rancher/rke
1
0
Fork 0
mirror of https://github.com/rancher/rke.git synced 2025-09-01 06:56:29 +00:00
Code Issues Releases Wiki Activity

change enc provider arg, update defaults for audit log config

Browse Source
This commit is contained in:
Murali Paluru
2019-11-21 13:56:48 -08:00
committed by Alena Prokharchyk
parent 843e14135f
commit b9900f3b9c
2 changed files with 6 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
cluster/defaults.go
View File

@@ -76,7 +76,7 @@ const (
KubeAPIArgAuditLogFormat = "audit-log-format" KubeAPIArgAuditLogFormat = "audit-log-format"
KubeAPIArgAuditPolicyFile = "audit-policy-file" KubeAPIArgAuditPolicyFile = "audit-policy-file"
DefaultKubeAPIArgAuditLogPathValue = "/var/log/kube-audit/audit-log.json" DefaultKubeAPIArgAuditLogPathValue = "/var/log/kube-audit/audit-log.json"
DefaultKubeAPIArgAuditPolicyFileValue = "/etc/kubernetes/audit.yaml" DefaultKubeAPIArgAuditPolicyFileValue = "/etc/kubernetes/audit-policy.yaml"
) )
type ExternalFlags struct { type ExternalFlags struct {
@@ -284,8 +284,8 @@ func newDefaultAuditPolicy() *auditv1.Policy {
func newDefaultAuditLogConfig() *v3.AuditLogConfig { func newDefaultAuditLogConfig() *v3.AuditLogConfig {
p := newDefaultAuditPolicy() p := newDefaultAuditPolicy()
c := &v3.AuditLogConfig{ c := &v3.AuditLogConfig{
MaxAge: 5, MaxAge: 30,
MaxBackup: 5, MaxBackup: 10,
MaxSize: 100, MaxSize: 100,
Path: DefaultKubeAPIArgAuditLogPathValue, Path: DefaultKubeAPIArgAuditLogPathValue,
Format: "json", Format: "json",

4
cluster/plan.go
View File

@@ -50,6 +50,8 @@ const (
// MaxEtcdOldEnvVersion The versions are maxed out for minor versions because -rancher1 suffix will cause semver to think its older, example: v1.15.0 > v1.15.0-rancher1 // MaxEtcdOldEnvVersion The versions are maxed out for minor versions because -rancher1 suffix will cause semver to think its older, example: v1.15.0 > v1.15.0-rancher1
MaxEtcdOldEnvVersion = "v3.2.99" MaxEtcdOldEnvVersion = "v3.2.99"
MaxK8s115Version = "v1.15" MaxK8s115Version = "v1.15"
EncryptionProviderConfigArgument = "encryption-provider-config"
) )
var admissionControlOptionNames = []string{"enable-admission-plugins", "admission-control"} var admissionControlOptionNames = []string{"enable-admission-plugins", "admission-control"}
@@ -219,7 +221,7 @@ func (c *Cluster) BuildKubeAPIProcess(host *hosts.Host, prefixPath string, svcOp
fmt.Sprintf("%s=%s", CloudConfigSumEnv, getCloudConfigChecksum(c.CloudConfigFile))) fmt.Sprintf("%s=%s", CloudConfigSumEnv, getCloudConfigChecksum(c.CloudConfigFile)))
} }
if c.EncryptionConfig.EncryptionProviderFile != "" { if c.EncryptionConfig.EncryptionProviderFile != "" {
CommandArgs["experimental-encryption-provider-config"] = EncryptionProviderFilePath CommandArgs[EncryptionProviderConfigArgument] = EncryptionProviderFilePath
} }
if c.IsKubeletGenerateServingCertificateEnabled() { if c.IsKubeletGenerateServingCertificateEnabled() {