Enable API Auditing
Important: RKE add-on install is only supported up to Rancher v2.0.8
Please use the Rancher helm chart to install HA Rancher. For details, see the HA Install - Installation Outline.
If you are currently using the RKE add-on install method, see Migrating from an HA RKE Add-on Install for details on how to move to using the helm chart.
If you’re using RKE to install Rancher, you can use directives to enable API Auditing for your Rancher install. You can know what happened, when it happened, who initiated it, and what cluster it affected. API auditing records all requests and responses to and from the Rancher API, which includes use of the Rancher UI and any other use of the Rancher API through programmatic use.
Enable API Auditing using RKE by adding arguments to your Rancher container.
To enable API auditing:
- Add API Auditing arguments (
args) to your Rancher container.
- Declare a
volumeMountsdirective of the container.
- Declare a
For more information about each argument, its syntax, and how to view API Audit logs, see Rancher v2.0 Documentation: API Auditing.
... containers: - image: rancher/rancher:latest imagePullPolicy: Always name: cattle-server args: ["--audit-log-path", "/var/log/auditlog/rancher-api-audit.log", "--audit-log-maxbackup", "5", "--audit-log-maxsize", "50", "--audit-level", "2"] ports: - containerPort: 80 protocol: TCP - containerPort: 443 protocol: TCP volumeMounts: - mountPath: /etc/rancher/ssl name: cattle-keys-volume readOnly: true - mountPath: /var/log/auditlog name: audit-log-dir volumes: - name: cattle-keys-volume secret: defaultMode: 420 secretName: cattle-keys-server - name: audit-log-dir hostPath: path: /var/log/rancher/auditlog type: Directory