describe truncate feature about advanced audit (#10236)

* describe truncate feature about advanced audit * Update audit.md
2018-09-12 12:19:12 +08:00 · 2018-09-12 12:19:12 +08:00 · 00c0cda728
parent e47cb8da42
commit 00c0cda728
1 changed files with 11 additions and 0 deletions
--- a/content/en/docs/tasks/debug-application-cluster/audit.md
+++ b/content/en/docs/tasks/debug-application-cluster/audit.md
@ -191,6 +191,17 @@ and in the logs to monitor the state of the auditing subsystem.
 - `apiserver_audit_error_total` metric contains the total number of events dropped due to an error
  during exporting.

+### Truncate
+
+Both log and webhook backends support batching. As an example, the following is the list of flags
+available for the log backend:
+
+ - `audit-log-truncate-enabled` whether event and batch truncating is enabled.
+ - `audit-log-truncate-max-batch-size` maximum size in bytes of the batch sent to the underlying backend.
+ - `audit-log-truncate-max-event-size` maximum size in bytes of the audit event sent to the underlying backend.
+
+By default truncate is disabled in both `webhook` and `log`, a cluster administrator should set `audit-log-truncate-enabled` or `audit-webhook-truncate-enabled` to enable the feature.
+
 ## Multi-cluster setup

 If you're extending the Kubernetes API with the [aggregation layer][kube-aggregator], you can also