From ca60cf0526ce03d20af4b46fdf1d1cf63454be9d Mon Sep 17 00:00:00 2001 From: Servesha Dudhgaonkar Date: Wed, 10 May 2023 12:42:10 +0530 Subject: [PATCH] OSDOCS#6030: cert-manager: setting log levels --- _topic_maps/_topic_map.yml | 2 + ...cert-manager-enable-operand-log-level.adoc | 44 +++++++++++++++++ ...ert-manager-enable-operator-log-level.adoc | 49 +++++++++++++++++++ .../cert-manager-log-levels.adoc | 24 +++++++++ 4 files changed, 119 insertions(+) create mode 100644 modules/cert-manager-enable-operand-log-level.adoc create mode 100644 modules/cert-manager-enable-operator-log-level.adoc create mode 100644 security/cert_manager_operator/cert-manager-log-levels.adoc diff --git a/_topic_maps/_topic_map.yml b/_topic_maps/_topic_map.yml index 8d0d9eed41..c8e7f4bb2f 100644 --- a/_topic_maps/_topic_map.yml +++ b/_topic_maps/_topic_map.yml @@ -1016,6 +1016,8 @@ Topics: File: cert-manager-operator-proxy - Name: Customizing cert-manager by using the cert-manager Operator API fields File: cert-manager-customizing-api-fields + - Name: Configuring log levels for cert-manager and the cert-manager Operator for Red Hat OpenShift + File: cert-manager-log-levels - Name: Uninstalling the cert-manager Operator for Red Hat OpenShift File: cert-manager-operator-uninstall - Name: Viewing audit logs diff --git a/modules/cert-manager-enable-operand-log-level.adoc b/modules/cert-manager-enable-operand-log-level.adoc new file mode 100644 index 0000000000..eb4676bf23 --- /dev/null +++ b/modules/cert-manager-enable-operand-log-level.adoc @@ -0,0 +1,44 @@ +// Module included in the following assemblies: +// +// * security/cert_manager_operator/cert-manager-log-levels.adoc + +:_content-type: PROCEDURE +[id="cert-manager-enable-operand-log-level_{context}"] += Setting a log level for cert-manager + +You can set a log level for cert-manager to determine the verbosity of log messages. + +.Prerequisites + +* You have access to the cluster with `cluster-admin` privileges. +* You have installed the {cert-manager-operator} 1.11.1 or later. + +.Procedure + +. Edit the `CertManager` resource by running the following command: ++ +[source,terminal] +---- +$ oc edit certmanager.operator cluster +---- + +. Set the log level value by editing the `spec.logLevel` section: ++ +[source,yaml] +---- +apiVersion: operator.openshift.io/v1alpha1 +kind: CertManager +... +spec: + logLevel: Normal <1> +---- +<1> The default `logLevel` is `Normal`. Replace `Normal` with the desired log level value. The valid log level values for the `CertManager` resource are `Normal`, `Debug`, `Trace`, and `TraceAll`. To audit logs and perform common operations when everything is fine, set `logLevel` to `Normal` . To troubleshoot a minor issue by viewing verbose logs, set `logLevel` to `Debug` . To troubleshoot a major issue by viewing more verbose logs, you can set `logLevel` to `Trace`. To troubleshoot serious issues, set `logLevel` to `TraceAll`. ++ +[NOTE] +==== +`TraceAll` generates huge amount of logs. After setting `logLevel` to `TraceAll`, you might experience performance issues. +==== + +. Save your changes and quit the text editor to apply your changes. ++ +After applying the changes, the verbosity level for the cert-manager components controller, CA injector, and webhook is updated. \ No newline at end of file diff --git a/modules/cert-manager-enable-operator-log-level.adoc b/modules/cert-manager-enable-operator-log-level.adoc new file mode 100644 index 0000000000..a2263ef1f2 --- /dev/null +++ b/modules/cert-manager-enable-operator-log-level.adoc @@ -0,0 +1,49 @@ +// Module included in the following assemblies: +// +// * security/cert_manager_operator/cert-manager-log-levels.adoc + +:_content-type: PROCEDURE +[id="cert-manager-enable-operator-log-level_{context}"] += Setting a log level for the {cert-manager-operator} + +You can set a log level for the {cert-manager-operator} to determine the verbosity of the operator log messages. + +.Prerequisites + +* You have access to the cluster with `cluster-admin` privileges. +* You have installed the {cert-manager-operator} 1.11.1 or later. + +.Procedure + +* Update the subscription object for {cert-manager-operator} to provide the verbosity level for the operator logs by running the following command: ++ +[source,terminal] +---- +$ oc -n cert-manager-operator patch subscription openshift-cert-manager-operator --type='merge' -p '{"spec":{"config":{"env":[{"name":"OPERATOR_LOG_LEVEL","value":"v"}]}}}' <1> +---- +<1> Replace `v` with the desired log level number. The valid values for `v` can range from `1`to `10`. The default value is `2`. + +.Verification + +. The cert-manager Operator pod is redeployed. Verify that the log level of the {cert-manager-operator} is updated by running the following command: ++ +[source,terminal] +---- +$ oc set env deploy/cert-manager-operator-controller-manager -n cert-manager-operator --list | grep -e OPERATOR_LOG_LEVEL -e container +---- ++ +.Example output +[source,terminal] +---- +# deployments/cert-manager-operator-controller-manager, container kube-rbac-proxy +OPERATOR_LOG_LEVEL=9 +# deployments/cert-manager-operator-controller-manager, container cert-manager-operator +OPERATOR_LOG_LEVEL=9 +---- + +. Verify that the log level of the {cert-manager-operator} is updated by running the `oc logs` command: ++ +[source,terminal] +---- +$ oc logs deploy/cert-manager-operator-controller-manager -n cert-manager-operator +---- \ No newline at end of file diff --git a/security/cert_manager_operator/cert-manager-log-levels.adoc b/security/cert_manager_operator/cert-manager-log-levels.adoc new file mode 100644 index 0000000000..05e390bcda --- /dev/null +++ b/security/cert_manager_operator/cert-manager-log-levels.adoc @@ -0,0 +1,24 @@ +:_content-type: ASSEMBLY +[id="cert-manager-log-levels"] += Configuring log levels for cert-manager and the {cert-manager-operator} +include::_attributes/common-attributes.adoc[] +:context: cert-manager-log-levels + +toc::[] + +To troubleshoot issues with the cert-manager components and the {cert-manager-operator}, you can configure the log level verbosity. + +[NOTE] +==== +To use different log levels for different cert-manager components, see _Customizing cert-manager Operator API fields_. +==== + +include::modules/cert-manager-enable-operand-log-level.adoc[leveloffset=+1] + +include::modules/cert-manager-enable-operator-log-level.adoc[leveloffset=+1] + +[role="_additional-resources"] +[id="cert-manager-log-levels_additional-resources"] +== Additional resources + +* xref:../../security/cert_manager_operator/cert-manager-customizing-api-fields.adoc#cert-manager-customizing-api-fields[Customizing cert-manager Operator API fields]