Details
-
Bug
-
Resolution: Done
-
Undefined
-
None
-
4.9.z
-
Moderate
-
Rejected
-
False
-
Description
Description of problem:
PR https://github.com/openshift/must-gather/pull/254, failed to cherry-pick the pr https://github.com/openshift/must-gather/pull/254 to 4.9 release. That causes incorrect output when we set the audit profile with None.One manual back-porting for the PR is required.
Version-Release number of selected component (if applicable):
OCP 4.9
How reproducible:
always
Steps to Reproduce:
1. oc patch apiserver cluster -p '{"spec": {"audit": {"profile": "None"}}}' --type merge
2. After the kube-apiserver degradation is finished.
$ oc get pods -n openshift-kube-apiserver -l apiserver --show-labels
$ oc adm must-gather -- /usr/bin/gather_audit_logs
Actual results:
There is no similar error in output: [must-gather-jz6fq] POD 2021-10-21T03:17:28.472216228Z ERROR: To raise a Red Hat support request, it is required to set the top level audit policy to [must-gather-jz6fq] POD 2021-10-21T03:17:28.472216228Z Default, WriteRequestBodies, or AllRequestBodies to generate audit log events that can [must-gather-jz6fq] POD 2021-10-21T03:17:28.472216228Z be analyzed by support. Try 'oc edit apiservers' and set 'spec.audit.profile' back to [must-gather-jz6fq] POD 2021-10-21T03:17:28.472216228Z "Default" and reproduce the issue while gathering audit logs. You can use "--force" to [must-gather-jz6fq] POD 2021-10-21T03:17:28.472216228Z override this error.
Expected results:
Will see above similar errors.
Additional info:
