commit
f453567cce
|
@ -37,7 +37,7 @@ audit_log_maxsize: 100
|
||||||
# policy file
|
# policy file
|
||||||
audit_policy_file: "{{ kube_config_dir }}/audit-policy/apiserver-audit-policy.yaml"
|
audit_policy_file: "{{ kube_config_dir }}/audit-policy/apiserver-audit-policy.yaml"
|
||||||
# custom audit policy rules (to replace the default ones)
|
# custom audit policy rules (to replace the default ones)
|
||||||
# audit_policy_custom_rules: >
|
# audit_policy_custom_rules: |
|
||||||
# - level: None
|
# - level: None
|
||||||
# users: []
|
# users: []
|
||||||
# verbs: []
|
# verbs: []
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
apiVersion: audit.k8s.io/v1beta1
|
apiVersion: audit.k8s.io/v1beta1
|
||||||
kind: Policy
|
kind: Policy
|
||||||
rules:
|
rules:
|
||||||
{% if audit_policy_custom_rules is defined and audit_policy_custom_rules != "" -%}
|
{% if audit_policy_custom_rules is defined and audit_policy_custom_rules != "" %}
|
||||||
{{ audit_policy_custom_rules | indent(2, true) }}
|
{{ audit_policy_custom_rules | indent(2, true) }}
|
||||||
{% else %}
|
{% else %}
|
||||||
# The following requests were manually identified as high-volume and low-risk,
|
# The following requests were manually identified as high-volume and low-risk,
|
||||||
|
|
|
@ -80,9 +80,9 @@ apiServerExtraArgs:
|
||||||
allow-privileged: "true"
|
allow-privileged: "true"
|
||||||
{% if kubernetes_audit %}
|
{% if kubernetes_audit %}
|
||||||
audit-log-path: {{ audit_log_path }}
|
audit-log-path: {{ audit_log_path }}
|
||||||
audit-log-maxage: {{ audit_log_maxage }}
|
audit-log-maxage: "{{ audit_log_maxage }}"
|
||||||
audit-log-maxbackup: {{ audit_log_maxbackups }}
|
audit-log-maxbackup: "{{ audit_log_maxbackups }}"
|
||||||
audit-log-maxsize: {{ audit_log_maxsize }}
|
audit-log-maxsize: "{{ audit_log_maxsize }}"
|
||||||
audit-policy-file: {{ audit_policy_file }}
|
audit-policy-file: {{ audit_policy_file }}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% for key in kube_kubeadm_apiserver_extra_args %}
|
{% for key in kube_kubeadm_apiserver_extra_args %}
|
||||||
|
@ -107,7 +107,7 @@ apiServerExtraVolumes:
|
||||||
- name: {{ audit_log_name }}
|
- name: {{ audit_log_name }}
|
||||||
hostPath: {{ audit_log_hostpath }}
|
hostPath: {{ audit_log_hostpath }}
|
||||||
mountPath: {{ audit_log_mountpath }}
|
mountPath: {{ audit_log_mountpath }}
|
||||||
Writable: true
|
writable: true
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if kube_feature_gates %}
|
{% if kube_feature_gates %}
|
||||||
|
@ -135,7 +135,3 @@ nodeRegistration:
|
||||||
taints:
|
taints:
|
||||||
- effect: NoSchedule
|
- effect: NoSchedule
|
||||||
key: node-role.kubernetes.io/master
|
key: node-role.kubernetes.io/master
|
||||||
{% if kubernetes_audit %}
|
|
||||||
featureGates:
|
|
||||||
Auditing: true
|
|
||||||
{% endif %}
|
|
||||||
|
|
Loading…
Reference in New Issue