Configuring the audit log policy

    Audit log profiles define how to log requests that come to the OpenShift API server, the Kubernetes API server, and the OAuth API server.

    OKD provides the following predefined audit policy profiles:

    By default, OKD uses the Default audit log profile. You can use another audit policy profile that also logs request bodies, but be aware of the increased resource usage (CPU, memory, and I/O).

    Configuring the audit log policy

    You can configure the audit log policy to use when logging requests that come to the API servers.

    Prerequisites

    • You have access to the cluster as a user with the cluster-admin role.

    Procedure

    1. Edit the APIServer resource:

    2. Save the file to apply the changes.

    3. Verify that a new revision of the Kubernetes API server pods has rolled out. This will take several minutes.

      Review the NodeInstallerProgressing status condition for the Kubernetes API server to verify that all nodes are at the latest revision. The output shows AllNodesAtLatestRevision upon successful update:

      1In this example, the latest revision number is 12.

      If the output shows a message similar to one of the following, this means that the update is still in progress. Wait a few minutes and try again.