
"name": "vm1",
"namespace": "myusername-test",
"resource": "virtualmachineexternalaccesses"
},
"requestReceivedTimestamp": "2023-09-20T17:11:00.525104Z",
"requestURI": "/apis/virtualmachine.gdc.goog/v1/namespaces/myusername-test/virtualmachineexternalaccesses/vm1?fieldManager=kubectl-edit",
"responseStatus": {
"code": 200,
"metadata": {}
},
"sourceIPs": [
"10.200.0.6"
],
"stage": "ResponseComplete",
"stageTimestamp": "2023-09-20T17:11:00.538170Z",
"user": {
"groups": [
"system:masters",
"system:authenticated"
],
"username": "kubernetes-admin"
},
"userAgent": "kubectl/v1.23.5 (linux/amd64) kubernetes/c285e78",
"verb": "patch"
}
Menghapus kebijakan akses eksternal
| Kolom dalam entri log yang berisi informasi audit | ||
|---|---|---|
| Metadata audit | Nama kolom audit | Nilai |
| Identitas pengguna atau layanan | user |
Misalnya, "user": { "groups": [ "system:masters", "system:authenticated" ], "username": "kubernetes-admin" } |
|
Target (Kolom dan nilai yang memanggil API) |
objectRef |
Misalnya, "objectRef": { "apiGroup": "virtualmachine.gdc.goog", "apiVersion": "v1", "name": "vm1", "namespace": "myusername-test", "resource": "virtualmachineexternalaccesses" } |
|
Tindakan (Kolom yang berisi operasi yang dilakukan) |
verb |
"verb": "delete" |
| Stempel waktu peristiwa | requestReceivedTimestamp |
Misalnya,
|
| Sumber tindakan | _gdch_cluster |
Misalnya,
|
| Hasil | responseStatus |
Misalnya, "responseStatus": { "code": 200, "details": { "group": "virtualmachine.gdc.goog", "kind": "virtualmachineexternalaccesses", "name": "vm1", "uid": "d34ef0ad-f889-458f-804f-0086468a0674" }, "metadata": {}, "status": "Success" } |
| Kolom lainnya | Tidak berlaku | Tidak berlaku |
Contoh log
{
"_gdch_cluster": "org-infrastructure-cluster",
"_gdch_fluentbit_pod": "anthos-audit-logs-forwarder-tzdxt",
"_gdch_org_id": "zone1.google.gdch.test",
"_gdch_org_name": "root",
"annotations": {
"authorization.k8s.io/decision": "allow",
"authorization.k8s.io/reason": ""
},
"apiVersion": "audit.k8s.io/v1",
"auditID": "8290dc63-7aa9-4ab8-92eb-92b2ae6cabca",
"kind": "Event",
"level": "Metadata",
"objectRef": {
"apiGroup": "virtualmachine.gdc.goog",
"apiVersion": "v1",
"name": "vm1",
"namespace": "myusername-test",
"resource": "virtualmachineexternalaccesses"
},
"requestReceivedTimestamp": "2023-09-20T17:13:21.317256Z",
"requestURI": "/apis/virtualmachine.gdc.goog/v1/namespaces/myusername-test/virtualmachineexternalaccesses/vm1",
"responseStatus": {
"code": 200,
"details": {
"group": "virtualmachine.gdc.goog",
"kind": "virtualmachineexternalaccesses",
"name": "vm1",
"uid": "d34ef0ad-f889-458f-804f-0086468a0674"
},
"metadata": {},
"status": "Success"
},
"sourceIPs": [
"10.200.0.6"
],
"stage": "ResponseComplete",
"stageTimestamp": "2023-09-20T17:13:21.330032Z",
"user": {
"groups": [
"system:masters",
"system:authenticated"
],
"username": "kubernetes-admin"
},
"userAgent": "kubectl/v1.23.5 (linux/amd64) kubernetes/c285e78",
"verb": "delete"
}
Memulai ulang VM
| Kolom dalam entri log yang berisi informasi audit | ||
|---|---|---|
| Metadata audit | Nama kolom audit | Nilai |
| Identitas pengguna atau layanan | user |
Misalnya, "user": { "groups": [ "system:authenticated" ], "username": "fop-myusername" } |
|
Target (Kolom dan nilai yang memanggil API) |
requestURI |
Formatnya adalah sebagai berikut:
Dengan namespace dan name mengidentifikasi objek target. Misalnya,
|
| Stempel waktu peristiwa | requestReceivedTimestamp |
Misalnya,
|
| Sumber tindakan | _gdch_cluster |
Misalnya,
|
| Hasil | responseStatus |
Misalnya, "responseStatus": { "code": 202, "metadata": {} } |
| Kolom lainnya | Tidak berlaku | Tidak berlaku |
Contoh log
{
"_gdch_cluster": "org-infrastructure-cluster",
"_gdch_fluentbit_pod": "anthos-audit-logs-forwarder-rxgp7",
"_gdch_org_id": "zone1.google.gdch.test",
"_gdch_org_name": "root",
"annotations": {
"authorization.k8s.io/decision": "allow",
"authorization.k8s.io/reason": "RBAC: allowed by RoleBinding \"fop-myusername-vm-admin/myusername-test\" of Role \"project-vm-admin\" to User \"fop-myusername\""
},
"apiVersion": "audit.k8s.io/v1",
"auditID": "1446c6b9-f728-4f0d-9a70-aa8361749eef",
"kind": "Event",
"level": "Metadata",
"objectRef": {
"apiGroup": "virtualmachineoperations.gdc.goog",
"apiVersion": "v1",
"name": "vm1",
"namespace": "myusername-test",
"resource": "virtualmachines",
"subresource": "restart"
},
"requestReceivedTimestamp": "2023-09-19T22:27:26.787243Z",
"requestURI": "/apis/virtualmachineoperations.gdc.goog/v1/namespaces/myusername-test/virtualmachines/vm1/restart",
"responseStatus": {
"code": 202,
"metadata": {}
},
"sourceIPs": [
"10.200.0.1",
"10.200.0.5"
],
"stage": "ResponseComplete",
"stageTimestamp": "2023-09-19T22:27:26.929619Z",
"user": {
"groups": [
"system:authenticated"
],
"username": "fop-myusername"
},
"userAgent": "Go-http-client/2.0",
"verb": "update"
}
Meninjau tindakan akses darurat dari IO
Operator Infrastruktur (IO) memiliki izin untuk melakukan semua operasi yang diaudit VMM yang dijelaskan dalam dokumen ini di server Management API. Semua tindakan mereka dicatat secara otomatis sebagai bagian dari log audit Kubernetes.
| Kolom dalam entri log yang berisi informasi audit | ||
|---|---|---|
| Metadata audit | Nama kolom audit | Nilai |
| Identitas pengguna atau layanan | user |
Misalnya, "user": { "groups": [ "system:masters", "system:authenticated" ], "username": "kubernetes-admin" } |
|
Target (Kolom dan nilai yang memanggil API) |
Resource khusus VM memiliki pola berikut untuk
|
Misalnya, "objectRef": { "resource": "vmruntimes", "apiGroup": "virtualmachine.private.gdc.goog", "apiVersion": "v1" } |
|
Tindakan (Kolom yang berisi operasi yang dilakukan) |
verb |
"verb":"list" |
| Stempel waktu peristiwa | requestReceivedTimestamp |
Misalnya,
|
| Sumber tindakan | _gdch_cluster |
Misalnya,
|
| Hasil | responseStatus |
Misalnya, "responseStatus": { "code": 200, "metadata": {} } |
| Kolom lainnya | Tidak berlaku | Tidak berlaku |
Contoh log
{
"_gdch_cluster": "org-infrastructure-cluster",
"_gdch_fluentbit_pod": "anthos-audit-logs-forwarder-ztsnr",
"responseStatus": {
"code": 200,
"metadata": {}
},
"kind": "Event",
"stageTimestamp": "2022-11-30T00:47:09.475563Z",
"annotations": {
"authorization.k8s.io/decision": "allow",
"authorization.k8s.io/reason": ""
},
"sourceIPs": [
"10.200.1.109"
],
"objectRef": {
"resource": "vmruntimes",
"apiGroup": "virtualmachine.private.gdc.goog",
"apiVersion": "v1"
},
"apiVersion": "audit.k8s.io/v1",
"verb": "list",
"auditID": "fe338dca-f502-4fde-ba25-98bd29341a83",
"level": "Metadata",
"requestURI": "/apis/virtualmachine.private.gdc.goog/v1/vmruntimes",
"user": {
"groups": [
"system:masters",
"system:authenticated"
],
"username": "kubernetes-admin"
},
"stage": "ResponseComplete",
"requestReceivedTimestamp": "2022-11-30T00:47:09.472822Z",
"userAgent": "operator/v0.0.0 (linux/amd64) kubernetes/$Format",
"_gdch_service_name": "apiserver"
}