What is the correct way to enable audit logging on rke2 ? I can't seem to find anything useful in the documentation, besides some github issue stating i should configure something like this:

audit-policy-file: /etc/rancher/rke2/audit.yaml
kube-apiserver-arg:
  - audit-log-path=/var/lib/rancher/rke2/server/logs/audit.log
  - audit-log-format=json
  - audit-log-maxage=5
  - audit-log-maxbackup=5
  - audit-log-maxsize=100
kube-apiserver-extra-mount: /var/lib/rancher/rke2/server/logs:/var/lib/rancher/rke2/server/logs

You can enable one of the hardened profiles and configure the audit policy as described at https://docs.rke2.io/security/hardening_guide#api-server-audit-configuration, or if you don't want all the other hardening associated with use of a profile, just pass the apiserver the various auditing flags as described in the upstream docs

Thank you Brandon. I will take a look. Thanks for responding so quickly!