• A number of  a cluster Node Pool/s were recreated after a Edit of the Workload Cluster Node Pools using the Tanzu Mission Control console. 

•  Tanzu Mission Control.

Notes:

1. Make sure you have the appropriate permissions. (To generate an audit report, you must be associated with the organization.admin role).
2. The audit log will show the account that triggered the nodepool creation but it won't show cluster information.
3. Tanzu Mission Control patches the cluster only when users request to create, update, or delete the node pool of the Workload Cluster.

• Login to the Tanzu Mission Control console.
• Generate an Audit Report after Specify the start date and end date for the report 
• Download an Audit Report

• Extract the audit.log file from the audit.log.gz
• Grep for the following events "grpc.service":"vmware.tanzu.manage.v1alpha1.cluster.nodepool.NodepoolResourceService" and "grpc.method":"Update"  to find the requests for patch the Workload Cluster.

For example, One can use the following command to find the request which updated cluster at 2023-07-01T14:25:24Z

cat audit.log | grep NodepoolResourceService | grep Update | grep "2023-07-01 14:25"  

"org.id":"#####-####-####-###-###########", "event.type":"com.vmware.tmc.audit", "user.id":"######################:#########-###-#######", "user.name":"USER####", "user.email":"[email protected]", "operator.org.id":"", "operator.user.id":"", "service.id":"", "agent.id":"", "client.name":"ui", "client.version":"", "grpc.service":"vmware.tanzu.manage.v1alpha1.cluster.nodepool.NodepoolResourceService", "grpc.method":"Update", "grpc.code":"OK", "request.id":"##########-########-###", "state":"Cluster_Nodepool_Service - Update - Request_accepted", "extra.info":"map[]", "time":"2023-07-01 14:25:25.2769723 +0000 UTC" }