Add documentation for audit webhook variables (#7434)
* Add documentation for audit webhook variables * Enclose the value of audit_webhook_server_url in a codeblock * Add default value for audit_webhook_batch_max_wait
This commit is contained in:
parent
6479e26904
commit
be278f9dba
1 changed files with 8 additions and 0 deletions
|
@ -164,6 +164,14 @@ node_taints:
|
||||||
* `audit_policy_file`: "{{ kube_config_dir }}/audit-policy/apiserver-audit-policy.yaml"
|
* `audit_policy_file`: "{{ kube_config_dir }}/audit-policy/apiserver-audit-policy.yaml"
|
||||||
|
|
||||||
By default, the `audit_policy_file` contains [default rules](https://github.com/kubernetes-sigs/kubespray/blob/master/roles/kubernetes/control-plane/templates/apiserver-audit-policy.yaml.j2) that can be overridden with the `audit_policy_custom_rules` variable.
|
By default, the `audit_policy_file` contains [default rules](https://github.com/kubernetes-sigs/kubespray/blob/master/roles/kubernetes/control-plane/templates/apiserver-audit-policy.yaml.j2) that can be overridden with the `audit_policy_custom_rules` variable.
|
||||||
|
* *kubernetes_audit_webhook* - When set to `true`, enables the webhook audit backend.
|
||||||
|
The webhook parameters can be tuned via the following variables (which default values are shown below):
|
||||||
|
* `audit_webhook_config_file`: "{{ kube_config_dir }}/audit-policy/apiserver-audit-webhook-config.yaml"
|
||||||
|
* `audit_webhook_server_url`: `"https://audit.app"`
|
||||||
|
* `audit_webhook_server_extra_args`: {}
|
||||||
|
* `audit_webhook_mode`: batch
|
||||||
|
* `audit_webhook_batch_max_size`: 100
|
||||||
|
* `audit_webhook_batch_max_wait`: 1s
|
||||||
|
|
||||||
### Custom flags for Kube Components
|
### Custom flags for Kube Components
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue