Configure Kubernetes auditing and profiling¶
Available since Cluster releases 15.0.2 and 14.0.2 for managed clusters Available since Cluster release 16.1.0 for management clusters
This section instructs you on how to enable and configure Kubernetes auditing
and profiling options for MKE using the Cluster
object of your
Container Cloud managed cluster. These options enable auditing and profiling
of MKE performance with specialized debugging endpoints.
Note
You can also enable audit_log_configuration
using the MKE API
with no Container Cloud overrides.
However, if you enable the option using the Cluster
object, use the same
object to disable the option. Otherwise, if you disable the option using the
MKE API, it will be overridden by Container Cloud and enabled again.
References:
For Container Cloud overrides, see Reference Architecture: MKE options managed by Container Cloud
For configuration using the MKE API, see MKE documentation: Enable MKE audit logging
To enable Kubernetes auditing and profiling for MKE:
Open the
Cluster
object of your Container Cloud cluster for editing.In
spec:providerSpec:value:
section:Add
audit
configuration. For example:spec: ... providerSpec: value: ... audit: kubernetes: level: request includeInSupportDump: true apiServer: enabled: true
You can configure the following parameters that are also defined in the MKE configuration file:
Note
The names of the corresponding MKE options are marked with
[]
in the below definitions.level
Defines the value of
[audit_log_configuration]level
. Valid values arerequest
andmetadata
.
includeInSupportDump
Defines the value of
[audit_log_configuration]support_dump_include_audit_logs
. Boolean.
apiServer:enabled
Defines the value of
[cluster_config]kube_api_server_auditing
. Boolean. If set totrue
but with nolevel
set, the[audit_log_configuration]level
MKE option is set tometadata
.Note
For management clusters, this option is enabled by default since the Cluster release 16.1.0.
Enable profiling:
spec: ... providerSpec: value: ... profiling: enabled: true
Enabling profiling automatically enables the following MKE configuration options:
[cluster_config]kube_api_server_profiling_enabled [cluster_config]kube_controller_manager_profiling_enabled [cluster_config]kube_scheduler_profiling_enabled
See also