How to enable debug level logging for the kube-auth-api DaemonSet in Rancher v2.3+ provisioned Kubernetes clusters

Table of Contents


The kube-auth-api DaemonSet is deployed to controlplane nodes, in Rancher v2.3+ provisioned Kubernetes clusters, to provide user authentication functionality for the authorized cluster endpoint. When troubleshooting an issue with authorized cluster endpoint authentication, it may be helpful to analyse the kube-auth-api logs at debug level, and this article details how to enable debug logging.



  1. Navigate to the workloads view of the System project, within the Rancher UI, for the relevant Rancher provisioned cluster.

  2. Locate the kube-api-auth DaemonSet, within the cattle-system namespace, click the vertial elipses and select Edit, per the following screenshot:

    Edit the kube-api-auth daemonset

  3. Click Show advanced options in the bottom left.

  4. Expand the Command section, enter /usr/bin/kube-api-auth --debug serve in the Command field, per the following screenshat, and click Save:

    Replace the command with --debug option

  5. The kube-api-auth pod(s) will restart with the new debug logging configuration. Viewing the kube-api-auth logs you should now obeserve log messages with level=debug.

Further reading

Was this article helpful?
0 out of 0 found this helpful



Please sign in to leave a comment.