From 92a052469f35950cfcbdb493f3097599993038b0 Mon Sep 17 00:00:00 2001
From: Silvio Moioli <silvio@moioli.net>
Date: Fri, 27 Oct 2023 14:12:56 +0200
Subject: [PATCH] Add example audit config file

Signed-off-by: Silvio Moioli <silvio@moioli.net>
---
 terraform/modules/k3d_k3s/audit/audit.yaml | 14 ++++++++++++++
 1 file changed, 14 insertions(+)
 create mode 100644 terraform/modules/k3d_k3s/audit/audit.yaml

diff --git a/terraform/modules/k3d_k3s/audit/audit.yaml b/terraform/modules/k3d_k3s/audit/audit.yaml
new file mode 100644
index 0000000..8038f74
--- /dev/null
+++ b/terraform/modules/k3d_k3s/audit/audit.yaml
@@ -0,0 +1,14 @@
+apiVersion: audit.k8s.io/v1
+kind: Policy
+
+# Prevent requests in the RequestReceived stage from generating audit events.
+omitStages:
+  - "RequestReceived"
+
+rules:
+  # Log all resources in core and extensions at the Metadata level.
+  - level: Metadata
+    # Long-running requests like watches that fall under this rule will not
+    # generate an audit event in RequestReceived.
+    omitStages:
+      - "RequestReceived"