Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

KIM adds a condition to RuntimeCRs which provide details about the applied auditlog configuration #363

Closed
2 tasks
tobiscr opened this issue Sep 3, 2024 · 3 comments
Closed
2 tasks

KIM adds a condition to RuntimeCRs which provide details about the applied auditlog configuration #363

tobiscr opened this issue Sep 3, 2024 · 3 comments
Assignees
@mvshao
Labels
area/control-plane Related to all activities around Kyma Control Plane kind/feature Categorizes issue or PR as related to a new feature.

Comments

@tobiscr
Copy link
Contributor

tobiscr commented Sep 3, 2024
edited
Loading

Description

To make the cluster creation process more transparent, the result of the auditlog configuration will always be tracked as addtional condition with the RuntimeCR. The condition will indicate whether an auditlog could be found.

Examples (just for better understanding):

# No Auditlog instance found
  - lastTransitionTime: "2024-08-28T08:54:48Z"
    message: 'No auditlog instance found for Azure region west-europe: auditlog configuration failed.'
    reason: AuditlogMissingMappingErr
    status: "False"
    type: Provisioned

# Auditlog instance found (optional - success cases can be tracked as condition but it's not mandatory)
  - lastTransitionTime: "2024-08-28T08:54:48Z"
    message: 'Auditlog instance `....` found for Azure region west-europe. Auditlog configuration successfully added to Shoot spec.'
    reason:
    status: "true"
    type: Provisioned

AC:

  • Clarify with the team if it#s meaningful to track also successfully configured clusters, or foucs only on the cases where the auditlog could not be configured
  • At least for error cases, the auditlog configuration step creates a Condition in the Runtime CR which includes a notification that the auditlog could not be successfully configured

Reasons

Increase transparency of the auditlog configuration during cluster creation / update processes.

Attachments

Relates to
#362
@tobiscr tobiscr added kind/feature Categorizes issue or PR as related to a new feature. area/control-plane Related to all activities around Kyma Control Plane labels Sep 3, 2024
@Disper
Copy link
Member

Disper commented Sep 9, 2024
edited
Loading

example of condition applied when mapping is missing (and is mandatory)

    - lastTransitionTime: "2024-09-09T12:28:18Z"
      message: 'Error during enabling Audit Logs on shoot: kim-md-al6: missing mapping
        for selected region in provider config'
      reason: AuditLogMissingRegionMappingErr
      status: "False"
      type: AuditlogConfigured
    state: Failed

example of condition applied when mapping is missing (and is NOT mandatory)

  - lastTransitionTime: "2024-09-10T05:33:02Z"
    message: Missing region mapping for this shoot. Audit Log is not mandatory. Skipping
      configuration
    reason: AuditLogMissingRegionMappingErr
    status: "True"
    type: AuditlogConfigured
  state: Ready

@Disper
Copy link
Member

Disper commented Sep 9, 2024
edited
Loading

While it's not specified which region is missing in the condition, it's quite simple to get such information using something like:
kubectl get runtime -n kcp-system kim-md-al6 -ojson | jq '.spec.shoot.region'

@Disper
Copy link
Member

Disper commented Sep 9, 2024

Implemented in #367

@Disper Disper mentioned this issue Sep 9, 2024
Closed
3 tasks
@mvshao mvshao closed this as completed Sep 17, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mvshao mvshao

Labels
area/control-plane Related to all activities around Kyma Control Plane kind/feature Categorizes issue or PR as related to a new feature.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@Disper @mvshao @tobiscr