commit
f453567cce
|
@ -37,7 +37,7 @@ audit_log_maxsize: 100
|
|||
# policy file
|
||||
audit_policy_file: "{{ kube_config_dir }}/audit-policy/apiserver-audit-policy.yaml"
|
||||
# custom audit policy rules (to replace the default ones)
|
||||
# audit_policy_custom_rules: >
|
||||
# audit_policy_custom_rules: |
|
||||
# - level: None
|
||||
# users: []
|
||||
# verbs: []
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
apiVersion: audit.k8s.io/v1beta1
|
||||
kind: Policy
|
||||
rules:
|
||||
{% if audit_policy_custom_rules is defined and audit_policy_custom_rules != "" -%}
|
||||
{% if audit_policy_custom_rules is defined and audit_policy_custom_rules != "" %}
|
||||
{{ audit_policy_custom_rules | indent(2, true) }}
|
||||
{% else %}
|
||||
# The following requests were manually identified as high-volume and low-risk,
|
||||
|
|
|
@ -80,9 +80,9 @@ apiServerExtraArgs:
|
|||
allow-privileged: "true"
|
||||
{% if kubernetes_audit %}
|
||||
audit-log-path: {{ audit_log_path }}
|
||||
audit-log-maxage: {{ audit_log_maxage }}
|
||||
audit-log-maxbackup: {{ audit_log_maxbackups }}
|
||||
audit-log-maxsize: {{ audit_log_maxsize }}
|
||||
audit-log-maxage: "{{ audit_log_maxage }}"
|
||||
audit-log-maxbackup: "{{ audit_log_maxbackups }}"
|
||||
audit-log-maxsize: "{{ audit_log_maxsize }}"
|
||||
audit-policy-file: {{ audit_policy_file }}
|
||||
{% endif %}
|
||||
{% for key in kube_kubeadm_apiserver_extra_args %}
|
||||
|
@ -107,7 +107,7 @@ apiServerExtraVolumes:
|
|||
- name: {{ audit_log_name }}
|
||||
hostPath: {{ audit_log_hostpath }}
|
||||
mountPath: {{ audit_log_mountpath }}
|
||||
Writable: true
|
||||
writable: true
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
{% if kube_feature_gates %}
|
||||
|
@ -135,7 +135,3 @@ nodeRegistration:
|
|||
taints:
|
||||
- effect: NoSchedule
|
||||
key: node-role.kubernetes.io/master
|
||||
{% if kubernetes_audit %}
|
||||
featureGates:
|
||||
Auditing: true
|
||||
{% endif %}
|
||||
|
|
Loading…
Reference in New Issue