External-Mirrors/kubespray
2
0
Fork 0
mirror of https://github.com/kubernetes-sigs/kubespray.git synced 2026-03-02 01:08:54 -03:30
Code Issues Packages Projects Releases Wiki Activity

Support audit

Browse Source
This commit is contained in:
rongzhang
2018-08-15 16:41:13 +08:00
parent a11e1eba9e
commit 2ffc1afe40
9 changed files with 217 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
roles/kubernetes/master/defaults/main.yml
View File

@@ -24,6 +24,29 @@ kube_apiserver_storage_backend: etcd3
# By default, force back to etcd2. Set to true to force etcd3 (experimental!)
force_etcd3: false
# audit support
kubernetes_audit: false
audit_log_path: /var/log/audit/kube-apiserver-audit.log
# num days
audit_log_maxage: 30
# the num of audit logs to retain
audit_log_maxbackups: 1
# the max size in MB to retain
audit_log_maxsize: 100
# policy file
audit_policy_file: "{{ kube_config_dir }}/audit-policy/apiserver-audit-policy.yaml"
# audit log hostpath
audit_log_name: audit-logs
audit_log_hostpath: /var/log/kubernetes/audit
audit_log_mountpath: /var/log/audit
audit_log_writable: true
# audit policy hostpath
audit_policy_name: audit-policy
audit_policy_hostpath: /etc/kubernetes/audit-policy
audit_policy_mountpath: "{{ audit_policy_hostpath }}"
# Limits for kube components
kube_controller_memory_limit: 512M
kube_controller_cpu_limit: 250m