Set 0700 permissions to the /var/log/audit/kube_apiserver directory.
Fix the number of audit log file countig process. It needed a new task, which asks the size of the audit log disk.
Change-Id: I3be5a5ee0300d817e7faee1ab82587746d3f57f7
Signed-off-by: simicza <szilveszter.simicza@nokia.com>
- "--apiserver-count={{ groups['caas_master']|length|int }}"
- "--audit-policy-file={{ caas.caas_policy_directory }}/audit-policy.yaml"
- "--audit-log-format=json"
- - "--audit-log-maxbackup=10"
- - "--audit-log-maxsize=100"
+ - "--audit-log-maxsize={{ caas.audit_log_file_size }}"
+ - "--audit-log-maxbackup={{ ((audit_disc_size.stdout|int*caas.caas_max_audit_size)/caas.audit_log_file_size)|int }}"
- "--audit-log-path=/var/log/audit/kube_apiserver/kube-apiserver-audit.log"
- "--authorization-mode=Node,RBAC"
- "--bind-address={{ apiserver }}"
owner: "{{ caas.uid.kube }}"
group: "{{ caas.uid.kube }}"
state: directory
+ mode: 0700
become_user: "root"
- name: create directory for audit policy
- "{{ caas.uid.kube }}"
- "{{ users.admin_user_name }}"
become_user: "root"
+
+- name: Ask the audit log disc size
+ shell: df -BM --output=size,target | grep audit | awk '{print $1}' | tr -d 'M'
+ register: audit_disc_size
- name: template apiserver
vars:
%define COMPONENT kubernetes
%define RPM_NAME caas-%{COMPONENT}
%define RPM_MAJOR_VERSION 1.15.2
-%define RPM_MINOR_VERSION 1
+%define RPM_MINOR_VERSION 2
%define IMAGE_TAG %{RPM_MAJOR_VERSION}-%{RPM_MINOR_VERSION}
%define KUBERNETESPAUSE_VERSION 3.1
Code Review / ta / caas-kubernetes.git / commitdiff