Document log sanitization feature (#24845)

* Document log sanitization feature

* Fill in log sanitization documentation

* Update content/en/docs/concepts/cluster-administration/system-logs.md

Co-authored-by: Marek Siarkowicz <marek.siarkowicz@protonmail.com>

Co-authored-by: Rob Franken <rfranken@google.com>
Co-authored-by: Rob Franken <rob@rob-franken.nl>

content/en/docs/concepts/cluster-administration/system-logs.md

@@ -91,6 +91,27 @@ List of components currently supporting JSON format:
 * {{< glossary_tooltip term_id="kube-scheduler" text="kube-scheduler" >}}
 * {{< glossary_tooltip term_id="kubelet" text="kubelet" >}}
 
+### Log sanitization
+
+{{< feature-state for_k8s_version="v1.20" state="alpha" >}}
+
+{{<warning >}}
+Log sanitization might incur significant computation overhead and therefore should not be enabled in production.
+{{< /warning >}}
+
+The `--experimental-logging-sanitization` controls if a sanitization filter will be installed in klog.
+If enabled all log arguments are inspected for fields tagged as sensitive data (e.g. passwords, keys, tokens) and logging of these fields will be prevented.
+
+List of components currently supporting log sanitization:
+* {{< glossary_tooltip term_id="kube-controller-manager" text="kube-controller-manager" >}}
+* {{< glossary_tooltip term_id="kube-apiserver" text="kube-apiserver" >}}
+* {{< glossary_tooltip term_id="kube-scheduler" text="kube-scheduler" >}}
+* {{< glossary_tooltip term_id="kubelet" text="kubelet" >}}
+
+{{< note >}}
+This is not interacting with user workload logs, so it won't prevent users workloads from leaking sensitive data.
+{{< /note >}}
+
 ### Log verbosity level
 
 The `-v` flag controls log verbosity. Increasing the value increases the number of logged events. Decreasing the value decreases the number of logged events.