We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
This is a backport issue for #4415, automatically created via rancherbot by @brandond
Original issue description:
Environmental Info: RKE2 Version: v1.25.10+rke2r1, v1.26.5+rke2r1, v1.27.2+rke2r1
Node(s) CPU architecture, OS, and Version: RHEL 7,8,9
Cluster Configuration: 1 node
Describe the bug: If the profile is set in the config.yaml, the audit-log-path is not longer set.
Steps To Reproduce:
~]# echo "profile: cis-1.23" > /etc/rancher/rke2/config.yaml
Expected behavior: The audit-log-path is set per the profile flag.
root 24317 6.0 4.8 1255964 391944 ? Ssl 14:13 2:55 \_ kube-apiserver --admission-control-config-file=/etc/rancher/rke2/rke2-pss.yaml --audit-log-path=/var/lib/rancher/rke2/server/logs/audit.log --audit-policy-file=/etc/rancher/rke2/audi -policy.yaml --audit-log-maxage=30 --audit-log-maxbackup=10 --audit-log-maxsize=100
Actual behavior: The audit-log-path is no longer set
root 181256 20.9 5.8 1255624 464056 ? Ssl 17:18 0:34 \_ kube-apiserver --admission-control-config-file=/etc/rancher/rke2/rke2-pss.yaml --audit-policy-file=/etc/rancher/rke2/audit-policy.yaml --audit-log-maxage=30 --audit-log-maxbackup=10 --audit-log-maxsize=100
Additional context / logs: The other audit arguments are passed. It is just the path that is no longer there.
The text was updated successfully, but these errors were encountered:
-$ rke2 version v1.26.6+dev.b99382e9 (b99382e9c9391d01c44cab3f86a940187326552d)
Infrastructure Cloud EC2 instance
Node(s) CPU architecture, OS, and Version: Ubuntu 22.04
Cluster Configuration: 1 node cluster
Config.yaml:
token: secret write-kubeconfig-mode: 644 profile: cis-1.23 debug: true
1.Install rke2 with commit id 2.Run cis commands 3.Validate if in the kube api server pod has the audit log path
Validation results
Install: $ curl -sfL https://get.rke2.io | sudo INSTALL_RKE2_COMMIT=cc87f300a42060b37fd89f7a034b5485b8a758cc INSTALL_RKE2_TYPE=server sh - $ rke2 -v rke2 version v1.25.11-dev+cc87f300 (cc87f300a42060b37fd89f7a034b5485b8a758cc) $sudo cp -f /usr/local/share/rke2/rke2-cis-sysctl.conf /etc/sysctl.d/60-rke2-cis.conf && \ sudo systemctl restart systemd-sysctl && \ sudo useradd -r -c "etcd user" -s /sbin/nologin -M etcd -U $ kubectl get pod -o yaml -n kube-system kube-apiserver-ip-172-31-19-141 | grep "audit-log-path=/var/lib/rancher/rke2/server/logs/audit.log" - --audit-log-path=/var/lib/rancher/rke2/server/logs/audit.log
Sorry, something went wrong.
brandond
fmoral2
endawkins
No branches or pull requests
This is a backport issue for #4415, automatically created via rancherbot by @brandond
Original issue description:
Environmental Info:
RKE2 Version:
v1.25.10+rke2r1, v1.26.5+rke2r1, v1.27.2+rke2r1
Node(s) CPU architecture, OS, and Version:
RHEL 7,8,9
Cluster Configuration:
1 node
Describe the bug:
If the profile is set in the config.yaml, the audit-log-path is not longer set.
Steps To Reproduce:
~]# echo "profile: cis-1.23" > /etc/rancher/rke2/config.yaml
Expected behavior:
The audit-log-path is set per the profile flag.
root 24317 6.0 4.8 1255964 391944 ? Ssl 14:13 2:55 \_ kube-apiserver --admission-control-config-file=/etc/rancher/rke2/rke2-pss.yaml --audit-log-path=/var/lib/rancher/rke2/server/logs/audit.log --audit-policy-file=/etc/rancher/rke2/audi -policy.yaml --audit-log-maxage=30 --audit-log-maxbackup=10 --audit-log-maxsize=100
Actual behavior:
The audit-log-path is no longer set
root 181256 20.9 5.8 1255624 464056 ? Ssl 17:18 0:34 \_ kube-apiserver --admission-control-config-file=/etc/rancher/rke2/rke2-pss.yaml --audit-policy-file=/etc/rancher/rke2/audit-policy.yaml --audit-log-maxage=30 --audit-log-maxbackup=10 --audit-log-maxsize=100
Additional context / logs:
The other audit arguments are passed. It is just the path that is no longer there.
The text was updated successfully, but these errors were encountered: