OPA decision logs #897
Comments
|
Hi! Currently we aren't exporting decision logs, though having some kind of push-based reporting pipeline may be interesting. Currently the main way for offloading decision logs is to take advantage of the semantic logs written to stdout: https://docs.google.com/document/d/1ap7AKOupNcR_42s8mkSh5FV9eteXTd4VCqelKst73VY/edit Piping these logs into a logs service like an ELK stack, Splunk, Stackdriver, Loggly, etc. should allow you to query audit events. If you want admission time logs, you'd need to set the Note that enabling admission logs has the potential to greatly increase logs volume. Kubernetes also has its own built-in audit logging system that can be used to record the decisions of admission controllers: https://kubernetes.io/docs/tasks/debug-application-cluster/audit/ |
ritazh
added
question
|
Hello ! Please one question related to log decision. Is there a flag or way to see the logs of allows? I mean not just about denies . |
|
Not currently, though you could use K8s audit logs for that: https://kubernetes.io/docs/tasks/debug-application-cluster/audit/ |
|
This issue has been automatically marked as stale because it has not had recent activity. It will be closed in 14 days if no further activity occurs. Thank you for your contributions. |
|
This issue has been automatically marked as stale because it has not had recent activity. It will be closed in 14 days if no further activity occurs. Thank you for your contributions. |
When using gatekeeper, is OPA decision logs API still available and how to access it?
https://www.openpolicyagent.org/docs/latest/management/#decision-logs
If not, is there any alternative ways to collect these logs for reporting purpose?
The text was updated successfully, but these errors were encountered: