Add audit loging

templates/kubeadm-config.yaml.j2

@@ -74,8 +74,20 @@ controlPlaneEndpoint: "{{ lbip_kubeapiserver }}:6443"
 {% else %}
 controlPlaneEndpoint: "{{ ansible_default_ipv4.address }}:6443"
 {% endif %}
-{% if lb_kubemaster is defined %}
 apiServer:
+  extraArgs:
+    authorization-mode: "Node,RBAC"
+    audit-log-path: "/var/log/apiserver/audit.log"
+    audit-log-maxage: "30"
+    audit-log-maxbackup: "10"
+    audit-log-maxsize: "100"
+  extraVolumes:
+  - name: "audit-log"
+    hostPath: "/var/log/apiserver"
+    mountPath: "/var/log/apiserver"
+    readOnly: false
+    pathType: DirectoryOrCreate
+{% if lb_kubemaster is defined %}
   certSANs:
   - "{{ lb_kubemaster }}"
 {% endif %}