mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-07-25 04:33:26 +00:00
Fix basic audit in GCE deploy scripts
Signed-off-by: Mik Vyatskov <vmik@google.com>
This commit is contained in:
parent
208ae55f6d
commit
259260566f
@ -293,6 +293,10 @@ METADATA_CLOBBERS_CONFIG="${METADATA_CLOBBERS_CONFIG:-false}"
|
||||
|
||||
ENABLE_BIG_CLUSTER_SUBNETS="${ENABLE_BIG_CLUSTER_SUBNETS:-false}"
|
||||
|
||||
if [[ "${ENABLE_APISERVER_BASIC_AUDIT:-}" == "true" ]]; then
|
||||
echo "Warning: Basic audit logging is deprecated and will be removed. Please use advanced auditing instead."
|
||||
fi
|
||||
|
||||
if [[ -n "${LOGROTATE_FILES_MAX_COUNT:-}" ]]; then
|
||||
PROVIDER_VARS="${PROVIDER_VARS:-} LOGROTATE_FILES_MAX_COUNT"
|
||||
fi
|
||||
|
@ -345,6 +345,10 @@ if [[ "${ENABLE_APISERVER_ADVANCED_AUDIT}" == "true" ]]; then
|
||||
FEATURE_GATES="${FEATURE_GATES},AdvancedAuditing=true"
|
||||
fi
|
||||
|
||||
if [[ "${ENABLE_APISERVER_BASIC_AUDIT:-}" == "true" ]]; then
|
||||
echo "Warning: Basic audit logging is deprecated and will be removed. Please use advanced auditing instead."
|
||||
fi
|
||||
|
||||
ENABLE_BIG_CLUSTER_SUBNETS="${ENABLE_BIG_CLUSTER_SUBNETS:-false}"
|
||||
|
||||
if [[ -n "${LOGROTATE_FILES_MAX_COUNT:-}" ]]; then
|
||||
|
@ -1365,6 +1365,12 @@ function start-kube-apiserver {
|
||||
# grows at 10MiB/s (~30K QPS), it will rotate after ~6 years if apiserver
|
||||
# never restarts. Please manually restart apiserver before this time.
|
||||
params+=" --audit-log-maxsize=2000000000"
|
||||
# Disable AdvancedAuditing enabled by default
|
||||
if [[ -z "${FEATURE_GATES:-}" ]]; then
|
||||
FEATURE_GATES="AdvancedAuditing=false"
|
||||
else
|
||||
FEATURE_GATES="${FEATURE_GATES},AdvancedAuditing=false"
|
||||
fi
|
||||
elif [[ "${ENABLE_APISERVER_ADVANCED_AUDIT:-}" == "true" ]]; then
|
||||
local -r audit_policy_file="/etc/audit_policy.config"
|
||||
params+=" --audit-policy-file=${audit_policy_file}"
|
||||
|
Loading…
Reference in New Issue
Block a user