Edit the audit policy in kubernetes 1.15 cluster

Asked Jul 16 '20 at 20:39

Active Jul 16 '20 at 20:39

Viewed 120 times

Using kubespray 2.11 to install K8s 1.15.7, it works fine if I set the audit related flags at the time of install (ie cluster.yml). But on an already running cluster, if I change the pod manifest to add audit flags(ie policy file, log path), it doesn't enable auditing giving the below error.

E0716 19:02:16.712745       1 genericapiserver.go:270] Failed to add pre-shutdown hook for audit-backend unable to add "audit-backend" because it is already registered

Also,editing roles/kubernetes/master/defaults/main/main.yml to enable audit and run upgrade-cluster.yml fails.

Can auditing be enabled only during cluster install for the first time?

asked Jul 16 '20 at 20:39

swetad90

I don't know about kubespray specificsm but take a look at [this](https://medium.com/faun/kubernetes-on-premise-cluster-auditing-eb8ff848fec4) post, it might be the same for kubespray. – Mark Watney Jul 17 '20 at 07:56
I don't think this is kubespray related, it's more of kube-apiserver not taking any edits for audit in its reload – swetad90 Jul 22 '20 at 20:19

Edit the audit policy in kubernetes 1.15 cluster

0 Answers0