From 3f1f24105444a033c650c865d4d108491366f82b Mon Sep 17 00:00:00 2001 From: Eliska Romanova Date: Tue, 29 Jul 2025 15:38:42 +0200 Subject: [PATCH] OBSDOCS-2214: Change module type for metrics server audit logs module --- ...iguring-audit-logs-for-metrics-server.adoc | 48 +++++++++++++++---- 1 file changed, 39 insertions(+), 9 deletions(-) diff --git a/modules/monitoring-configuring-audit-logs-for-metrics-server.adoc b/modules/monitoring-configuring-audit-logs-for-metrics-server.adoc index b968938c04..24266eb29e 100644 --- a/modules/monitoring-configuring-audit-logs-for-metrics-server.adoc +++ b/modules/monitoring-configuring-audit-logs-for-metrics-server.adoc @@ -2,23 +2,37 @@ // // * observability/monitoring/configuring-the-monitoring-stack.adoc -:_mod-docs-content-type: CONCEPT +:_mod-docs-content-type: PROCEDURE [id="configuring-audit-logs-for-metrics-server_{context}"] = Configuring audit logs for Metrics Server You can configure audit logs for Metrics Server to help you troubleshoot issues with the server. Audit logs record the sequence of actions in a cluster. It can record user, application, or control plane activities. -You can set audit log rules, which determine what events are recorded and what data they should include. This can be achieved with the following audit profiles: +You can configure audit log rules to record specific events and a subset of associated data. The following audit profiles define configuration rules: -* *Metadata (default)*: This profile enables the logging of event metadata including user, timestamps, resource, and verb. It does not record request and response bodies. -* *Request*: This enables the logging of event metadata and request body, but it does not record response body. This configuration does not apply for non-resource requests. -* *RequestResponse*: This enables the logging of event metadata, and request and response bodies. This configuration does not apply for non-resource requests. -* *None*: None of the previously described events are recorded. +* `Metadata` (default): This profile logs event metadata including user, timestamps, resource, and verb. It does not record request and response bodies. +* `Request`: This profile logs event metadata and request body, but it does not record response body. This configuration does not apply to non-resource requests. +* `RequestResponse`: This profile logs event metadata, and request and response bodies. This configuration does not apply to non-resource requests. +* `None`: None of the previously described events are recorded. -You can configure the audit profiles by modifying the `cluster-monitoring-config` config map. -The following example sets the profile to `Request`, allowing the logging of event metadata and request body for Metrics Server: +.Prerequisites +* You have access to the cluster as a user with the `cluster-admin` cluster role. +* You have created the `cluster-monitoring-config` `ConfigMap` object. +* You have installed the {oc-first}. + +.Procedure + +. Edit the `cluster-monitoring-config` config map in the `openshift-monitoring` project: ++ +[source,terminal] +---- +$ oc -n openshift-monitoring edit configmap cluster-monitoring-config +---- + +. Add audit log configuration for Metrics Server under `data/config.yaml`: ++ [source,yaml] ---- apiVersion: v1 @@ -30,5 +44,21 @@ data: config.yaml: | metricsServer: audit: - profile: Request + profile: # <1> +---- +<1> Specify the audit profile for Metrics Server. + +. Save the file to apply the changes. The pods affected by the new configuration are automatically redeployed. + +. Verify that the audit profile is applied: ++ +[source,terminal] +---- +$ oc -n openshift-monitoring get deploy metrics-server -o yaml | grep -- '--audit-policy-file=*' +---- ++ +.Example output +[source,terminal] +---- + - --audit-policy-file=/etc/audit/request-profile.yaml ----