Create enable-API-auditing2.yaml

aoster-mira · web-flow · commit 77c0c260f15b · 2024-01-26T09:12:53.000-05:00
diff --git a/enable-API-auditing2.yaml b/enable-API-auditing2.yaml
@@ -0,0 +1,40 @@
+- hosts: kube_control_plane
+  become: true
+  become_user: root
+  tasks:
+  - name: Copy audit-pod-policy.yaml to /etc/kubernetes
+    copy:
+      src: /home/ubuntu/audit/audit-pod-policy.yaml
+      dest: /etc/kubernetes/audit-pod-policy.yaml
+      owner: root
+      group: root
+
+  - name: Add audit parameters to kube-apiserver.yaml
+    blockinfile:
+      path: /etc/kubernetes/manifests/kube-apiserver.yaml
+      block: |2
+            - --audit-log-path=-
+            - --audit-policy-file=/etc/kubernetes/audit-policy.yaml
+      marker: "# {mark} Adding audit-log params"
+      insertafter: "- kube-apiserver"
+
+  - name: Add volumeMount parameters to kube-apiserver.yaml
+    blockinfile:
+      path: /etc/kubernetes/manifests/kube-apiserver.yaml
+      block: |2
+            - mountPath: /etc/kubernetes/audit-policy.yaml
+              name: audit-policy
+              readOnly: true
+      marker: "# {mark} Adding mountPath params"
+      insertafter: "volumeMounts:"
+
+  - name: Add volumes parameters to kube-apiserver.yaml
+    blockinfile:
+      path: /etc/kubernetes/manifests/kube-apiserver.yaml
+      block: |2
+          - hostPath:
+              path: /etc/kubernetes/audit-pod-policy.yaml
+              type: File
+            name: audit-policy
+      marker: "# {mark} Adding hostPath params"
+      insertafter: "volumes:"
