Ability to define custom audit polcy rules
This commit is contained in:
parent
855f2a55cb
commit
fc38b6d0ca
2 changed files with 10 additions and 0 deletions
|
@ -36,6 +36,12 @@ audit_log_maxbackups: 1
|
|||
audit_log_maxsize: 100
|
||||
# policy file
|
||||
audit_policy_file: "{{ kube_config_dir }}/audit-policy/apiserver-audit-policy.yaml"
|
||||
# custom audit policy rules (to replace the default ones)
|
||||
# audit_policy_custom_rules: >
|
||||
# - level: None
|
||||
# users: []
|
||||
# verbs: []
|
||||
# resources: []
|
||||
|
||||
# audit log hostpath
|
||||
audit_log_name: audit-logs
|
||||
|
|
|
@ -1,6 +1,9 @@
|
|||
apiVersion: audit.k8s.io/v1beta1
|
||||
kind: Policy
|
||||
rules:
|
||||
{% if audit_policy_custom_rules is defined and audit_policy_custom_rules != "" -%}
|
||||
{{ audit_policy_custom_rules | indent(2, true) }}
|
||||
{% else %}
|
||||
# The following requests were manually identified as high-volume and low-risk,
|
||||
# so drop them.
|
||||
- level: None
|
||||
|
@ -123,3 +126,4 @@ rules:
|
|||
- level: Metadata
|
||||
omitStages:
|
||||
- "RequestReceived"
|
||||
{% endif %}
|
||||
|
|
Loading…
Reference in a new issue