Domain name for API request: tcss.intl.tencentcloudapi.com.
Querying details of a K8s API exception event
A maximum of 20 requests can be initiated per second for this API.
The following request parameter list only provides API request parameters and some common parameters. For the complete common parameter list, see Common Request Parameters.
| Parameter Name | Required | Type | Description |
|---|---|---|---|
| Action | Yes | String | Common Params. The value used for this API: DescribeK8sApiAbnormalEventInfo. |
| Version | Yes | String | Common Params. The value used for this API: 2020-11-01. |
| Region | No | String | Common Params. This parameter is not required. |
| ID | Yes | Integer | Event ID |
| Parameter Name | Type | Description |
|---|---|---|
| Info | K8sApiAbnormalEventInfo | Event details |
| RequestId | String | The unique request ID, generated by the server, will be returned for every request (if the request fails to reach the server for other reasons, the request will not obtain a RequestId). RequestId is required for locating a problem. |
POST / HTTP/1.1
Host: tcss.intl.tencentcloudapi.com
Content-Type: application/json
X-TC-Action: DescribeK8sApiAbnormalEventInfo
<Common request parameters>
{
"ID": 10
}
{
"Response": {
"Info": {
"AlarmCount": 1,
"ClusterID": "cls-abhq0j4o-666",
"ClusterMasterIP": "10.0.1.92",
"ClusterName": "clsfoo***",
"ClusterRunningStatus": "CSR_RUN****",
"Desc": "Anonymous user access requests to your K8s API Server have been detected. Attackers can exploit anonymous users to access cluster resources through the API Server, such as entering containers to run commands."
"FirstCreateTime": "2024-10-22T11:00:45Z",
"HighLightFields": [
"RequestUser"
],
"Info": "{\"Verb\": \"list\", \"AuditID\": \"4e477a26-b171-4702-a2ac-1ac494ae8c85\", \"PodNameIP\": \"\", \"SourceIPS\": \"[\\\"10.0.0.4\\\"]\", \"UserAgent\": \"tcss_agent_cluster/v0.0.0 (linux/amd64) kubernetes/$Format\", \"RequestURI\": \"/api/v1/namespaces?limit=1\", \"RequestUser\": \"{\\\"groups\\\":\\\"[\\\\\\\"system:unauthenticated\\\\\\\"]\\\",\\\"uid\\\":\\\"\\\",\\\"username\\\":\\\"system:anonymous\\\"}\", \"MountHostDir\": \"\", \"RequestObject\": \"{\\\"metadata\\\":\\\"\\\"}\", \"ResponseObject\": \"{\\\"metadata\\\":\\\"\\\"}\", \"ResponseStatusCode\": \"200\"}",
"K8sVersion": "1.0.1",
"LastCreateTime": "2024-10-22T11:00:45Z",
"MatchRule": {
"Action": "RULE_MODE_ALERT",
"IsDelete": false,
"RiskLevel": "HIGH",
"Scope": "{\"RequestUser\": \"system:anonymous\", \"RequestUserGroups\": \"system:anonymous\"}",
"Status": false
},
"MatchRuleID": "SYSTEM",
"MatchRuleName": "System rule",
"MatchRuleType": "ANONYMOUS_ACCESS",
"RiskLevel": "HIGH",
"RunningComponent": [],
"Status": "EVENT_UNDEAL",
"Suggestion": "Enabling anonymous users poses relatively high risks. We recommend disabling anonymous users promptly to avoid exploitation by attackers. Also, check whether the source IP and the resources operated belong to normal maintenance operations.\n1. Modify the API Server configuration file (for example: /etc/kubernetes/manifests/kube-apiserver.yaml) to change anonymous-auth to false. Modify the bind-address to avoid listening on 0.0.0.0 or use security group limits. Remove the insecure-port configuration.\n2. Disable the kubelet's JWT authentication feature, such as removing the anonymous-auth configuration in the kubelet service configuration file.\nBefore modifying the configuration, confirm whether it is a business need. Back up the configuration file before making changes."
},
"RequestId": "8d8d41ab-6dfd-4f66-ad09-4a882485e733"
}
}
TencentCloud API 3.0 integrates SDKs that support various programming languages to make it easier for you to call APIs.
The following only lists the error codes related to the API business logic. For other error codes, see Common Error Codes.
| Error Code | Description |
|---|---|
| InternalError | An internal error occurred. |
| InvalidParameter | The parameter is incorrect. |
| ResourceNotFound | The resource does not exist. |
文档反馈