Reputation: 418
How to know who created a specific kubernetes object
I'm actually curious to know is there any way to get the user who created a specific object in kubernetes. I am using kubernetes client-go library.
from my understanding kubernetes object doesn't hold any user-meta information. So how should I approach this ?
Upvotes: 0
Views: 1010
Answers (2)
Reputation: 44559
You can write a custom admission webhook which mutates the CRUD request for any object coming to kubernetes API server and add the user as a label to the object.This way you will always know who created the object by looking at that label. Also make sure to use validation admission webhook to reject any edit by the users to that label so that the information can not be changed or tampered.
Upvotes: 4
Reputation: 3138
Auditing describes the who, when and what: https://kubernetes.io/docs/tasks/debug-application-cluster/audit/. I think the way that you use it is to configure a logging backend which stores the logs and then allows you to query what happened.
Upvotes: 0
Related Questions
- Find running container's user ID in Kubernetes for all pods in a cluster
- Is there anyway to display who created pod or modified in kubernetes in logs?
- Finding out the Kubernetes object that uses the Kubernetes secret
- Get the Kubernetes uid of the Deployment that created the pod, from within the pod
- Find Kubernetes namespace creator
- Is there a way to see who ran pods/jobs in Kubernetes?
- Is it possible to find out what user uploaded a kubernetes secret?
- How to identify who edited yaml or property file in Kubernetes?
- How to get creator information about particular resource from kubectl get or describe command
- How to get which user has created a revision of a resource?