C12s/c12s-kubespray
3
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Fix install audit failed

Browse source 
1.fix audit log not write
2.fix Parameter not recognized
3.delete kubedm futuregates auditing and use apiServerExtraArgs
This commit is contained in:
rongzhang 2018-08-21 15:04:04 +08:00
parent 08353f291b
commit 5a4352657d
3 changed files with 6 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
roles/kubernetes/master/defaults/main.yml
View file

@ -37,7 +37,7 @@ audit_log_maxsize: 100
# policy file # policy file
audit_policy_file: "{{ kube_config_dir }}/audit-policy/apiserver-audit-policy.yaml" audit_policy_file: "{{ kube_config_dir }}/audit-policy/apiserver-audit-policy.yaml"
# custom audit policy rules (to replace the default ones) # custom audit policy rules (to replace the default ones)
# audit_policy_custom_rules: > # audit_policy_custom_rules: |
# - level: None # - level: None
# users: [] # users: []
# verbs: [] # verbs: []

2
roles/kubernetes/master/templates/apiserver-audit-policy.yaml.j2
View file

@ -1,7 +1,7 @@
apiVersion: audit.k8s.io/v1beta1 apiVersion: audit.k8s.io/v1beta1
kind: Policy kind: Policy
rules: rules:
{% if audit_policy_custom_rules is defined and audit_policy_custom_rules != "" -%} {% if audit_policy_custom_rules is defined and audit_policy_custom_rules != "" %}
{{ audit_policy_custom_rules | indent(2, true) }} {{ audit_policy_custom_rules | indent(2, true) }}
{% else %} {% else %}
# The following requests were manually identified as high-volume and low-risk, # The following requests were manually identified as high-volume and low-risk,

12
roles/kubernetes/master/templates/kubeadm-config.v1alpha2.yaml.j2
View file

@ -80,9 +80,9 @@ apiServerExtraArgs:
allow-privileged: "true" allow-privileged: "true"
{% if kubernetes_audit %} {% if kubernetes_audit %}
audit-log-path: {{ audit_log_path }} audit-log-path: {{ audit_log_path }}
audit-log-maxage: {{ audit_log_maxage }} audit-log-maxage: "{{ audit_log_maxage }}"
audit-log-maxbackup: {{ audit_log_maxbackups }} audit-log-maxbackup: "{{ audit_log_maxbackups }}"
audit-log-maxsize: {{ audit_log_maxsize }} audit-log-maxsize: "{{ audit_log_maxsize }}"
audit-policy-file: {{ audit_policy_file }} audit-policy-file: {{ audit_policy_file }}
{% endif %} {% endif %}
{% for key in kube_kubeadm_apiserver_extra_args %} {% for key in kube_kubeadm_apiserver_extra_args %}
@ -107,7 +107,7 @@ apiServerExtraVolumes:
- name: {{ audit_log_name }} - name: {{ audit_log_name }}
hostPath: {{ audit_log_hostpath }} hostPath: {{ audit_log_hostpath }}
mountPath: {{ audit_log_mountpath }} mountPath: {{ audit_log_mountpath }}
Writable: true writable: true
{% endif %} {% endif %}
{% endif %} {% endif %}
{% if kube_feature_gates %} {% if kube_feature_gates %}
@ -135,7 +135,3 @@ nodeRegistration:
taints: taints:
- effect: NoSchedule - effect: NoSchedule
key: node-role.kubernetes.io/master key: node-role.kubernetes.io/master
{% if kubernetes_audit %}
featureGates:
Auditing: true
{% endif %}