From 28839f6b71ff58609a7fb81913e1fee9c3a7bf70 Mon Sep 17 00:00:00 2001
From: orange-llajeanne <71634751+orange-llajeanne@users.noreply.github.com>
Date: Thu, 24 Sep 2020 18:26:06 +0200
Subject: [PATCH] remove duplicate audit-policy-file argument in kubeadm
 configuration (#6734)

---
 .../master/templates/kubeadm-config.v1beta2.yaml.j2          | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/roles/kubernetes/master/templates/kubeadm-config.v1beta2.yaml.j2 b/roles/kubernetes/master/templates/kubeadm-config.v1beta2.yaml.j2
index 335abdae7..88c14ac9c 100644
--- a/roles/kubernetes/master/templates/kubeadm-config.v1beta2.yaml.j2
+++ b/roles/kubernetes/master/templates/kubeadm-config.v1beta2.yaml.j2
@@ -162,16 +162,17 @@ apiServer:
     runtime-config: {{ kube_api_runtime_config | join(',') }}
 {% endif %}
     allow-privileged: "true"
+{% if kubernetes_audit or kubernetes_audit_webhook %}
+    audit-policy-file: {{ audit_policy_file }}
+{% endif %}
 {% if kubernetes_audit %}
     audit-log-path: "{{ audit_log_path }}"
     audit-log-maxage: "{{ audit_log_maxage }}"
     audit-log-maxbackup: "{{ audit_log_maxbackups }}"
     audit-log-maxsize: "{{ audit_log_maxsize }}"
-    audit-policy-file: {{ audit_policy_file }}
 {% endif %}
 {% if kubernetes_audit_webhook %}
     audit-webhook-config-file: {{ audit_webhook_config_file }}
-    audit-policy-file: {{ audit_policy_file }}
     audit-webhook-mode: {{ audit_webhook_mode }}
     audit-webhook-batch-max-size: "{{ audit_webhook_batch_max_size }}"
     audit-webhook-batch-max-wait: "{{ audit_webhook_batch_max_wait }}"