[BUG] Kubernetes API Server Logging (Diagnostic settings) Categories: Incorrect Log Filtering and Size Handling

[aritraghosh]

Description:
We've identified an issue with how our system processes three distinct [Kubernetes API server logging categories](https://learn.microsoft.com/en-us/azure/aks/monitor-aks#aks-control-planeresource-logs). This issue affects log delivery and storage efficiency for customers using specific diagnostic settings.

Affected Components:

• kube-apiserver: Non-audit logs from Kubernetes API server
• kube-audit: Complete Kubernetes audit logs
• kube-audit-admin: Selective audit logs for mutating operations (PUT, PATCH, CREATE, etc.)

Current Behavior:

1. When kube-apiserver or kube-audit-admin is enabled:

   • System incorrectly includes full kube-audit logs in addition to the requested log category
   • Results in unexpected log volume delivery to the destination

2. When kube-apiserver is enabled:

   • Large audit log fields (responseObject and requestObject) are not properly truncated to storage limits
   • Leads to partial JSON objects being stored, truncated at 32KB
   • Affects log integrity and parsing capabilities

Impact:

• Storage accounts may contain malformed JSON due to improper truncation
• Potential processing overhead
• No loss of requested log data, but additional unrequested data is being delivered

Customer Action Required:
None. The fix is rolling out. No action is needed from the customer