Skip to content

ingress access logging toggle added #216

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

ingress access logging toggle added #216

wants to merge 2 commits into from

Conversation

alvlkov
Copy link

@alvlkov alvlkov commented Apr 22, 2025

What type of PR is this?

feature

What this PR does / Why we need it?

This script provides a toggle for enabling/disabling ingress access logging within the default ingress

Which Jira/Github issue(s) does this PR fix?

_Resolves #OSD-23991

Special notes for your reviewer

Validated within stage Classic ROSA
Verified logs container is created/removed when toggle is set accordingly.

Pre-checks (if applicable)

  • Validated the changes in a cluster
  • Included documentation changes with PR

@openshift-ci OpenShift CI
Copy link
Contributor

openshift-ci bot commented Apr 22, 2025

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: alvlkov
Once this PR has been reviewed and has the lgtm label, please assign mitalibhalla for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

Makdaam
Makdaam reviewed Jul 8, 2025
View reviewed changes
Makdaam
Makdaam reviewed Jul 8, 2025
View reviewed changes
@typeid
Copy link
Member

typeid commented Jul 9, 2025

@alvlkov What is the process on the MCS side to ensure you revert the ingress access logging after a time period? Adding ingress access logging can result in additional resource usage, we want to ensure this is something that is disabled again after analysis is done.

alvlkov
alvlkov commented Jul 9, 2025
View reviewed changes
Copy link
Author

@alvlkov alvlkov left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Removed httpLogFormat from toggle response and fixed ACCESS_LOGGING variable reference

@alvlkov
Copy link
Author

alvlkov commented Jul 10, 2025

@alvlkov What is the process on the MCS side to ensure you revert the ingress access logging after a time period? Adding ingress access logging can result in additional resource usage, we want to ensure this is something that is disabled again after analysis is done.

AFAIK there is no specific process to ensure this.

@alvlkov @Makdaam
Apply suggestions from code review
b1c4167 
Removed httpLogFormat from toggle response and fixed ACCESS_LOGGING variable reference

Co-authored-by: Leszek Jakubowski <[email protected]>
@alvlkov
Copy link
Author

alvlkov commented Jul 10, 2025

/retest

@openshift-ci OpenShift CI
Copy link
Contributor

openshift-ci bot commented Jul 10, 2025

@alvlkov: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/images b1c4167 link true /test images

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

@typeid
Copy link
Member

typeid commented Jul 10, 2025
edited
Loading

AFAIK there is no specific process to ensure this.

Can we ensure that's the case?

@alvlkov
Copy link
Author

alvlkov commented Jul 14, 2025
edited
Loading

@alvlkov What is the process on the MCS side to ensure you revert the ingress access logging after a time period? Adding ingress access logging can result in additional resource usage, we want to ensure this is something that is disabled again after analysis is done.

Can we ensure that's the case?

We are documenting all MCS/CEE scripts here. This specific script, once approved/merged, will be added to the mentioned doc. Additionally, it will be marked as CRU-only script. These scripts impact clusters and must be executed by a CRU (Critical Response Unit) member. We can further add additional note explicitly requiring to toggle off the access logging once CRU activity is finished.

Thanks
Regards

@typeid
Copy link
Member

typeid commented Jul 28, 2025

LGTM for the code. Pending compliance review for merge https://issues.redhat.com/browse/HCMSEC-611.
Please ensure we document removal of the toggle in the CRU flow.

/lgtm

@openshift-ci openshift-ci bot added the lgtm Indicates that a PR is ready to be merged. label Jul 28, 2025
@typeid
Copy link
Member

typeid commented Jul 28, 2025

/hold for compliance review https://issues.redhat.com/browse/HCMSEC-611.

@openshift-ci openshift-ci bot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Jul 28, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@feichashao feichashao Awaiting requested review from feichashao

@hectorakemp hectorakemp Awaiting requested review from hectorakemp

1 more reviewer

@Makdaam Makdaam Makdaam left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

@typeid typeid

Labels

do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. lgtm Indicates that a PR is ready to be merged.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@alvlkov @typeid @Makdaam