## Developing an audit-webhook
Advanced Auditing needs a policy file passed to [--audit-policy-file](https://kubernetes.io/docs/reference/generated/kube-apiserver/) to apiserver.
Enabling a webhook also requires configuration file via [--audit-webhook-config-file](https://kubernetes.io/docs/reference/generated/kube-apiserver/)
### Configuring minikube apiserver cmd line parameters
[--extra-config=apiserver.*](https://github.com/kubernetes/minikube/blob/master/docs/configuring_kubernetes.md#kubeadm-bootstrapper) allows us to add cmd line args.
Getting our config files inside the apiserver container is a bit trickier.
[--mount-string](https://github.com/kubernetes/minikube/blob/v0.26.0/cmd/minikube/cmd/start.go#L69) allows us to mount host directors into our minikube VM.
However we still need to patch the manifests, to map /tmp/files into our container.
#### Start minikube
```shell
minikube start --v=4 --mount --mount-string=$PWD:/tmp/files \
--feature-gates=AdvancedAuditing=true \
--extra-config=apiserver.audit-log-path=/tmp/files/audit.log
```
#### Apply Patch to /etc/kubernetes/kube-apiserver.yaml
```shell
ssh -i $(minikube ssh-key) docker@$(minikube ip) sudo /tmp/files/apiserver-config.patch.sh
```
#### Replacing /etc/kubernetes/kube-apiserver.yaml should restart apiserver
The restarted apiserver container will now log to the folder where minikube was started.