iCompaas Support

Profile Applicability:

• Level 1
  
  

Description:

The --audit-log-maxsize argument specifies the maximum size (in megabytes) of an individual audit log file before it is rotated. Setting this argument to 100 ensures that each audit log file will be rotated once it reaches 100 MB in size. This helps prevent individual log files from becoming too large and unmanageable while allowing Kubernetes to continue generating audit logs without interruption.

Rationale:

Setting an appropriate log file size helps balance the need for retaining sufficient audit data while avoiding excessive storage use. If log files become too large, they can become difficult to manage and slow to process. By setting a value like 100 MB, Kubernetes will rotate logs before they become too large, helping maintain efficient log management and better performance.

Impact:

Pros:

• Prevents audit log files from growing too large, improving manageability.
  

• Helps with log rotation, making it easier to manage logs without consuming excessive disk space.
  

Cons:

• If set too low, logs may be rotated too frequently, leading to an increased number of smaller files to manage.
  

• Mismanagement of log rotation could result in the loss of audit data if logs are rotated too often or too infrequently.
  

Default Value:

The default value is typically not set, meaning no maximum size for audit logs is configured unless explicitly defined.

Pre-requisites:

• Ensure proper log rotation and storage policies are in place.
  

• Verify that sufficient disk space is available to accommodate rotated audit log files.

Test Plan:

Using AWS Console:

1. Sign in to the AWS Management Console.
   

2. Navigate to your EKS Cluster.
   

3. Go to the API server configuration and verify that the --audit-log-maxsize argument is set to 100 or another appropriate value in the configuration.
   

Using AWS CLI:

Run the following AWS CLI command to describe your EKS cluster's configuration:

aws eks describe-cluster --name <cluster-name> --query "cluster.config"

1. Ensure that the --audit-log-maxsize argument is set to 100 or an appropriate value.
   

Implementation Plan

Using AWS Console:

1. Navigate to the EKS cluster in the AWS Console.
   

2. Under the Cluster Configuration section, modify the API server's settings.
   

3. Set the --audit-log-maxsize argument to 100 or another appropriate value based on your storage policy.
   

4. Save the configuration and apply the changes.
   

Using AWS CLI:

Update the --audit-log-maxsize argument to 100 or an appropriate value:

aws eks update-cluster-config --name <cluster-name> --kubernetes-version <kubernetes-version> --audit-log-maxsize 100

Backout Plan

Using AWS Console:

1. Navigate to the EKS cluster's API server configuration.
   

2. If necessary, revert the --audit-log-maxsize argument to a previous value.
   

3. Save the configuration and redeploy the cluster.
   

Using AWS CLI:

If issues occur, revert the change using:

aws eks update-cluster-config --name <cluster-name> --kubernetes-version <kubernetes-version> --audit-log-maxsize <previous-maxsize-value>

References:

• Kubernetes API Server Command-Line Flags
  

• EKS Cluster Management