Learn how to configure a retention period for Red Hat Advanced Cluster Security for Kubernetes alerts.

With Red Hat Advanced Cluster Security for Kubernetes, you can configure the time to keep historical alerts stored. Red Hat Advanced Cluster Security for Kubernetes then deletes the older alerts after the specified time.

By automatically deleting alerts that are no longer needed, you can save storage costs.

The alerts for which you can configure the retention period include:

  • Runtime alerts, both unresolved (active) and resolved.

  • Stale deploy-time alerts that do not apply to the current deployment.

  • Data retention settings are enabled by default. You can change these settings after the installation.

  • When you upgrade Red Hat Advanced Cluster Security for Kubernetes, data retention settings are not applied unless you have enabled them before.

  • You can configure alert retention settings by using the RHACS portal or the API.

  • The deletion process runs every hour. Currently, you cannot change this.

Configuring alert data retention

You can configure alert retention settings by using the RHACS portal.

Prerequisites
  • You must have the Config role with read and write permissions to configure data retention.

Procedure
  1. On the RHACS portal, navigate to Platform ConfigurationSystem Configuration.

  2. On the System Configuration view header, click Edit.

  3. Under the Data Retention Configuration section, update the number of days for each type of data:

    • All Runtime Violations

    • Resolved Deploy-Phase Violations

    • Runtime Violations For Deleted Deployments

    • Images No Longer Deployed

      To save a type of data forever, set the retention period to 0 days.

  4. Click Save.

To configure alert data retention by using Red Hat Advanced Cluster Security for Kubernetes API, view the PutConfig API and related APIs in the ConfigService group in the API reference documentation.