Skip to main content
Skip table of contents

Request Auditㅤ

Overview

QueryPie Proxy monitors and records audit logs for each API server call made to Kubernetes clusters managed by your organization.

Viewing Request Audit

image-20240721-082824.png

Administrator > Audit > Kubernetes > Request Audit

  1. Navigate to the Administrator > Audit > Kubernetes > Request Audit menu.

  2. Logs are displayed in descending order based on the Executed At timestamp, from 00:00 to 23:59 of the current day.

  3. You can use the search bar at the top left of the table to search by the following criteria:

    1. Name : User name

    2. Cluster Name : Name of the registered cluster in QueryPie

  4. Click the filter button next to the search field to apply filters using AND/OR conditions based on:

    image-20240721-082906.png

    1. Verb : Specific Kubernetes API action called

      • get, list, watch, create, update, patch, delete, deletecollection

    2. Resource : Specific Kubernetes resource called

      • pods, pods/exec, pods/log, pods/portforward, services, ingresses, deployments, replicasets, statefulsets, daemonsets, configmaps, secrets, namespaces, nodes, persistentvolumes, persistentvolumeclaims, jobs, cronjobs, serviceaccounts, endpoints, roles, rolebindings, clusterroles, clusterrolebindings, others

        • Use others to filter custom resources not listed.

    3. Executed At : Date and time range of the Kubernetes API call

  5. Refresh the log list by clicking the refresh button at the top right of the table.

  6. The table provides the following column details:

    1. No : Event identification number

    2. Executed At : Timestamp of the Kubernetes API call

    3. Result : Result of the API call

      1. (tick) Success

      2. (오류) Failure

    4. Name : Name of the user who made the call

    5. Email : Email of the user

    6. Client IP : IP address of the user's client

    7. Cluster Name : Name of the target Kubernetes cluster

    8. Role : Role name that permitted the action

    9. Namespace : Target namespace

    10. Verb : Specific Kubernetes API action called

    11. Resource : Specific Kubernetes resource called

    12. Resource Name : Name of the specific Kubernetes resource called

    13. Message : Message returned by the API call

      • QueryPie logs actions like pods/exec twice, once for session start and once for session end. These can be distinguished by the message column.

    14. Cluster Endpoint : Target API endpoint called

    15. Kubernetes Groups : Kubernetes group account impersonated by QueryPie Proxy during the API call

    16. Client Name : User client name/version (e.g., kubectl/v1.27.3)

Viewing Request Audit Details

  1. Click on any row to view detailed information.

    image-20240721-083756.png

    Administrator > Audit > Kubernetes > Request Audit > Request Audit Details

    1. The top section displays basic event information:

      1. Result : Result of the API call

        1. (tick) Success

        2. (오류) Failure

      2. Executed At : Date and time range of the Kubernetes API call

      3. Message : Message returned by the API call

      4. Name : Name of the user who made the call

      5. Email : Email of the user

      6. Client IP : IP address of the user's client

      7. Client Name : User client name/version

      8. Cluster Name : Name of the target Kubernetes cluster

      9. Role : Role name that permitted the action

      10. Cluster Endpoint : Target API endpoint called.

      11. Pod Session Recording : Session recording for pods/exec API calls

        1. This field is available only for logs that include session recordings.

        2. The "Session Recording" text will be a hyperlink.

          image-20240512-055657.png

        3. Clicking the link will play the related session recording.

          image-20240721-082651.png

      12. The middle section displays details of the API call:

        1. Verb : Specific Kubernetes API action called

        2. Namespace : Target namespace

        3. Resource : Specific Kubernetes resource called

        4. Resource Name : Name of the specific Kubernetes resource called

        5. Kubernetes Impersonated User : Kubernetes user account impersonated during the API call (--as information)

        6. Kubernetes Impersonated Group : Kubernetes group account impersonated during the API call (--as-group information)

      13. The Request Body at the bottom displays the content of the YAML submitted in the API request.

        1. It is displayed for Create, Update, and Patch actions.

        2. The content can be recorded and stored up to 4KB at maximum.

        3. If the request exceeds 4KB, the Kubernetes API call is processed, but only the first 4KB of the request body is recorded.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close