Configuring log levels for cert-manager and the {cert-manager-operator}
To troubleshoot issues with the cert-manager components and the cert-manager Operator for Red Hat OpenShift, you can configure the log level verbosity.
Note
To use different log levels for different cert-manager components, see Customizing cert-manager Operator API fields.
Setting a log level for cert-manager
To troubleshoot issues and control log volume, configure the log level for the cert-manager Operator for Red Hat OpenShift. You can set specific verbosity levels to capture the necessary details for debugging or to reduce noise in your cluster logs.
-
You have access to the cluster with
cluster-adminprivileges. -
You have installed version 1.11.1 or later of the cert-manager Operator for Red Hat OpenShift.
-
Edit the
CertManagerresource by running the following command:$ oc edit certmanager.operator cluster -
Set the log level value by editing the
spec.logLevelsection:apiVersion: operator.openshift.io/v1alpha1 kind: CertManager ... spec: logLevel: <log_level>The valid log level values for the
CertManagerresource areNormal,Debug,Trace, andTraceAll. To audit logs and perform common operations when there are no issues, setlogLeveltoNormal. To troubleshoot a minor issue by viewing verbose logs, setlogLeveltoDebug. To troubleshoot a major issue by viewing more verbose logs, you can setlogLeveltoTrace. To troubleshoot serious issues, setlogLeveltoTraceAll. The defaultlogLevelisNormal.Note
TraceAllgenerates huge amount of logs. After settinglogLeveltoTraceAll, you might experience performance issues. -
Save your changes and quit the text editor to apply your changes.
After applying the changes, the verbosity level for the cert-manager components controller, CA injector, and webhook is updated.
Setting a log level for the cert-manager Operator for Red Hat OpenShift
To troubleshoot issues and control log volume, set the log level for the cert-manager Operator for Red Hat OpenShift. You can configure the verbosity of the Operator log messages to capture the specific details required for your environment.
-
You have access to the cluster with
cluster-adminprivileges. -
You have installed version 1.11.1 or later of the cert-manager Operator for Red Hat OpenShift.
-
Update the subscription object for cert-manager Operator for Red Hat OpenShift to provide the verbosity level for the operator logs by running the following command:
$ oc -n cert-manager-operator patch subscription openshift-cert-manager-operator --type='merge' -p '{"spec":{"config":{"env":[{"name":"OPERATOR_LOG_LEVEL","value":"v"}]}}}'Replace
vwith the desired log level number. The valid values forvcan range from1`to `10. The default value is2.
-
The cert-manager Operator pod is redeployed. Verify that the log level of the cert-manager Operator for Red Hat OpenShift is updated by running the following command:
$ oc set env deploy/cert-manager-operator-controller-manager -n cert-manager-operator --list | grep -e OPERATOR_LOG_LEVEL -e containerExample output# deployments/cert-manager-operator-controller-manager, container kube-rbac-proxy OPERATOR_LOG_LEVEL=9 # deployments/cert-manager-operator-controller-manager, container cert-manager-operator OPERATOR_LOG_LEVEL=9 -
Verify that the log level of the cert-manager Operator for Red Hat OpenShift is updated by running the
oc logscommand:$ oc logs deploy/cert-manager-operator-controller-manager -n cert-manager-operator