|
2 | 2 | // |
3 | 3 | // * observability/monitoring/configuring-the-monitoring-stack.adoc |
4 | 4 |
|
5 | | -:_mod-docs-content-type: CONCEPT |
| 5 | +:_mod-docs-content-type: PROCEDURE |
6 | 6 | [id="configuring-audit-logs-for-metrics-server_{context}"] |
7 | 7 | = Configuring audit logs for Metrics Server |
8 | 8 |
|
9 | 9 | You can configure audit logs for Metrics Server to help you troubleshoot issues with the server. |
10 | 10 | Audit logs record the sequence of actions in a cluster. It can record user, application, or control plane activities. |
11 | 11 |
|
12 | | -You can set audit log rules, which determine what events are recorded and what data they should include. This can be achieved with the following audit profiles: |
| 12 | +You can configure audit log rules to record specific events and a subset of associated data. The following audit profiles define configuration rules: |
13 | 13 |
|
14 | | -* *Metadata (default)*: This profile enables the logging of event metadata including user, timestamps, resource, and verb. It does not record request and response bodies. |
15 | | -* *Request*: This enables the logging of event metadata and request body, but it does not record response body. This configuration does not apply for non-resource requests. |
16 | | -* *RequestResponse*: This enables the logging of event metadata, and request and response bodies. This configuration does not apply for non-resource requests. |
17 | | -* *None*: None of the previously described events are recorded. |
| 14 | +* `Metadata` (default): This profile logs event metadata including user, timestamps, resource, and verb. It does not record request and response bodies. |
| 15 | +* `Request`: This profile logs event metadata and request body, but it does not record response body. This configuration does not apply to non-resource requests. |
| 16 | +* `RequestResponse`: This profile logs event metadata, and request and response bodies. This configuration does not apply to non-resource requests. |
| 17 | +* `None`: None of the previously described events are recorded. |
18 | 18 |
|
19 | | -You can configure the audit profiles by modifying the `cluster-monitoring-config` config map. |
20 | | -The following example sets the profile to `Request`, allowing the logging of event metadata and request body for Metrics Server: |
| 19 | +.Prerequisites |
21 | 20 |
|
| 21 | +* You have access to the cluster as a user with the `cluster-admin` cluster role. |
| 22 | +* You have created the `cluster-monitoring-config` `ConfigMap` object. |
| 23 | +* You have installed the {oc-first}. |
| 24 | +
|
| 25 | +.Procedure |
| 26 | + |
| 27 | +. Edit the `cluster-monitoring-config` config map in the `openshift-monitoring` project: |
| 28 | ++ |
| 29 | +[source,terminal] |
| 30 | +---- |
| 31 | +$ oc -n openshift-monitoring edit configmap cluster-monitoring-config |
| 32 | +---- |
| 33 | + |
| 34 | +. Add audit log configuration for Metrics Server under `data/config.yaml`: |
| 35 | ++ |
22 | 36 | [source,yaml] |
23 | 37 | ---- |
24 | 38 | apiVersion: v1 |
|
30 | 44 | config.yaml: | |
31 | 45 | metricsServer: |
32 | 46 | audit: |
33 | | - profile: Request |
| 47 | + profile: <audit_log_profile> # <1> |
| 48 | +---- |
| 49 | +<1> Specify the audit profile for Metrics Server. |
| 50 | + |
| 51 | +. Save the file to apply the changes. The pods affected by the new configuration are automatically redeployed. |
| 52 | + |
| 53 | +. Verify that the audit profile is applied: |
| 54 | ++ |
| 55 | +[source,terminal] |
| 56 | +---- |
| 57 | +$ oc -n openshift-monitoring get deploy metrics-server -o yaml | grep -- '--audit-policy-file=*' |
| 58 | +---- |
| 59 | ++ |
| 60 | +.Example output |
| 61 | +[source,terminal] |
| 62 | +---- |
| 63 | + - --audit-policy-file=/etc/audit/request-profile.yaml |
34 | 64 | ---- |
0 commit comments