epostnikof/kubespray
1
0
Fork 0
mirror of https://github.com/kubernetes-sigs/kubespray.git synced 2026-03-09 19:58:07 +03:00
Code Issues Packages Projects Releases Wiki Activity

Support audit

Browse Source
This commit is contained in:
rongzhang
2018-08-15 16:41:13 +08:00
parent a11e1eba9e
commit 2ffc1afe40
9 changed files with 217 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
roles/kubernetes/master/templates/kubeadm-config.v1alpha2.yaml.j2
View File

@@ -12,6 +12,12 @@ etcd:
caFile: {{ kube_config_dir }}/ssl/etcd/ca.pem
certFile: {{ kube_config_dir }}/ssl/etcd/node-{{ inventory_hostname }}.pem
keyFile: {{ kube_config_dir }}/ssl/etcd/node-{{ inventory_hostname }}-key.pem
{% if kubernetes_audit %}
auditPolicy:
logDir: {{ audit_log_path }}
logMaxAge: {{ audit_log_maxage }}
path: {{ audit_policy_file }}
{% endif %}
networking:
dnsDomain: {{ dns_domain }}
serviceSubnet: {{ kube_service_addresses }}
@@ -82,6 +88,12 @@ controllerManagerExtraArgs:
node-monitor-grace-period: {{ kube_controller_node_monitor_grace_period }}
node-monitor-period: {{ kube_controller_node_monitor_period }}
pod-eviction-timeout: {{ kube_controller_pod_eviction_timeout }}
{% if kubernetes_audit %}
apiServerExtraVolumes:
- name: {{ audit_policy_name }}
hostPath: {{ audit_policy_hostpath }}
mountPath: {{ audit_policy_mountpath }}
{% endif %}
{% if cloud_provider is defined and cloud_provider in ["openstack"] and openstack_cacert is defined %}
controllerManagerExtraVolumes:
- name: openstackcacert
@@ -113,3 +125,7 @@ nodeRegistration:
taints:
- effect: NoSchedule
key: node-role.kubernetes.io/master
{% if kubernetes_audit %}
featureGates:
Auditing: true
{% endif %}