Override ConfigMap to Restrict Logging to Specific Namespaces
How to override the logging configMap to restrict logging to specific namespaces.
As a cluster administrator, you may have a need to limit, or restrict, logging activities only to certain namespaces. Kommander allows you to do this by creating an override configMap that modifies the logging configuration created in the Create AppDeployment for Workspace Logging procedure.
Prerequisites
Implement each of the steps listed in Enable Workspace-level Logging.
Ensure that log data is available before you execute this procedure.
Create and use the Override Entries
To create and use the override configMap entries, follow these steps:
Execute the following command to get the namespace of your workspace:
CODEdkp get workspaces
And copy the value under the
NAMESPACE
column for your workspace.Set the
WORKSPACE_NAMESPACE
variable to the namespace copied in the previous step:CODEexport WORKSPACE_NAMESPACE=<WORKSPACE_NAMESPACE>
Identify one or more namespaces to which you want to restrict logging.
Create a file named
logging-operator-logging-overrides.yaml
and paste the following YAML code into it to create the overrides configMap:CODEapiVersion: v1 kind: ConfigMap metadata: name: logging-operator-logging-overrides namespace: ${WORKSPACE_NAMESPACE} data: values.yaml: | --- clusterFlows: - name: cluster-containers spec: globalOutputRefs: - loki match: - exclude: namespaces: - <your-namespace> - <your-other-namespace>
Add the relevant namespace values for
metadata.namespace
and theclusterFlows[0].spec.match[0].exclude.namespaces
values at the end of the file, and save the file.Use the following command to apply the YAML file:
CODEkubectl apply -f logging-operator-logging-overrides.yaml
Edit the
logging-operator
AppDeployment to set the value ofspec.configOverrides.name
tologging-operator-logging-overrides
.
(Refer to Deploy an application with a custom configuration for more information)CODEdkp edit appdeployment -n ${WORKSPACE_NAMESPACE} logging-operator
After your editing is complete, the AppDeployment resembles this example:
CODEapiVersion: apps.kommander.d2iq.io/v1alpha3 kind: AppDeployment metadata: name: logging-operator namespace: ${WORKSPACE_NAMESPACE} spec: appRef: name: logging-operator-3.17.10 kind: ClusterApp configOverrides: name: logging-operator-logging-overrides
Perform actions that generate log data, both in the specified namespaces and the namespaces you mean to exclude.
Verify that the log data contains only the data you expected to receive.