Hi Folks,
I’m Naveen working as a security engineer, recently we onboarded a “Kubernetes” product & while collecting logs for kube-apiserver, kube-audit, kube-controller-manager category.
in the below kube-audit category logs,
{
"operationName":"Microsoft.ContainerService/managedClusters/diagnosticLogs/Read",
"category":"kube-apiserver",
"resourceId":"/SUBSCRIPTIONS/C111111-DXXX-4XXX-AXXX-900000000/RESOURCEGROUPS/AG-AKS-RG/PROVIDERS/MICROSOFT.CONTAINERSERVICE/MANAGEDCLUSTERS/AG-AKS-CLUSTER",
"properties":▼{
"log":"I0624 20:14:59.855669 1 wrap.go:47] PUT /api/v1/namespaces/kube-system/endpoints/kube-scheduler?timeout=10s:
(9.05251ms) 200 [hyperkube/v1.12.8 (linux/amd64) kubernetes/a89f8c1/leader-election 172.31.1.1:48110]
",
"stream":"stderr",
"pod":"kube-apiserver-796bd9b775-xqk5s",
"containerID":"2d6cac1300da3226323fd1b936fe8278b87cba2b7a1bbd9c8401da6f8e786f5e"
},
"time":"2019-06-24T20:14:59.000Z"
}
from this “log” key - the value contains “I0624” what is that represents.
In more logs the keyword get different “E0428” & “W0506” & so on.
i’m came across this blog - click here
they have mention its an <klog header>. couldn’t able to find more info about that.
if anyone knows about what it does, kindly share the info.
Regards,
Naveen