openshift/openshift-docs
1
0
Fork 0
mirror of https://github.com/openshift/openshift-docs.git synced 2026-02-06 06:46:26 +01:00
Code Issues Releases Activity
Files
3ac63453900a59fda1f9fe2eda9bc7d7300a4752
openshift-docs/modules/nodes-nodes-audit-log-basic.adoc
Kathryn Alexander 1c27bbc22a Merge pull request #14915 from kalexand-rh/oc_ver 
updating kube version
2019-05-20 08:36:14 -04:00

33 lines
2.0 KiB
Plaintext
Raw Blame History

// Module included in the following assemblies:
//
// * nodes/nodes-audit-log.adoc
[id="nodes-pods-audit-log-basic_{context}"]
= About the API Audit Log
Audit works at the API server level, logging all requests coming to the server.
Each audit log contains two entries:
. The request line containing:
.. A Unique ID allowing to match the response line (see #2)
.. The source IP of the request
.. The HTTP method being invoked
.. The original user invoking the operation
.. The impersonated user for the operation (`self` meaning himself)
.. The impersonated group for the operation (`lookup` meaning user's group)
.. The namespace of the request or <none>
.. The URI as requested
. The response line containing:
.. The unique ID from #1
.. The response code
You can view logs for the master nodes for the {product-title} API server or the Kubernetes API server.
Example output for the Kubelet API server:
----
ip-10-0-140-97.ec2.internal {"kind":"Event","apiVersion":"audit.k8s.io/v1beta1","metadata":{"creationTimestamp":"2019-04-09T19:56:58Z"},"level":"Metadata","timestamp":"2019-04-09T19:56:58Z","auditID":"6e96c88b-ab6f-44d2-b62e-d1413efd676b","stage":"ResponseComplete","requestURI":"/api/v1/nodes/audit-2019-04-09T14-07-27.129.log","verb":"get","user":{"username":"kube:admin","groups":["system:cluster-admins","system:authenticated"],"extra":{"scopes.authorization.openshift.io":["user:full"]}},"sourceIPs":["10.0.57.93"],"userAgent":"oc/v1.13.4+b626c2fe1 (linux/amd64) kubernetes/ba88cb2","objectRef":{"resource":"nodes","name":"audit-2019-04-09T14-07-27.129.log","apiVersion":"v1"},"responseStatus":{"metadata":{},"status":"Failure","reason":"NotFound","code":404},"requestReceivedTimestamp":"2019-04-09T19:56:58.982157Z","stageTimestamp":"2019-04-09T19:56:58.985300Z","annotations":{"authorization.k8s.io/decision":"allow","authorization.k8s.io/reason":"RBAC: allowed by ClusterRoleBinding \"cluster-admins\" of ClusterRole \"cluster-admin\" to Group \"system:cluster-admins\""}}
----
View Git Blame Copy Permalink