adrien/ansible-role-kubernetes
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Update for falco
Some checks reported errors
continuous-integration/drone/push Build was killed
Details

Browse source
This commit is contained in:
Adrien Reslinger 2021-06-05 10:51:19 +02:00
parent d18ccea770
commit 738896b356
Signed by: adrien
GPG key ID: DA7B27055C66D6DE
3 changed files with 5 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

1
tasks/cluster_kubeadm.yml
View file

@ -136,6 +136,7 @@
mode: 0644
with_items:
- "systemd/system/kubelet.service.d/0-kubelet-extra-args.conf"
- "systemd/system/kubelet.service.d/11-cgroups.conf"
- "sysconfig/kubelet"
when:
- ansible_service_mgr == "systemd"

6
templates/etc/kubernetes/audit-webhook-kubeconfig.j2
View file

@ -1,9 +1,9 @@
apiVersion: v1
kind: Config
clusters:
- cluster:
server: http://<ip_of_falco>:8765/k8s_audit
name: falco
- name: falco
cluster:
server: http://$FALCO_SERVICE_CLUSTERIP:8765/k8s-audit
contexts:
- context:
cluster: falco

2
templates/kubeadm-config.yaml.j2
View file

@ -69,8 +69,8 @@ apiServer:
audit-log-maxsize: "100"
{% if false %}
# Falco
audit-policy-file: "/etc/kubernetes/policies/k8s_audit_rules.yaml"
audit-webhook-config-file: "/etc/kubernetes/policies/audit-webhook-kubeconfig"
audit-webhook-batch-max-wait: "5s"
{% endif %}
extraVolumes:
- name: "audit-log"