Fix install audit failed

1.fix audit log not write
2.fix Parameter not recognized
3.delete kubedm futuregates auditing and use apiServerExtraArgs
This commit is contained in:
rongzhang 2018-08-21 15:04:04 +08:00
parent 08353f291b
commit 5a4352657d
3 changed files with 6 additions and 10 deletions

View file

@ -37,7 +37,7 @@ audit_log_maxsize: 100
# policy file
audit_policy_file: "{{ kube_config_dir }}/audit-policy/apiserver-audit-policy.yaml"
# custom audit policy rules (to replace the default ones)
# audit_policy_custom_rules: >
# audit_policy_custom_rules: |
# - level: None
# users: []
# verbs: []

View file

@ -1,7 +1,7 @@
apiVersion: audit.k8s.io/v1beta1
kind: Policy
rules:
{% if audit_policy_custom_rules is defined and audit_policy_custom_rules != "" -%}
{% if audit_policy_custom_rules is defined and audit_policy_custom_rules != "" %}
{{ audit_policy_custom_rules | indent(2, true) }}
{% else %}
# The following requests were manually identified as high-volume and low-risk,

View file

@ -80,9 +80,9 @@ apiServerExtraArgs:
allow-privileged: "true"
{% if kubernetes_audit %}
audit-log-path: {{ audit_log_path }}
audit-log-maxage: {{ audit_log_maxage }}
audit-log-maxbackup: {{ audit_log_maxbackups }}
audit-log-maxsize: {{ audit_log_maxsize }}
audit-log-maxage: "{{ audit_log_maxage }}"
audit-log-maxbackup: "{{ audit_log_maxbackups }}"
audit-log-maxsize: "{{ audit_log_maxsize }}"
audit-policy-file: {{ audit_policy_file }}
{% endif %}
{% for key in kube_kubeadm_apiserver_extra_args %}
@ -107,7 +107,7 @@ apiServerExtraVolumes:
- name: {{ audit_log_name }}
hostPath: {{ audit_log_hostpath }}
mountPath: {{ audit_log_mountpath }}
Writable: true
writable: true
{% endif %}
{% endif %}
{% if kube_feature_gates %}
@ -135,7 +135,3 @@ nodeRegistration:
taints:
- effect: NoSchedule
key: node-role.kubernetes.io/master
{% if kubernetes_audit %}
featureGates:
Auditing: true
{% endif %}