Virtual networking (VNET)
Stay organized with collections
Save and categorize content based on your preferences.
File and block storage
CRUD operations on the project network policy
Log type: KRM API management plane audit logs.
| Fields in the log entry that contain audit information | ||
|---|---|---|
| Audit metadata | Audit field name | Value |
| User or service identity | user |
For example,
|
|
Target (Fields and values that call the API) |
requestURI |
|
|
Action (Fields containing the performed operation) |
verb |
For example,
|
| Event timestamp | requestReceivedTimestamp |
For example,
|
| Source of action | sourceIPs |
For example,
|
| Outcome | stage |
For example,
|
| Other fields | Not applicable | Not applicable |
Example log
{
"auditID":"ff8266f6-685f-4239-9ab8-c55083d575e0",
"responseStatus":{
"code":200,
"metadata":{}
},
"level":"Metadata",
"requestURI":"/apis/networking.gdc.goog/v1alpha1/namespaces/platform-obs/projectnetworkpolicies/base-policy-allow-intra-project-traffic/status",
"user":{
"uid":"6e805ff0-3f8c-4073-b4e1-6a0582ff1263",
"username":"system:serviceaccount:gpc-system:fleet-admin-controller",
"extra":{
"authentication.kubernetes.io/pod-uid":[
"45ce2b16-3584-448e-8caf-49cb299dfb55"
],
"authentication.kubernetes.io/pod-name":[
"fleet-admin-controller-5b5d848876-764mt"
]
},
"groups":[
"system:serviceaccounts",
"system:serviceaccounts:gpc-system",
"system:authenticated"
]
},
"_gdch_cluster":"org-1-admin",
"objectRef":{
"resource":"projectnetworkpolicies",
"apiGroup":"networking.gdc.goog",
"name":"base-policy-allow-intra-project-traffic",
"apiVersion":"v1alpha1",
"namespace":"platform-obs",
"subresource":"status"
},
"verb":"patch",
"kind":"Event",
"_gdch_fluentbit_pod":"anthos-audit-logs-forwarder-4267r",
"stage":"ResponseComplete",
"apiVersion":"audit.k8s.io/v1",
"requestReceivedTimestamp":"2022-12-09T04:21:55.497089Z",
"sourceIPs":[
"10.253.164.215"
],
"userAgent":"fleet-admin-cm/v0.0.0 (linux/amd64) kubernetes/$Format",
"stageTimestamp":"2022-12-09T04:21:55.505045Z",
"annotations":{
"authorization.k8s.io/reason":"RBAC: allowed by ClusterRoleBinding \"fleet-admin-controller\" of ClusterRole \"fleet-admin-controller\" to ServiceAccount \"fleet-admin-controller/gpc-system\"",
"authorization.k8s.io/decision":"allow"
},
"_gdch_service_name":"apiserver"
}
CRUD operations on the load balancer
Log type: KRM API management plane audit logs.
| Fields in the log entry that contain audit information | ||
|---|---|---|
| Audit metadata | Audit field name | Value |
| User or service identity | user |
For example,
|
|
Target (Fields and values that call the API) |
objectRef.resource |
|
|
Action (Fields containing the performed operation) |
verb |
For example,
|
| Event timestamp | requestReceivedTimestamp |
For example,
|
| Source of action | sourceIPs |
For example,
|
| Outcome | stage |
For example,
|
| Other fields | Not applicable | Not applicable |
Example log
{
"apiVersion":"audit.k8s.io/v1",
"level":"Metadata",
"_gdch_cluster":"org-1-admin",
"auditID":"113e562b-0576-4b97-bc5f-168a60428f6d",
"user":{
"groups":[
"system:masters",
"system:authenticated"
],
"username":"kubernetes-admin"
},
"stageTimestamp":"2022-12-09T04:29:53.579903Z",
"sourceIPs":[
"10.200.0.5"
],
"responseStatus":{
"code":200,
"metadata":{}
},
"annotations":{
"authorization.k8s.io/decision":"allow",
"authorization.k8s.io/reason":""
},
"stage":"ResponseComplete",
"requestURI":"/api/v1/namespaces/harbor-system/services/harbor-harbor-harbor-core",
"_gdch_fluentbit_pod":"anthos-audit-logs-forwarder-8kc9n",
"verb":"get",
"objectRef":{
"apiVersion":"v1",
"apiGroup":"UNKNOWN",
"resource":"services",
"namespace":"harbor-system",
"name":"harbor-harbor-harbor-core"
},
"userAgent":"root-admin-cm/v0.0.0 (linux/amd64) kubernetes/$Format",
"kind":"Event",
"requestReceivedTimestamp":"2022-12-09T04:29:53.577417Z",
"_gdch_service_name":"apiserver"
}