Uploaded image for project: 'Red Hat Internal Developer Platform'
  1. Red Hat Internal Developer Platform
  2. RHIDP-4852

Remove Audit Log PVC from Developer Hub

Prepare for Y ReleasePrepare for Z ReleaseRemove QuarterXMLWordPrintable

    • Icon: Feature Feature
    • Resolution: Unresolved
    • Icon: Major Major
    • 1.4
    • None
    • None
    • False
    • Hide

      None

      Show
      None
    • False
    • 50% To Do, 0% In Progress, 50% Done

      Feature Overview (aka. Goal Summary)

      After a more in-depth investigation of how Logging works on OpenShift it has been determined that having the Audit logs written to a PVC that is mounted within the Developer Hub pod is not required to meet needed security standards.

      The streaming Pod logs are written to a log file on the OpenShift Node in the /hosts/var/log/pods/<pod identifier> location until the Pod is removed.

      The OpenShift Logging Operator and OpenShift Logging, optionally with a properly configured ClusterLogForwarder, is the recommended solution on an OpenShift Cluster to either 1.) write the Pod Logs to a Persistent Storage location or 2.) forward the Pod logs to a Logging Service such as Splunk.

      Refer to this document which details configuring a ClusterLogForwarder that sends the Pod's Audit Logs to Splunk, including Tuning options which allow for OpenShift Logging to store the logs temporarily in the case of networking issues or Logging Service unavailability.

      Goals (aka. expected user outcomes)

      Creation and mounting of the Audit Log PVC, along with the `auditLog` section of the appConfig that had been enabled by default to the Helm Chart and Operator, along with associated documentation describing the default configuration would be deprecated and removed.

      Requirements (aka. Acceptance Criteria):

      • All code and references to the Audit Log PVC, including documentation, is deprecated and removed from the Helm Chart and Operator.
      • The referenced Splunk document would be added to the Official Red Hat Developer Hub documentation as an example of configuring a ClusterLogForwarder that only forwards the Audit Logs to a Logging Service.

      Out of Scope (Optional)

      N/A

      Customer Considerations (Optional)

      As the previous version of the Helm Chart that was published did not mount the Audit Log PVC at the correct location to be written to, no customer should have had a working helm chart install with a working Audit Log PVC that was having files written to it, so the removal of this code and PVC should not be an issue.

      Documentation Considerations

      Documentation should be updated to reflect that the Audit Log PVC feature has been deprecated and will be removed in the future.

              ktsao@redhat.com Kim Tsao
              cdaley Corey Daley
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated: