From 5a351b4b00b0ad334c0c31184f42809a5a159930 Mon Sep 17 00:00:00 2001
From: Kenichi Omichi <ken1ohmichi@gmail.com>
Date: Thu, 8 Apr 2021 07:52:56 -0700
Subject: [PATCH] Add condition for audit_webhook_mode batch (#7444)

According to the document[1], audit-webhook-batch-max-size and
audit-webhook-batch-max-wait are used only in the batch mode.
This adds a condition to avoid unnecessary writting on the config.

[1]: https://kubernetes.io/docs/tasks/debug-application-cluster/audit/#batching
---
 .../control-plane/templates/kubeadm-config.v1beta2.yaml.j2      | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/roles/kubernetes/control-plane/templates/kubeadm-config.v1beta2.yaml.j2 b/roles/kubernetes/control-plane/templates/kubeadm-config.v1beta2.yaml.j2
index 7c0761647..784e9e7de 100644
--- a/roles/kubernetes/control-plane/templates/kubeadm-config.v1beta2.yaml.j2
+++ b/roles/kubernetes/control-plane/templates/kubeadm-config.v1beta2.yaml.j2
@@ -186,9 +186,11 @@ apiServer:
 {% if kubernetes_audit_webhook %}
     audit-webhook-config-file: {{ audit_webhook_config_file }}
     audit-webhook-mode: {{ audit_webhook_mode }}
+{% if audit_webhook_mode == "batch" %}
     audit-webhook-batch-max-size: "{{ audit_webhook_batch_max_size }}"
     audit-webhook-batch-max-wait: "{{ audit_webhook_batch_max_wait }}"
 {% endif %}
+{% endif %}
 {% for key in kube_kubeadm_apiserver_extra_args %}
     {{ key }}: "{{ kube_kubeadm_apiserver_extra_args[key] }}"
 {% endfor %}
-- 
GitLab