Design Document Link
PR: #
What would you like to be added:
The kube-apiserver has several parameters which allow audit log retention to be tuned. This is exposed by the following flags:
--audit-log-maxage defines the maximum number of days to retain old audit log files--audit-log-maxbackup defines the maximum number of audit log files to retain--audit-log-maxsize defines the maximum size in megabytes of the audit log file before it gets rotated
This enhancement sets the --audit-log-maxage setting to 7 days if microshift is configured with an audit log directory.
See https://kubernetes.io/docs/tasks/debug-application-cluster/audit/
Why is this needed:
With default settings, the audit logs on a minimal cluster can grow quite large. I deployed microshift on a very old laptop with what is by today's standards absurdly small storage (15GB). My cluster ultimately died because the kube-apiserver audit logs generated over the course of ~20 days exceeded 5GB, exhausting the space on the drive.
Design Document Link
PR: #
What would you like to be added:
The kube-apiserver has several parameters which allow audit log retention to be tuned. This is exposed by the following flags:
--audit-log-maxagedefines the maximum number of days to retain old audit log files--audit-log-maxbackupdefines the maximum number of audit log files to retain--audit-log-maxsizedefines the maximum size in megabytes of the audit log file before it gets rotatedThis enhancement sets the
--audit-log-maxagesetting to 7 days if microshift is configured with an audit log directory.See https://kubernetes.io/docs/tasks/debug-application-cluster/audit/
Why is this needed:
With default settings, the audit logs on a minimal cluster can grow quite large. I deployed microshift on a very old laptop with what is by today's standards absurdly small storage (15GB). My cluster ultimately died because the kube-apiserver audit logs generated over the course of ~20 days exceeded 5GB, exhausting the space on the drive.