How do I set audit related flags on kubeapi-server when using kubeadm?

Question

I'm trying to enable 'auditing'. https://kubernetes.io/docs/tasks/debug-application-cluster/audit/ mentions:

You can pass a file with the policy to kube-apiserver using the --audit-policy-file flag. If the flag is omitted, no events are logged.

I've used kubeadm to configure the cluster (running in 3 VMs in total).

However where is this set when using kubeadm ? I don't see where it interacts with kube-apiserver.

Answer 1

apiVersion: kubeadm.k8s.io/v1alpha2
api:
  advertiseAddress: 192.168.0.33
  bindPort: 6443
networking:
  podSubnet: "10.244.0.0/16"
featureGates:
  Auditing: true
auditPolicy:
  logDir: "/var/log/kubernetes/"
  logMaxAge: 20
  path: "/etc/kubernetes/audit.yaml"

And

cat /etc/kubernetes/audit.yaml 

:

# Log all requests at the Metadata level.
apiVersion: audit.k8s.io/v1beta1
kind: Policy
rules:
- level: Metadata

Found the answer here: https://evalle.xyz/posts/how-to-enable-kubernetes-auditing-with-kubeadm/.