Closed BernieWhite closed 3 years ago
@BernieWhite Should we call this rule Azure.AKS.PlatformLogs
to be more explicit? Or do you think Azure.AKS.Logs
is fine.
Also just checking if we would cover all these log categories which are not included in Azure.AKS.AuditLogs
:
And metric:s
@ArmaanMcleod Make sense to me, that is the recommended starting point.
You could make it configurable. Some of these logs are considerable it's fairly likely that some customers would want to be selective about the list.
@BernieWhite No worries.
I can probably create a configuration like this to enable/disable the catogories inside the rule:
AZURE_AKS_ENABLED_PLATFORM_LOG_CATEGORIES = @{
Logs = @{
'cluster-autoscaler' = $True
'kube-apiserver' = $True
'kube-controller-manager' = $True
'kube-scheduler' = $True
}
Metrics = @{
'AllMetrics' = $True
}
}
Which would map to this in YAML:
# YAML: The default AZURE_AKS_ENABLED_PLATFORM_LOG_CATEGORIES configuration option
configuration:
AZURE_AKS_ENABLED_PLATFORM_LOG_CATEGORIES:
logs:
cluster-autoscaler: true
kube-apiserver: true
kube-controller-manager: true
kube-scheduler: true
metrics:
AllMetrics: true
Happy to change this format or option name if you want 🙂.
Was considering making an inner enabled
key to make this more clearer and match the template structure 🤔 . Seemed cleaner though to just assign a boolean with key value pairs like above.
@ArmaanMcleod You could try it as an array of categories using GetStringValues. That might be slightly cleaner to configure.
Rule request
Suggested rule change
Enable capture of platform diagnostics logs.
Platform monitoring Collect resource logs
Applies to the following
The rule applies to the following:
Related to #882