Merge pull request #61438 from xenolinux/set-log-levels

snarayan-redhat · web-flow · commit e09121da1a73 · 2023-06-20T14:25:55.000+05:30
OSDOCS#6030: cert-manager: setting log levels
diff --git a/_topic_maps/_topic_map.yml b/_topic_maps/_topic_map.yml
@@ -1006,6 +1006,8 @@ Topics:
     File: cert-manager-customizing-api-fields
   - Name: Authenticating the cert-manager Operator with AWS Security Token Service
     File: cert-manager-authenticate-aws
+  - Name: Configuring log levels for cert-manager and the cert-manager Operator for Red Hat OpenShift
+    File: cert-manager-log-levels
   - Name: Uninstalling the cert-manager Operator for Red Hat OpenShift
     File: cert-manager-operator-uninstall
 - Name: Viewing audit logs
diff --git a/modules/cert-manager-enable-operand-log-level.adoc b/modules/cert-manager-enable-operand-log-level.adoc
@@ -0,0 +1,44 @@
+// Module included in the following assemblies:
+//
+// * security/cert_manager_operator/cert-manager-log-levels.adoc
+
+:_content-type: PROCEDURE
+[id="cert-manager-enable-operand-log-level_{context}"]
+= Setting a log level for cert-manager
+
+You can set a log level for cert-manager to determine the verbosity of log messages.
+
+.Prerequisites
+
+* You have access to the cluster with `cluster-admin` privileges.
+* You have installed the {cert-manager-operator} 1.11.1 or later.
+
+.Procedure
+
+. Edit the `CertManager` resource by running the following command:
++
+[source,terminal]
+----
+$ oc edit certmanager.operator cluster
+----
+
+. Set the log level value by editing the `spec.logLevel` section:
++
+[source,yaml]
+----
+apiVersion: operator.openshift.io/v1alpha1
+kind: CertManager
+...
+spec:
+  logLevel: Normal <1>
+----
+<1> The default `logLevel` is `Normal`. Replace `Normal` with the desired log level value. The valid log level values for the `CertManager` resource are `Normal`, `Debug`, `Trace`, and `TraceAll`. To audit logs and perform common operations when everything is fine, set `logLevel` to `Normal` . To troubleshoot a minor issue by viewing verbose logs, set `logLevel` to `Debug` . To troubleshoot a major issue by viewing more verbose logs, you can set `logLevel` to `Trace`. To troubleshoot serious issues, set `logLevel` to `TraceAll`.
++
+[NOTE]
+====
+`TraceAll` generates huge amount of logs. After setting `logLevel` to `TraceAll`, you might experience performance issues.
+====
+
+. Save your changes and quit the text editor to apply your changes.
++
+After applying the changes, the verbosity level for the cert-manager components controller, CA injector, and webhook is updated.
diff --git a/modules/cert-manager-enable-operator-log-level.adoc b/modules/cert-manager-enable-operator-log-level.adoc
@@ -0,0 +1,49 @@
+// Module included in the following assemblies:
+//
+// * security/cert_manager_operator/cert-manager-log-levels.adoc
+
+:_content-type: PROCEDURE
+[id="cert-manager-enable-operator-log-level_{context}"]
+= Setting a log level for the {cert-manager-operator}
+
+You can set a log level for the {cert-manager-operator} to determine the verbosity of the operator log messages.
+
+.Prerequisites
+
+* You have access to the cluster with `cluster-admin` privileges.
+* You have installed the {cert-manager-operator} 1.11.1 or later.
+
+.Procedure
+
+* Update the subscription object for {cert-manager-operator} to provide the verbosity level for the operator logs by running the following command:
++
+[source,terminal]
+----
+$ oc -n cert-manager-operator patch subscription openshift-cert-manager-operator --type='merge' -p '{"spec":{"config":{"env":[{"name":"OPERATOR_LOG_LEVEL","value":"v"}]}}}' <1>
+----
+<1> Replace `v` with the desired log level number. The valid values for `v` can range from `1`to `10`. The default value is `2`.
+
+.Verification
+
+. The cert-manager Operator pod is redeployed. Verify that the log level of the {cert-manager-operator} is updated by running the following command:
++
+[source,terminal]
+----
+$ oc set env deploy/cert-manager-operator-controller-manager -n cert-manager-operator --list | grep -e OPERATOR_LOG_LEVEL -e container
+----
++
+.Example output
+[source,terminal]
+----
+# deployments/cert-manager-operator-controller-manager, container kube-rbac-proxy
+OPERATOR_LOG_LEVEL=9
+# deployments/cert-manager-operator-controller-manager, container cert-manager-operator
+OPERATOR_LOG_LEVEL=9
+----
+
+. Verify that the log level of the {cert-manager-operator} is updated by running the `oc logs` command:
++
+[source,terminal]
+----
+$ oc logs deploy/cert-manager-operator-controller-manager -n cert-manager-operator
+----
diff --git a/security/cert_manager_operator/cert-manager-log-levels.adoc b/security/cert_manager_operator/cert-manager-log-levels.adoc
@@ -0,0 +1,24 @@
+:_content-type: ASSEMBLY
+[id="cert-manager-log-levels"]
+= Configuring log levels for cert-manager and the {cert-manager-operator}
+include::_attributes/common-attributes.adoc[]
+:context: cert-manager-log-levels
+
+toc::[]
+
+To troubleshoot issues with the cert-manager components and the {cert-manager-operator}, you can configure the log level verbosity.
+
+[NOTE]
+====
+To use different log levels for different cert-manager components, see _Customizing cert-manager Operator API fields_.
+====
+
+include::modules/cert-manager-enable-operand-log-level.adoc[leveloffset=+1]
+
+include::modules/cert-manager-enable-operator-log-level.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+[id="cert-manager-log-levels_additional-resources"]
+== Additional resources
+
+* xref:../../security/cert_manager_operator/cert-manager-customizing-api-fields.adoc#cert-manager-customizing-api-fields[Customizing cert-manager Operator API fields]
