Bug 1852341: fix syslog k8s audit level conflict

[blockloop]

Also depends on
openshift/origin-aggregated-logging#1978

This change along with the OAL above provides the following output.
This was tested by creating rsyslog, configuring LF -> rsyslog, and
setting rsyslog to log to stdout

2020-09-04T16:26:44+00:00 fluentd-94rcl fluentd: kind:Event#011apiVersion:audit.k8s.io/v1#011level:info#011auditID:a0fad62d-99f1-4cbd-97a0-0f5b7d37039b#011stage:ResponseComplete#011requestURI:/apis/batch/v1beta1/namespaces/openshift-logging/cronjobs/elasticsearch-delete-app/status#011verb:update#011user:{"username"=>"system:serviceaccount:kube-system:cronjob-controller", "uid"=>"c9f0cc6f-90d6-4c2a-829e-3dbcf6585242", "groups"=>["system:serviceaccounts", "system:serviceaccounts:kube-system", "system:authenticated"]}#011sourceIPs:["::1"]#011userAgent:kube-controller-manager/v1.18.3+8b0a82f (linux/amd64) kubernetes/8b0a82f/system:serviceaccount:kube-system:cronjob-controller#011objectRef:{"resource"=>"cronjobs", "namespace"=>"openshift-logging", "name"=>"elasticsearch-delete-app", "uid"=>"222b3bb4-03f0-444d-8958-49789484c197", "apiGroup"=>"batch", "apiVersion"=>"v1beta1", "resourceVersion"=>"74794", "subresource"=>"status"}#011responseStatus:{"code"=>200}#011requestReceivedTimestamp:2020-09-04T16:26:44.374554Z#011stageTimestamp:2020-09-04T16:26:44.377541Z#011annotations:{"authorization.k8s.io/decision"=>"allow", "authorization.k8s.io/reason"=>"RBAC: allowed by ClusterRoleBinding \"system:controller:cronjob-controller\" of ClusterRole \"system:controller:cronjob-controller\" to ServiceAccount \"cronjob-controller/kube-system\""}#011k8s_audit_level:Metadata#011message:#011hostname:ip-10-0-214-88.us-west-2.compute.internal#011pipeline_metadata:{"collector"=>{"ipaddr4"=>"10.0.214.88", "inputname"=>"fluent-plugin-systemd", "name"=>"fluentd", "received_at"=>"2020-09-04T16:26:44.377904+00:00", "version"=>"1.7.4 1.6.0"}}#011@timestamp:2020-09-04T16:26:44.374554+00:00#011viaq_index_name:audit-write#011viaq_msg_id:NWE0Njk2MjYtYzRkZS00MWE2LTk5ZTItN2NiYjUzZWExMjRk#011kubernetes:{}#011openshift:{"labels"=>{"logforwarder"=>"audit-log"}}

/cc @ewolinetz
/assign @jcantrill

[openshift-ci-robot]

@blockloop: This pull request references Bugzilla bug 1852341, which is valid. The bug has been updated to refer to the pull request using the external bug tracker.

3 validation(s) were run on this bug

• bug is open, matching expected state (open)
• bug target release (4.6.0) matches configured target release for branch (4.6.0)
• bug is in the state POST, which is one of the valid states (NEW, ASSIGNED, ON_DEV, POST, POST)

In response to this:

Bug 1852341: fix syslog k8s audit level conflict

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[blockloop]

/test e2e-operator

[jcantrill]

/retest

[ewolinetz]

/lgtm

[openshift-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: blockloop, ewolinetz

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [ewolinetz]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-ci-robot]

@blockloop: Some pull requests linked via external trackers have merged:

The following pull requests linked via external trackers have not merged:

• openshift/origin-aggregated-logging#1978 is open

These pull request must merge or be unlinked from the Bugzilla bug in order for it to move to the next state.

Bugzilla bug 1852341 has not been moved to the MODIFIED state.

In response to this:

Bug 1852341: fix syslog k8s audit level conflict

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.