Add condition for audit_webhook_mode batch (#7444)

According to the document[1], audit-webhook-batch-max-size and audit-webhook-batch-max-wait are used only in the batch mode. This adds a condition to avoid unnecessary writting on the config. [1]: https://kubernetes.io/docs/tasks/debug-application-cluster/audit/#batching
3 years ago · 5a351b4b00
1 changed files with 2 additions and 0 deletions
--- a/roles/kubernetes/control-plane/templates/kubeadm-config.v1beta2.yaml.j2
+++ b/roles/kubernetes/control-plane/templates/kubeadm-config.v1beta2.yaml.j2
@ -186,9 +186,11 @@ apiServer:
 {% if kubernetes_audit_webhook %}
    audit-webhook-config-file: {{ audit_webhook_config_file }}
    audit-webhook-mode: {{ audit_webhook_mode }}
+{% if audit_webhook_mode == "batch" %}
    audit-webhook-batch-max-size: "{{ audit_webhook_batch_max_size }}"
    audit-webhook-batch-max-wait: "{{ audit_webhook_batch_max_wait }}"
 {% endif %}
+{% endif %}
 {% for key in kube_kubeadm_apiserver_extra_args %}
    {{ key }}: "{{ kube_kubeadm_apiserver_extra_args[key] }}"
 {% endfor %}