Enable kubernetes api logging

roles/k8s_master/files/custom/teckids-apiserver.yaml

+apiVersion: kubeadm.k8s.io/v1beta3
+kind: ClusterConfiguration
+kubernetesVersion: v1.23.5
+apiServer:
+  extraArgs:
+    oidc-issuer-url: "https://ticdesk.teckids.org/oauth"
+    oidc-client-id: "RcO3weOpSnlenZcBaBbXKFoNpElQzxjU0O20T273"
+    oidc-username-claim: "preferred_username"
+    audit-log-path: "/var/log/audit.log"
+    audit-policy-file: "/etc/kubernetes/manifests/custom/teckids-logging.yaml"

roles/k8s_master/files/custom/teckids-logging.yaml

+apiVersion: audit.k8s.io/v1
+kind: Policy
+omitStages:
+  - RequestReceived
+rules:
+  # Log alle Requests für APIs mit deprecated Versionen. Leider kann man hier nicht
+  # auf die API-Version filtern, d.h. im Log werden auch aktuelle API-Versionen auftauchen.
+  - level: Metadata
+    resources:
+      # v1.25
+      - group: batch
+        resources: ["cronjobs"]
+      - group: autoscaling
+        resources: ["horizontalpodautoscalers"]
+      - group: policy
+        resources: ["poddisruptionbudgets", "podsecuritypolicies"]
+      # v1.26
+      - group: autoscaling
+        resources: ["horizontalpodautoscalers"]
+      - group: flowcontrol.apiserver.k8s.io
+        resources: ["flowschemas", "prioritylevelconfigurations"]
+      # v1.27
+      - group: storage.k8s.io
+        resources: ["csistoragecapacities"]