Uploaded image for project: 'OpenShift Container Platform (OCP) Strategy'
  1. OpenShift Container Platform (OCP) Strategy
  2. OCPSTRAT-672

Make audit log policy configurable for MicroShift

XMLWordPrintable

    • Strategic Product Work
    • False
    • Hide

      None

      Show
      None
    • False
    • OCPSTRAT-1131MicroShift Enhancements 2024 for Industrial, Retail and Public Sector edge customers
    • 0% To Do, 0% In Progress, 100% Done
    • S
    • 0
    • Program Call

      Feature Overview (aka. Goal Summary)  

      MicroShift currently uses a hard coded audit log policy. It should be configurable to customer needs, like it is with OpenShift

      Goals (aka. expected user outcomes)

      Provide a microshift config variable to specific the audit log policy profile like OPenShift has (https://docs.openshift.com/container-platform/4.13/security/audit-log-policy-config.html#about-audit-log-profiles_audit-log-policy-config). 

      additionally items that must be configurable:

      • audit log file storage location path, so logs can be plased on a dedicated/special volume
      • audit log file max file size and retention policy (e.g. 10 files of 10G each) before they rotate
      • audit log disk full action: what happens when the audit log space is full. possible values: "ignore" (->just log error events), "rotate" (try to make room by rotating/deleting older files), "terminate" (stop microshift API server).

       

      Out of ScopeCustom rules like OpenShift supports do not make sense, as MicroShift is single user and has no user group concept.

       

      Background

      Different customer have different audit log requirements and need to be able to adjust accordingy.

      Documentation Considerations

      Config Item has to be document. The different audit log policies and their description can be re-used from above quoted OpenShift docs.

      Interoperability Considerations

      None

       

              dfroehli42rh Daniel Fröhlich
              dfroehli42rh Daniel Fröhlich
              Jon Cope Jon Cope
              Rahul Gangwar Rahul Gangwar
              Matthew Werner Matthew Werner
              Jeremy Peterson Jeremy Peterson
              Jon Cope Jon Cope
              Daniel Fröhlich Daniel Fröhlich
              Jon Thomas Jon Thomas
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: