From e489e70031f2109183a6ae5a9ae6b50c08c8031e Mon Sep 17 00:00:00 2001
From: orange-llajeanne <71634751+orange-llajeanne@users.noreply.github.com>
Date: Mon, 21 Sep 2020 15:44:32 +0200
Subject: [PATCH] add new variable allowing additionnal audit webhook server
 options (#6726)

---
 roles/kubernetes/master/defaults/main/main.yml                 | 1 +
 .../master/templates/apiserver-audit-webhook-config.yaml.j2    | 3 +++
 2 files changed, 4 insertions(+)

diff --git a/roles/kubernetes/master/defaults/main/main.yml b/roles/kubernetes/master/defaults/main/main.yml
index 0ca43ef36..bf5efa6a1 100644
--- a/roles/kubernetes/master/defaults/main/main.yml
+++ b/roles/kubernetes/master/defaults/main/main.yml
@@ -72,6 +72,7 @@ kubernetes_audit_webhook: false
 # path to audit webhook config file
 audit_webhook_config_file: "{{ kube_config_dir }}/audit-policy/apiserver-audit-webhook-config.yaml"
 audit_webhook_server_url: "https://audit.app"
+audit_webhook_server_extra_args: {}
 audit_webhook_mode: batch
 audit_webhook_batch_max_size: 100
 audit_webhook_batch_max_wait: 1s
diff --git a/roles/kubernetes/master/templates/apiserver-audit-webhook-config.yaml.j2 b/roles/kubernetes/master/templates/apiserver-audit-webhook-config.yaml.j2
index 497c247cc..cd8208e9b 100644
--- a/roles/kubernetes/master/templates/apiserver-audit-webhook-config.yaml.j2
+++ b/roles/kubernetes/master/templates/apiserver-audit-webhook-config.yaml.j2
@@ -3,6 +3,9 @@ kind: Config
 clusters:
 - cluster:
     server: {{ audit_webhook_server_url }}
+{% for key in audit_webhook_server_extra_args %}
+    {{ key }}: "{{ audit_webhook_server_extra_args[key] }}"
+{% endfor %}
   name: auditsink
 contexts:
 - context: