Merge pull request #3144 from riverzhang/fix-audit-log

Fix install audit failed

roles/kubernetes/master/defaults/main.yml

@@ -37,7 +37,7 @@ audit_log_maxsize: 100
 # policy file
 audit_policy_file: "{{ kube_config_dir }}/audit-policy/apiserver-audit-policy.yaml"
 # custom audit policy rules (to replace the default ones)
-# audit_policy_custom_rules: >
+# audit_policy_custom_rules: |
 #   - level: None
 #     users: []
 #     verbs: []

roles/kubernetes/master/templates/apiserver-audit-policy.yaml.j2

@@ -1,7 +1,7 @@
 apiVersion: audit.k8s.io/v1beta1
 kind: Policy
 rules:
-{% if audit_policy_custom_rules is defined and audit_policy_custom_rules != "" -%}
+{% if audit_policy_custom_rules is defined and audit_policy_custom_rules != "" %}
 {{ audit_policy_custom_rules | indent(2, true) }}
 {% else %}
   # The following requests were manually identified as high-volume and low-risk,

roles/kubernetes/master/templates/kubeadm-config.v1alpha2.yaml.j2

@@ -80,9 +80,9 @@ apiServerExtraArgs:
   allow-privileged: "true"
 {% if kubernetes_audit %}
   audit-log-path: {{ audit_log_path }}
-  audit-log-maxage: {{ audit_log_maxage }}
-  audit-log-maxbackup: {{ audit_log_maxbackups }}
-  audit-log-maxsize: {{ audit_log_maxsize }}
+  audit-log-maxage: "{{ audit_log_maxage }}"
+  audit-log-maxbackup: "{{ audit_log_maxbackups }}"
+  audit-log-maxsize: "{{ audit_log_maxsize }}"
   audit-policy-file: {{ audit_policy_file }}
 {% endif %}
 {% for key in kube_kubeadm_apiserver_extra_args %}
@@ -107,7 +107,7 @@ apiServerExtraVolumes:
 - name: {{ audit_log_name }}
   hostPath: {{ audit_log_hostpath }}
   mountPath: {{ audit_log_mountpath }}
-  Writable: true
+  writable: true
 {% endif %}
 {% endif %}
 {% if kube_feature_gates %}
@@ -135,7 +135,3 @@ nodeRegistration:
   taints:
   - effect: NoSchedule
     key: node-role.kubernetes.io/master
-{% if kubernetes_audit %}
-featureGates:
-  Auditing: true
-{% endif %}