Ability to define custom audit polcy rules

This commit is contained in:
Erwan Miran 2018-08-20 07:04:56 +02:00
parent 855f2a55cb
commit fc38b6d0ca
2 changed files with 10 additions and 0 deletions

View file

@ -36,6 +36,12 @@ audit_log_maxbackups: 1
audit_log_maxsize: 100 audit_log_maxsize: 100
# policy file # policy file
audit_policy_file: "{{ kube_config_dir }}/audit-policy/apiserver-audit-policy.yaml" audit_policy_file: "{{ kube_config_dir }}/audit-policy/apiserver-audit-policy.yaml"
# custom audit policy rules (to replace the default ones)
# audit_policy_custom_rules: >
# - level: None
# users: []
# verbs: []
# resources: []
# audit log hostpath # audit log hostpath
audit_log_name: audit-logs audit_log_name: audit-logs

View file

@ -1,6 +1,9 @@
apiVersion: audit.k8s.io/v1beta1 apiVersion: audit.k8s.io/v1beta1
kind: Policy kind: Policy
rules: rules:
{% if audit_policy_custom_rules is defined and audit_policy_custom_rules != "" -%}
{{ audit_policy_custom_rules | indent(2, true) }}
{% else %}
# The following requests were manually identified as high-volume and low-risk, # The following requests were manually identified as high-volume and low-risk,
# so drop them. # so drop them.
- level: None - level: None
@ -123,3 +126,4 @@ rules:
- level: Metadata - level: Metadata
omitStages: omitStages:
- "RequestReceived" - "RequestReceived"
{% endif %}