Ability to define custom audit polcy rules
This commit is contained in:
parent
855f2a55cb
commit
fc38b6d0ca
2 changed files with 10 additions and 0 deletions
|
@ -36,6 +36,12 @@ audit_log_maxbackups: 1
|
||||||
audit_log_maxsize: 100
|
audit_log_maxsize: 100
|
||||||
# policy file
|
# policy file
|
||||||
audit_policy_file: "{{ kube_config_dir }}/audit-policy/apiserver-audit-policy.yaml"
|
audit_policy_file: "{{ kube_config_dir }}/audit-policy/apiserver-audit-policy.yaml"
|
||||||
|
# custom audit policy rules (to replace the default ones)
|
||||||
|
# audit_policy_custom_rules: >
|
||||||
|
# - level: None
|
||||||
|
# users: []
|
||||||
|
# verbs: []
|
||||||
|
# resources: []
|
||||||
|
|
||||||
# audit log hostpath
|
# audit log hostpath
|
||||||
audit_log_name: audit-logs
|
audit_log_name: audit-logs
|
||||||
|
|
|
@ -1,6 +1,9 @@
|
||||||
apiVersion: audit.k8s.io/v1beta1
|
apiVersion: audit.k8s.io/v1beta1
|
||||||
kind: Policy
|
kind: Policy
|
||||||
rules:
|
rules:
|
||||||
|
{% if audit_policy_custom_rules is defined and audit_policy_custom_rules != "" -%}
|
||||||
|
{{ audit_policy_custom_rules | indent(2, true) }}
|
||||||
|
{% else %}
|
||||||
# The following requests were manually identified as high-volume and low-risk,
|
# The following requests were manually identified as high-volume and low-risk,
|
||||||
# so drop them.
|
# so drop them.
|
||||||
- level: None
|
- level: None
|
||||||
|
@ -123,3 +126,4 @@ rules:
|
||||||
- level: Metadata
|
- level: Metadata
|
||||||
omitStages:
|
omitStages:
|
||||||
- "RequestReceived"
|
- "RequestReceived"
|
||||||
|
{% endif %}
|
||||||
|
|
Loading…
Reference in a new issue