Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-32520

CMA Audit Logging Writing to PVC is failing

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Major Major
    • None
    • 4.15
    • Pod Autoscaler
    • None
    • Important
    • No
    • 3
    • Proposed
    • False
    • Hide

      None

      Show
      None

      Description of problem:

          Not getting the logs written to PVC.

      Version-Release number of selected component (if applicable):

          4.15

      How reproducible:

      Install a 4.15 cluster with CMA .

      Steps to Reproduce:

          1. create PVC
$ oc create -f- << EOF
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: log-out-pvc
  namespace: openshift-keda
spec:
  accessModes:
    - ReadWriteOnce
  volumeMode: Filesystem
  resources:
    requests:
      storage: 2Gi
EOF     

2. Create a Keda Controller with the below Yaml file:
apiVersion: keda.sh/v1alpha1
kind: KedaController
metadata:
  name: keda
  namespace: openshift-keda
spec:
  metricsServer:
    logLevel: '0'
    auditConfig:
      logFormat: "json"
      logOutputVolumeClaim: "log-out-pvc"
      policy:
         rules:
         - level: Metadata
         omitStages:
          - RequestReceived
         omitManagedFields: false
      lifetime:
         maxAge: "2"
         maxBackup: "1"
         maxSize: "50"
  operator:
    logLevel: info
    logEncoder: console
  serviceAccount: {}
  watchNamespace: ''

3. Check the logs written to PV:
oc -n openshift-keda logs pod/keda-metrics-apiserver-848b78f6c4-cm748|grep -i level
    

      Actual results:

      only RequestResponse log is coming in the log. Metadata and Request is not coming.

{"kind":"Event","apiVersion":"audit.k8s.io/v1","level":"RequestResponse","auditID":"2e4e0e63-9bc8-47fd-8c63-c41e59edc187","stage":"ResponseComplete","requestURI":"/readyz","verb":"get","user":{"username":"system:anonymous","groups":["system:unauthenticated"]},"sourceIPs":["10.129.2.2"],"userAgent":"kube-probe/1.28","responseStatus":{"metadata":{},"code":200},"requestReceivedTimestamp":"2024-04-22T10:11:28.243542Z","stageTimestamp":"2024-04-22T10:11:28.243649Z","annotations":{"authorization.k8s.io/decision":"allow","authorization.k8s.io/reason":""}}
[asahay@asahay-thinkpadt14sgen2i cmasanity]$ 
  

      Expected results:

           LEVEL Metadata: {"kind":"Event","apiVersion":"audit.k8s.io/v1","level":"Metadata","auditID":"4c81d41b-3dab-4675-90ce-20b87ce24013","stage":"ResponseComplete","requestURI":"/healthz","verb":"get","user":{"username":"system:anonymous","groups":["system:unauthenticated"]},"sourceIPs":["10.131.0.1"],"userAgent":"kube-probe/1.26","responseStatus":{"metadata":{},"code":200},"requestReceivedTimestamp":"2023-02-16T13:00:03.554567Z","stageTimestamp":"2023-02-16T13:00:03.555032Z","annotations":{"authorization.k8s.io/decision":"allow","authorization.

      Additional info:

            joelsmith.redhat Joel Smith
            asahay@redhat.com Aditi Sahay
            Sunil Choudhary Sunil Choudhary
            Aditi Sahay
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated: