我创建了一个部署,意味着在启用工作负载身份的情况下将消息从 pubsub 插入到 bigquery,云日志不断向我发送此类日志。
{
"insertId": "test",
"jsonPayload": {
"message": "[rpc-id:test] \"/computeMetadata/v1/instance/service-accounts/[email protected] /cdn-cgi/l/email-protection/token?scopes=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fbigquery%2Chttps%3A%2F%2Fwww.googleapis.com%2Fauth%2Fcloud-platform\" HTTP/200, started at 2022-06-24 13:40:43.261475517 +0000 UTC m=+39273.838829908",
"pid": "1"
},
"resource": {
"type": "k8s_container",
"labels": {
"container_name": "gke-metadata-server",
"pod_name": "gke-metadata-server-45thg",
"project_id": "test",
"location": "us-west2-a",
"cluster_name": "test",
"namespace_name": "kube-system"
}
},
"timestamp": "2022-06-24T13:40:43.261643773Z",
"severity": "INFO",
"labels": {
"k8s-pod/pod-template-generation": "1",
"k8s-pod/k8s-app": "gke-metadata-server",
"k8s-pod/addonmanager_kubernetes_io/mode": "Reconcile",
"compute.googleapis.com/resource_name": "gke-test-pool-1-77a7892c-l5kl",
"k8s-pod/controller-revision-hash": "test"
},
"logName": "projects/test/logs/stderr",
"sourceLocation": {
"file": "metadata.go",
"line": "142"
},
"receiveTimestamp": "2022-06-24T13:40:46.939645996Z"
}
看起来每次当我收到来自 pubsub 的消息或每次写入 bigquery 时,gke-metadata-server 都会发送一个请求来验证范围。
我应该怎么做才能阻止服务器继续进行身份验证或继续生成这些日志?