Merge pull request #81 from banzaicloud/auditlog

Enable audit log by default
banzaicloud · Jan 9, 2020 · 2ca12f5 · 2ca12f5
2 parents acd1a0c + 9643185
commit 2ca12f5
Show file tree

Hide file tree

Showing 8 changed files with 12 additions and 12 deletions.
diff --git a/cmd/pke/app/constants/constants.go b/cmd/pke/app/constants/constants.go
@@ -116,7 +116,7 @@ const (
 	FlagAdmissionPluginPodSecurityPolicy = "with-plugin-psp"
 
 	// FlagAuditLog enable audit log.
-	FlagAuditLog = "with-audit-log"
+	FlagAuditLog = "without-audit-log"
 
 	// Azure specific flags
 	// FlagAzureTenantID the AAD Tenant ID for the Subscription that the cluster is deployed in.

diff --git a/cmd/pke/app/phases/kubeadm/controlplane/controlplane.go b/cmd/pke/app/phases/kubeadm/controlplane/controlplane.go
@@ -102,7 +102,7 @@ type ControlPlane struct {
 	oidcClientID                     string
 	imageRepository                  string
 	withPluginPSP                    bool
-	withAuditLog                     bool
+	withoutAuditLog                  bool
 	node                             *node.Node
 	azureTenantID                    string
 	azureSubnetName                  string
@@ -189,7 +189,7 @@ func (c *ControlPlane) RegisterFlags(flags *pflag.FlagSet) {
 	// PodSecurityPolicy admission plugin
 	flags.Bool(constants.FlagAdmissionPluginPodSecurityPolicy, false, "Enable PodSecurityPolicy admission plugin")
 	// AuditLog enable
-	flags.Bool(constants.FlagAuditLog, false, "Enable apiserver audit log")
+	flags.Bool(constants.FlagAuditLog, false, "Disable apiserver audit log")
 	// Azure cloud
 	flags.String(constants.FlagAzureTenantID, "", "The AAD Tenant ID for the Subscription that the cluster is deployed in")
 	flags.String(constants.FlagAzureSubnetName, "", "The name of the subnet that the cluster is deployed in")
@@ -442,7 +442,7 @@ func (c *ControlPlane) Run(out io.Writer) error {
 				return err
 			}
 			// install additional master node
-			if err := writeMasterConfig(out, c.withAuditLog, c.kubernetesVersion, c.encryptionSecret); err != nil {
+			if err := writeMasterConfig(out, !c.withoutAuditLog, c.kubernetesVersion, c.encryptionSecret); err != nil {
 				return err
 			}
 			_, _ = fmt.Fprintf(out, "[%s] installing additional master node\n", c.Use())
@@ -609,7 +609,7 @@ func (c *ControlPlane) masterBootstrapParameters(cmd *cobra.Command) (err error)
 	if err != nil {
 		return
 	}
-	c.withAuditLog, err = cmd.Flags().GetBool(constants.FlagAuditLog)
+	c.withoutAuditLog, err = cmd.Flags().GetBool(constants.FlagAuditLog)
 	if err != nil {
 		return
 	}
@@ -793,7 +793,7 @@ func (c *ControlPlane) installMaster(out io.Writer) error {
 	}
 
 	// write master config
-	if err := writeMasterConfig(out, c.withAuditLog, c.kubernetesVersion, c.encryptionSecret); err != nil {
+	if err := writeMasterConfig(out, !c.withoutAuditLog, c.kubernetesVersion, c.encryptionSecret); err != nil {
 		return err
 	}
 

diff --git a/cmd/pke/app/phases/kubeadm/controlplane/controlplane_test.go b/cmd/pke/app/phases/kubeadm/controlplane/controlplane_test.go
@@ -44,7 +44,7 @@ func TestWriteKubeadmConfig(t *testing.T) {
 		apiServerCertSANs:           []string{"almafa", "vadkorte"},
 		withPluginPSP:               true,
 		taints:                      []string{"node-role.kubernetes.io/master:NoSchedule"},
-		withAuditLog:                true,
+		withoutAuditLog:             false,
 	}
 
 	err := c.WriteKubeadmConfig(os.Stdout, filename)

diff --git a/cmd/pke/app/phases/kubeadm/controlplane/kubeadm.go b/cmd/pke/app/phases/kubeadm/controlplane/kubeadm.go
@@ -168,7 +168,7 @@ func (c ControlPlane) WriteKubeadmConfig(out io.Writer, filename string) error {
 		ImageRepository:             c.imageRepository,
 		EncryptionProviderPrefix:    encryptionProviderPrefix,
 		WithPluginPSP:               c.withPluginPSP,
-		WithAuditLog:                c.withAuditLog,
+		WithAuditLog:                !c.withoutAuditLog,
 		Taints:                      taints,
 		AuditLogDir:                 auditLogDir,
 		AuditPolicyFile:             auditPolicyFile,

diff --git a/cmd/pke/docs/pke_install_master.md b/cmd/pke/docs/pke_install_master.md
@@ -69,8 +69,8 @@ pke install master [flags]
       --vsphere-resourcepool string                       The path of the resource pool to create temporary VMs in during volume creation (for example "Cluster/Pool")
       --vsphere-server string                             The hostname or IP of vCenter to use
       --vsphere-username string                           The name of vCenter SSO user to use for deploying persistent volumes (Should be avoided in favor of a K8S secret)
-      --with-audit-log                                    Enable apiserver audit log
       --with-plugin-psp                                   Enable PodSecurityPolicy admission plugin
+      --without-audit-log                                 Disable apiserver audit log
 ```
 
 ### SEE ALSO

diff --git a/cmd/pke/docs/pke_install_master_kubernetes-controlplane.md b/cmd/pke/docs/pke_install_master_kubernetes-controlplane.md
@@ -69,8 +69,8 @@ pke install master kubernetes-controlplane [flags]
       --vsphere-resourcepool string                       The path of the resource pool to create temporary VMs in during volume creation (for example "Cluster/Pool")
       --vsphere-server string                             The hostname or IP of vCenter to use
       --vsphere-username string                           The name of vCenter SSO user to use for deploying persistent volumes (Should be avoided in favor of a K8S secret)
-      --with-audit-log                                    Enable apiserver audit log
       --with-plugin-psp                                   Enable PodSecurityPolicy admission plugin
+      --without-audit-log                                 Disable apiserver audit log
 ```
 
 ### SEE ALSO

diff --git a/cmd/pke/docs/pke_install_single.md b/cmd/pke/docs/pke_install_single.md
@@ -69,8 +69,8 @@ pke install single [flags]
       --vsphere-resourcepool string                       The path of the resource pool to create temporary VMs in during volume creation (for example "Cluster/Pool")
       --vsphere-server string                             The hostname or IP of vCenter to use
       --vsphere-username string                           The name of vCenter SSO user to use for deploying persistent volumes (Should be avoided in favor of a K8S secret)
-      --with-audit-log                                    Enable apiserver audit log
       --with-plugin-psp                                   Enable PodSecurityPolicy admission plugin
+      --without-audit-log                                 Disable apiserver audit log
 ```
 
 ### SEE ALSO

diff --git a/cmd/pke/docs/pke_install_single_kubernetes-controlplane.md b/cmd/pke/docs/pke_install_single_kubernetes-controlplane.md
@@ -69,8 +69,8 @@ pke install single kubernetes-controlplane [flags]
       --vsphere-resourcepool string                       The path of the resource pool to create temporary VMs in during volume creation (for example "Cluster/Pool")
       --vsphere-server string                             The hostname or IP of vCenter to use
       --vsphere-username string                           The name of vCenter SSO user to use for deploying persistent volumes (Should be avoided in favor of a K8S secret)
-      --with-audit-log                                    Enable apiserver audit log
       --with-plugin-psp                                   Enable PodSecurityPolicy admission plugin
+      --without-audit-log                                 Disable apiserver audit log
 ```
 
 ### SEE ALSO