Skip to main content
Version: 3.18 (latest)

Configure data retention

Big picture​

Configure how long to retain logs and compliance reports.

Before you begin...​

Review LogStorageSpec.Retention and determine the appropriate values for your deployment.

note

LogStorage has built-in retention thresholds of 80% for total storage, and 70% for logs (flow and DNS). If either of these are exceeded, the oldest records and logs are removed.

How to​

Configure data retention​

Create or update the LogStorage resource by adding or updating the retention section. In the following example, auditReports, snapshots, and complianceReports are retained for 90 days, and flows are retained for 7 days.

apiVersion: operator.tigera.io/v1
kind: LogStorage
metadata:
  name: tigera-secure
spec:
  retention:
    auditReports: 91
    snapshots: 91
    complianceReports: 91
    flows: 8
  nodes:
    count: 1

This configuration can be done at initial creation of the LogStorage resource or by updating it after it is created, like in the following example:

kubectl patch logstorage tigera-secure --type merge -p '{"spec":{"retention":{"flows":8}}}'
kubectl patch logstorage tigera-secure --type merge -p '{"spec":{"retention":{"auditReports":91}}}'
kubectl patch logstorage tigera-secure --type merge -p '{"spec":{"retention":{"snapshots":91}}}'
kubectl patch logstorage tigera-secure --type merge -p '{"spec":{"retention":{"complianceReports":91}}}'