Sysadmin Garden of Eden Docs

Version 1337.42.0

Regex


Table of Contents


Some neat regex to parse certain messages from Kubernetes logs.

RBAC DENY Messages

Good to setup some log alerting on those messages to make sure the applications are not hammering the API servers with “bad” RBAC.

Match message (should be enough for matching):

\] RBAC DENY:

Rewriting into a comma separated list + showing occurence counts:

perl -n -e'/\] RBAC DENY: user "(.+)" groups \[(".+")\] cannot "([a-zA-Z]+)" resource "([a-zA-Z._-]+)" in namespace "([a-zA-Z-_]+)"/ && print "ns=$5,verb=$3,resource=$4,user=$1,groups=$2\n"' | sort | uniq -c

Last updated on 22 Jul 2019
Published on 14 Jun 2019