github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
f2da9d8cba
kubernetes/hack/verify-flags
History
Kubernetes Submit Queue 4c02f29196 Merge pull request #41211 from enisoc/configure-audit-log 
Automatic merge from submit-queue (batch tested with PRs 40297, 41285, 41211, 41243, 39735)

cluster/gce: Add env var to enable apiserver basic audit log.

For now, this is focused on a fixed set of flags that makes the audit
log show up under /var/log/kube-apiserver-audit.log and behave similarly
to /var/log/kube-apiserver.log. Allowing other customization would
require significantly more complex changes.

Audit log rotation is handled the same as for `kube-apiserver.log`.

**What this PR does / why we need it**:

Add a knob to enable [basic audit logging](https://kubernetes.io/docs/admin/audit/) in GCE.

**Which issue this PR fixes**:

**Special notes for your reviewer**:

We would like to cherrypick/port this to release-1.5 also.

**Release note**:
```release-note
The kube-apiserver [basic audit log](https://kubernetes.io/docs/admin/audit/) can be enabled in GCE by exporting the environment variable `ENABLE_APISERVER_BASIC_AUDIT=true` before running `cluster/kube-up.sh`. This will log to `/var/log/kube-apiserver-audit.log` and use the same `logrotate` settings as `/var/log/kube-apiserver.log`.
```
2017-02-15 03:25:12 -08:00
..
exceptions.txt cluster/gce: Add env var to enable apiserver basic audit log. 2017-02-14 15:18:10 -08:00
excluded-flags.txt Move kubemark, skew, upgrade, leak logic into hack/e2e.go 2016-08-09 14:04:19 -07:00
known-flags.txt Set EnableCRI to true by default 2017-02-14 16:15:51 -08:00