Closed oomichi closed 4 years ago
API snoop で audit.log を使っているらしいので、それをキーに調べ始める
https://github.com/cncf/apisnoop
$ cat audit-sources.yaml
buckets:
ci-kubernetes-e2e-gce-cos-k8sbeta-default:
jobs:
- '1154227121619472385'
ci-kubernetes-e2e-gce-cos-k8sstable1-default:
jobs:
- '1154220077361401857'
ci-kubernetes-e2e-gce-cos-k8sstable2-default:
jobs:
- '1154159681254461441'
ci-kubernetes-e2e-gce-cos-k8sstable3-default:
jobs:
- '1154080042477686784'
ci-kubernetes-e2e-gci-gce:
jobs:
- '1134962072287711234'
- '1141017488889221121'
- '1145963446211186694'
# - '1149004346751455234'
- '1154232155547635716'
- '1162069198835290112'
default-view:
bucket: ci-kubernetes-e2e-gci-gce
job: '1154232155547635716'
source: prow.k8s.io
ci-kubernetes-e2e-gci-gce ジョブが audit.log を含むことを確認する
ci-kubernetes-e2e-gci-gce を探す。 設定: https://github.com/kubernetes/test-infra/blob/master/config/jobs/kubernetes/sig-cloud-provider/gcp/gcp-gce.yaml#L143 Slack で質問中: https://kubernetes.slack.com/archives/CAT5Y92TT/p1570674719003700
--audit-log-path=/var/log/kube-apiserver-audit.log
で audit.log の出力先を kube-apiserver プロセス起動で指定する。
そもそも他のジョブでも audit.log を出している。
https://gcsweb.k8s.io/gcs/kubernetes-jenkins/pr-logs/pull/83667/pull-kubernetes-e2e-gce/1182087758055739395/artifacts/e2e-69c42ac457-674b9-master/
pull-kubernetes-e2e-gce ジョブの audit.log の内容を確認する。 サンプル: https://gcsweb.k8s.io/gcs/kubernetes-jenkins/pr-logs/pull/83667/pull-kubernetes-e2e-gce/1182087758055739395/artifacts/e2e-69c42ac457-674b9-master/ サイズ: 5,883,959 (=6MBytes) そもそも結構あるな
{"kind":"Event","apiVersion":"audit.k8s.io/v1","level":"Request",
"auditID":"1719a867-1dc8-434b-8ebc-dffb6c710265", "stage":"ResponseComplete",
"requestURI":"/apis/apps/v1/namespaces/deployment-2784/deployments/test-new-deployment",
"verb":"get",
"user":{"username":"kubecfg","groups":["system:masters","system:authenticated"]},
"sourceIPs":["35.193.136.146"],
"userAgent":"e2e.test/v0.0.0 (linux/amd64) kubernetes/$Format -- [sig-apps] Deployment deployment reaping should cascade to its replica sets and pods",
"objectRef":{
"resource":"deployments","namespace":"deployment-2784",
"name":"test-new-deployment","apiGroup":"apps","apiVersion":"v1"},
"responseStatus":{"metadata":{},"code":200},
"requestReceivedTimestamp":"2019-10-10T00:50:21.373569Z",
"stageTimestamp":"2019-10-10T00:50:21.438930Z",
"annotations":{"authorization.k8s.io/decision":"allow","authorization.k8s.io/reason":""}
}
欲しい情報は全て取れている。 これで良さそう
作成完了、提案済み
Write it on https://docs.google.com/document/d/154Gkh0Oo2pMRXMwyqiaOi_FsPT0NEshSMXLNlf291m0/edit#