epostnikof/kubespray
1
0
Fork 0
mirror of https://github.com/kubernetes-sigs/kubespray.git synced 2026-03-09 19:58:07 +03:00
Code Issues Packages Projects Releases Wiki Activity

add audit webhook support (#6317)

Browse Source 
* add audit webhook support

* use generic name auditsink
This commit is contained in:
Konstantin Lebedev
2020-07-20 13:32:54 +05:00
committed by GitHub
parent 1a1fe99669
commit a7ec0ed587
4 changed files with 40 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
roles/kubernetes/master/tasks/kubeadm-setup.yml
View File

@@ -80,13 +80,19 @@
file:
path: "{{ audit_policy_file | dirname }}"
state: directory
when: kubernetes_audit|default(false)
when: kubernetes_audit|default(false) or kubernetes_audit_webhook|default(false)
- name: Write api audit policy yaml
template:
src: apiserver-audit-policy.yaml.j2
dest: "{{ audit_policy_file }}"
when: kubernetes_audit|default(false)
when: kubernetes_audit|default(false) or kubernetes_audit_webhook|default(false)
- name: Write api audit webhook config yaml
template:
src: apiserver-audit-webhook-config.yaml.j2
dest: "{{ audit_webhook_config_file }}"
when: kubernetes_audit_webhook|default(false)
# Nginx LB(default), If kubeadm_config_api_fqdn is defined, use other LB by kubeadm controlPlaneEndpoint.
- name: set kubeadm_config_api_fqdn define