Max Gautier
4 months ago
committed by
GitHub
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with
3 additions and
3 deletions
-
roles/kubernetes/control-plane/tasks/kubeadm-setup.yml
|
|
@ -53,21 +53,21 @@ |
|
|
path: "{{ audit_policy_file | dirname }}" |
|
|
path: "{{ audit_policy_file | dirname }}" |
|
|
state: directory |
|
|
state: directory |
|
|
mode: "0640" |
|
|
mode: "0640" |
|
|
when: kubernetes_audit | default(false) or kubernetes_audit_webhook | default(false) |
|
|
|
|
|
|
|
|
when: kubernetes_audit or kubernetes_audit_webhook |
|
|
|
|
|
|
|
|
- name: Write api audit policy yaml |
|
|
- name: Write api audit policy yaml |
|
|
template: |
|
|
template: |
|
|
src: apiserver-audit-policy.yaml.j2 |
|
|
src: apiserver-audit-policy.yaml.j2 |
|
|
dest: "{{ audit_policy_file }}" |
|
|
dest: "{{ audit_policy_file }}" |
|
|
mode: "0640" |
|
|
mode: "0640" |
|
|
when: kubernetes_audit | default(false) or kubernetes_audit_webhook | default(false) |
|
|
|
|
|
|
|
|
when: kubernetes_audit or kubernetes_audit_webhook |
|
|
|
|
|
|
|
|
- name: Write api audit webhook config yaml |
|
|
- name: Write api audit webhook config yaml |
|
|
template: |
|
|
template: |
|
|
src: apiserver-audit-webhook-config.yaml.j2 |
|
|
src: apiserver-audit-webhook-config.yaml.j2 |
|
|
dest: "{{ audit_webhook_config_file }}" |
|
|
dest: "{{ audit_webhook_config_file }}" |
|
|
mode: "0640" |
|
|
mode: "0640" |
|
|
when: kubernetes_audit_webhook | default(false) |
|
|
|
|
|
|
|
|
when: kubernetes_audit_webhook |
|
|
|
|
|
|
|
|
- name: Create apiserver tracing config directory |
|
|
- name: Create apiserver tracing config directory |
|
|
file: |
|
|
file: |
|
|
|
