Home > Net >  Kubernetes: need notification if a new namespace is created
Kubernetes: need notification if a new namespace is created

Time:09-25

So Kubernetes events seems to have options for watch for all kinds of things like pod up/down creation/deletion etc.. - but I want to watch for a namespace creation/deletion itself - and I can't find an option to do that.

I want to know if someone created a namespace or deleted one. Is this possible?

Rgds, Gopa.

CodePudding user response:

Events are namespaced, they show the events happening in a particular namespace. However -A|--all-namespaces would show events from all the namespaces.

If you want to track the lifecycle(creation|deletion|etc) of the namespaces,then audit.logs are simplest option if not the only option.

Example: Creation of namespace called my-ns:

kubectl create  ns my-ns
kubectl get events -n my-ns 
No resources found in my-ns namespace.

kubectl describe ns my-ns   
Name:         my-ns
Labels:       <none>
Annotations:  <none>
Status:       Active

No resource quota.

No LimitRange resource.

Now Here is the output of audit.log at metadata level, this would tell the following:

  1. who created
  2. what created
  3. when created
  4. and lot more.

Example output:

{
   "kind":"Event",
   "apiVersion":"audit.k8s.io/v1",
   "level":"Metadata",
   "auditID":"d28619be-0cb7-4d3e-b195-51fb93ae6de4",
   "stage":"ResponseComplete",
   "requestURI":"/api/v1/namespaces?fieldManager=kubectl-create",
   "verb":"create", #<------operation type
   "user":{
      "username":"kubernetes-admin", #<--------who created
      "groups":[
         "system:masters",
         "system:authenticated"
      ]
   },
   "sourceIPs":[
      "1.2.3.4"
   ],
   "userAgent":"kubectl/v1.20.0 (linux/amd64) kubernetes/af46c47",
   "objectRef":{
      "resource":"namespaces", #<---what created
      "name":"my-ns", #<---name of resource
      "apiVersion":"v1"
   },
   "responseStatus":{
      "metadata":{
         
      },
      "code":201
   },
   "requestReceivedTimestamp":"2021-09-24T16:44:28.094213Z", #<---when created.
   "stageTimestamp":"2021-09-24T16:44:28.270294Z",
   "annotations":{
      "authorization.k8s.io/decision":"allow",
      "authorization.k8s.io/reason":""
   }
}

CodePudding user response:

$ kubectl get ns --watch-only
# run "kubectl create ns test" from another terminal
test   Active   0s
# run "kubectl delete ns test"
test   Terminating   23s
test   Terminating   28s
test   Terminating   28s

Page link:https//www.codepudding.com/net/126527.html

Prev:My React modal component for a submit and edit form won't close?
Next:kubernetes - use-case to choose deployment over daemon-set
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding