ROX-24629: Filter PKO audit events (#2326)

Author: kovayur

dp-terraform/helm/rhacs-terraform/charts/logging/templates/01-logging-03-cluster-log-forwarder.yaml

@@ -27,10 +27,23 @@ spec:
         - cloudwatch-output
       filterRefs:
         - drop-package-operator
+        - filter-kube-api-audit
   filters:
+    # Drop package operator pod logs
     - name: drop-package-operator
       type: drop
       drop:
       - test:
         - field: .kubernetes.labels."app.kubernetes.io/name"
           matches: ^package-operator$
+    # Filter kube-api events in the audit log groups
+    - name: filter-kube-api-audit
+      type: kubeAPIAudit
+      kubeAPIAudit:
+        rules:
+          # Don't log patch, update, watch and get requests from package-operator as they occur most frequently.
+          # It's worth keeping create and delete for audit purposes.
+          # In a month, patch called ~40k times more than create.
+          - level: None
+            userGroups: ["system:serviceaccount:openshift-package-operator:package-operator"]
+            verbs: ["patch", "update", "watch", "get"]