Merge pull request #3132 from mirwan/custom_audit_policy
Custom audit policy
This commit is contained in:
Andreas Krüger
GitHub
commit
69749a5b7b
2 changed files with 10 additions and 0 deletions
|
|
@ -36,6 +36,12 @@ audit_log_maxbackups: 1
|
||||||
audit_log_maxsize: 100
|
audit_log_maxsize: 100
|
||||||
# policy file
|
# policy file
|
||||||
audit_policy_file: "{{ kube_config_dir }}/audit-policy/apiserver-audit-policy.yaml"
|
audit_policy_file: "{{ kube_config_dir }}/audit-policy/apiserver-audit-policy.yaml"
|
||||||
|
# custom audit policy rules (to replace the default ones)
|
||||||
|
# audit_policy_custom_rules: >
|
||||||
|
# - level: None
|
||||||
|
# users: []
|
||||||
|
# verbs: []
|
||||||
|
# resources: []
|
||||||
|
|
||||||
# audit log hostpath
|
# audit log hostpath
|
||||||
audit_log_name: audit-logs
|
audit_log_name: audit-logs
|
||||||
|
|
|
||||||
|
|
@ -1,6 +1,9 @@
|
||||||
apiVersion: audit.k8s.io/v1beta1
|
apiVersion: audit.k8s.io/v1beta1
|
||||||
kind: Policy
|
kind: Policy
|
||||||
rules:
|
rules:
|
||||||
|
{% if audit_policy_custom_rules is defined and audit_policy_custom_rules != "" -%}
|
||||||
|
{{ audit_policy_custom_rules | indent(2, true) }}
|
||||||
|
{% else %}
|
||||||
# The following requests were manually identified as high-volume and low-risk,
|
# The following requests were manually identified as high-volume and low-risk,
|
||||||
# so drop them.
|
# so drop them.
|
||||||
- level: None
|
- level: None
|
||||||
|
|
@ -123,3 +126,4 @@ rules:
|
||||||
- level: Metadata
|
- level: Metadata
|
||||||
omitStages:
|
omitStages:
|
||||||
- "RequestReceived"
|
- "RequestReceived"
|
||||||
|
{% endif %}
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue