epostnikof/kubespray
1
0
Fork 0
mirror of https://github.com/kubernetes-sigs/kubespray.git synced 2026-03-09 03:37:36 +03:00
Code Issues Packages Projects Releases Wiki Activity

Support audit

Browse Source
This commit is contained in:
rongzhang
2018-08-15 16:41:13 +08:00
parent a11e1eba9e
commit 2ffc1afe40
9 changed files with 217 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
roles/kubernetes/master/templates/manifests/kube-apiserver.manifest.j2
View File

@@ -28,6 +28,13 @@ spec:
command:
- /hyperkube
- apiserver
{% if kubernetes_audit %}
- --audit-log-path={{ audit_log_path }}
- --audit-log-maxage={{ audit_log_maxage }}
- --audit-log-maxbackup={{ audit_log_maxbackups }}
- --audit-log-maxsize={{ audit_log_maxsize }}
- --audit-policy-file={{ audit_policy_file }}
{% endif %}
- --advertise-address={{ ip | default(ansible_default_ipv4.address) }}
- --etcd-servers={{ etcd_access_addresses }}
{% if etcd_events_cluster_enabled %}
@@ -184,6 +191,14 @@ spec:
- mountPath: /etc/ssl/certs/ca-bundle.crt
name: rhel-ca-bundle
readOnly: true
{% endif %}
{% if kubernetes_audit %}
- mountPath: {{ audit_log_mountpath }}
name: {{ audit_log_name }}
Writable: true
- mountPath: {{ audit_policy_mountpath }}
name: {{ audit_policy_name }}
Writable: true
{% endif %}
volumes:
- hostPath:
@@ -205,3 +220,11 @@ spec:
path: /etc/ssl/certs/ca-bundle.crt
name: rhel-ca-bundle
{% endif %}
{% if kubernetes_audit %}
- hostPath:
path: {{ audit_log_hostpath }}
name: {{ audit_log_name }}
- hostPath:
path: {{ audit_policy_hostpath }}
name: {{ audit_policy_name }}
{% endif %}