Closed JAORMX closed 1 year ago
Proposal:
Add the resource AuditConfigs.kubernetes.talos.dev
and can be changes through the machineConfig
.
Resource definition restarts Kube-api if it change.
cluster:
apiServer:
auditConfig:
apiVersion: audit.k8s.io/v1
kind: Policy
rules:
- level: Metadata
This is available in upcoming v1.3.0
Feature Request
Let's have an option to set the Kubernetes API Server audit policy.
Description
Currently, there's a hard-coded audit policy that looks as follows [1]:
While this policy is sufficient in a lot of cases, there are instances were administrators will want to modify it to meet regulatory compliance requirements or to tune this setting for resource usage reasons (e.g. to reduce the amount of space these logs take on disk).
By having this functionality settable by an administrator, Talos will be able to better meet compliance needs of users.
This should probably be done through the
machineConfig
API from Talos.References
[1] https://github.com/talos-systems/talos/blob/master/internal/app/machined/pkg/controllers/k8s/templates.go#L22-L25