投稿時間:2022-08-05 21:35:52 RSSフィード2022-08-05 21:00 分まとめ(38件)

カテゴリー等	サイト名等	記事タイトル・トレンドワード等	リンクURL	頻出ワード・要約等/検索ボリューム	登録日
IT	ITmedia 総合記事一覧	[ITmedia ビジネスオンライン] 「カービィカフェ NAGOYA」が9月15日にオープン　限定メニューを公開	https://www.itmedia.co.jp/business/articles/2208/05/news183.html	itmedia	2022-08-05 20:09:00
IT	ITmedia 総合記事一覧	[ITmedia ビジネスオンライン] プロゲーマー「ときど」、新ユニフォームを発表　狙いは？	https://www.itmedia.co.jp/business/articles/2208/05/news178.html	itmedia	2022-08-05 20:03:00
js	JavaScriptタグが付けられた新着投稿 - Qiita	JavaScriptのClassについて part3	https://qiita.com/hu-yu/items/e4529a08e902dcd12a6e	ertiesandmethodsjavascri	2022-08-05 20:41:28
AWS	AWSタグが付けられた新着投稿 - Qiita	【AWS】S3のアクセス設定（ACL、パブリックアクセス）	https://qiita.com/morinskyy/items/0af29df071e9b0cf3ecd	設定	2022-08-05 20:50:01
AWS	AWSタグが付けられた新着投稿 - Qiita	AWS: 簡単なLAMPサーバーでWordPressを動かすまで（Intel Mac） 〜EC2を作成／セキュリティグループの設定〜	https://qiita.com/holySh10/items/90a3501d819f1ae2c7cd	intelmacec	2022-08-05 20:18:18
AWS	AWSタグが付けられた新着投稿 - Qiita	【AWS】スロットリング対策	https://qiita.com/morinskyy/items/45e08ab1c452274fef4a	一定期間	2022-08-05 20:11:33
Git	Gitタグが付けられた新着投稿 - Qiita	【git】リモート追跡ブランチと上流ブランチを理解したい	https://qiita.com/tatsuya_1995/items/4b8871709d3efe688400	gitfetch	2022-08-05 20:22:15
技術ブログ	Developers.IO	Babelfish for Aurora PostgreSQL で ASP.NET Core + EF Core のコードファーストアプローチが使えるか確認してみた	https://dev.classmethod.jp/articles/babelfish-for-aurora-postgresql-asp-net-core-ef-core-code-first/	aspnetcoreefcore	2022-08-05 11:26:04
海外TECH	Ars Technica	Rocket Report: SpaceX launches Korea to the Moon, Georgia’s litigious spaceport	https://arstechnica.com/?p=1871483	camden	2022-08-05 11:30:24
海外TECH	DEV Community	Kubernetes Audit Logs - Best Practices And Configuration ✨	https://dev.to/signoz/kubernetes-audit-logs-best-practices-and-configuration-31hl	Kubernetes Audit Logs Best Practices And Configuration This tutorial was originally posted on SigNoz Blog and is written by Vinayak PandeyKubernetes is the de facto leader of container orchestration tools With the growing popularity of micro service based development Kubernetes emerged as the go to tool to deploy and manage large scale enterprise applications However with the plethora of features offered by Kubernetes it is a complex tool to manage and operate This article will focus on how to configure Kubernetes Audit Logs so that you can have the records of events happening in your cluster What is Kubernetes Audit Log If you have working experience with Kubernetes then you must be aware that all the communications between Kubernetes components and the commands executed by the users are REST API calls Kubernetes API Server is the component that processes all these requests So whenever you execute a kubectl command it is basically a wrapper for the API call made to the API Server Kubernetes Audit Logs record all these API calls made to the API Server This includes the API calls by different users and the ones made by different components of Kubernetes itself These logs provide a lot of information related to the API request like the time of the request source IP and the user who made the request what kind of the request it was and the response sent by API Server Why Should You Configure Kubernetes Audit Logs Audit logs provide visibility into the events occurring in a Kubernetes cluster and act as a foundation for security and compliance With properly configured audit logging you can quickly identify any abnormal activity going on in your cluster like failed login attempts or attempts to access sensitive Secrets Auditing lets you quickly take action on malicious activities instead of operating in silos Regular auditing of the event log data also assists in implementing cluster hardening and mitigating any misconfiguration Kubernetes Audit PolicyAudit Logs are captured based on the Audit Policy configured Audit policy defines what events should be recorded and what data to be included Rules configured in the Audit policy are processed in order and the first matching rule sets the audit level of the event Each request can be recorded with an associated stage Following are the stages for which audit logging can be enabled RequestReceived The stage for events generated as soon as the audit handler receives the requestResponseStarted Once the response headers are sent but before the response body is sent ResponseComplete The response body has been completedPanic Events generated when a panic occurredThe information captured for an event depends upon the audit level configured You can use the following audit levels None Don t log events that match this ruleMetadata Log request event metadata Request Response body is not logged Request Log event metadata and request bodyRequestResponse Log event metadata along with request and response body Configuring Kubernetes AuditingNow is the time to see Kubernetes Auditing in action In a self hosted cluster auditing is not enabled out of the box If you are using a managed Kubernetes cluster you may go through your vendor s documentation to check whether auditing is enabled by default or if you need to enable it The cluster used here has one control plane instance and one node instance and you can use the same steps for a minikube cluster or any other bare metal Kubernetes cluster Step Connect to control planeConnect to the control plane node and create a directory to host the audit policy as well as audit logs mkdir etc kubernetes audit Step Create an audit policyCreate an audit policy file named etc kubernetes audit policy yaml with the following data apiVersion audit ks io vkind Policyrules level None verbs get watch list level None resources group core resources events level None users system kube scheduler system kube proxy system apiserver system kube controller manager system serviceaccount gatekeeper system gatekeeper admin level None userGroups system nodes level RequestResponse Step Add required entriesAdd following entries in etc kubernetes manifests kube apiserver yaml audit policy file etc kubernetes audit policy yaml audit log path etc kubernetes audit audit log audit log maxsize audit log maxbackup Scroll down and add a volume under the volumes section hostPath path etc kubernetes audit type DirectoryOrCreate name auditNow mount this volume by adding the following data under the volumeMounts section mountPath etc kubernetes audit name auditThat s all you need to do in order to configure audit logging Since you have modified the kube apiserver manifest your kube apiserver pod will be recreated Once the pod is up and running execute the following command to create a service account kubectl create sa testThis API request will be logged in the audit log file etc kubernetes audit audit log and you ll see a couple of entries like this kind Event apiVersion audit ks io v level RequestResponse auditID a ff c ed dca stage RequestReceived requestURI api v namespaces default serviceaccounts fieldManager kubectl create verb create user username kubernetes admin groups system masters system authenticated sourceIPs userAgent kubectl v linux amd kubernetes ad objectRef resource serviceaccounts namespace default apiVersion v requestReceivedTimestamp T Z stageTimestamp T Z and kind Event apiVersion audit ks io v level RequestResponse auditID a ff c ed dca stage ResponseComplete requestURI api v namespaces default serviceaccounts fieldManager kubectl create verb create user username kubernetes admin groups system masters system authenticated sourceIPs userAgent kubectl v linux amd kubernetes ad objectRef resource serviceaccounts namespace default name test apiVersion v responseStatus metadata code requestObject kind ServiceAccount apiVersion v metadata name test creationTimestamp null responseObject kind ServiceAccount apiVersion v metadata name test namespace default uid deaa d ba aca ef resourceVersion creationTimestamp T Z requestReceivedTimestamp T Z stageTimestamp T Z annotations authorization ks io decision allow authorization ks io reason If you check the auditID it is the same for both the events a ff c ed dca since both the entries belong to the same event The first entry is for the RequestReceived stage and the second one is for the ResponseComplete stage With this data you can easily figure out what the request was and who made this request by looking at sourceIPs username requestURI responseStatus and responseObject fields In the audit policy if you change the audit level from RequestResponse to MetaData you will not see requestObject and responseObject fields and if the audit level is set to Request then there will be a requestObject field but the responseObject field won t be logged Going back to our event data HTTP Status in the responseStatus field indicates that as a result of the HTTP POST request one or more new resources have been successfully created on the server which is a service account in this case If a user who doesn t have access to create a service account tries to create a service account you ll see an entry like this in the audit log kind Event apiVersion audit ks io v level RequestResponse auditID eff a bd bd ffada stage RequestReceived requestURI api v namespaces default serviceaccounts fieldManager kubectl create verb create user username myuser groups Dev system authenticated sourceIPs userAgent kubectl v linux amd kubernetes ad objectRef resource serviceaccounts namespace default apiVersion v requestReceivedTimestamp T Z stageTimestamp T Z and kind Event apiVersion audit ks io v level RequestResponse auditID eff a bd bd ffada stage ResponseComplete requestURI api v namespaces default serviceaccounts fieldManager kubectl create verb create user username myuser groups Dev system authenticated sourceIPs userAgent kubectl v linux amd kubernetes ad objectRef resource serviceaccounts namespace default apiVersion v responseStatus metadata status Failure reason Forbidden code responseObject kind Status apiVersion v metadata status Failure message serviceaccounts is forbidden User myuser cannot create resource serviceaccounts in API group in the namespace default reason Forbidden details kind serviceaccounts code requestReceivedTimestamp T Z stageTimestamp T Z annotations authorization ks io decision forbid authorization ks io reason This event tells you that a user named myuser tried to create a service account and the request was denied due to insufficient permission Since these records are JSON formatted you can use the jq tool to search the log entries with commands like these tail f etc kubernetes audit audit log jq select responseStatus code contains tail f etc kubernetes audit audit log jq select user username contains myuser Best Practices For Kubernetes AuditingIn a production environment you need to consider some best practices for Kubernetes Auditing This includes Create a comprehensive auditing policy based on your logging requirementsUse webhook backends to send audit data to remote endpoints instead of storing logs on diskControl access to audit data so that it can t be tampered withConfigure alerts and visualization based on the audit logs so that you get informed about important events like deletion of secrets etcetera Final ThoughtsAuditing is a very important part of Kubernetes cluster security which gives you visibility about the events happening in your cluster and helps run a properly configured and secure cluster In this article you ve learned about what Kubernetes Auditing is why it is important and how to configure it Security is a never ending process and there is always scope for further optimization and improvement The information presented in this article sets you out on a journey towards securing your Kubernetes Cluster for you to explore it further If you want to stay ahead of issues in your Kubernetes cluster you need to monitor it SigNoz an open source APM can monitor metrics traces and logs of your Kubernetes cluster It is built to support OpenTelemetry natively the open source standard for instrumenting cloud native applications You can check out SigNoz GitHub repo here Read the following blog to learn how to monitor your Kubernetes cluster with SigNoz Kubernetes monitoring with open source tools	2022-08-05 11:38:38
Apple	AppleInsider - Frontpage News	China may block Apple supplier shipments if strict labeling requirements aren't met	https://appleinsider.com/articles/22/08/05/china-may-block-apple-supplier-shipments-if-strict-labeling-requirements-arent-met?utm_medium=rss	China may block Apple supplier shipments if strict labeling requirements aren x t metApple has warned its suppliers that China is now strictly enforcing a rule about labeling Taiwanese shipments after Nancy Pelosi s visit to Taiwan stoked fears of trade problems According to Nikkei Asia shipments from Taiwan to iPhone manufacturer Pegatron in China were held up in customs for review on Thursday August According to the long standing but previously relaxed rule the phrase made in Taiwan could lead to fines or the shipment being rejected It s over a dispute where China maintains that Taiwan is part of its territory which has led to issues such as Macs in the country not being able to display the Taiwanese flag Read more	2022-08-05 11:20:34
Apple	AppleInsider - Frontpage News	How to force an iPhone or iPad to stay on all the time	https://appleinsider.com/inside/ipad/tips/how-to-force-an-iphone-or-ipad-to-stay-on-all-the-time?utm_medium=rss	How to force an iPhone or iPad to stay on all the timeYou may have reasons to keep your iPad or iPhone on for an extended period of time But the open questions are why would you want to do this and if it will harm your device iPads can be used in many ways Some of those ways may mean leaving your iPad display on constantly Recently I set up my at home workspace with a MacBook Pro and an external display I then plugged an iPad into the MacBook to extend my desktop Read more	2022-08-05 11:09:55
海外TECH	Engadget	NASA reportedly had contingency plans for Russia's ISS exit last year	https://www.engadget.com/nasa-drew-up-contingency-plans-for-russia-iss-exit-in-2021-112253631.html?src=rss	NASA reportedly had contingency plans for Russia x s ISS exit last yearYuri Borisov the newly appointed chief of Roscosmos recently announced that Russia is pulling out of the International Space Station after NASA and Russia s space agency work in tandem to keep the station running and the latter s exit would change ISS operations tremendously According to Reuters though NASA has actually been preparing for such a possibility way before Borisov made his announcement ーand even before the invasion of Ukraine began ーin light of the increasing tensions between Russia and the US Reuters sources said NASA and the White House drew up contingency plans for the ISS late last year Those plans include ways to pull astronauts out of the station if Russia leaves abruptly and ways to keep the ISS running without Russian hardware While the US module keeps the station balanced and provides the electricity it needs to run using its solar arrays Roscosmos module has the thrusters needed to keep the flying lab in orbit And that is why NASA s contingency plans also reportedly include examining ways to dispose of the station years earlier than planned nbsp Apparently NASA was working on creating a formal request for contractors to conjure up ways to deorbit the space station over the past few weeks That said the agency roped in private space companies into its contingency planning in hopes of keeping the ISS in orbit even without Russia The sources said Boeing already formed a team of engineers to figure out how to control the ISS without Russia s thrusters SpaceX chief Elon Musk also previously expressed interest in helping out when former Roscosmos director Dmitry Rogozin slammed Western sanctions against his country asking who would quot save the ISS from uncontrolled deorbiting quot if the West blocks cooperation with Russia Back in June Northrop Grumman was successfully able to adjust the station s orbit for future operations using its Cygnus capsule which was then docked to the ISS Reuters sources said SpaceX is also looking into the possibility of using its spacecraft to boost the station s orbit nbsp Borisov said Russia hasn t set a date for its exit yet but that it would honor its obligations and will give partners a one year notice before it leaves Roscosmos and NASA will most likely continue working closely until Russia pulls out of the program ーthey even recently agreed to swap seats on Crew Dragon and Soyuz flights to the ISS	2022-08-05 11:22:53
海外TECH	Engadget	The Morning After: What to expect from Samsung’s Unpacked event	https://www.engadget.com/the-morning-after-what-to-expect-from-samsungs-unpacked-event-111557802.html?src=rss	The Morning After What to expect from Samsung s Unpacked eventAre you ready for Samsung s summer salvo of foldables wearables and peripherals Yes it s that time again and the company s Unpacked event is likely to share two foldable smartphones a new Pro wearable and probably some new software tricks Judging by the leaks it won t be a major shakeup but the new Galaxy Z Fold may borrow design cues from the S Ultra ensuring a more contemporary look The next gen Galaxy Z Flip the clamshell one looks even more like its predecessor so we re waiting on confirmation on exactly what has changed This is the series helping Samsung sell its foldable family to the world ーhopefully the company has ways to capitalize on this enthusiasm And throw in a bigger battery Samsung looks set to reveal its Galaxy Watch Pro next week too You might not get the knurled bezel of previous Samsung smartwatches but the Pro would upgrade from a steel case to light but strong titanium Samsung inadvertently hinted at the Pro name in its Health app although it didn t provide further clues Samsung Unpacked will stream on Wednesday August th at AM ET and we re reporting live on all the big reveals We ll probably have some minty fresh opinions on foldable phones too ーMat SmithThe biggest stories you might have missedThe best smartphones you can buy right nowCanon EOS R review A strong start for RF mount crop sensor camerasSan Diego joins other cities in restricting police use of surveillance technologyHBO Max and Discovery to combine into one streaming platform in Report Apple retaliated against women who complained about misconduct The best Nintendo Switch games for A guide for beginners from A to Z trigger The Switch continues to approach the status of Nintendo s best selling “home console ever ーand seven Switch games have already outsold the Wii U console It s thanks to the Switch s unique hybrid format and an ever growing game library with uncharacteristically strong third party support However the Switch s online store isn t the easiest to navigate so this guide helps the uninitiated start their journey on the right foot once again updated for Continue reading Paramount hits million subscribersIt s not just leaning on Star Trek Well not completely ViacomCBS has revealed that Paramount added million subscribers in the second quarter with more than million total users And that s after withdrawing from Russia The company partly credited the surge of expansions to more countries including the UK Ireland and South Korea These gains are good but the overall Paramount subscriber count is still tiny compared to Netflix million and Amazon Prime Video over million Continue reading Something is making the Earth spin faster and days shorterA negative leap second may be needed to correct clocks Buena Vista Images via Getty ImagesSure it sounds like some bleak sci fi premise but it s happening According to scientists midnight on June th arrived milliseconds sooner than expected It was the shortest day in over half a century Scientists believe earthquakes stronger winds in El Niño years ice caps melting and refreezing the Moon and the climate could all affect rotation speed Some have suggested the Chandler wobble ーa small deviation in the Earth s point of rotation ーmay be having an effect too Continue reading Microsoft is testing an Xbox Game Pass family planFolks in Ireland and Colombia can try it out now After months of rumors Microsoft is starting to test an Xbox Game Pass Ultimate family plan in the wild Xbox Insiders in Colombia and Ireland can try out the new offering that allows them to add up to four other people to their plan as long as they re in the same country Those folks will get access to all the benefits of Game Pass Ultimate including a library of hundreds of titles for console PC and cloud gaming If you re in either country you can buy the Xbox Game Pass ーInsider Preview plan from the Microsoft Store though enrolment is limited Continue reading Instagram is expanding NFT features to more than countriesThe app started a public test of NFTs in feed posts messages and Stories in May Once we ve all collectively sighed Instagram is doubling down on digital collectibles After a test launch in May the app is expanding its NFT features to more than countries across Africa Asia Pacific the Middle East and the Americas Instagram users can include NFTs in their feed and messages as well as in augmented reality stickers in Stories NFT creators and collectors are automatically tagged for attribution You can t buy or sell NFTs on Instagram just yet but the company has strongly hinted it s working on a marketplace Perfect timing Meta The non fungible token NFT market just fell off a cliff Continue reading	2022-08-05 11:15:57
海外TECH	CodeProject Latest Articles	Build NFT Collection Web3 Application with Hardhat and React Typescript	https://www.codeproject.com/Articles/5338801/Build-NFT-Collection-Web3-Application-with-Hardha	contract	2022-08-05 11:44:00
海外科学	NYT > Science	How Republicans Are ‘Weaponizing’ Public Office Against Climate Action	https://www.nytimes.com/2022/08/05/climate/republican-treasurers-climate-change.html	How Republicans Are Weaponizing Public Office Against Climate ActionA Times investigation revealed a coordinated effort by state treasurers to use government muscle and public funds to punish companies trying to reduce greenhouse gases	2022-08-05 11:39:20
医療系	医療介護 CBnews	救急業務のマイナンバーカード活用、WGで検証へ-総務省消防庁の検討会	https://www.cbnews.jp/news/entry/20220805201845	労働者健康安全機構	2022-08-05 20:25:00
金融	金融庁ホームページ	期間業務職員（事務補佐員）を募集しています。	https://www.fsa.go.jp/common/recruit/r4/kikaku-07.html	補佐	2022-08-05 13:00:00
ニュース	BBC News - Home	Archie Battersbee: Family refused permission for hospice move	https://www.bbc.co.uk/news/uk-england-essex-62424659?at_medium=RSS&at_campaign=KARANGA	mother	2022-08-05 11:57:49
ニュース	BBC News - Home	Clampdown on social media ads for risky hay-fever jab	https://www.bbc.co.uk/news/health-62428032?at_medium=RSS&at_campaign=KARANGA	fever	2022-08-05 11:21:15
ニュース	BBC News - Home	Sky Sports commentator apologises over Hillsborough remarks	https://www.bbc.co.uk/news/uk-england-merseyside-62435996?at_medium=RSS&at_campaign=KARANGA	apologises	2022-08-05 11:32:37
ニュース	BBC News - Home	Jack Woodley: Teens sentenced for gang attack murder	https://www.bbc.co.uk/news/uk-england-tyne-62434578?at_medium=RSS&at_campaign=KARANGA	woodley	2022-08-05 11:51:00
ニュース	BBC News - Home	Covid-19: North Korea claims to have recovered from outbreak	https://www.bbc.co.uk/news/world-asia-62435809?at_medium=RSS&at_campaign=KARANGA	death	2022-08-05 11:33:54
ニュース	BBC News - Home	Commonwealth Games: Jack Laugher and Anthony Harding win synchronised 3m springboard gold	https://www.bbc.co.uk/sport/commonwealth-games/62436108?at_medium=RSS&at_campaign=KARANGA	Commonwealth Games Jack Laugher and Anthony Harding win synchronised m springboard goldEngland diving pair Jack Laugher and Anthony Harding win synchronised m springboard gold at the Commonwealth Games	2022-08-05 11:26:45
ニュース	BBC News - Home	Marc Cucurella: Chelsea sign Brighton defender	https://www.bbc.co.uk/sport/football/62434266?at_medium=RSS&at_campaign=KARANGA	contract	2022-08-05 11:45:44
ニュース	BBC News - Home	Commonwealth Games: England's Jack Laugher and Ant Harding dominate to win 3m synchro gold	https://www.bbc.co.uk/sport/av/commonwealth-games/62437523?at_medium=RSS&at_campaign=KARANGA	Commonwealth Games England x s Jack Laugher and Ant Harding dominate to win m synchro goldWatch as England s Jack Laugher earns his second gold medal of the Commonwealth Games alongside team mate Anthony Harding in the men s synchronised m springboard	2022-08-05 11:26:03
北海道	北海道新聞	残る審査項目多く、再開時期なお見通せず　「地震動」の北電説明、規制委が了承	https://www.hokkaido-np.co.jp/article/714728/	北海道電力	2022-08-05 20:36:00
北海道	北海道新聞	中国軍艦、海峡の中間線越え　台湾「挑発的行為」と非難	https://www.hokkaido-np.co.jp/article/714664/	中国軍艦	2022-08-05 20:20:46
北海道	北海道新聞	山形花笠まつりが開幕　３年ぶりに市街地パレード	https://www.hokkaido-np.co.jp/article/714727/	山形花笠まつり	2022-08-05 20:32:00
北海道	北海道新聞	江差に沈む「開陽丸」、保護網外れ腐食進む　１０年ぶりに水中調査	https://www.hokkaido-np.co.jp/article/714622/	開陽丸	2022-08-05 20:30:31
北海道	北海道新聞	中上健次没後３０年で特別講座　故郷・新宮の「熊野大学」	https://www.hokkaido-np.co.jp/article/714726/	和歌山県新宮市	2022-08-05 20:29:00
北海道	北海道新聞	地震動想定の北電説明「妥当」　泊再稼働審査、規制委が了承	https://www.hokkaido-np.co.jp/article/714724/	北海道電力	2022-08-05 20:25:00
北海道	北海道新聞	北海道新幹線の札幌延伸「早期実現を」　関係自治体連絡協が３年ぶり総会	https://www.hokkaido-np.co.jp/article/714723/	北海道新幹線	2022-08-05 20:22:00
北海道	北海道新聞	クマの顔は駐在さん　注意喚起へポスター　苫小牧署・厚真の２署員　「妙にリアル」町内で話題に	https://www.hokkaido-np.co.jp/article/714412/	駐在	2022-08-05 20:19:19
北海道	北海道新聞	堀川、安本ら４人が首位　日本プロゴルフ、第２日	https://www.hokkaido-np.co.jp/article/714722/	首位	2022-08-05 20:17:00
北海道	北海道新聞	台湾海峡の平和維持で日米連携確認　首相がペロシ米下院議長と会談	https://www.hokkaido-np.co.jp/article/714721/	台湾海峡	2022-08-05 20:17:00
北海道	北海道新聞	小樽運河で「御船印」を　クルーズが発行開始　全国４０カ所収集で「船長」	https://www.hokkaido-np.co.jp/article/714659/	小樽運河	2022-08-05 20:14:14
北海道	北海道新聞	学術会議改革、現行方式を維持　現会員推薦で新会員を選出	https://www.hokkaido-np.co.jp/article/714718/	日本学術会議	2022-08-05 20:12:00