Improve Visibility of Kubernetes Clusters with Tanzu Mission Control Events and Audit Logs

December 8, 2022 Nipun Agarwal

Kubernetes administrators and platform operators want quick access to information to help identify, troubleshoot, and track what happens on their Kubernetes clusters at any given time. 

However, lack of user attributes in events and audit logs can make it difficult for them to know who triggered an action, so VMware Tanzu Mission Control is expanding visibility into that data to fast-track remediation. 

Users want a multi-cluster Kubernetes management tool with a consolidated view of cluster events (i.e., system-generated events) and audit logs (user-generated actions), so Tanzu Mission Control includes relevant information of what is happening on the cluster on a single screen. 

In addition, customers have asked for an automated way to export Tanzu Mission Control events and audit logs into their preferred logging tool via secure API access so they can analyze data at scale in the log management system they use in their daily operations.

Human-readable and useful key user attributes 

Tanzu Mission Control users who want to quickly identify who made a particular change in a specific Kubernetes cluster are now able to view audit event payload information, including useful, human-readable data of users’ registered emails.

Those changes may be the creation, deletion, or modification of a cluster, cluster group, or namespace. It also covers actions such as running inspections, applying policies, and more.

When administrators troubleshoot issues, being able to retrieve information about the current status of that particular event change and which user applied the change is very helpful for further follow-up. 

One of our large North American enterprise customers, a leader in software for the risk and asset management industry, wanted to understand which users were exhibiting an unusual usage pattern of clusters so they could reach out to them and understand those patterns. However, due to lack of user identifiers, even the admin in their organization found it difficult to get that answer. 

With this change, we are able to resolve this customer's pain point. Administrators can now view these additional details on the Tanzu Mission Control web user interface (UI) on the Events tab by clicking on the corresponding Audit event. Access to key user attributes in audit log events is now available to all users, including the option to download audit log files for offline use. 

Events in Tanzu Mission Control

The Tanzu Mission Control web UI showcasing Events tab content

More event types, all in one place 

During one of our product feedback sessions, a platform operator expressed his frustration with the inability to quickly troubleshoot the chain of events leading to an important event, such as cluster deletion on a specific cluster by a user. 

In order to address this pain point, the audit event type has been added to the list of existing event types (e.g., cluster health, cluster lifecycle, inspections, and more) that can be viewed by clicking on the Events tab on the left navigation menu on Tanzu Mission Control web UI. 

This will make it easier for customers to access audit log events on the Tanzu Mission Control web UI along with regular cluster events to provide a comprehensive view. 

Operators can now filter the list of events by name and type to see only the events they want to see using the rich filter capability in Tanzu Mission Control. In addition, specific audit events are now available from the UI itself without the need to request the download of an audit log file and subsequent offline processing in a log viewer to see the content. 

To be consistent with the existing experience, users can select any time period from the time range menu on the top right, starting from the last 10 minutes up to a maximum of the last three days.  

View events in Tanzu Mission Control based on time

The Tanzu Mission Control UI showcasing the Events Time filter

Import logs to your preferred logging system

One of the most common requests from our customers, including a North American not-for-profit corporation in the energy industry, has been to provide an automated way to securely export Tanzu Mission Control events via API to their preferred logging system. 

Now, customers can ingest Tanzu Mission Control events, including audit logs via an event stream API, a secure and scalable solution. 

For instructions on how to set up automated ingestion of events using a streaming API, visit this VMware developer resource. Keep track of our new features by visiting the Tanzu Mission Control release notes.

About the Author

Nipun Agarwal

Nipun Agarwal (PhD) leads product management of data fabric components in VMware Tanzu Mission Control. He has dedicated most of his career to building data-driven products for the software industry and, in his current role, he focuses on developing data products in Tanzu Mission Control to help customers understand the health of Kubernetes clusters and to get actionable insights to improve their overall experience managing cluster operations at scale.

More Content by Nipun Agarwal
VMware Tanzu Mission Control Year in Review: 2022 Edition
VMware Tanzu Mission Control Year in Review: 2022 Edition

In the past year, VMware Tanzu Mission Control evolved in many ways, including data protection, lifecycle m...

Many Kubernetes Clusters, One Control Plane, Your Private Environment
Many Kubernetes Clusters, One Control Plane, Your Private Environment

The VMware team is working to design and offer self-managed, private deployments of VMware Tanzu Mission Co...