add audit webhook support (#6317)

* add audit webhook support

* use generic name auditsink

roles/kubernetes/master/templates/apiserver-webhook-config.yaml.j2

@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: Config
+clusters:
+- cluster:
+    server: {{ audit_webhook_server_url }}
+  name: auditsink
+contexts:
+- context:
+    cluster: auditsink
+    user: ""
+  name: default-context
+current-context: default-context
+preferences: {}
+users: []

roles/kubernetes/master/templates/kubeadm-config.v1beta2.yaml.j2

@@ -169,6 +169,13 @@ apiServer:
     audit-log-maxsize: "{{ audit_log_maxsize }}"
     audit-policy-file: {{ audit_policy_file }}
 {% endif %}
+{% if kubernetes_audit_webhook %}
+    audit-webhook-config-file: {{ audit_webhook_config_file }}
+    audit-policy-file: {{ audit_policy_file }}
+    audit-webhook-mode: {{ audit_webhook_mode }}
+    audit-webhook-batch-max-size: "{{ audit_webhook_batch_max_size }}"
+    audit-webhook-batch-max-wait: "{{ audit_webhook_batch_max_wait }}"
+{% endif %}
 {% for key in kube_kubeadm_apiserver_extra_args %}
     {{ key }}: "{{ kube_kubeadm_apiserver_extra_args[key] }}"
 {% endfor %}
@@ -211,7 +218,7 @@ apiServer:
     hostPath: {{ kube_config_dir }}/webhook-token-auth-config.yaml
     mountPath: {{ kube_config_dir }}/webhook-token-auth-config.yaml
 {% endif %}
-{% if kubernetes_audit %}
+{% if kubernetes_audit or kubernetes_audit_webhook %}
   - name: {{ audit_policy_name }}
     hostPath: {{ audit_policy_hostpath }}
     mountPath: {{ audit_policy_mountpath }}