Skip to content

Commit

Permalink
gke adudit log
Browse files Browse the repository at this point in the history
  • Loading branch information
Victor Yang committed Jul 10, 2021
1 parent 59d0afa commit 5919806
Show file tree
Hide file tree
Showing 3 changed files with 68 additions and 5 deletions.
16 changes: 11 additions & 5 deletions common/functions.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,15 +41,21 @@ enable_project_api() {
gcloud services enable "${2}" --project "${1}"
}


# set PROJECT_ID
PROJECT_ID=$(gcloud config list project --format 'value(core.project)')
export PROJECT_ID=$(gcloud config list project --format 'value(core.project)')
# export PROJECT_ID=$(gcloud config get-value project)

if [ -z "${PROJECT_ID}" ]
then echo >&2 "I require default project is set but it's not. Aborting."; exit 1;
fi

# set PROJECT_NUMBER
PROJECT_NUMBER=$(gcloud projects describe ${PROJECT_ID} \
export PROJECT_NUMBER=$(gcloud projects describe ${PROJECT_ID} \
--format="value(projectNumber)")
#PROJECT_NUMBER="$(gcloud projects describe ${PROJECT_ID} --format='get(projectNumber)')"
#PROJECT_NUMBER=$(gcloud projects list --filter="$PROJECT" --format="value(PROJECT_NUMBER)" --project=$PROJECT)
# PROJECT_NUMBER=$(gcloud projects describe $PROJECT_ID --format="value(projectNumber)")
#PROJECT_NUMBER=$(gcloud projects list --filter="$PROJECT" --format="value(PROJECT_NUMBER)" --project=$PROJECT)

export PROJECT_USER=$(gcloud config get-value core/account) # set current user
export IDNS=${PROJECT_ID}.svc.id.goog # workflow identity domain


34 changes: 34 additions & 0 deletions gke/neg/create.sh
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
#!/usr/bin/env bash
# "---------------------------------------------------------"
# "- -"
# "- Create starts a GKE Cluster -"
# "- -"
# "---------------------------------------------------------"

set -o errexit
set -o nounset
set -o pipefail
set -x


PROJECT_ROOT="$( cd "$( dirname "${BASH_SOURCE[0]}" )/../.." && pwd )"
source "$PROJECT_ROOT"/common/functions.sh

export GCP_REGION="us-west1"
export GKE_CLUSTER_NAME="west1-001"
export GKE_CLUSTER_CHANNEL="None"
export NETWORK_NAME="ignw-pod"


# enable APIs
gcloud services enable compute.googleapis.com \
container.googleapis.com

# create cluster
gcloud container --project $PROJECT_ID clusters create $GKE_CLUSTER_NAME \
--region $GCP_REGION \
--num-nodes 1 \
--enable-ip-alias \
--release-channel $GKE_CLUSTER_CHANNEL

gcloud container clusters get-credentials "$GKE_CLUSTER_NAME" --region $GCP_REGION
23 changes: 23 additions & 0 deletions gke/neg/get-audit-log.sh
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
#!/usr/bin/env bash
# "---------------------------------------------------------"
# "- -"
# "- check audit log -"
# "- -"
# "---------------------------------------------------------"

set -euo pipefail


PROJECT_ROOT="$( cd "$( dirname "${BASH_SOURCE[0]}" )/../.." && pwd )"
source "$PROJECT_ROOT"/common/functions.sh

# get k8s.io audit log
# gcloud logging read \
# "logName=projects/${PROJECT_ID}/logs/cloudaudit.googleapis.com%2Factivity AND protoPayload.serviceName="k8s.io" " \
# --limit 2 --freshness 300d

set -x
gcloud logging read \
"logName=projects/${PROJECT_ID}/logs/cloudaudit.googleapis.com%2Factivity resource.type=k8s_cluster \
protoPayload.resourceName:certificates.k8s.io/v1beta1/certificatesigningrequests" \
--limit 2 --freshness 300d

0 comments on commit 5919806

Please sign in to comment.