From 7366d6f46939ba47a7d6b3333a5bbecd88406774 Mon Sep 17 00:00:00 2001
From: Adrien <adrien@reslinger.net>
Date: Tue, 2 Jun 2020 20:15:04 +0200
Subject: [PATCH] Add audit loging

---
 templates/kubeadm-config.yaml.j2 | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/templates/kubeadm-config.yaml.j2 b/templates/kubeadm-config.yaml.j2
index 690ded3..820c4f8 100644
--- a/templates/kubeadm-config.yaml.j2
+++ b/templates/kubeadm-config.yaml.j2
@@ -74,8 +74,20 @@ controlPlaneEndpoint: "{{ lbip_kubeapiserver }}:6443"
 {% else %}
 controlPlaneEndpoint: "{{ ansible_default_ipv4.address }}:6443"
 {% endif %}
-{% if lb_kubemaster is defined %}
 apiServer:
+  extraArgs:
+    authorization-mode: "Node,RBAC"
+    audit-log-path: "/var/log/apiserver/audit.log"
+    audit-log-maxage: "30"
+    audit-log-maxbackup: "10"
+    audit-log-maxsize: "100"
+  extraVolumes:
+  - name: "audit-log"
+    hostPath: "/var/log/apiserver"
+    mountPath: "/var/log/apiserver"
+    readOnly: false
+    pathType: DirectoryOrCreate
+{% if lb_kubemaster is defined %}
   certSANs:
   - "{{ lb_kubemaster }}"
 {% endif %}