https://rancher.com/ logo
Join Slack
Powered by
This message was deleted.
# general
a
This message was deleted.
a
I meant the config.yaml of course
c
what specific changes are you making? You’re making the changes on all servers, and restarting the service after changing the config?
and what makes you suspect that the changes aren’t taking effect?
a
Hi, I'm especially trying to add an extra-mount option and changing the encryptionConfiguration. I can see that the encryptionConfig (json), which I assume is the one that is actually running while the rke2 config is the one updating it, in the /var/lib folder isn't changing and neither is the encryption option overall. I currently strongly suspect some SELinux things going wrong on my end which I will investigate
Sorry I was in the middle of something else So I assume that the RKE2 configs are propagated to other configs that K8 then uses those. I assume that I want to change this one /var/lib/rancher/rke2/server/cred/encryption-config.json By setting a new config in 
/etc/rancher/rke2/config.yaml
Copy code
kube-apiserver-arg:
  - "--encryption-provider-config=/var/lib/rancher/rke2/server/
c
you’d want to pass a path to a json file, not a directory, but yeah that’s the idea
a
yeah I censored the file, hm, I will have to fight my SELinux I think...
But it just won't give me any error messages. The RKE2 server restarts and everything is happy but I can see it starting kube-api-server with the old values instead of using the
Copy code
kube-apiserver-arg:
  - "--encryption-provider-config=/var/lib/rancher/rke2/server/cred/ec2.yml"
systemctl restart rke2-server
Thanks for rubber ducking, it was a typo in my rke2.yaml file which made RKE2 ignore the file without saying anything. When I fixed (or guessed) the issue it started trying to load the config and was then blocked by my SELinux with error messages so now I made it work, at least I am at new errors which are related to my cred file
19 Views
Open in Slack
PreviousNext
Powered by