Audit log profiles define how to log requests that come to the OpenShift API server, the Kubernetes API server, and the OAuth API server.
OKD provides the following predefined audit policy profiles:
Profile |
Description |
Default
|
Logs only metadata for read and write requests; does not log request bodies except for OAuth access token creation (login) requests. This is the default policy. |
WriteRequestBodies
|
In addition to logging metadata for all requests, logs request bodies for every write request to the API servers (create , update , patch ). This profile has more resource overhead than the Default profile. [1] |
AllRequestBodies
|
In addition to logging metadata for all requests, logs request bodies for every read and write request to the API servers (get , list , create , update , patch ). This profile has the most resource overhead. [1] |
-
Sensitive resources, such as Secret
, route
, and OAuthClient
objects, are never logged past the metadata level. OAuth tokens are not logged at all if your cluster was upgraded from OKD 4.5, because their object names might contain secret information.
By default, OKD uses the Default
audit log profile. You can use another audit policy profile that also logs request bodies, but be aware of the increased resource usage (CPU, memory, and I/O).