문제 설명
Google Artifact Registry에서 도커 풀 수를 추적할 수 있습니까? (Is it possible track the number of docker pulls in Google Artifact Registry?)
내 GCP 프로젝트의 Google Artifact 레지스트리 저장소에서 Docker 이미지가 다운로드된 횟수를 측정하고 싶습니다.
가능한가요?
참조 솔루션
방법 1:
Interesting question.
I think this would be useful too.
I think there aren't any Monitoring metrics (no artifactregistry
resource type is listed nor metrics are listed)
However, you can use Artifact Registry audit logs and you'll need to explicitly enable Data Access logs see e.g. Docker‑GetManifest
.
NOTE I'm unsure whether this can be achieved from
gcloud
.Monitoring Developer tools, I learned that Audit Logs are configured in Project Policies using
AuditConfig
's. I still don't know whether this functionality is available throughgcloud
(anyone?) but evidently, you can effect these changes directly using API calls e.g.projects.setIamPolicy
:gcloud projects get‑iam‑policy ${PROJECT} auditConfigs: ‑ auditLogConfigs: ‑ logType: DATA_READ ‑ logType: DATA_WRITE service: artifactregistry.googleapis.com bindings: ‑ members: ‑ user:me role: roles/owner etag: BwXanQS_YWg=
Then, pull something from the repo and query the logs:
PROJECT=[[YOUR‑PROJECT]]
REGION=[[YOUR‑REGION]]
REPO=[[YOUR‑REPO]]
FILTER="
logName=\"projects/${PROJECT}/logs/cloudaudit.googleapis.com%2Fdata_access\"
protoPayload.methodName=\"Docker‑GetManifest\"
"
gcloud logging read "${FILTER}" \
‑‑project=${PROJECT} \
‑‑format="value(timestamp,protoPayload.methodName)"
Yields:
2022‑03‑20T01:57:16.537400441Z Docker‑GetManifest
You ought to be able to create a logs‑based metrics for these too.
(by Natan Yellin、DazWilkin)