-
Bug
-
Resolution: Done-Errata
-
Major
-
4.13.0, 4.12.0, 4.14.0, 4.15
-
No
-
Hypershift Sprint 237, Hypershift Sprint 238, Hypershift Sprint 239, Hypershift Sprint 240, Hypershift Sprint 241, Hypershift Sprint 242, Hypershift Sprint 243
-
7
-
Rejected
-
False
-
-
-
Bug Fix
-
Done
Description of problem:
Add Audit configuration for hypershift Hosted Cluster not working as expected.
Version-Release number of selected component (if applicable):
# oc get clusterversions.config.openshift.io NAME VERSION AVAILABLE PROGRESSING SINCE STATUS version 4.13.0-0.nightly-2023-05-04-090524 True False 15m Cluster version is 4.13.0-0.nightly-2023-05-04-090524
How reproducible:
Always
Steps to Reproduce:
1. Get hypershift hosted cluster detail from management cluster. # hostedcluster=$( oc get -n clusters hostedclusters -o json | jq -r .items[].metadata.name) 2. Apply audit profile for hypershift hosted cluster. # oc patch HostedCluster $hostedcluster -n clusters -p '{"spec": {"configuration": {"apiServer": {"audit": {"profile": "WriteRequestBodies"}}}}}' --type merge hostedcluster.hypershift.openshift.io/85ea85757a5a14355124 patched # oc get HostedCluster $hostedcluster -n clusters -ojson | jq .spec.configuration.apiServer.audit { "profile": "WriteRequestBodies" } 3. Check Pod or operator restart to apply configuration changes. # oc get pods -l app=kube-apiserver -n clusters-${hostedcluster} NAME READY STATUS RESTARTS AGE kube-apiserver-7c98b66949-9z6rw 5/5 Running 0 36m kube-apiserver-7c98b66949-gp5rx 5/5 Running 0 36m kube-apiserver-7c98b66949-wmk8x 5/5 Running 0 36m # oc get pods -l app=openshift-apiserver -n clusters-${hostedcluster} NAME READY STATUS RESTARTS AGE openshift-apiserver-dc4c84ff4-566z9 3/3 Running 0 29m openshift-apiserver-dc4c84ff4-99zq9 3/3 Running 0 29m openshift-apiserver-dc4c84ff4-9xdrz 3/3 Running 0 30m 4. Check generated audit log. # NOW=$(date -u "+%s"); echo "$NOW"; echo "$NOW" > now 1683711189 # kaspod=$(oc get pods -l app=kube-apiserver -n clusters-${hostedcluster} --no-headers -o=jsonpath={.items[0].metadata.name}) # oc logs $kaspod -c audit-logs -n clusters-${hostedcluster} > kas-audit.log # cat kas-audit.log | grep -iE '"verb":"(get|list|watch)","user":.*(requestObject|responseObject)' | jq -c 'select (.requestReceivedTimestamp | .[0:19] + "Z" | fromdateiso8601 > '"`cat now`)" | wc -l 0 # cat kas-audit.log | grep -iE '"verb":"(create|delete|patch|update)","user":.*(requestObject|responseObject)' | jq -c 'select (.requestReceivedTimestamp | .[0:19] + "Z" | fromdateiso8601 > '"`cat now`)" | wc -l 0 All results should not be zero In backend it should apply the configuration or pod/operator restart after configuration changes.
Actual results:
Config changes not applied in backend.Not operator & pod restart
Expected results:
Configuration should applied and pod & operator should restart after config changes.
Additional info:
- blocks
-
OCPBUGS-20041 Hypershift Audit configuration not working for Hypershift HostedCluster
- New
-
OCPBUGS-20042 Hypershift Audit configuration not working for Hypershift HostedCluster
- New
- is cloned by
-
OCPBUGS-20041 Hypershift Audit configuration not working for Hypershift HostedCluster
- New
-
OCPBUGS-20042 Hypershift Audit configuration not working for Hypershift HostedCluster
- New
-
OCPBUGS-20020 Hypershift Audit configuration not working for Hypershift HostedCluster
- Closed
- links to
-
RHEA-2023:7198 rpm
- mentioned on