| Workload location | Root only workloads |
| Audit log source | |
| Audited operations |
Data changes (CRUD operations)
| Fields in the log entry that contain audit information | ||
|---|---|---|
| Audit metadata | Audit field name | Value |
| User or service identity | user.username | For example, "user":{ "username":"system:serviceaccount:kube-system: addon-manager-controller-sa" } |
| Target (Fields and values that call the API) | requestURI | |
| Action (Fields containing the performed operation) | verb | |
| Event timestamp | requestReceivedTimestamp | For example, |
| Source of action | sourceIPs | For example,
|
| Outcome | stage | For example,
|
| Other fields | Not applicable | Not applicable |
Example log
{ "kind": "Event", "apiVersion": "audit.k8s.io/v1", "level": "Metadata", "auditID": "8c604d8d-368c-4294-9cfa-e361b4cbbefa", "stage": "RequestReceived", "requestURI": "/apis/addon.private.gdc.goog/VERSION/namespaces/root/addonsets/root-admin/status", "verb": "patch", "user": { "username": "system:serviceaccount:kube-system:addon-manager-controller-sa", "uid": "43ee00d0-fd9a-48ff-9e74-da11e39144fe", "groups": [ "system:serviceaccounts", "system:serviceaccounts:kube-system", "system:authenticated" ], "extra": { "authentication.kubernetes.io/pod-name": [ "addon-manager-controller-55cc67bf8f-dr7z7" ], "authentication.kubernetes.io/pod-uid": [ "735fc26e-a94a-4c10-a90a-86948cda9eeb" ] } }, "sourceIPs": [ "10.253.132.107" ], "userAgent": "addon-manager-cm/v0.0.0 (linux/amd64) kubernetes/$Format", "objectRef": { "resource": "addonsets", "namespace": "root", "name": "root-admin", "apiGroup": "addon.private.gdc.goog", "apiVersion": "VERSION", "subresource": "status" }, "requestReceivedTimestamp": "2022-11-18T23:15:22.882546Z", "stageTimestamp": "2022-11-18T23:15:22.882546Z" }