update to handle audit changes

openshift · Jan 9, 2018 · 2dd2187 · 2dd2187
1 parent 866368d
commit 2dd2187
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 1 deletion.
diff --git a/pkg/cmd/server/kubernetes/master/master_config.go b/pkg/cmd/server/kubernetes/master/master_config.go
@@ -46,6 +46,7 @@ import (
 	utilflag "k8s.io/apiserver/pkg/util/flag"
 	auditlog "k8s.io/apiserver/plugin/pkg/audit/log"
 	auditwebhook "k8s.io/apiserver/plugin/pkg/audit/webhook"
+	pluginwebhook "k8s.io/apiserver/plugin/pkg/audit/webhook"
 	kubeclientgoinformers "k8s.io/client-go/informers"
 	openapicommon "k8s.io/kube-openapi/pkg/common"
 	kapiserveroptions "k8s.io/kubernetes/cmd/kube-apiserver/app/options"
@@ -819,7 +820,7 @@ func GetAuditConfig(auditConfig configapi.AuditConfig) (audit.Backend, auditpoli
 
 		// webhook configuration, only when config file was provided
 		if len(auditConfig.WebHookKubeConfig) > 0 {
-			webhook, err := auditwebhook.NewBackend(auditConfig.WebHookKubeConfig, string(auditConfig.WebHookMode), auditv1beta1.SchemeGroupVersion)
+			webhook, err := auditwebhook.NewBackend(auditConfig.WebHookKubeConfig, string(auditConfig.WebHookMode), auditv1beta1.SchemeGroupVersion, pluginwebhook.NewDefaultBatchBackendConfig())
 			if err != nil {
 				glog.Fatalf("Audit webhook initialization failed: %v", err)
 			}

diff --git a/pkg/cmd/server/kubernetes/master/master_config_test.go b/pkg/cmd/server/kubernetes/master/master_config_test.go
@@ -18,6 +18,7 @@ import (
 	apiserveroptions "k8s.io/apiserver/pkg/server/options"
 	"k8s.io/apiserver/pkg/storage/storagebackend"
 	utilconfig "k8s.io/apiserver/pkg/util/flag"
+	pluginwebhook "k8s.io/apiserver/plugin/pkg/audit/webhook"
 	kubeapiserveroptions "k8s.io/kubernetes/cmd/kube-apiserver/app/options"
 	cmapp "k8s.io/kubernetes/cmd/kube-controller-manager/app/options"
 	"k8s.io/kubernetes/pkg/api/legacyscheme"
@@ -125,12 +126,22 @@ func TestAPIServerDefaults(t *testing.T) {
 			EnableHttps: true,
 			HTTPTimeout: time.Duration(5) * time.Second,
 		},
+		// we currently overwrite this entire stanza, but we should be trying to collapse onto the upstream
+		// flag or config mechanism for kube.
 		Audit: &apiserveroptions.AuditOptions{
 			LogOptions: apiserveroptions.AuditLogOptions{
 				Format: "json",
 			},
 			WebhookOptions: apiserveroptions.AuditWebhookOptions{
 				Mode: "batch",
+				BatchConfig: pluginwebhook.BatchBackendConfig{
+					BufferSize:     10000,
+					MaxBatchSize:   400,
+					MaxBatchWait:   time.Duration(30000000000),
+					ThrottleQPS:    10,
+					ThrottleBurst:  15,
+					InitialBackoff: time.Duration(10000000000),
+				},
 			},
 		},
 		Features: &apiserveroptions.FeatureOptions{