OK, stupid question number 2: Im trying to setup a custom audit logfile. i am mounting the volume from the host ok, and I can set the

audit-log-max{age,backup,size}

values in the rke2/config.yaml file, however if i set the

audit-log-path

argument then the kube-apiserver fails to start, in fact containerd doesnt seem to know about it at all. Im running

v1.25.9+rke2r1

which i believe has a recent fix for this in place. When i jump into the container prior to setting the audit-log-path I can see the extra-mount as available, and can create files in that directory. Any hints into debugging this further would be greatly appreciated. The rke2-server logs indicate that it was passed through correctly.

That recent fix didn’t entirely fix it, see https://github.com/rancher/rke2/pull/4139. The more complete fix will be in the next release. tl;dr the audit log file needs to be called audit.log, regardless of where you put it.

It was:

kube-apiserver
--advertise-port=6443
--allow-privileged=true
--anonymous-auth=false
--api-audiences=<https://kubernetes.default.svc.cluster.local>,rke2
--audit-log-maxage=30
--audit-log-maxbackup=3
--audit-log-maxsize=200
--audit-log-path=/data/kubernetes/audit/audit.log

That's not valid yaml...

The why is because I am trying to transpose values from an rke config into rke2 config.. adding indenting didnt make the magic happen, as i said, i can wait until the next release and review it then

what you’re doing should work fine now, if you get the yaml formatted properly