openshift-docs
openshift-docs copied to clipboard
openshift
[WIP] OSDOCS-9437: adds custom audit log policies MicroShift
Version(s): 4.16+
Issue: OSDOCS-9437
Link to docs preview: Customizing audit logs
QE review:
- [ ] QE has approved this change.
Additional information:
@ShaunaDiaz: This pull request references OSDOCS-9437 which is a valid jira issue.
Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.16.0" version, but no target version was set.
In response to this:
Version(s): 4.16+
Issue: OSDOCS-9437
Link to docs preview:
QE review:
- [ ] QE has approved this change.
Additional information:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.
🤖 Tue May 21 10:31:29 - Prow CI generated the docs preview:
https://75233--ocpdocs-pr.netlify.app/microshift/latest/microshift_configuring/microshift-audit-logs-config.html https://75233--ocpdocs-pr.netlify.app/microshift/latest/microshift_configuring/microshift-using-config-tools.html https://75233--ocpdocs-pr.netlify.app/openshift-enterprise/latest/security/audit-log-policy-config.html
@ShaunaDiaz: This pull request references OSDOCS-9437 which is a valid jira issue.
Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.16.0" version, but no target version was set.
In response to this:
Version(s): 4.16+
Issue: OSDOCS-9437
Link to docs preview: Customizing audit logs
QE review:
- [ ] QE has approved this change.
Additional information:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.
@ShaunaDiaz: This pull request references OSDOCS-9437 which is a valid jira issue.
Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.16.0" version, but no target version was set.
In response to this:
Version(s): 4.16+
Issue: OSDOCS-9437
Link to docs preview: Customizing audit logs
QE review:
- [ ] QE has approved this change.
Additional information: Release note
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.
@copejon have one query? for default size is 200Mb
why it is 100Mb shown here
sudo ls -ltrh /var/log/kube-apiserver/
total 358M
-rw-------. 1 root root 100M May 13 11:51 audit-2024-05-13T15-51-42.132.log
-rw-------. 1 root root 100M May 13 20:41 audit-2024-05-14T00-41-40.725.log
-rw-------. 1 root root 100M May 14 04:30 audit-2024-05-14T08-30-29.480.log
-rw-------. 1 root root 56M May 14 09:24 audit.log
[redhat@dhcp-1-235-245 ~]$ sudo rm audit.log
[7:00](https://redhat-internal.slack.com/archives/D03SQFGHYGK/p1715693429188309)
https://github.com/openshift/openshift-docs/pull/75233/files#diff-5c2cca3b817bccbe26d6a02cd9774a86d959085eaa03f5757817d76fa5573743R21
[7:04](https://redhat-internal.slack.com/archives/D03SQFGHYGK/p1715693645817859)
Added fake logs, it accepted 257Mb
ls -ltrh /var/log/kube-apiserver/
total 559M
-rw-------. 1 root root 100M May 13 11:51 audit-2024-05-13T15-51-42.132.log
-rw-------. 1 root root 100M May 13 20:41 audit-2024-05-14T00-41-40.725.log
-rw-------. 1 root root 100M May 14 04:30 audit-2024-05-14T08-30-29.480.log
-rw-------. 1 root root 257M May 14 09:31 audit-2024-05-14T13-32-11.567.log
-rw-------. 1 root root 1.1M May 14 09:33 audit.log
@copejon I see in doc for writeRequestBodies, we only log for(create, update, patch, delete, deletecollection)not for \"verb\":\"get|list|watch\"
In addition to logging metadata for all requests, logs request bodies for every write request to the API servers (create, update, patch, delete, deletecollection). This profile has more resource overhead than the Default profile. [1]
I see some logs on 4.16.0~rc.1 while doing regression testing
@copejon I see in doc for writeRequestBodies, we only log for
(create, update, patch, delete, deletecollection)not for\"verb\":\"get|list|watch\"In addition to logging metadata for all requests, logs request bodies for every write request to the API servers (create, update, patch, delete, deletecollection). This profile has more resource overhead than the Default profile. [1]I see some logs on 4.16.0~rc.1 while doing regression testing
I'm not able to reproduce this. Let's not block this work on it and I'll follow up with you directly.
@copejon I see in doc for writeRequestBodies, we only log for
(create, update, patch, delete, deletecollection)not for\"verb\":\"get|list|watch\"In addition to logging metadata for all requests, logs request bodies for every write request to the API servers (create, update, patch, delete, deletecollection). This profile has more resource overhead than the Default profile. [1]I see some logs on 4.16.0~rc.1 while doing regression testingI'm not able to reproduce this. Let's not block this work on it and I'll follow up with you directly.
ok, shared steps https://redhat-internal.slack.com/archives/C03CJTNLKAT/p1715963768827189
@ShaunaDiaz: This pull request references OSDOCS-9437 which is a valid jira issue.
Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.17.0" version, but no target version was set.
In response to this:
Version(s): 4.16+
Issue: OSDOCS-9437
Link to docs preview: Customizing audit logs
QE review:
- [ ] QE has approved this change.
SME review:
- [ ] SME has approved this change.
Additional information: Release note
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.
From doc side we are ok, only bug left as on that @copejon working on it. /lgtm
@ShaunaDiaz: This pull request references OSDOCS-9437 which is a valid jira issue.
Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.17.0" version, but no target version was set.
In response to this:
Version(s): 4.16+
Issue: OSDOCS-9437
Link to docs preview: Customizing audit logs
QE review:
- [x] QE has approved this change.
SME review:
- [x] SME has approved this change.
Additional information: Release note
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.
/remove-label peer-review-in-progress /remove-label peer-review-needed /label peer-review-done
![openshift-ci[bot] avatar](https://avatars.githubusercontent.com/in/91280?v=4 "Published by a pub.dev verified publisher"){kind=small}
@ShaunaDiaz: all tests passed!
Full PR test history. Your PR dashboard.
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.
@ShaunaDiaz: new pull request created: #76288
In response to this:
/cherrypick enterprise-4.16
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.
