Soon, all Red Hat OpenShift documentation will only be available on docs.redhat.com, the official location of all Red Hat product documentation. Get familiar with the updated experience today!
  1. Documentation
    2. history bug_report picture_as_pdf
×

Configuring log levels for cert-manager and the cert-manager Operator for Red Hat OpenShift

To troubleshoot issues with the cert-manager components and the cert-manager Operator for Red Hat OpenShift, you can configure the log level verbosity.

To use different log levels for different cert-manager components, see Customizing cert-manager Operator API fields.

Setting a log level for cert-manager

You can set a log level for cert-manager to determine the verbosity of log messages.

Prerequisites

  • You have access to the cluster with cluster-admin privileges.

  • You have installed version 1.11.1 or later of the cert-manager Operator for Red Hat OpenShift.

Procedure

  1. Edit the CertManager resource by running the following command:

    $ oc edit certmanager.operator cluster

  2. Set the log level value by editing the spec.logLevel section:

    apiVersion: operator.openshift.io/v1alpha1
kind: CertManager
...
spec:
  logLevel: Normal (1)
    1 The default logLevel is Normal. Replace Normal with the desired log level value. The valid log level values for the CertManager resource are Normal, Debug, Trace, and TraceAll. To audit logs and perform common operations when everything is fine, set logLevel to Normal . To troubleshoot a minor issue by viewing verbose logs, set logLevel to Debug . To troubleshoot a major issue by viewing more verbose logs, you can set logLevel to Trace. To troubleshoot serious issues, set logLevel to TraceAll.

    TraceAll generates huge amount of logs. After setting logLevel to TraceAll, you might experience performance issues.

  3. Save your changes and quit the text editor to apply your changes.

    After applying the changes, the verbosity level for the cert-manager components controller, CA injector, and webhook is updated.

Setting a log level for the cert-manager Operator for Red Hat OpenShift

You can set a log level for the cert-manager Operator for Red Hat OpenShift to determine the verbosity of the operator log messages.

Prerequisites

  • You have access to the cluster with cluster-admin privileges.

  • You have installed version 1.11.1 or later of the cert-manager Operator for Red Hat OpenShift.

Procedure

  • Update the subscription object for cert-manager Operator for Red Hat OpenShift to provide the verbosity level for the operator logs by running the following command:

    $ oc -n cert-manager-operator patch subscription openshift-cert-manager-operator --type='merge' -p '{"spec":{"config":{"env":[{"name":"OPERATOR_LOG_LEVEL","value":"v"}]}}}' (1)
    1 Replace v with the desired log level number. The valid values for v can range from 1`to `10. The default value is 2.
Verification

  1. The cert-manager Operator pod is redeployed. Verify that the log level of the cert-manager Operator for Red Hat OpenShift is updated by running the following command:

    $ oc set env deploy/cert-manager-operator-controller-manager -n cert-manager-operator --list | grep -e OPERATOR_LOG_LEVEL -e container
    Example output
    # deployments/cert-manager-operator-controller-manager, container kube-rbac-proxy
OPERATOR_LOG_LEVEL=9
# deployments/cert-manager-operator-controller-manager, container cert-manager-operator
OPERATOR_LOG_LEVEL=9

  2. Verify that the log level of the cert-manager Operator for Red Hat OpenShift is updated by running the oc logs command:

    $ oc logs deploy/cert-manager-operator-controller-manager -n cert-manager-operator

Additional resources