Skip to content
Snippets Groups Projects
Commit 5a435265 authored by rongzhang's avatar rongzhang
Browse files

Fix install audit failed 

1.fix audit log not write
2.fix Parameter not recognized
3.delete kubedm futuregates auditing and use apiServerExtraArgs
parent 08353f29
No related branches found
No related tags found
No related merge requests found
Show whitespace changes
Inline Side-by-side
roles/kubernetes/master/defaults/main.yml
+ 1
1
View file @ 5a435265
...@@ -37,7 +37,7 @@ audit_log_maxsize: 100 ...@@ -37,7 +37,7 @@ audit_log_maxsize: 100
# policy file # policy file
audit_policy_file: "{{ kube_config_dir }}/audit-policy/apiserver-audit-policy.yaml" audit_policy_file: "{{ kube_config_dir }}/audit-policy/apiserver-audit-policy.yaml"
# custom audit policy rules (to replace the default ones) # custom audit policy rules (to replace the default ones)
# audit_policy_custom_rules: > # audit_policy_custom_rules: |
# - level: None # - level: None
# users: [] # users: []
# verbs: [] # verbs: []
......
roles/kubernetes/master/templates/apiserver-audit-policy.yaml.j2
+ 1
1
View file @ 5a435265
apiVersion: audit.k8s.io/v1beta1 apiVersion: audit.k8s.io/v1beta1
kind: Policy kind: Policy
rules: rules:
{% if audit_policy_custom_rules is defined and audit_policy_custom_rules != "" -%} {% if audit_policy_custom_rules is defined and audit_policy_custom_rules != "" %}
{{ audit_policy_custom_rules | indent(2, true) }} {{ audit_policy_custom_rules | indent(2, true) }}
{% else %} {% else %}
# The following requests were manually identified as high-volume and low-risk, # The following requests were manually identified as high-volume and low-risk,
......
roles/kubernetes/master/templates/kubeadm-config.v1alpha2.yaml.j2
+ 4
8
View file @ 5a435265
...@@ -80,9 +80,9 @@ apiServerExtraArgs: ...@@ -80,9 +80,9 @@ apiServerExtraArgs:
allow-privileged: "true" allow-privileged: "true"
{% if kubernetes_audit %} {% if kubernetes_audit %}
audit-log-path: {{ audit_log_path }} audit-log-path: {{ audit_log_path }}
audit-log-maxage: {{ audit_log_maxage }} audit-log-maxage: "{{ audit_log_maxage }}"
audit-log-maxbackup: {{ audit_log_maxbackups }} audit-log-maxbackup: "{{ audit_log_maxbackups }}"
audit-log-maxsize: {{ audit_log_maxsize }} audit-log-maxsize: "{{ audit_log_maxsize }}"
audit-policy-file: {{ audit_policy_file }} audit-policy-file: {{ audit_policy_file }}
{% endif %} {% endif %}
{% for key in kube_kubeadm_apiserver_extra_args %} {% for key in kube_kubeadm_apiserver_extra_args %}
...@@ -107,7 +107,7 @@ apiServerExtraVolumes: ...@@ -107,7 +107,7 @@ apiServerExtraVolumes:
- name: {{ audit_log_name }} - name: {{ audit_log_name }}
hostPath: {{ audit_log_hostpath }} hostPath: {{ audit_log_hostpath }}
mountPath: {{ audit_log_mountpath }} mountPath: {{ audit_log_mountpath }}
Writable: true writable: true
{% endif %} {% endif %}
{% endif %} {% endif %}
{% if kube_feature_gates %} {% if kube_feature_gates %}
...@@ -135,7 +135,3 @@ nodeRegistration: ...@@ -135,7 +135,3 @@ nodeRegistration:
taints: taints:
- effect: NoSchedule - effect: NoSchedule
key: node-role.kubernetes.io/master key: node-role.kubernetes.io/master
{% if kubernetes_audit %}
featureGates:
Auditing: true
{% endif %}
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment