Override ConfigMap to Restrict Logging to Specific Namespaces

How to override the logging configMap to restrict logging to specific namespaces

As a cluster administrator, you may have a need to limit, or restrict, logging activities only to certain namespaces. Kommander allows you to do this by creating an override configMap that modifies the logging configuration created in the Create AppDeployment for Workspace Logging procedure.


Create and use the override entries

To create and use the override configMap entries, follow these steps:

  1. Identify one or more namespaces to which you want to restrict logging.

  2. Create a file named logging-operator-logging-overrides.yaml and paste the following YAML code into it to create the overrides configMap:

    apiVersion: v1
    kind: ConfigMap
      name: logging-operator-logging-overrides
      namespace: <your-workspace-namespace>
      values.yaml: |
        - name: cluster-containers
            - loki
            - exclude:
                - <your-namespace>
                - <your-other-namespace>
  3. Add the relevant namespace values for metadata.namespace and the clusterFlows[0].spec.match[0].exclude.namespaces values at the end of the file, and save the file.

  4. Use the following command to apply the YAML file:

    kubectl apply -f logging-operator-logging-overrides.yaml
  5. Edit the logging-operator AppDeployment to replace the spec.configOverrides.name value with logging-operator-logging-overrides. (You can use the steps in the procedure, Deploy a service with a custom configuration as a guide.) When your editing is complete, the AppDeployment will resemble this code sample:

    apiVersion: apps.kommander.d2iq.io/v1alpha2
    kind: AppDeployment
      name: logging-operator
      namespace: ${WORKSPACE_NAMESPACE}
        name: logging-operator-3.17.2
        kind: ClusterApp
        name: logging-operator-logging-overrides
  6. Perform actions that generate log data, both in the specified namespaces and the namespaces you mean to exclude.

  7. Verify that the log data contains only the data you expected to receive.