Chapter 6. Enabling alert data retention
Learn how to configure a retention period for Red Hat Advanced Cluster Security for Kubernetes alerts.
With Red Hat Advanced Cluster Security for Kubernetes, you can configure the time to keep historical alerts stored. Red Hat Advanced Cluster Security for Kubernetes then deletes the older alerts after the specified time.
By automatically deleting alerts that are no longer needed, you can save storage costs.
The alerts for which you can configure the retention period include:
- Runtime alerts, both unresolved (active) and resolved.
- Stale deploy-time alerts that do not apply to the current deployment.
- Data retention settings are enabled by default. You can change these settings after the installation.
- When you upgrade Red Hat Advanced Cluster Security for Kubernetes, data retention settings are not applied unless you have enabled them before.
- You can configure alert retention settings by using the RHACS portal or the API.
- The deletion process runs every hour. Currently, you cannot change this.
6.1. Configuring alert data retention
You can configure alert retention settings by using the RHACS portal.
Prerequisites
-
You must have the
Config
role withread
andwrite
permissions to configure data retention.
Procedure
-
In the RHACS portal, go to Platform Configuration
System Configuration. - On the System Configuration view header, click Edit.
Under the Data Retention Configuration section, update the number of days for each type of data:
- All Runtime Violations
- Resolved Deploy-Phase Violations
- Runtime Violations For Deleted Deployments
Images No Longer Deployed
NoteTo save a type of data forever, set the retention period to
0
days.
- Click Save.
To configure alert data retention by using Red Hat Advanced Cluster Security for Kubernetes API, view the PutConfig
API and related APIs in the ConfigService
group in the API reference documentation.