Tutorial: Granting Yourself Access To Logs

You can grant read only access to your cluster’s audit and infrastructure logs stored in OOS. These logs are automatically stored in OOS buckets within the same Region as your cluster. For more information about OOS, see About OOS.

This tutorial explains how to grant yourself read access to these logs by adding your OUTSCALE account ID to the list of authorized readers in the OOSAccess resource. You will first learn how to retrieve your account ID, then how to apply the configuration to your cluster using a manifest.

Retrieving My Account ID

To grant yourself access to logs, you first need to retrieve the ID of your OUTSCALE account. You can do so using one of the three following methods. For more information, see Getting Information About Your Account and Quotas.

Retrieving My Account ID Using Cockpit

In the top right corner, click your initials.
A drop-down menu appears.
Hover over Account Settings and click Personal Information.

A page appears with your personal information at the top, among which your account ID.

Retrieving My Account ID Using OSC CLI

The ReadAccounts command gets information about the account that sent the request.

Request sample

$ osc-cli api ReadAccounts --profile "default"

The ReadAccounts command returns a list of elements, among which your account ID.

Retrieving My Account ID Using oapi-cli

The ReadAccounts command gets information about the account that sent the request.

Request sample

$ oapi-cli --profile "default" ReadAccounts

The ReadAccounts command returns a list of elements, among which your account ID.

Granting Yourself Access to Logs

You can grant your own OUTSCALE account read only access to the cluster’s audit and infrastructure logs by updating the OOSAccess custom resource.

Before you begin:

Ensure that you are connected to the target cluster using a valid kubeconfig file. For more information, see Accessing a Cluster > Using kubeconfig Files.
Ensure you have retrieved the log configuration of your cluster, as described in Getting Information About Logs.

Open the file containing the log configuration of your cluster and replace the sample account IDs under readers with your own OUTSCALE account ID:
Manifest sample
```
apiVersion: oks.dev/v1beta
kind: OOSAccess
metadata:
  name: oks-oos-configuration
spec:
  audit:
    readers:
    - "01234678901"
    - "01234678902"
   iaas:
    readers: []
(...)
```
One line per ID.

Multiple accounts can be specified under the readers section if needed, but for security reasons, we recommend you grant access to your own account only.
Apply the updated resource to your cluster using the following command:
Request sample
```
$ kubectl apply -f oosaccess.yaml
```
Your new configuration is applied.
Verify whether read access was successfully applied to your OUTSCALE account:
Request sample
```
$ kubectl get oosaccesses oks-oos-configuration  --output yaml
```
Your account ID should appear under the status section. For more information, see Getting Information About Logs.

Related Pages