Set Default Audit Log Retention (#616)

If an audit log directory is provided, set the default audit log retention age to 7 days. When `--audit-log-maxage` is not specified, kube-apiserver audit logs are retained indefinitely, taking up signficant space on the host node.
openshift · Mar 7, 2022 · 27241be · 27241be
1 parent 2c2dd65
commit 27241be
Showing 1 changed file with 1 addition and 0 deletions.
diff --git a/pkg/controllers/kube-apiserver.go b/pkg/controllers/kube-apiserver.go
@@ -118,6 +118,7 @@ func (s *KubeAPIServer) configure(cfg *config.MicroshiftConfig) {
 	if cfg.AuditLogDir != "" {
 		args = append(args,
 			"--audit-log-path="+filepath.Join(cfg.AuditLogDir, "kube-apiserver-audit.log"))
+		args = append(args, "--audit-log-maxage=7")
 	}
 
 	// fake the kube-apiserver cobra command to parse args into serverOptions