Fix install audit failed

1.fix audit log not write 2.fix Parameter not recognized 3.delete kubedm futuregates auditing and use apiServerExtraArgs

Fix install audit failed
5a435265 · rongzhang · 08353f29 · 5a435265 · 5a435265 · 5a435265
Commit 5a435265 authored 6 years ago by rongzhang
--- a/roles/kubernetes/master/defaults/main.yml
+++ b/roles/kubernetes/master/defaults/main.yml
@@ -37,7 +37,7 @@ audit_log_maxsize: 100
 # policy file
 audit_policy_file: "{{ kube_config_dir }}/audit-policy/apiserver-audit-policy.yaml"
 # custom audit policy rules (to replace the default ones)
-# audit_policy_custom_rules: >
+# audit_policy_custom_rules: |
 #   - level: None
 #     users: []
 #     verbs: []

--- a/roles/kubernetes/master/templates/apiserver-audit-policy.yaml.j2
+++ b/roles/kubernetes/master/templates/apiserver-audit-policy.yaml.j2
 apiVersion: audit.k8s.io/v1beta1
 kind: Policy
 rules:
-{% if audit_policy_custom_rules is defined and audit_policy_custom_rules != "" -%}
+{% if audit_policy_custom_rules is defined and audit_policy_custom_rules != "" %}
 {{ audit_policy_custom_rules | indent(2, true) }}
 {% else %}
  # The following requests were manually identified as high-volume and low-risk,

--- a/roles/kubernetes/master/templates/kubeadm-config.v1alpha2.yaml.j2
+++ b/roles/kubernetes/master/templates/kubeadm-config.v1alpha2.yaml.j2
@@ -80,9 +80,9 @@ apiServerExtraArgs:
  allow-privileged: "true"
 {% if kubernetes_audit %}
  audit-log-path: {{ audit_log_path }}
-  audit-log-maxage: {{ audit_log_maxage }}
-  audit-log-maxbackup: {{ audit_log_maxbackups }}
-  audit-log-maxsize: {{ audit_log_maxsize }}
+  audit-log-maxage: "{{ audit_log_maxage }}"
+  audit-log-maxbackup: "{{ audit_log_maxbackups }}"
+  audit-log-maxsize: "{{ audit_log_maxsize }}"
  audit-policy-file: {{ audit_policy_file }}
 {% endif %}
 {% for key in kube_kubeadm_apiserver_extra_args %}
@@ -107,7 +107,7 @@ apiServerExtraVolumes:
 - name: {{ audit_log_name }}
  hostPath: {{ audit_log_hostpath }}
  mountPath: {{ audit_log_mountpath }}
-  Writable: true
+  writable: true
 {% endif %}
 {% endif %}
 {% if kube_feature_gates %}
@@ -135,7 +135,3 @@ nodeRegistration:
  taints:
  - effect: NoSchedule
    key: node-role.kubernetes.io/master
-{% if kubernetes_audit %}
-featureGates:
-  Auditing: true
-{% endif %}