Merge pull request #3132 from mirwan/custom_audit_policy

Custom audit policy
pull/2118/merge
Andreas Krüger 2018-08-20 10:42:38 +02:00 committed by GitHub
commit 69749a5b7b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 10 additions and 0 deletions

View File

@ -36,6 +36,12 @@ audit_log_maxbackups: 1
audit_log_maxsize: 100 audit_log_maxsize: 100
# policy file # policy file
audit_policy_file: "{{ kube_config_dir }}/audit-policy/apiserver-audit-policy.yaml" audit_policy_file: "{{ kube_config_dir }}/audit-policy/apiserver-audit-policy.yaml"
# custom audit policy rules (to replace the default ones)
# audit_policy_custom_rules: >
# - level: None
# users: []
# verbs: []
# resources: []
# audit log hostpath # audit log hostpath
audit_log_name: audit-logs audit_log_name: audit-logs

View File

@ -1,6 +1,9 @@
apiVersion: audit.k8s.io/v1beta1 apiVersion: audit.k8s.io/v1beta1
kind: Policy kind: Policy
rules: rules:
{% if audit_policy_custom_rules is defined and audit_policy_custom_rules != "" -%}
{{ audit_policy_custom_rules | indent(2, true) }}
{% else %}
# The following requests were manually identified as high-volume and low-risk, # The following requests were manually identified as high-volume and low-risk,
# so drop them. # so drop them.
- level: None - level: None
@ -123,3 +126,4 @@ rules:
- level: Metadata - level: Metadata
omitStages: omitStages:
- "RequestReceived" - "RequestReceived"
{% endif %}