From 5a4352657d78e1c67aeb4e14b679a4e5b72a37ba Mon Sep 17 00:00:00 2001
From: rongzhang <rongzhang@alauda.io>
Date: Tue, 21 Aug 2018 15:04:04 +0800
Subject: [PATCH] Fix install audit failed

1.fix audit log not write
2.fix Parameter not recognized
3.delete kubedm futuregates auditing and use apiServerExtraArgs
---
 roles/kubernetes/master/defaults/main.yml            |  2 +-
 .../master/templates/apiserver-audit-policy.yaml.j2  |  2 +-
 .../master/templates/kubeadm-config.v1alpha2.yaml.j2 | 12 ++++--------
 3 files changed, 6 insertions(+), 10 deletions(-)

diff --git a/roles/kubernetes/master/defaults/main.yml b/roles/kubernetes/master/defaults/main.yml
index bcf780d7e..eeb12b601 100644
--- a/roles/kubernetes/master/defaults/main.yml
+++ b/roles/kubernetes/master/defaults/main.yml
@@ -37,7 +37,7 @@ audit_log_maxsize: 100
 # policy file
 audit_policy_file: "{{ kube_config_dir }}/audit-policy/apiserver-audit-policy.yaml"
 # custom audit policy rules (to replace the default ones)
-# audit_policy_custom_rules: >
+# audit_policy_custom_rules: |
 #   - level: None
 #     users: []
 #     verbs: []
diff --git a/roles/kubernetes/master/templates/apiserver-audit-policy.yaml.j2 b/roles/kubernetes/master/templates/apiserver-audit-policy.yaml.j2
index 6f304a0da..861ffda71 100644
--- a/roles/kubernetes/master/templates/apiserver-audit-policy.yaml.j2
+++ b/roles/kubernetes/master/templates/apiserver-audit-policy.yaml.j2
@@ -1,7 +1,7 @@
 apiVersion: audit.k8s.io/v1beta1
 kind: Policy
 rules:
-{% if audit_policy_custom_rules is defined and audit_policy_custom_rules != "" -%}
+{% if audit_policy_custom_rules is defined and audit_policy_custom_rules != "" %}
 {{ audit_policy_custom_rules | indent(2, true) }}
 {% else %}
   # The following requests were manually identified as high-volume and low-risk,
diff --git a/roles/kubernetes/master/templates/kubeadm-config.v1alpha2.yaml.j2 b/roles/kubernetes/master/templates/kubeadm-config.v1alpha2.yaml.j2
index 7a629cb30..68c67db59 100644
--- a/roles/kubernetes/master/templates/kubeadm-config.v1alpha2.yaml.j2
+++ b/roles/kubernetes/master/templates/kubeadm-config.v1alpha2.yaml.j2
@@ -80,9 +80,9 @@ apiServerExtraArgs:
   allow-privileged: "true"
 {% if kubernetes_audit %}
   audit-log-path: {{ audit_log_path }}
-  audit-log-maxage: {{ audit_log_maxage }}
-  audit-log-maxbackup: {{ audit_log_maxbackups }}
-  audit-log-maxsize: {{ audit_log_maxsize }}
+  audit-log-maxage: "{{ audit_log_maxage }}"
+  audit-log-maxbackup: "{{ audit_log_maxbackups }}"
+  audit-log-maxsize: "{{ audit_log_maxsize }}"
   audit-policy-file: {{ audit_policy_file }}
 {% endif %}
 {% for key in kube_kubeadm_apiserver_extra_args %}
@@ -107,7 +107,7 @@ apiServerExtraVolumes:
 - name: {{ audit_log_name }}
   hostPath: {{ audit_log_hostpath }}
   mountPath: {{ audit_log_mountpath }}
-  Writable: true
+  writable: true
 {% endif %}
 {% endif %}
 {% if kube_feature_gates %}
@@ -135,7 +135,3 @@ nodeRegistration:
   taints:
   - effect: NoSchedule
     key: node-role.kubernetes.io/master
-{% if kubernetes_audit %}
-featureGates:
-  Auditing: true
-{% endif %}
-- 
GitLab