Red Hat Advanced Cluster Security for Kubernetes (RHACS) provides the option to configure your system to automatically remove nonactive clusters from RHACS so that you can monitor active clusters only. Note that only clusters that were installed and performed a handshake with Central at least one time are monitored initially. If this feature is enabled, when Central has been unable to reach Sensor in a cluster for the period of time configured in the Decomissioned cluster age field, the cluster is considered nonactive in RHACS. Central will then no longer monitor nonactive clusters. You can configure the Decommissioned cluster age field in the Platform Configuration → System Configuration page. When configuring this feature, you can add a label for the cluster so that RHACS continues to monitor the cluster even if it becomes nonactive.
Removal of nonactive clusters from RHACS is disabled by default. To enable this setting, enter a nonzero number in the Decommissioned cluster age field, as described in the following procedure. The Decommissioned cluster age field indicates the number of days that a cluster can remain unreachable before it is considered nonactive. When a cluster is nonactive, the Clusters page displays the status of the cluster. Nonactive clusters are indicated with the unhealthy
label and the window shows the number of days after which the cluster will be removed from RHACS if it continues to remain nonactive. After a cluster is removed from RHACS, that action is documented with an info
log in the Central logs.
There is a 24-hour grace period after enabling this setting before clusters are removed. The cluster that hosts Central is never removed. |
You can configure RHACS to automatically remove nonactive clusters from RHACS. Nonactive clusters are those that were installed and performed a handshake with Central at least once but have been unreachable by Sensor for a specified period of time. You can also label clusters so that they are not removed when they are unreachable.
In the RHACS portal, go to Platform Configuration → System Configuration.
In the System Configuration header, click Edit.
In the Cluster deletion section, you can configure the following fields:
Decommissioned cluster age: The number of days that a cluster is unreachable before it is considered for removal from RHACS. If Central cannot reach Sensor on the cluster for this number of days, the cluster and all of its resources are removed from RHACS. To leave this feature disabled, which is the default behavior, enter 0
in this field. To enable this feature, enter a nonzero number, such as 90
, to configure the number of unreachable days.
Ignore clusters which have labels: To prevent a cluster from being removed, you can configure a label by entering a key and value in this section. Clusters with this label will not be removed, even if they have been unreachable for the number of days set in the Decommissioned cluster age field.
Key: Enter the label to use for the cluster.
Value: Enter the value associated with the key.
For example, to preserve production clusters from removal, you can configure a key of cluster-type
and a value of production
.
In the Cluster deletion section, click Clusters which have Sensor Status: Unhealthy to go to the Clusters list page. This page is filtered to show nonactive clusters that are subject to removal and a timeframe for the removal from RHACS. |
Click Save.
To view and configure this option by using the API, use the |
Nonactive clusters are clusters that were installed and performed a handshake with Central at least once but have been unreachable by Sensor for a specified period of time. Use this procedure to view a list of these clusters.
In the RHACS portal, go to Platform Configuration → System Configuration.
In the Cluster deletion section, click Clusters which have Sensor Status: Unhealthy to go to the Clusters list page. This page is filtered to show nonactive clusters that are subject to removal from RHACS and a timeframe for the removal.
If this feature is enabled after a cluster is considered nonactive, the counting of days towards removal starts from the time the cluster became nonactive, not from the time that the feature was enabled. If there are any nonactive clusters that you do not want removed, you can configure a label as described in the "Configuring cluster decommissioning" section. Clusters with those labels are ignored when the system removes nonactive clusters. |