From 27241be8ff7b9f0b36d42b3b1fd3b8a09ca80e3b Mon Sep 17 00:00:00 2001
From: Adam Kaplan <adam.kaplan@redhat.com>
Date: Mon, 7 Mar 2022 09:30:48 -0500
Subject: [PATCH] Set Default Audit Log Retention (#616)

If an audit log directory is provided, set the default audit log
retention age to 7 days. When `--audit-log-maxage` is not specified,
kube-apiserver audit logs are retained indefinitely, taking up
signficant space on the host node.
---
 pkg/controllers/kube-apiserver.go | 1 +
 1 file changed, 1 insertion(+)

diff --git a/pkg/controllers/kube-apiserver.go b/pkg/controllers/kube-apiserver.go
index fa61480858f..6fe70a17e13 100644
--- a/pkg/controllers/kube-apiserver.go
+++ b/pkg/controllers/kube-apiserver.go
@@ -118,6 +118,7 @@ func (s *KubeAPIServer) configure(cfg *config.MicroshiftConfig) {
 	if cfg.AuditLogDir != "" {
 		args = append(args,
 			"--audit-log-path="+filepath.Join(cfg.AuditLogDir, "kube-apiserver-audit.log"))
+		args = append(args, "--audit-log-maxage=7")
 	}
 
 	// fake the kube-apiserver cobra command to parse args into serverOptions