- "--apiserver-count={{ groups['caas_master']|length|int }}"
- "--audit-policy-file={{ caas.caas_policy_directory }}/audit-policy.yaml"
- "--audit-log-format=json"
- - "--audit-log-maxsize={{ caas.audit_log_file_size }}"
- - "--audit-log-maxbackup={{ ((audit_disc_size.stdout|int*caas.caas_max_audit_size)/caas.audit_log_file_size)|int }}"
+ - "--audit-log-maxbackup=10"
+ - "--audit-log-maxsize=100"
- "--audit-log-path=/var/log/audit/kube_apiserver/kube-apiserver-audit.log"
- "--authorization-mode=Node,RBAC"
- "--bind-address={{ apiserver }}"
owner: "{{ caas.uid.kube }}"
group: "{{ caas.uid.kube }}"
state: directory
- mode: 0700
become_user: "root"
- name: create directory for audit policy
- "{{ caas.uid.kube }}"
- "{{ users.admin_user_name }}"
become_user: "root"
-
-- name: Ask the audit log disc size
- shell: df -BM --output=size,target | grep audit | awk '{print $1}' | tr -d 'M'
- register: audit_disc_size
- name: template apiserver
vars:
%define COMPONENT kubernetes
%define RPM_NAME caas-%{COMPONENT}
%define RPM_MAJOR_VERSION 1.15.2
-%define RPM_MINOR_VERSION 2
+%define RPM_MINOR_VERSION 1
%define IMAGE_TAG %{RPM_MAJOR_VERSION}-%{RPM_MINOR_VERSION}
%define KUBERNETESPAUSE_VERSION 3.1
Code Review / ta / caas-kubernetes.git / commitdiff