From c2dd038c3d6607906a9f18db36b76148b01583b3 Mon Sep 17 00:00:00 2001 From: LucasSaintarbor Date: Thu, 11 Jan 2024 10:40:38 -0800 Subject: [PATCH 01/28] Update CLI commands for v2.6 - v2.8 --- .../cli-with-rancher/rancher-cli.md | 13 ++++++++++--- .../cli-with-rancher/rancher-cli.md | 13 ++++++++++--- .../cli-with-rancher/rancher-cli.md | 13 ++++++++++--- .../cli-with-rancher/rancher-cli.md | 13 ++++++++++--- 4 files changed, 40 insertions(+), 12 deletions(-) diff --git a/docs/reference-guides/cli-with-rancher/rancher-cli.md b/docs/reference-guides/cli-with-rancher/rancher-cli.md index 0c9a27c1694..09f2f33f70a 100644 --- a/docs/reference-guides/cli-with-rancher/rancher-cli.md +++ b/docs/reference-guides/cli-with-rancher/rancher-cli.md @@ -68,15 +68,22 @@ The following commands are available for use in Rancher CLI. | `catalog` | Performs operations on [catalogs](../../pages-for-subheaders/helm-charts-in-rancher.md). | | `clusters, [cluster]` | Performs operations on your [clusters](../../pages-for-subheaders/kubernetes-clusters-in-rancher-setup.md). | | `context` | Switches between Rancher [projects](../../how-to-guides/new-user-guides/manage-clusters/projects-and-namespaces.md). For an example, see [Project Selection](#project-selection). | +| `globaldns` | Performs operations on global DNS providers and entries. | | `inspect [OPTIONS] [RESOURCEID RESOURCENAME]` | Displays details about [Kubernetes resources](https://kubernetes.io/docs/reference/kubectl/cheatsheet/#resource-types) or Rancher resources (i.e.: [projects](../../how-to-guides/new-user-guides/manage-clusters/projects-and-namespaces.md) and [workloads](../../pages-for-subheaders/workloads-and-pods.md)). Specify resources by name or ID. | -| `kubectl` |Runs [kubectl commands](https://kubernetes.io/docs/reference/kubectl/overview/#operations). | +| `kubectl` | Runs [kubectl commands](https://kubernetes.io/docs/reference/kubectl/overview/#operations). | | `login, [l]` | Logs into a Rancher Server. For an example, see [CLI Authentication](#cli-authentication). | -| `namespaces, [namespace]` |Performs operations on namespaces. | -| `nodes, [node]` |Performs operations on nodes. | +| machines, [machine] | Performs operations on machines. | +| multiclusterapps, [multiclusterapp mcapps mcapp] | Performs operations with multi-cluster apps. | +| `namespaces, [namespace]` | Performs operations on namespaces. | +| `nodes, [node]` | Performs operations on nodes. | | `projects, [project]` | Performs operations on [projects](../../how-to-guides/new-user-guides/manage-clusters/projects-and-namespaces.md). | | `ps` | Displays [workloads](../../pages-for-subheaders/workloads-and-pods.md) in a project. | +| `server` | Performs operations for the server. | | `settings, [setting]` | Shows the current settings for your Rancher Server. | | `ssh` | Connects to one of your cluster nodes using the SSH protocol. | +| up | Applies compose config. | +| wait | Waits for resoruces clusters, app, project, multiClusterApp. | +| token | Authentictes and generates new kubeconfig token. | | `help, [h]` | Shows a list of commands or help for one command. | diff --git a/versioned_docs/version-2.6/reference-guides/cli-with-rancher/rancher-cli.md b/versioned_docs/version-2.6/reference-guides/cli-with-rancher/rancher-cli.md index 445d2b6446b..a4336208795 100644 --- a/versioned_docs/version-2.6/reference-guides/cli-with-rancher/rancher-cli.md +++ b/versioned_docs/version-2.6/reference-guides/cli-with-rancher/rancher-cli.md @@ -68,15 +68,22 @@ The following commands are available for use in Rancher CLI. | `catalog` | Performs operations on [catalogs](../../pages-for-subheaders/helm-charts-in-rancher.md). | | `clusters, [cluster]` | Performs operations on your [clusters](../../pages-for-subheaders/kubernetes-clusters-in-rancher-setup.md). | | `context` | Switches between Rancher [projects](../../how-to-guides/new-user-guides/manage-clusters/projects-and-namespaces.md). For an example, see [Project Selection](#project-selection). | +| `globaldns` | Performs operations on global DNS providers and entries. | | `inspect [OPTIONS] [RESOURCEID RESOURCENAME]` | Displays details about [Kubernetes resources](https://kubernetes.io/docs/reference/kubectl/cheatsheet/#resource-types) or Rancher resources (i.e.: [projects](../../how-to-guides/new-user-guides/manage-clusters/projects-and-namespaces.md) and [workloads](../../pages-for-subheaders/workloads-and-pods.md)). Specify resources by name or ID. | -| `kubectl` |Runs [kubectl commands](https://kubernetes.io/docs/reference/kubectl/overview/#operations). | +| `kubectl` | Runs [kubectl commands](https://kubernetes.io/docs/reference/kubectl/overview/#operations). | | `login, [l]` | Logs into a Rancher Server. For an example, see [CLI Authentication](#cli-authentication). | -| `namespaces, [namespace]` |Performs operations on namespaces. | -| `nodes, [node]` |Performs operations on nodes. | +| `machines, [machine]` | Operations on machines | +| `multiclusterapps, [multiclusterapp mcapps mcapp]` | Performs operations with multi-cluster apps. | +| `namespaces, [namespace]` | Performs operations on namespaces. | +| `nodes, [node]` | Performs operations on nodes. | | `projects, [project]` | Performs operations on [projects](../../how-to-guides/new-user-guides/manage-clusters/projects-and-namespaces.md). | | `ps` | Displays [workloads](../../pages-for-subheaders/workloads-and-pods.md) in a project. | +| `server` | Performs operations for the server. | | `settings, [setting]` | Shows the current settings for your Rancher Server. | | `ssh` | Connects to one of your cluster nodes using the SSH protocol. | +| up | Applies compose config. | +| wait | Waits for resoruces clusters, app, project, multiClusterApp. | +| token | Authentictes and generates new kubeconfig token. | | `help, [h]` | Shows a list of commands or help for one command. | diff --git a/versioned_docs/version-2.7/reference-guides/cli-with-rancher/rancher-cli.md b/versioned_docs/version-2.7/reference-guides/cli-with-rancher/rancher-cli.md index 0c9a27c1694..09f2f33f70a 100644 --- a/versioned_docs/version-2.7/reference-guides/cli-with-rancher/rancher-cli.md +++ b/versioned_docs/version-2.7/reference-guides/cli-with-rancher/rancher-cli.md @@ -68,15 +68,22 @@ The following commands are available for use in Rancher CLI. | `catalog` | Performs operations on [catalogs](../../pages-for-subheaders/helm-charts-in-rancher.md). | | `clusters, [cluster]` | Performs operations on your [clusters](../../pages-for-subheaders/kubernetes-clusters-in-rancher-setup.md). | | `context` | Switches between Rancher [projects](../../how-to-guides/new-user-guides/manage-clusters/projects-and-namespaces.md). For an example, see [Project Selection](#project-selection). | +| `globaldns` | Performs operations on global DNS providers and entries. | | `inspect [OPTIONS] [RESOURCEID RESOURCENAME]` | Displays details about [Kubernetes resources](https://kubernetes.io/docs/reference/kubectl/cheatsheet/#resource-types) or Rancher resources (i.e.: [projects](../../how-to-guides/new-user-guides/manage-clusters/projects-and-namespaces.md) and [workloads](../../pages-for-subheaders/workloads-and-pods.md)). Specify resources by name or ID. | -| `kubectl` |Runs [kubectl commands](https://kubernetes.io/docs/reference/kubectl/overview/#operations). | +| `kubectl` | Runs [kubectl commands](https://kubernetes.io/docs/reference/kubectl/overview/#operations). | | `login, [l]` | Logs into a Rancher Server. For an example, see [CLI Authentication](#cli-authentication). | -| `namespaces, [namespace]` |Performs operations on namespaces. | -| `nodes, [node]` |Performs operations on nodes. | +| machines, [machine] | Performs operations on machines. | +| multiclusterapps, [multiclusterapp mcapps mcapp] | Performs operations with multi-cluster apps. | +| `namespaces, [namespace]` | Performs operations on namespaces. | +| `nodes, [node]` | Performs operations on nodes. | | `projects, [project]` | Performs operations on [projects](../../how-to-guides/new-user-guides/manage-clusters/projects-and-namespaces.md). | | `ps` | Displays [workloads](../../pages-for-subheaders/workloads-and-pods.md) in a project. | +| `server` | Performs operations for the server. | | `settings, [setting]` | Shows the current settings for your Rancher Server. | | `ssh` | Connects to one of your cluster nodes using the SSH protocol. | +| up | Applies compose config. | +| wait | Waits for resoruces clusters, app, project, multiClusterApp. | +| token | Authentictes and generates new kubeconfig token. | | `help, [h]` | Shows a list of commands or help for one command. | diff --git a/versioned_docs/version-2.8/reference-guides/cli-with-rancher/rancher-cli.md b/versioned_docs/version-2.8/reference-guides/cli-with-rancher/rancher-cli.md index 0c9a27c1694..09f2f33f70a 100644 --- a/versioned_docs/version-2.8/reference-guides/cli-with-rancher/rancher-cli.md +++ b/versioned_docs/version-2.8/reference-guides/cli-with-rancher/rancher-cli.md @@ -68,15 +68,22 @@ The following commands are available for use in Rancher CLI. | `catalog` | Performs operations on [catalogs](../../pages-for-subheaders/helm-charts-in-rancher.md). | | `clusters, [cluster]` | Performs operations on your [clusters](../../pages-for-subheaders/kubernetes-clusters-in-rancher-setup.md). | | `context` | Switches between Rancher [projects](../../how-to-guides/new-user-guides/manage-clusters/projects-and-namespaces.md). For an example, see [Project Selection](#project-selection). | +| `globaldns` | Performs operations on global DNS providers and entries. | | `inspect [OPTIONS] [RESOURCEID RESOURCENAME]` | Displays details about [Kubernetes resources](https://kubernetes.io/docs/reference/kubectl/cheatsheet/#resource-types) or Rancher resources (i.e.: [projects](../../how-to-guides/new-user-guides/manage-clusters/projects-and-namespaces.md) and [workloads](../../pages-for-subheaders/workloads-and-pods.md)). Specify resources by name or ID. | -| `kubectl` |Runs [kubectl commands](https://kubernetes.io/docs/reference/kubectl/overview/#operations). | +| `kubectl` | Runs [kubectl commands](https://kubernetes.io/docs/reference/kubectl/overview/#operations). | | `login, [l]` | Logs into a Rancher Server. For an example, see [CLI Authentication](#cli-authentication). | -| `namespaces, [namespace]` |Performs operations on namespaces. | -| `nodes, [node]` |Performs operations on nodes. | +| machines, [machine] | Performs operations on machines. | +| multiclusterapps, [multiclusterapp mcapps mcapp] | Performs operations with multi-cluster apps. | +| `namespaces, [namespace]` | Performs operations on namespaces. | +| `nodes, [node]` | Performs operations on nodes. | | `projects, [project]` | Performs operations on [projects](../../how-to-guides/new-user-guides/manage-clusters/projects-and-namespaces.md). | | `ps` | Displays [workloads](../../pages-for-subheaders/workloads-and-pods.md) in a project. | +| `server` | Performs operations for the server. | | `settings, [setting]` | Shows the current settings for your Rancher Server. | | `ssh` | Connects to one of your cluster nodes using the SSH protocol. | +| up | Applies compose config. | +| wait | Waits for resoruces clusters, app, project, multiClusterApp. | +| token | Authentictes and generates new kubeconfig token. | | `help, [h]` | Shows a list of commands or help for one command. | From 2ae06b1abccbba7e2a17981f8389860dd2d4ad56 Mon Sep 17 00:00:00 2001 From: LucasSaintarbor Date: Thu, 1 Feb 2024 12:27:02 -0800 Subject: [PATCH 02/28] Review / update CLI commands --- .../cli-with-rancher/rancher-cli.md | 19 +++++++++---------- .../cli-with-rancher/rancher-cli.md | 18 +++++++++--------- .../cli-with-rancher/rancher-cli.md | 16 ++++++++-------- .../cli-with-rancher/rancher-cli.md | 19 +++++++++---------- 4 files changed, 35 insertions(+), 37 deletions(-) diff --git a/docs/reference-guides/cli-with-rancher/rancher-cli.md b/docs/reference-guides/cli-with-rancher/rancher-cli.md index 09f2f33f70a..1e5357c67de 100644 --- a/docs/reference-guides/cli-with-rancher/rancher-cli.md +++ b/docs/reference-guides/cli-with-rancher/rancher-cli.md @@ -68,25 +68,24 @@ The following commands are available for use in Rancher CLI. | `catalog` | Performs operations on [catalogs](../../pages-for-subheaders/helm-charts-in-rancher.md). | | `clusters, [cluster]` | Performs operations on your [clusters](../../pages-for-subheaders/kubernetes-clusters-in-rancher-setup.md). | | `context` | Switches between Rancher [projects](../../how-to-guides/new-user-guides/manage-clusters/projects-and-namespaces.md). For an example, see [Project Selection](#project-selection). | -| `globaldns` | Performs operations on global DNS providers and entries. | +| `globaldns` | Performs operations on global DNS providers and entries. | | `inspect [OPTIONS] [RESOURCEID RESOURCENAME]` | Displays details about [Kubernetes resources](https://kubernetes.io/docs/reference/kubectl/cheatsheet/#resource-types) or Rancher resources (i.e.: [projects](../../how-to-guides/new-user-guides/manage-clusters/projects-and-namespaces.md) and [workloads](../../pages-for-subheaders/workloads-and-pods.md)). Specify resources by name or ID. | | `kubectl` | Runs [kubectl commands](https://kubernetes.io/docs/reference/kubectl/overview/#operations). | | `login, [l]` | Logs into a Rancher Server. For an example, see [CLI Authentication](#cli-authentication). | -| machines, [machine] | Performs operations on machines. | -| multiclusterapps, [multiclusterapp mcapps mcapp] | Performs operations with multi-cluster apps. | -| `namespaces, [namespace]` | Performs operations on namespaces. | -| `nodes, [node]` | Performs operations on nodes. | +| `machines, [machine]` | Performs operations on machines. | +| `multiclusterapps, [multiclusterapp mcapps mcapp]` | Performs operations with multi-cluster apps. | +| `namespaces, [namespace]` | Performs operations on [namespaces](../../how-to-guides/new-user-guides/manage-namespaces.md). | +| `nodes, [node]` | Performs operations on [nodes](../../how-to-guides/new-user-guides/manage-clusters/nodes-and-node-pools.md). | | `projects, [project]` | Performs operations on [projects](../../how-to-guides/new-user-guides/manage-clusters/projects-and-namespaces.md). | | `ps` | Displays [workloads](../../pages-for-subheaders/workloads-and-pods.md) in a project. | -| `server` | Performs operations for the server. | +| `server` | Performs operations for the server. | | `settings, [setting]` | Shows the current settings for your Rancher Server. | | `ssh` | Connects to one of your cluster nodes using the SSH protocol. | -| up | Applies compose config. | -| wait | Waits for resoruces clusters, app, project, multiClusterApp. | -| token | Authentictes and generates new kubeconfig token. | +| `up` | Applies compose config. | +| `wait` | Waits for resoruces cluster, app, project, multiClusterApp. | +| `token` | Authentictes and generates new kubeconfig token. | | `help, [h]` | Shows a list of commands or help for one command. | - ### Rancher CLI Help Once logged into Rancher Server using the CLI, enter `./rancher --help` for a list of commands. diff --git a/versioned_docs/version-2.6/reference-guides/cli-with-rancher/rancher-cli.md b/versioned_docs/version-2.6/reference-guides/cli-with-rancher/rancher-cli.md index a4336208795..99e62147663 100644 --- a/versioned_docs/version-2.6/reference-guides/cli-with-rancher/rancher-cli.md +++ b/versioned_docs/version-2.6/reference-guides/cli-with-rancher/rancher-cli.md @@ -68,22 +68,22 @@ The following commands are available for use in Rancher CLI. | `catalog` | Performs operations on [catalogs](../../pages-for-subheaders/helm-charts-in-rancher.md). | | `clusters, [cluster]` | Performs operations on your [clusters](../../pages-for-subheaders/kubernetes-clusters-in-rancher-setup.md). | | `context` | Switches between Rancher [projects](../../how-to-guides/new-user-guides/manage-clusters/projects-and-namespaces.md). For an example, see [Project Selection](#project-selection). | -| `globaldns` | Performs operations on global DNS providers and entries. | +| `globaldns` | Performs operations on global DNS providers and entries. | | `inspect [OPTIONS] [RESOURCEID RESOURCENAME]` | Displays details about [Kubernetes resources](https://kubernetes.io/docs/reference/kubectl/cheatsheet/#resource-types) or Rancher resources (i.e.: [projects](../../how-to-guides/new-user-guides/manage-clusters/projects-and-namespaces.md) and [workloads](../../pages-for-subheaders/workloads-and-pods.md)). Specify resources by name or ID. | | `kubectl` | Runs [kubectl commands](https://kubernetes.io/docs/reference/kubectl/overview/#operations). | | `login, [l]` | Logs into a Rancher Server. For an example, see [CLI Authentication](#cli-authentication). | -| `machines, [machine]` | Operations on machines | -| `multiclusterapps, [multiclusterapp mcapps mcapp]` | Performs operations with multi-cluster apps. | -| `namespaces, [namespace]` | Performs operations on namespaces. | -| `nodes, [node]` | Performs operations on nodes. | +| `machines, [machine]` | Performs operations on machines. | +| `multiclusterapps, [multiclusterapp mcapps mcapp]` | Performs operations with multi-cluster apps. | +| `namespaces, [namespace]` | Performs operations on [namespaces](../../how-to-guides/new-user-guides/manage-namespaces.md). | +| `nodes, [node]` | Performs operations on [nodes](../../how-to-guides/new-user-guides/manage-clusters/nodes-and-node-pools.md). | | `projects, [project]` | Performs operations on [projects](../../how-to-guides/new-user-guides/manage-clusters/projects-and-namespaces.md). | | `ps` | Displays [workloads](../../pages-for-subheaders/workloads-and-pods.md) in a project. | -| `server` | Performs operations for the server. | +| `server` | Performs operations for the server. | | `settings, [setting]` | Shows the current settings for your Rancher Server. | | `ssh` | Connects to one of your cluster nodes using the SSH protocol. | -| up | Applies compose config. | -| wait | Waits for resoruces clusters, app, project, multiClusterApp. | -| token | Authentictes and generates new kubeconfig token. | +| `up` | Applies compose config. | +| `wait` | Waits for resoruces cluster, app, project, multiClusterApp. | +| `token` | Authentictes and generates new kubeconfig token. | | `help, [h]` | Shows a list of commands or help for one command. | diff --git a/versioned_docs/version-2.7/reference-guides/cli-with-rancher/rancher-cli.md b/versioned_docs/version-2.7/reference-guides/cli-with-rancher/rancher-cli.md index 09f2f33f70a..43989a19581 100644 --- a/versioned_docs/version-2.7/reference-guides/cli-with-rancher/rancher-cli.md +++ b/versioned_docs/version-2.7/reference-guides/cli-with-rancher/rancher-cli.md @@ -72,18 +72,18 @@ The following commands are available for use in Rancher CLI. | `inspect [OPTIONS] [RESOURCEID RESOURCENAME]` | Displays details about [Kubernetes resources](https://kubernetes.io/docs/reference/kubectl/cheatsheet/#resource-types) or Rancher resources (i.e.: [projects](../../how-to-guides/new-user-guides/manage-clusters/projects-and-namespaces.md) and [workloads](../../pages-for-subheaders/workloads-and-pods.md)). Specify resources by name or ID. | | `kubectl` | Runs [kubectl commands](https://kubernetes.io/docs/reference/kubectl/overview/#operations). | | `login, [l]` | Logs into a Rancher Server. For an example, see [CLI Authentication](#cli-authentication). | -| machines, [machine] | Performs operations on machines. | -| multiclusterapps, [multiclusterapp mcapps mcapp] | Performs operations with multi-cluster apps. | -| `namespaces, [namespace]` | Performs operations on namespaces. | -| `nodes, [node]` | Performs operations on nodes. | +| machines, [machine] | Performs operations on machines. | +| `multiclusterapps, [multiclusterapp mcapps mcapp]` | Performs operations with multi-cluster apps. | +| `namespaces, [namespace]` | Performs operations on [namespaces](../../how-to-guides/new-user-guides/manage-namespaces.md). | +| `nodes, [node]` | Performs operations on [nodes](../../how-to-guides/new-user-guides/manage-clusters/nodes-and-node-pools.md). | | `projects, [project]` | Performs operations on [projects](../../how-to-guides/new-user-guides/manage-clusters/projects-and-namespaces.md). | | `ps` | Displays [workloads](../../pages-for-subheaders/workloads-and-pods.md) in a project. | -| `server` | Performs operations for the server. | +| `server` | Performs operations for the server. | | `settings, [setting]` | Shows the current settings for your Rancher Server. | | `ssh` | Connects to one of your cluster nodes using the SSH protocol. | -| up | Applies compose config. | -| wait | Waits for resoruces clusters, app, project, multiClusterApp. | -| token | Authentictes and generates new kubeconfig token. | +| `up` | Applies compose config. | +| `wait` | Waits for resoruces cluster, app, project, multiClusterApp. | +| `token` | Authentictes and generates new kubeconfig token. | | `help, [h]` | Shows a list of commands or help for one command. | diff --git a/versioned_docs/version-2.8/reference-guides/cli-with-rancher/rancher-cli.md b/versioned_docs/version-2.8/reference-guides/cli-with-rancher/rancher-cli.md index 09f2f33f70a..1e5357c67de 100644 --- a/versioned_docs/version-2.8/reference-guides/cli-with-rancher/rancher-cli.md +++ b/versioned_docs/version-2.8/reference-guides/cli-with-rancher/rancher-cli.md @@ -68,25 +68,24 @@ The following commands are available for use in Rancher CLI. | `catalog` | Performs operations on [catalogs](../../pages-for-subheaders/helm-charts-in-rancher.md). | | `clusters, [cluster]` | Performs operations on your [clusters](../../pages-for-subheaders/kubernetes-clusters-in-rancher-setup.md). | | `context` | Switches between Rancher [projects](../../how-to-guides/new-user-guides/manage-clusters/projects-and-namespaces.md). For an example, see [Project Selection](#project-selection). | -| `globaldns` | Performs operations on global DNS providers and entries. | +| `globaldns` | Performs operations on global DNS providers and entries. | | `inspect [OPTIONS] [RESOURCEID RESOURCENAME]` | Displays details about [Kubernetes resources](https://kubernetes.io/docs/reference/kubectl/cheatsheet/#resource-types) or Rancher resources (i.e.: [projects](../../how-to-guides/new-user-guides/manage-clusters/projects-and-namespaces.md) and [workloads](../../pages-for-subheaders/workloads-and-pods.md)). Specify resources by name or ID. | | `kubectl` | Runs [kubectl commands](https://kubernetes.io/docs/reference/kubectl/overview/#operations). | | `login, [l]` | Logs into a Rancher Server. For an example, see [CLI Authentication](#cli-authentication). | -| machines, [machine] | Performs operations on machines. | -| multiclusterapps, [multiclusterapp mcapps mcapp] | Performs operations with multi-cluster apps. | -| `namespaces, [namespace]` | Performs operations on namespaces. | -| `nodes, [node]` | Performs operations on nodes. | +| `machines, [machine]` | Performs operations on machines. | +| `multiclusterapps, [multiclusterapp mcapps mcapp]` | Performs operations with multi-cluster apps. | +| `namespaces, [namespace]` | Performs operations on [namespaces](../../how-to-guides/new-user-guides/manage-namespaces.md). | +| `nodes, [node]` | Performs operations on [nodes](../../how-to-guides/new-user-guides/manage-clusters/nodes-and-node-pools.md). | | `projects, [project]` | Performs operations on [projects](../../how-to-guides/new-user-guides/manage-clusters/projects-and-namespaces.md). | | `ps` | Displays [workloads](../../pages-for-subheaders/workloads-and-pods.md) in a project. | -| `server` | Performs operations for the server. | +| `server` | Performs operations for the server. | | `settings, [setting]` | Shows the current settings for your Rancher Server. | | `ssh` | Connects to one of your cluster nodes using the SSH protocol. | -| up | Applies compose config. | -| wait | Waits for resoruces clusters, app, project, multiClusterApp. | -| token | Authentictes and generates new kubeconfig token. | +| `up` | Applies compose config. | +| `wait` | Waits for resoruces cluster, app, project, multiClusterApp. | +| `token` | Authentictes and generates new kubeconfig token. | | `help, [h]` | Shows a list of commands or help for one command. | - ### Rancher CLI Help Once logged into Rancher Server using the CLI, enter `./rancher --help` for a list of commands. From 8fcf90f7ac648fea14636686cbefeabdc32efa25 Mon Sep 17 00:00:00 2001 From: Lucas Saintarbor Date: Mon, 12 Feb 2024 10:57:10 -0800 Subject: [PATCH 03/28] Apply suggestions from code review Co-authored-by: Marty Hernandez Avedon Co-authored-by: Billy Tat --- docs/reference-guides/cli-with-rancher/rancher-cli.md | 4 ++-- .../reference-guides/cli-with-rancher/rancher-cli.md | 4 ++-- .../reference-guides/cli-with-rancher/rancher-cli.md | 8 ++++---- .../reference-guides/cli-with-rancher/rancher-cli.md | 4 ++-- 4 files changed, 10 insertions(+), 10 deletions(-) diff --git a/docs/reference-guides/cli-with-rancher/rancher-cli.md b/docs/reference-guides/cli-with-rancher/rancher-cli.md index 1e5357c67de..2cc1bd1ed7c 100644 --- a/docs/reference-guides/cli-with-rancher/rancher-cli.md +++ b/docs/reference-guides/cli-with-rancher/rancher-cli.md @@ -82,8 +82,8 @@ The following commands are available for use in Rancher CLI. | `settings, [setting]` | Shows the current settings for your Rancher Server. | | `ssh` | Connects to one of your cluster nodes using the SSH protocol. | | `up` | Applies compose config. | -| `wait` | Waits for resoruces cluster, app, project, multiClusterApp. | -| `token` | Authentictes and generates new kubeconfig token. | +| `wait` | Waits for resources cluster, app, project, multiClusterApp. | +| `token` | Authenticates and generates new kubeconfig token. | | `help, [h]` | Shows a list of commands or help for one command. | ### Rancher CLI Help diff --git a/versioned_docs/version-2.6/reference-guides/cli-with-rancher/rancher-cli.md b/versioned_docs/version-2.6/reference-guides/cli-with-rancher/rancher-cli.md index 99e62147663..f165979807d 100644 --- a/versioned_docs/version-2.6/reference-guides/cli-with-rancher/rancher-cli.md +++ b/versioned_docs/version-2.6/reference-guides/cli-with-rancher/rancher-cli.md @@ -82,8 +82,8 @@ The following commands are available for use in Rancher CLI. | `settings, [setting]` | Shows the current settings for your Rancher Server. | | `ssh` | Connects to one of your cluster nodes using the SSH protocol. | | `up` | Applies compose config. | -| `wait` | Waits for resoruces cluster, app, project, multiClusterApp. | -| `token` | Authentictes and generates new kubeconfig token. | +| `wait` | Waits for resources cluster, app, project, multiClusterApp. | +| `token` | Authenticates and generates new kubeconfig token. | | `help, [h]` | Shows a list of commands or help for one command. | diff --git a/versioned_docs/version-2.7/reference-guides/cli-with-rancher/rancher-cli.md b/versioned_docs/version-2.7/reference-guides/cli-with-rancher/rancher-cli.md index 43989a19581..2970348c8f9 100644 --- a/versioned_docs/version-2.7/reference-guides/cli-with-rancher/rancher-cli.md +++ b/versioned_docs/version-2.7/reference-guides/cli-with-rancher/rancher-cli.md @@ -68,11 +68,11 @@ The following commands are available for use in Rancher CLI. | `catalog` | Performs operations on [catalogs](../../pages-for-subheaders/helm-charts-in-rancher.md). | | `clusters, [cluster]` | Performs operations on your [clusters](../../pages-for-subheaders/kubernetes-clusters-in-rancher-setup.md). | | `context` | Switches between Rancher [projects](../../how-to-guides/new-user-guides/manage-clusters/projects-and-namespaces.md). For an example, see [Project Selection](#project-selection). | -| `globaldns` | Performs operations on global DNS providers and entries. | +| `globaldns` | Performs operations on global DNS providers and entries. | | `inspect [OPTIONS] [RESOURCEID RESOURCENAME]` | Displays details about [Kubernetes resources](https://kubernetes.io/docs/reference/kubectl/cheatsheet/#resource-types) or Rancher resources (i.e.: [projects](../../how-to-guides/new-user-guides/manage-clusters/projects-and-namespaces.md) and [workloads](../../pages-for-subheaders/workloads-and-pods.md)). Specify resources by name or ID. | | `kubectl` | Runs [kubectl commands](https://kubernetes.io/docs/reference/kubectl/overview/#operations). | | `login, [l]` | Logs into a Rancher Server. For an example, see [CLI Authentication](#cli-authentication). | -| machines, [machine] | Performs operations on machines. | +| `machines, [machine]` | Performs operations on machines. | | `multiclusterapps, [multiclusterapp mcapps mcapp]` | Performs operations with multi-cluster apps. | | `namespaces, [namespace]` | Performs operations on [namespaces](../../how-to-guides/new-user-guides/manage-namespaces.md). | | `nodes, [node]` | Performs operations on [nodes](../../how-to-guides/new-user-guides/manage-clusters/nodes-and-node-pools.md). | @@ -82,8 +82,8 @@ The following commands are available for use in Rancher CLI. | `settings, [setting]` | Shows the current settings for your Rancher Server. | | `ssh` | Connects to one of your cluster nodes using the SSH protocol. | | `up` | Applies compose config. | -| `wait` | Waits for resoruces cluster, app, project, multiClusterApp. | -| `token` | Authentictes and generates new kubeconfig token. | +| `wait` | Waits for resources cluster, app, project, multiClusterApp. | +| `token` | Authenticates and generates new kubeconfig token. | | `help, [h]` | Shows a list of commands or help for one command. | diff --git a/versioned_docs/version-2.8/reference-guides/cli-with-rancher/rancher-cli.md b/versioned_docs/version-2.8/reference-guides/cli-with-rancher/rancher-cli.md index 1e5357c67de..2cc1bd1ed7c 100644 --- a/versioned_docs/version-2.8/reference-guides/cli-with-rancher/rancher-cli.md +++ b/versioned_docs/version-2.8/reference-guides/cli-with-rancher/rancher-cli.md @@ -82,8 +82,8 @@ The following commands are available for use in Rancher CLI. | `settings, [setting]` | Shows the current settings for your Rancher Server. | | `ssh` | Connects to one of your cluster nodes using the SSH protocol. | | `up` | Applies compose config. | -| `wait` | Waits for resoruces cluster, app, project, multiClusterApp. | -| `token` | Authentictes and generates new kubeconfig token. | +| `wait` | Waits for resources cluster, app, project, multiClusterApp. | +| `token` | Authenticates and generates new kubeconfig token. | | `help, [h]` | Shows a list of commands or help for one command. | ### Rancher CLI Help From d9cab2613f086a77f8b2b427dec7250e48e04350 Mon Sep 17 00:00:00 2001 From: Billy Tat Date: Mon, 12 Feb 2024 14:48:58 -0800 Subject: [PATCH 04/28] Add canonical links to mdx files --- docs/api/api-reference.mdx | 4 ++++ .../integrations-in-rancher.mdx | 16 ++++++---------- versioned_docs/version-2.8/api/api-reference.mdx | 4 ++++ .../integrations-in-rancher.mdx | 16 ++++++---------- 4 files changed, 20 insertions(+), 20 deletions(-) diff --git a/docs/api/api-reference.mdx b/docs/api/api-reference.mdx index 794b4ad9b91..2ae392ecf47 100644 --- a/docs/api/api-reference.mdx +++ b/docs/api/api-reference.mdx @@ -2,6 +2,10 @@ title: API Reference --- + + + + :::note At this time, not all Rancher resources are available through the Rancher Kubernetes API. diff --git a/docs/integrations-in-rancher/integrations-in-rancher.mdx b/docs/integrations-in-rancher/integrations-in-rancher.mdx index cd9c5f4d166..5f75b398ab7 100644 --- a/docs/integrations-in-rancher/integrations-in-rancher.mdx +++ b/docs/integrations-in-rancher/integrations-in-rancher.mdx @@ -1,17 +1,13 @@ --- title: Integrations in Rancher --- + + + + + import {Card, CardSection} from '@site/src/components/CardComponents'; -import { - ReadingModeMobileRegular, - QuestionRegular, - ArrowUpRegular, - PlayRegular, - FlowchartRegular, - RocketRegular -} from '@fluentui/react-icons'; -import { FaAws, FaGoogle, FaCloud, FaServer, faGear } from "react-icons/fa6"; -import HarvesterIcon from '@site/static/img/harvester_logo_horizontal.svg'; +import {RocketRegular} from '@fluentui/react-icons'; Prime is the Rancher ecosystem’s enterprise offering, with additional security, extended lifecycles, and access to Prime-exclusive documentation. Rancher Prime installation assets are hosted on a trusted SUSE registry, owned and managed by Rancher. The trusted Prime registry includes only stable releases that have been community-tested. diff --git a/versioned_docs/version-2.8/api/api-reference.mdx b/versioned_docs/version-2.8/api/api-reference.mdx index 794b4ad9b91..2ae392ecf47 100644 --- a/versioned_docs/version-2.8/api/api-reference.mdx +++ b/versioned_docs/version-2.8/api/api-reference.mdx @@ -2,6 +2,10 @@ title: API Reference --- + + + + :::note At this time, not all Rancher resources are available through the Rancher Kubernetes API. diff --git a/versioned_docs/version-2.8/integrations-in-rancher/integrations-in-rancher.mdx b/versioned_docs/version-2.8/integrations-in-rancher/integrations-in-rancher.mdx index cd9c5f4d166..5f75b398ab7 100644 --- a/versioned_docs/version-2.8/integrations-in-rancher/integrations-in-rancher.mdx +++ b/versioned_docs/version-2.8/integrations-in-rancher/integrations-in-rancher.mdx @@ -1,17 +1,13 @@ --- title: Integrations in Rancher --- + + + + + import {Card, CardSection} from '@site/src/components/CardComponents'; -import { - ReadingModeMobileRegular, - QuestionRegular, - ArrowUpRegular, - PlayRegular, - FlowchartRegular, - RocketRegular -} from '@fluentui/react-icons'; -import { FaAws, FaGoogle, FaCloud, FaServer, faGear } from "react-icons/fa6"; -import HarvesterIcon from '@site/static/img/harvester_logo_horizontal.svg'; +import {RocketRegular} from '@fluentui/react-icons'; Prime is the Rancher ecosystem’s enterprise offering, with additional security, extended lifecycles, and access to Prime-exclusive documentation. Rancher Prime installation assets are hosted on a trusted SUSE registry, owned and managed by Rancher. The trusted Prime registry includes only stable releases that have been community-tested. From 64e634ff9ac4d2d6a01be3b00650c2efe4d5b7af Mon Sep 17 00:00:00 2001 From: Billy Tat Date: Mon, 12 Feb 2024 15:29:43 -0800 Subject: [PATCH 05/28] Sync latest with changes from PR#989 - 'Updates to the Global roles for new 2.8 features' --- .../global-permissions.md | 267 +++++++++++++----- .../global-permissions.md | 1 + 2 files changed, 191 insertions(+), 77 deletions(-) diff --git a/docs/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/global-permissions.md b/docs/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/global-permissions.md index dfae1c35f46..cb68393bc39 100644 --- a/docs/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/global-permissions.md +++ b/docs/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/global-permissions.md @@ -12,7 +12,7 @@ Global Permissions define user authorization outside the scope of any particular - **Administrator:** These users have full control over the entire Rancher system and all clusters within it. -- **Restricted Admin:** These users have full control over downstream clusters, but cannot alter the local Kubernetes cluster. +- **Restricted Admin (Deprecated) :** These users have full control over downstream clusters, but cannot alter the local Kubernetes cluster. - **Standard User:** These users can create new clusters and use them. Standard users can also assign other users permissions to their clusters. @@ -20,77 +20,6 @@ Global Permissions define user authorization outside the scope of any particular You cannot update or delete the built-in Global Permissions. -## Restricted Admin - -A new `restricted-admin` role was created in Rancher v2.5 in order to prevent privilege escalation from the local Rancher server Kubernetes cluster. This role has full administrator access to all downstream clusters managed by Rancher, but it does not have permission to alter the local Kubernetes cluster. - -The `restricted-admin` can create other `restricted-admin` users with an equal level of access. - -A new setting was added to Rancher to set the initial bootstrapped administrator to have the `restricted-admin` role. This applies to the first user created when the Rancher server is started for the first time. If the environment variable is set, then no global administrator would be created, and it would be impossible to create the global administrator through Rancher. - -To bootstrap Rancher with the `restricted-admin` as the initial user, the Rancher server should be started with the following environment variable: - -``` -CATTLE_RESTRICTED_DEFAULT_ADMIN=true -``` -### List of `restricted-admin` Permissions - -The following table lists the permissions and actions that a `restricted-admin` should have in comparison with the `Administrator` and `Standard User` roles: - -| Category | Action | Global Admin | Standard User | Restricted Admin | Notes for Restricted Admin role | -| -------- | ------ | ------------ | ------------- | ---------------- | ------------------------------- | -| Local Cluster functions | Manage Local Cluster (List, Edit, Import Host) | Yes | No | No | | -| | Create Projects/namespaces | Yes | No | No | | -| | Add cluster/project members | Yes | No | No | | -| | Global DNS | Yes | No | No | | -| | Access to management cluster for CRDs and CRs | Yes | No | Yes | | -| | Save as RKE Template | Yes | No | No | | -| Security | | | | | | -| Enable auth | Configure Authentication | Yes | No | Yes | | -| Roles | Create/Assign GlobalRoles | Yes | No (Can list) | Yes | Auth webhook allows creating globalrole for perms already present | -| | Create/Assign ClusterRoles | Yes | No (Can list) | Yes | Not in local cluster | -| | Create/Assign ProjectRoles | Yes | No (Can list) | Yes | Not in local cluster | -| Users | Add User/Edit/Delete/Deactivate User | Yes | No | Yes | | -| Groups | Assign Global role to groups | Yes | No | Yes | As allowed by the webhook | -| | Refresh Groups | Yes | No | Yes | | -| PSP's | Manage PSP templates | Yes | No (Can list) | Yes | Same privileges as Global Admin for PSPs | -| Tools | | | | | | -| | Manage RKE Templates | Yes | No | Yes | | -| | Manage Global Catalogs | Yes | No | Yes | Cannot edit/delete built-in system catalog. Can manage Helm library | -| | Cluster Drivers | Yes | No | Yes | | -| | Node Drivers | Yes | No | Yes | | -| | GlobalDNS Providers | Yes | Yes (Self) | Yes | | -| | GlobalDNS Entries | Yes | Yes (Self) | Yes | | -| Settings | | | | | | -| | Manage Settings | Yes | No (Can list) | No (Can list) | | -| User | | | | | | -| | Manage API Keys | Yes (Manage all) | Yes (Manage self) | Yes (Manage self) | | -| | Manage Node Templates | Yes | Yes (Manage self) | Yes (Manage self) | Can only manage their own node templates and not those created by other users | -| | Manage Cloud Credentials | Yes | Yes (Manage self) | Yes (Manage self) | Can only manage their own cloud credentials and not those created by other users | -| Downstream Cluster | Create Cluster | Yes | Yes | Yes | | -| | Edit Cluster | Yes | Yes | Yes | | -| | Rotate Certificates | Yes | | Yes | | -| | Snapshot Now | Yes | | Yes | | -| | Restore Snapshot | Yes | | Yes | | -| | Save as RKE Template | Yes | No | Yes | | -| | Run CIS Scan | Yes | Yes | Yes | | -| | Add Members | Yes | Yes | Yes | | -| | Create Projects | Yes | Yes | Yes | | -| Feature Charts since v2.5 | | | | | | -| | Install Fleet | Yes | | Yes | Should not be able to run Fleet in local cluster | -| | Deploy EKS cluster | Yes | Yes | Yes | | -| | Deploy GKE cluster | Yes | Yes | Yes | | -| | Deploy AKS cluster | Yes | Yes | Yes | | - - -### Changing Global Administrators to Restricted Admins - -If Rancher already has a global administrator, they should change all global administrators over to the new `restricted-admin` role. - -This can be done through **Security > Users** and moving any Administrator role over to Restricted Administrator. - -Signed-in users can change themselves over to the `restricted-admin` if they wish, but they should only do that as the last step, otherwise they won't have the permissions to do so. - ## Global Permission Assignment Global permissions for local users are assigned differently than users who log in to Rancher using external authentication. @@ -135,13 +64,15 @@ The default roles, Administrator and Standard User, each come with multiple glob Administrators can enforce custom global permissions in multiple ways: -- [Changing the default permissions for new users](#configuring-default-global-permissions) -- [Configuring global permissions for individual users](#configuring-global-permissions-for-individual-users) -- [Configuring global permissions for groups](#configuring-global-permissions-for-groups) +- [Creating custom global roles](#creating-custom-global-roles). +- [Changing the default permissions for new users](#configuring-default-global-permissions). +- [Configuring global permissions for individual users](#configuring-global-permissions-for-individual-users). +- [Configuring global permissions for groups](#configuring-global-permissions-for-groups). -### Custom Global Permissions Reference +### Combining Built-in GlobalRoles -The following table lists each custom global permission available and whether it is included in the default global permissions, `Administrator`, `Standard User` and `User-Base`. +Rancher provides several GlobalRoles which grant granular permissions for certain common use cases. +The following table lists each built-in global permission and whether it is included in the default global permissions, `Administrator`, `Standard User` and `User-Base`. | Custom Global Permission | Administrator | Standard User | User-Base | | ---------------------------------- | ------------- | ------------- |-----------| @@ -171,6 +102,112 @@ For details on which Kubernetes resources correspond to each global permission, ::: +### Custom GlobalRoles + +You can create custom GlobalRoles to satisfy use cases not directly addressed by built-in GlobalRoles. + +Create custom GlobalRoles through the UI or through automation (such as the Rancher Kubernetes API). You can specify the same type of rules as the rules for upstream roles and clusterRoles. + +#### Escalate and Bind verbs + +When giving permissions on GlobalRoles, keep in mind that Rancher respects the `escalate` and `bind` verbs, in a similar fashion to [Kubernetes](https://kubernetes.io/docs/reference/access-authn-authz/rbac/#restrictions-on-role-creation-or-update). + +Both of these verbs, which are given on the GlobalRoles resource, can grant users the permission to bypass Rancher's privilege escalation checks. This potentially allows users to become admins. Since this represents a serious security risk, `bind` and `escalate` should be distributed to users with great caution. + +The `escalate` verb allows users to change a GlobalRole and add any permission, even if the users doesn't have the permissions in the current GlobalRole or the new version of the GlobalRole. + +The `bind` verb allows users to create a GlobalRoleBinding to the specified GlobalRole, even if they do not have the permissions in the GlobalRole. + +:::danger + +The wildcard verb `*` also includes the `bind` and `escalate` verbs. This means that giving `*` on GlobalRoles to a user also gives them both `escalate` and `bind`. + +::: + +##### Custom GlobalRole Examples + +To grant permission to escalate only the `test-gr` GlobalRole: + +```yaml +rules: +- apiGroups: + - 'management.cattle.io' + resources: + - 'globalroles' + resourceNames: + - 'test-gr' + verbs: + - 'escalate' +``` + +To grant permission to escalate all GlobalRoles: + +```yaml +rules: +- apiGroups: + - 'management.cattle.io' + resources: + - 'globalroles' + verbs: + - 'escalate' +``` + +To grant permission to create bindings (which bypass escalation checks) to only the `test-gr` GlobalRole: + +```yaml +rules: +- apiGroups: + - 'management.cattle.io' + resources: + - 'globalroles' + resourceNames: + - 'test-gr' + verbs: + - 'bind' +- apiGroups: + - 'management.cattle.io' + resources: + - 'globalrolebindings' + verbs: + - 'create' +``` + +Granting `*` permissions (which includes both `escalate` and `bind`): + +```yaml +rules: +- apiGroups: + - 'management.cattle.io' + resources: + - 'globalroles' + verbs: + - '*' +``` + +#### GlobalRole Permissions on Downstream Clusters + +GlobalRoles can grant one or more RoleTemplates on every downstream cluster through the `inheritedClusterRoles` field. Values in this field must refer to a RoleTemplate which exists and has a `context` of Cluster. + +With this field, users gain the specified permissions on all current or future downstream clusters. For example, consider the following GlobalRole: + +```yaml +apiVersion: management.cattle.io/v3 +kind: GlobalRole +displayName: All Downstream Owner +metadata: + name: all-downstream-owner +inheritedClusterRoles: +- cluster-owner +``` + +Any user with this permission will be a cluster-owner on all downstream clusters. If a new cluster is added, regardless of type, the user will be an owner on that cluster as well. + +:::danger + +Using this field on [default GlobalRoles](#configuring-default-global-permissions) may result in users gaining excessive permissions. + +::: + ### Configuring Default Global Permissions If you want to restrict the default permissions for new users, you can remove the `user` permission as default role and then assign multiple individual permissions as default instead. Conversely, you can also add administrative permissions on top of a set of other standard permissions. @@ -249,3 +286,79 @@ To refresh group memberships, 1. Click **Refresh Group Memberships**. **Result:** Any changes to the group members' permissions will take effect. + +## Restricted Admin + +:::warning Deprecated + +The Restricted Admin role is deprecated, and will be removed in a future version of Rancher (2.10 or higher). You should make a custom role with the desired permissions instead of relying on this built-in role. + +::: + +A new `restricted-admin` role was created in Rancher v2.5 in order to prevent privilege escalation on the local Rancher server Kubernetes cluster. This role has full administrator access to all downstream clusters managed by Rancher, but it does not have permission to alter the local Kubernetes cluster. + +The `restricted-admin` can create other `restricted-admin` users with an equal level of access. + +A new setting was added to Rancher to set the initial bootstrapped administrator to have the `restricted-admin` role. This applies to the first user created when the Rancher server is started for the first time. If the environment variable is set, then no global administrator would be created, and it would be impossible to create the global administrator through Rancher. + +To bootstrap Rancher with the `restricted-admin` as the initial user, the Rancher server should be started with the following environment variable: + +``` +CATTLE_RESTRICTED_DEFAULT_ADMIN=true +``` +### List of `restricted-admin` Permissions + +The following table lists the permissions and actions that a `restricted-admin` should have in comparison with the `Administrator` and `Standard User` roles: + +| Category | Action | Global Admin | Standard User | Restricted Admin | Notes for Restricted Admin role | +| -------- | ------ | ------------ | ------------- | ---------------- | ------------------------------- | +| Local Cluster functions | Manage Local Cluster (List, Edit, Import Host) | Yes | No | No | | +| | Create Projects/namespaces | Yes | No | No | | +| | Add cluster/project members | Yes | No | No | | +| | Global DNS | Yes | No | No | | +| | Access to management cluster for CRDs and CRs | Yes | No | Yes | | +| | Save as RKE Template | Yes | No | No | | +| Security | | | | | | +| Enable auth | Configure Authentication | Yes | No | Yes | | +| Roles | Create/Assign GlobalRoles | Yes | No (Can list) | Yes | Auth webhook allows creating globalrole for perms already present | +| | Create/Assign ClusterRoles | Yes | No (Can list) | Yes | Not in local cluster | +| | Create/Assign ProjectRoles | Yes | No (Can list) | Yes | Not in local cluster | +| Users | Add User/Edit/Delete/Deactivate User | Yes | No | Yes | | +| Groups | Assign Global role to groups | Yes | No | Yes | As allowed by the webhook | +| | Refresh Groups | Yes | No | Yes | | +| PSP's | Manage PSP templates | Yes | No (Can list) | Yes | Same privileges as Global Admin for PSPs | +| Tools | | | | | | +| | Manage RKE Templates | Yes | No | Yes | | +| | Manage Global Catalogs | Yes | No | Yes | Cannot edit/delete built-in system catalog. Can manage Helm library | +| | Cluster Drivers | Yes | No | Yes | | +| | Node Drivers | Yes | No | Yes | | +| | GlobalDNS Providers | Yes | Yes (Self) | Yes | | +| | GlobalDNS Entries | Yes | Yes (Self) | Yes | | +| Settings | | | | | | +| | Manage Settings | Yes | No (Can list) | No (Can list) | | +| User | | | | | | +| | Manage API Keys | Yes (Manage all) | Yes (Manage self) | Yes (Manage self) | | +| | Manage Node Templates | Yes | Yes (Manage self) | Yes (Manage self) | Can only manage their own node templates and not those created by other users | +| | Manage Cloud Credentials | Yes | Yes (Manage self) | Yes (Manage self) | Can only manage their own cloud credentials and not those created by other users | +| Downstream Cluster | Create Cluster | Yes | Yes | Yes | | +| | Edit Cluster | Yes | Yes | Yes | | +| | Rotate Certificates | Yes | | Yes | | +| | Snapshot Now | Yes | | Yes | | +| | Restore Snapshot | Yes | | Yes | | +| | Save as RKE Template | Yes | No | Yes | | +| | Run CIS Scan | Yes | Yes | Yes | | +| | Add Members | Yes | Yes | Yes | | +| | Create Projects | Yes | Yes | Yes | | +| Feature Charts since v2.5 | | | | | | +| | Install Fleet | Yes | | Yes | Should not be able to run Fleet in local cluster | +| | Deploy EKS cluster | Yes | Yes | Yes | | +| | Deploy GKE cluster | Yes | Yes | Yes | | +| | Deploy AKS cluster | Yes | Yes | Yes | | + +### Changing Global Administrators to Restricted Admins + +In previous version, the docs recommended that all users should be changed over to Restricted Admin if the role was in use. Users are now encouraged to use a custom-built role using the cluster permissions feature, and migrate any current restricted admins to use that approach. + +This can be done through **Security > Users** and moving any Administrator role over to Restricted Administrator. + +Signed-in users can change themselves over to the `restricted-admin` if they wish, but they should only do that as the last step, otherwise they won't have the permissions to do so. diff --git a/versioned_docs/version-2.8/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/global-permissions.md b/versioned_docs/version-2.8/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/global-permissions.md index bccfdc59a4e..ca0ed59726e 100644 --- a/versioned_docs/version-2.8/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/global-permissions.md +++ b/versioned_docs/version-2.8/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/global-permissions.md @@ -64,6 +64,7 @@ The default roles, Administrator and Standard User, each come with multiple glob Administrators can enforce custom global permissions in multiple ways: +- [Creating custom global roles](#creating-custom-global-roles). - [Changing the default permissions for new users](#configuring-default-global-permissions). - [Configuring global permissions for individual users](#configuring-global-permissions-for-individual-users). - [Configuring global permissions for groups](#configuring-global-permissions-for-groups). From b9f1ae86c9a30516b0b95e3ec0fcda4a6ffc18c8 Mon Sep 17 00:00:00 2001 From: Billy Tat Date: Mon, 12 Feb 2024 15:42:07 -0800 Subject: [PATCH 06/28] Fix link --- .../global-permissions.md | 2 +- .../global-permissions.md | 6 +----- 2 files changed, 2 insertions(+), 6 deletions(-) diff --git a/docs/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/global-permissions.md b/docs/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/global-permissions.md index cb68393bc39..a516c10fe5b 100644 --- a/docs/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/global-permissions.md +++ b/docs/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/global-permissions.md @@ -64,7 +64,7 @@ The default roles, Administrator and Standard User, each come with multiple glob Administrators can enforce custom global permissions in multiple ways: -- [Creating custom global roles](#creating-custom-global-roles). +- [Creating custom global roles](#custom-globalroles). - [Changing the default permissions for new users](#configuring-default-global-permissions). - [Configuring global permissions for individual users](#configuring-global-permissions-for-individual-users). - [Configuring global permissions for groups](#configuring-global-permissions-for-groups). diff --git a/versioned_docs/version-2.8/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/global-permissions.md b/versioned_docs/version-2.8/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/global-permissions.md index ca0ed59726e..a516c10fe5b 100644 --- a/versioned_docs/version-2.8/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/global-permissions.md +++ b/versioned_docs/version-2.8/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/global-permissions.md @@ -64,7 +64,7 @@ The default roles, Administrator and Standard User, each come with multiple glob Administrators can enforce custom global permissions in multiple ways: -- [Creating custom global roles](#creating-custom-global-roles). +- [Creating custom global roles](#custom-globalroles). - [Changing the default permissions for new users](#configuring-default-global-permissions). - [Configuring global permissions for individual users](#configuring-global-permissions-for-individual-users). - [Configuring global permissions for groups](#configuring-global-permissions-for-groups). @@ -208,7 +208,6 @@ Using this field on [default GlobalRoles](#configuring-default-global-permission ::: - ### Configuring Default Global Permissions If you want to restrict the default permissions for new users, you can remove the `user` permission as default role and then assign multiple individual permissions as default instead. Conversely, you can also add administrative permissions on top of a set of other standard permissions. @@ -356,7 +355,6 @@ The following table lists the permissions and actions that a `restricted-admin` | | Deploy GKE cluster | Yes | Yes | Yes | | | | Deploy AKS cluster | Yes | Yes | Yes | | - ### Changing Global Administrators to Restricted Admins In previous version, the docs recommended that all users should be changed over to Restricted Admin if the role was in use. Users are now encouraged to use a custom-built role using the cluster permissions feature, and migrate any current restricted admins to use that approach. @@ -364,5 +362,3 @@ In previous version, the docs recommended that all users should be changed over This can be done through **Security > Users** and moving any Administrator role over to Restricted Administrator. Signed-in users can change themselves over to the `restricted-admin` if they wish, but they should only do that as the last step, otherwise they won't have the permissions to do so. - - From 829ec114c44e73575a9a54495ad7b16d18d11ba0 Mon Sep 17 00:00:00 2001 From: joshmeranda Date: Tue, 13 Feb 2024 10:24:13 -0500 Subject: [PATCH 07/28] update monitoring node-exporter ports --- docs/shared-files/_common-ports-table.md | 37 +++++++++---------- .../shared-files/_common-ports-table.md | 37 +++++++++---------- .../shared-files/_common-ports-table.md | 37 +++++++++---------- .../shared-files/_common-ports-table.md | 37 +++++++++---------- .../shared-files/_common-ports-table.md | 37 +++++++++---------- .../shared-files/_common-ports-table.md | 37 +++++++++---------- 6 files changed, 108 insertions(+), 114 deletions(-) diff --git a/docs/shared-files/_common-ports-table.md b/docs/shared-files/_common-ports-table.md index 1835beba031..4016670ef3d 100644 --- a/docs/shared-files/_common-ports-table.md +++ b/docs/shared-files/_common-ports-table.md @@ -1,19 +1,18 @@ -| Protocol | Port | Description | -|:--------: |:----------------: |---------------------------------------------------------------------------------- | -| TCP | 22 | Node driver SSH provisioning | -| TCP | 179 | Calico BGP Port | -| TCP | 2376 | Node driver Docker daemon TLS port | -| TCP | 2379 | etcd client requests | -| TCP | 2380 | etcd peer communication | -| UDP | 8472 | Canal/Flannel VXLAN overlay networking | -| UDP | 4789 | Flannel VXLAN overlay networking on Windows cluster | -| TCP | 8443 | Rancher webhook | -| TCP | 9099 | Canal/Flannel livenessProbe/readinessProbe | -| TCP | 9100 | Default port required by Monitoring to scrape metrics from Linux node-exporters | -| TCP | 9443 | Rancher webhook | -| TCP | 9796 | Default port required by Monitoring to scrape metrics from Windows node-exporters | -| TCP | 6783 | Weave Port | -| UDP | 6783-6784 | Weave UDP Ports | -| TCP | 10250 | Metrics server communication with all nodes API | -| TCP | 10254 | Ingress controller livenessProbe/readinessProbe | -| TCP/UDP | 30000-32767 | NodePort port range | +| Protocol | Port | Description | +|:--------: |:----------------: |---------------------------------------------------------------------------------------------| +| TCP | 22 | Node driver SSH provisioning | +| TCP | 179 | Calico BGP Port | +| TCP | 2376 | Node driver Docker daemon TLS port | +| TCP | 2379 | etcd client requests | +| TCP | 2380 | etcd peer communication | +| UDP | 8472 | Canal/Flannel VXLAN overlay networking | +| UDP | 4789 | Flannel VXLAN overlay networking on Windows cluster | +| TCP | 8443 | Rancher webhook | +| TCP | 9099 | Canal/Flannel livenessProbe/readinessProbe | +| TCP | 9443 | Rancher webhook | +| TCP | 9796 | Default port required by Monitoring to scrape metrics from Linux and Windows node-exporters | +| TCP | 6783 | Weave Port | +| UDP | 6783-6784 | Weave UDP Ports | +| TCP | 10250 | Metrics server communication with all nodes API | +| TCP | 10254 | Ingress controller livenessProbe/readinessProbe | +| TCP/UDP | 30000-32767 | NodePort port range | diff --git a/versioned_docs/version-2.0-2.4/shared-files/_common-ports-table.md b/versioned_docs/version-2.0-2.4/shared-files/_common-ports-table.md index 70749ce3979..2af23350dc0 100644 --- a/versioned_docs/version-2.0-2.4/shared-files/_common-ports-table.md +++ b/versioned_docs/version-2.0-2.4/shared-files/_common-ports-table.md @@ -1,19 +1,18 @@ -| Protocol | Port | Description | -|:--------: |:----------------: |---------------------------------------------------------------------------------- | -| TCP | 22 | Node driver SSH provisioning | -| TCP | 179 | Calico BGP Port | -| TCP | 2376 | Node driver Docker daemon TLS port | -| TCP | 2379 | etcd client requests | -| TCP | 2380 | etcd peer communication | -| UDP | 8472 | Canal/Flannel VXLAN overlay networking | -| UDP | 4789 | Flannel VXLAN overlay networking on Windows cluster | -| TCP | 8443 | Rancher webhook | -| TCP | 9099 | Canal/Flannel livenessProbe/readinessProbe | -| TCP | 9100 | Default port required by Monitoring to scrape metrics from Linux node-exporters | -| TCP | 9443 | Rancher webhook | -| TCP | 9796 | Default port required by Monitoring to scrape metrics from Windows node-exporters | -| TCP | 6783 | Weave Port | -| UDP | 6783-6784 | Weave UDP Ports | -| TCP | 10250 | kubelet API | -| TCP | 10254 | Ingress controller livenessProbe/readinessProbe | -| TCP/UDP | 30000-32767 | NodePort port range | +| Protocol | Port | Description | +|:--------: |:----------------: |-------------------------------------------------------------------------------------------- | +| TCP | 22 | Node driver SSH provisioning | +| TCP | 179 | Calico BGP Port | +| TCP | 2376 | Node driver Docker daemon TLS port | +| TCP | 2379 | etcd client requests | +| TCP | 2380 | etcd peer communication | +| UDP | 8472 | Canal/Flannel VXLAN overlay networking | +| UDP | 4789 | Flannel VXLAN overlay networking on Windows cluster | +| TCP | 8443 | Rancher webhook | +| TCP | 9099 | Canal/Flannel livenessProbe/readinessProbe | +| TCP | 9443 | Rancher webhook | +| TCP | 9796 | Default port required by Monitoring to scrape metrics from Linux and Windows node-exporters | +| TCP | 6783 | Weave Port | +| UDP | 6783-6784 | Weave UDP Ports | +| TCP | 10250 | kubelet API | +| TCP | 10254 | Ingress controller livenessProbe/readinessProbe | +| TCP/UDP | 30000-32767 | NodePort port range | diff --git a/versioned_docs/version-2.5/shared-files/_common-ports-table.md b/versioned_docs/version-2.5/shared-files/_common-ports-table.md index 1835beba031..c48798abab0 100644 --- a/versioned_docs/version-2.5/shared-files/_common-ports-table.md +++ b/versioned_docs/version-2.5/shared-files/_common-ports-table.md @@ -1,19 +1,18 @@ -| Protocol | Port | Description | -|:--------: |:----------------: |---------------------------------------------------------------------------------- | -| TCP | 22 | Node driver SSH provisioning | -| TCP | 179 | Calico BGP Port | -| TCP | 2376 | Node driver Docker daemon TLS port | -| TCP | 2379 | etcd client requests | -| TCP | 2380 | etcd peer communication | -| UDP | 8472 | Canal/Flannel VXLAN overlay networking | -| UDP | 4789 | Flannel VXLAN overlay networking on Windows cluster | -| TCP | 8443 | Rancher webhook | -| TCP | 9099 | Canal/Flannel livenessProbe/readinessProbe | -| TCP | 9100 | Default port required by Monitoring to scrape metrics from Linux node-exporters | -| TCP | 9443 | Rancher webhook | -| TCP | 9796 | Default port required by Monitoring to scrape metrics from Windows node-exporters | -| TCP | 6783 | Weave Port | -| UDP | 6783-6784 | Weave UDP Ports | -| TCP | 10250 | Metrics server communication with all nodes API | -| TCP | 10254 | Ingress controller livenessProbe/readinessProbe | -| TCP/UDP | 30000-32767 | NodePort port range | +| Protocol | Port | Description | +|:--------: |:----------------: |-------------------------------------------------------------------------------------------- | +| TCP | 22 | Node driver SSH provisioning | +| TCP | 179 | Calico BGP Port | +| TCP | 2376 | Node driver Docker daemon TLS port | +| TCP | 2379 | etcd client requests | +| TCP | 2380 | etcd peer communication | +| UDP | 8472 | Canal/Flannel VXLAN overlay networking | +| UDP | 4789 | Flannel VXLAN overlay networking on Windows cluster | +| TCP | 8443 | Rancher webhook | +| TCP | 9099 | Canal/Flannel livenessProbe/readinessProbe | +| TCP | 9443 | Rancher webhook | +| TCP | 9796 | Default port required by Monitoring to scrape metrics from Linux and Windows node-exporters | +| TCP | 6783 | Weave Port | +| UDP | 6783-6784 | Weave UDP Ports | +| TCP | 10250 | Metrics server communication with all nodes API | +| TCP | 10254 | Ingress controller livenessProbe/readinessProbe | +| TCP/UDP | 30000-32767 | NodePort port range | diff --git a/versioned_docs/version-2.6/shared-files/_common-ports-table.md b/versioned_docs/version-2.6/shared-files/_common-ports-table.md index 1835beba031..4016670ef3d 100644 --- a/versioned_docs/version-2.6/shared-files/_common-ports-table.md +++ b/versioned_docs/version-2.6/shared-files/_common-ports-table.md @@ -1,19 +1,18 @@ -| Protocol | Port | Description | -|:--------: |:----------------: |---------------------------------------------------------------------------------- | -| TCP | 22 | Node driver SSH provisioning | -| TCP | 179 | Calico BGP Port | -| TCP | 2376 | Node driver Docker daemon TLS port | -| TCP | 2379 | etcd client requests | -| TCP | 2380 | etcd peer communication | -| UDP | 8472 | Canal/Flannel VXLAN overlay networking | -| UDP | 4789 | Flannel VXLAN overlay networking on Windows cluster | -| TCP | 8443 | Rancher webhook | -| TCP | 9099 | Canal/Flannel livenessProbe/readinessProbe | -| TCP | 9100 | Default port required by Monitoring to scrape metrics from Linux node-exporters | -| TCP | 9443 | Rancher webhook | -| TCP | 9796 | Default port required by Monitoring to scrape metrics from Windows node-exporters | -| TCP | 6783 | Weave Port | -| UDP | 6783-6784 | Weave UDP Ports | -| TCP | 10250 | Metrics server communication with all nodes API | -| TCP | 10254 | Ingress controller livenessProbe/readinessProbe | -| TCP/UDP | 30000-32767 | NodePort port range | +| Protocol | Port | Description | +|:--------: |:----------------: |---------------------------------------------------------------------------------------------| +| TCP | 22 | Node driver SSH provisioning | +| TCP | 179 | Calico BGP Port | +| TCP | 2376 | Node driver Docker daemon TLS port | +| TCP | 2379 | etcd client requests | +| TCP | 2380 | etcd peer communication | +| UDP | 8472 | Canal/Flannel VXLAN overlay networking | +| UDP | 4789 | Flannel VXLAN overlay networking on Windows cluster | +| TCP | 8443 | Rancher webhook | +| TCP | 9099 | Canal/Flannel livenessProbe/readinessProbe | +| TCP | 9443 | Rancher webhook | +| TCP | 9796 | Default port required by Monitoring to scrape metrics from Linux and Windows node-exporters | +| TCP | 6783 | Weave Port | +| UDP | 6783-6784 | Weave UDP Ports | +| TCP | 10250 | Metrics server communication with all nodes API | +| TCP | 10254 | Ingress controller livenessProbe/readinessProbe | +| TCP/UDP | 30000-32767 | NodePort port range | diff --git a/versioned_docs/version-2.7/shared-files/_common-ports-table.md b/versioned_docs/version-2.7/shared-files/_common-ports-table.md index 1835beba031..4016670ef3d 100644 --- a/versioned_docs/version-2.7/shared-files/_common-ports-table.md +++ b/versioned_docs/version-2.7/shared-files/_common-ports-table.md @@ -1,19 +1,18 @@ -| Protocol | Port | Description | -|:--------: |:----------------: |---------------------------------------------------------------------------------- | -| TCP | 22 | Node driver SSH provisioning | -| TCP | 179 | Calico BGP Port | -| TCP | 2376 | Node driver Docker daemon TLS port | -| TCP | 2379 | etcd client requests | -| TCP | 2380 | etcd peer communication | -| UDP | 8472 | Canal/Flannel VXLAN overlay networking | -| UDP | 4789 | Flannel VXLAN overlay networking on Windows cluster | -| TCP | 8443 | Rancher webhook | -| TCP | 9099 | Canal/Flannel livenessProbe/readinessProbe | -| TCP | 9100 | Default port required by Monitoring to scrape metrics from Linux node-exporters | -| TCP | 9443 | Rancher webhook | -| TCP | 9796 | Default port required by Monitoring to scrape metrics from Windows node-exporters | -| TCP | 6783 | Weave Port | -| UDP | 6783-6784 | Weave UDP Ports | -| TCP | 10250 | Metrics server communication with all nodes API | -| TCP | 10254 | Ingress controller livenessProbe/readinessProbe | -| TCP/UDP | 30000-32767 | NodePort port range | +| Protocol | Port | Description | +|:--------: |:----------------: |---------------------------------------------------------------------------------------------| +| TCP | 22 | Node driver SSH provisioning | +| TCP | 179 | Calico BGP Port | +| TCP | 2376 | Node driver Docker daemon TLS port | +| TCP | 2379 | etcd client requests | +| TCP | 2380 | etcd peer communication | +| UDP | 8472 | Canal/Flannel VXLAN overlay networking | +| UDP | 4789 | Flannel VXLAN overlay networking on Windows cluster | +| TCP | 8443 | Rancher webhook | +| TCP | 9099 | Canal/Flannel livenessProbe/readinessProbe | +| TCP | 9443 | Rancher webhook | +| TCP | 9796 | Default port required by Monitoring to scrape metrics from Linux and Windows node-exporters | +| TCP | 6783 | Weave Port | +| UDP | 6783-6784 | Weave UDP Ports | +| TCP | 10250 | Metrics server communication with all nodes API | +| TCP | 10254 | Ingress controller livenessProbe/readinessProbe | +| TCP/UDP | 30000-32767 | NodePort port range | diff --git a/versioned_docs/version-2.8/shared-files/_common-ports-table.md b/versioned_docs/version-2.8/shared-files/_common-ports-table.md index 1835beba031..4016670ef3d 100644 --- a/versioned_docs/version-2.8/shared-files/_common-ports-table.md +++ b/versioned_docs/version-2.8/shared-files/_common-ports-table.md @@ -1,19 +1,18 @@ -| Protocol | Port | Description | -|:--------: |:----------------: |---------------------------------------------------------------------------------- | -| TCP | 22 | Node driver SSH provisioning | -| TCP | 179 | Calico BGP Port | -| TCP | 2376 | Node driver Docker daemon TLS port | -| TCP | 2379 | etcd client requests | -| TCP | 2380 | etcd peer communication | -| UDP | 8472 | Canal/Flannel VXLAN overlay networking | -| UDP | 4789 | Flannel VXLAN overlay networking on Windows cluster | -| TCP | 8443 | Rancher webhook | -| TCP | 9099 | Canal/Flannel livenessProbe/readinessProbe | -| TCP | 9100 | Default port required by Monitoring to scrape metrics from Linux node-exporters | -| TCP | 9443 | Rancher webhook | -| TCP | 9796 | Default port required by Monitoring to scrape metrics from Windows node-exporters | -| TCP | 6783 | Weave Port | -| UDP | 6783-6784 | Weave UDP Ports | -| TCP | 10250 | Metrics server communication with all nodes API | -| TCP | 10254 | Ingress controller livenessProbe/readinessProbe | -| TCP/UDP | 30000-32767 | NodePort port range | +| Protocol | Port | Description | +|:--------: |:----------------: |---------------------------------------------------------------------------------------------| +| TCP | 22 | Node driver SSH provisioning | +| TCP | 179 | Calico BGP Port | +| TCP | 2376 | Node driver Docker daemon TLS port | +| TCP | 2379 | etcd client requests | +| TCP | 2380 | etcd peer communication | +| UDP | 8472 | Canal/Flannel VXLAN overlay networking | +| UDP | 4789 | Flannel VXLAN overlay networking on Windows cluster | +| TCP | 8443 | Rancher webhook | +| TCP | 9099 | Canal/Flannel livenessProbe/readinessProbe | +| TCP | 9443 | Rancher webhook | +| TCP | 9796 | Default port required by Monitoring to scrape metrics from Linux and Windows node-exporters | +| TCP | 6783 | Weave Port | +| UDP | 6783-6784 | Weave UDP Ports | +| TCP | 10250 | Metrics server communication with all nodes API | +| TCP | 10254 | Ingress controller livenessProbe/readinessProbe | +| TCP/UDP | 30000-32767 | NodePort port range | From cab46bd2912a83c747651c438a6132bcf6f2f9bb Mon Sep 17 00:00:00 2001 From: Marty Hernandez Avedon Date: Tue, 13 Feb 2024 14:05:07 -0500 Subject: [PATCH 08/28] #1108 Migrating Rancher to a new cluster lists old chart version (#1111) * 1108 Migrating Rancher to a new cluster lists old chart version * correction for 2.6.x based on https://www.suse.com/suse-rancher/support-matrix/all-supported-versions/rancher-v2-6-13/ * updated with support matrix link, rm'd specific numbers * syncing * Apply suggestions from code review Co-authored-by: Billy Tat * Apply suggestions from code review Co-authored-by: Billy Tat --------- Co-authored-by: Billy Tat --- .../migrate-rancher-to-new-cluster.md | 12 +++++++----- .../migrate-rancher-to-new-cluster.md | 12 +++++++----- .../migrate-rancher-to-new-cluster.md | 12 +++++++----- .../migrate-rancher-to-new-cluster.md | 12 +++++++----- 4 files changed, 28 insertions(+), 20 deletions(-) diff --git a/docs/how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/migrate-rancher-to-new-cluster.md b/docs/how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/migrate-rancher-to-new-cluster.md index 9e670da901d..89faf8d11bf 100644 --- a/docs/how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/migrate-rancher-to-new-cluster.md +++ b/docs/how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/migrate-rancher-to-new-cluster.md @@ -27,7 +27,8 @@ Since Rancher can be installed on any Kubernetes cluster, you can use this backu ### 1. Install the rancher-backup Helm chart -Install the [rancher-backup chart](https://github.com/rancher/backup-restore-operator/tags), using a version in the 2.x.x major version range: + +Install the [`rancher-backup chart`](https://github.com/rancher/backup-restore-operator/tags): 1. Add the Helm repository: @@ -36,13 +37,14 @@ Install the [rancher-backup chart](https://github.com/rancher/backup-restore-ope helm repo update ``` - 1. Select and set `CHART_VERSION` variable with a 2.x.x rancher-backup release version: + 1. Set a `CHART_VERSION` variable, selecting a `rancher-backup` chart version compatible with your version of Rancher. See the [support matrix](https://www.suse.com/suse-rancher/support-matrix/all-supported-versions), within the **Rancher Apps / Cluster Tools** section, to see which `rancher-backup` versions are supported: + ```bash - helm search repo --versions rancher-charts/rancher-backup - CHART_VERSION=<2.x.x> + CHART_VERSION= ``` 1. Install the charts: + ```bash helm install rancher-backup-crd rancher-charts/rancher-backup-crd -n cattle-resources-system --create-namespace --version $CHART_VERSION helm install rancher-backup rancher-charts/rancher-backup -n cattle-resources-system --version $CHART_VERSION @@ -50,7 +52,7 @@ Install the [rancher-backup chart](https://github.com/rancher/backup-restore-ope :::note - The above assumes an environment with outbound connectivity to Docker Hub + The above assumes an environment with outbound connectivity to Docker Hub. For an **air-gapped environment**, use the Helm value below to pull the `backup-restore-operator` image from your private registry when installing the rancher-backup Helm chart. diff --git a/versioned_docs/version-2.6/how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/migrate-rancher-to-new-cluster.md b/versioned_docs/version-2.6/how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/migrate-rancher-to-new-cluster.md index 9b135096c62..346c54d50c7 100644 --- a/versioned_docs/version-2.6/how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/migrate-rancher-to-new-cluster.md +++ b/versioned_docs/version-2.6/how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/migrate-rancher-to-new-cluster.md @@ -25,7 +25,8 @@ Rancher can be installed on any Kubernetes cluster, including hosted Kubernetes Since Rancher can be installed on any Kubernetes cluster, you can use this backup and restore method to migrate Rancher from one Kubernetes cluster to any other Kubernetes cluster. This method *only* migrates Rancher-related resources and won't affect other applications on the cluster. Refer to the [support matrix](https://www.suse.com/lifecycle/) to identify which Kubernetes cluster types and versions are supported for your Rancher version. ### 1. Install the rancher-backup Helm chart -Install the [rancher-backup chart](https://github.com/rancher/backup-restore-operator/tags), using a version in the 2.x.x major version range: + +Install the [`rancher-backup chart`](https://github.com/rancher/backup-restore-operator/tags): 1. Add the Helm repository: @@ -34,13 +35,14 @@ Install the [rancher-backup chart](https://github.com/rancher/backup-restore-ope helm repo update ``` - 1. Select and set `CHART_VERSION` variable with a 2.x.x rancher-backup release version: + 1. Set a `CHART_VERSION` variable, selecting a `rancher-backup` chart version compatible with your version of Rancher. See the [support matrix](https://www.suse.com/suse-rancher/support-matrix/all-supported-versions), within the **Rancher Apps / Cluster Tools** section, to see which `rancher-backup` versions are supported: + ```bash - helm search repo --versions rancher-charts/rancher-backup - CHART_VERSION=<2.x.x> + CHART_VERSION= ``` 1. Install the charts: + ```bash helm install rancher-backup-crd rancher-charts/rancher-backup-crd -n cattle-resources-system --create-namespace --version $CHART_VERSION helm install rancher-backup rancher-charts/rancher-backup -n cattle-resources-system --version $CHART_VERSION @@ -48,7 +50,7 @@ Install the [rancher-backup chart](https://github.com/rancher/backup-restore-ope :::note - The above assumes an environment with outbound connectivity to Docker Hub + The above assumes an environment with outbound connectivity to Docker Hub. For an **air-gapped environment**, use the Helm value below to pull the `backup-restore-operator` image from your private registry when installing the rancher-backup Helm chart. diff --git a/versioned_docs/version-2.7/how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/migrate-rancher-to-new-cluster.md b/versioned_docs/version-2.7/how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/migrate-rancher-to-new-cluster.md index 9e670da901d..89faf8d11bf 100644 --- a/versioned_docs/version-2.7/how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/migrate-rancher-to-new-cluster.md +++ b/versioned_docs/version-2.7/how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/migrate-rancher-to-new-cluster.md @@ -27,7 +27,8 @@ Since Rancher can be installed on any Kubernetes cluster, you can use this backu ### 1. Install the rancher-backup Helm chart -Install the [rancher-backup chart](https://github.com/rancher/backup-restore-operator/tags), using a version in the 2.x.x major version range: + +Install the [`rancher-backup chart`](https://github.com/rancher/backup-restore-operator/tags): 1. Add the Helm repository: @@ -36,13 +37,14 @@ Install the [rancher-backup chart](https://github.com/rancher/backup-restore-ope helm repo update ``` - 1. Select and set `CHART_VERSION` variable with a 2.x.x rancher-backup release version: + 1. Set a `CHART_VERSION` variable, selecting a `rancher-backup` chart version compatible with your version of Rancher. See the [support matrix](https://www.suse.com/suse-rancher/support-matrix/all-supported-versions), within the **Rancher Apps / Cluster Tools** section, to see which `rancher-backup` versions are supported: + ```bash - helm search repo --versions rancher-charts/rancher-backup - CHART_VERSION=<2.x.x> + CHART_VERSION= ``` 1. Install the charts: + ```bash helm install rancher-backup-crd rancher-charts/rancher-backup-crd -n cattle-resources-system --create-namespace --version $CHART_VERSION helm install rancher-backup rancher-charts/rancher-backup -n cattle-resources-system --version $CHART_VERSION @@ -50,7 +52,7 @@ Install the [rancher-backup chart](https://github.com/rancher/backup-restore-ope :::note - The above assumes an environment with outbound connectivity to Docker Hub + The above assumes an environment with outbound connectivity to Docker Hub. For an **air-gapped environment**, use the Helm value below to pull the `backup-restore-operator` image from your private registry when installing the rancher-backup Helm chart. diff --git a/versioned_docs/version-2.8/how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/migrate-rancher-to-new-cluster.md b/versioned_docs/version-2.8/how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/migrate-rancher-to-new-cluster.md index 9e670da901d..89faf8d11bf 100644 --- a/versioned_docs/version-2.8/how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/migrate-rancher-to-new-cluster.md +++ b/versioned_docs/version-2.8/how-to-guides/new-user-guides/backup-restore-and-disaster-recovery/migrate-rancher-to-new-cluster.md @@ -27,7 +27,8 @@ Since Rancher can be installed on any Kubernetes cluster, you can use this backu ### 1. Install the rancher-backup Helm chart -Install the [rancher-backup chart](https://github.com/rancher/backup-restore-operator/tags), using a version in the 2.x.x major version range: + +Install the [`rancher-backup chart`](https://github.com/rancher/backup-restore-operator/tags): 1. Add the Helm repository: @@ -36,13 +37,14 @@ Install the [rancher-backup chart](https://github.com/rancher/backup-restore-ope helm repo update ``` - 1. Select and set `CHART_VERSION` variable with a 2.x.x rancher-backup release version: + 1. Set a `CHART_VERSION` variable, selecting a `rancher-backup` chart version compatible with your version of Rancher. See the [support matrix](https://www.suse.com/suse-rancher/support-matrix/all-supported-versions), within the **Rancher Apps / Cluster Tools** section, to see which `rancher-backup` versions are supported: + ```bash - helm search repo --versions rancher-charts/rancher-backup - CHART_VERSION=<2.x.x> + CHART_VERSION= ``` 1. Install the charts: + ```bash helm install rancher-backup-crd rancher-charts/rancher-backup-crd -n cattle-resources-system --create-namespace --version $CHART_VERSION helm install rancher-backup rancher-charts/rancher-backup -n cattle-resources-system --version $CHART_VERSION @@ -50,7 +52,7 @@ Install the [rancher-backup chart](https://github.com/rancher/backup-restore-ope :::note - The above assumes an environment with outbound connectivity to Docker Hub + The above assumes an environment with outbound connectivity to Docker Hub. For an **air-gapped environment**, use the Helm value below to pull the `backup-restore-operator` image from your private registry when installing the rancher-backup Helm chart. From 3a6b7e866a075ba3c275b7737f659abacd7faa1e Mon Sep 17 00:00:00 2001 From: Jonathan Crowther Date: Tue, 13 Feb 2024 16:08:25 -0500 Subject: [PATCH 09/28] Add documentation for customizing the webhook (#1099) * Add documentation for customizing the webhook. * Apply suggestions from code review Co-authored-by: Marty Hernandez Avedon Co-authored-by: Jonathan Crowther * Address comments * Fix spacing issues * versioning -- 2.8 and 2.7 issue specifices 2.7.7 --------- Co-authored-by: Kevin Joiner <10265309+KevinJoiner@users.noreply.github.com> Co-authored-by: Marty Hernandez Avedon Co-authored-by: martyav --- docs/reference-guides/rancher-webhook.md | 49 +++++++++++++++++-- .../reference-guides/rancher-webhook.md | 36 +++++++++++++- .../reference-guides/rancher-webhook.md | 36 +++++++++++++- 3 files changed, 114 insertions(+), 7 deletions(-) diff --git a/docs/reference-guides/rancher-webhook.md b/docs/reference-guides/rancher-webhook.md index f8921c90692..fa37e7eba2c 100644 --- a/docs/reference-guides/rancher-webhook.md +++ b/docs/reference-guides/rancher-webhook.md @@ -9,7 +9,7 @@ title: Rancher Webhook Rancher-Webhook is an essential component of Rancher that works in conjunction with Kubernetes to enhance security and enable critical features for Rancher-managed clusters. It integrates with Kubernetes' extensible admission controllers, as described in the [Kubernetes documentation](https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/), which allows Rancher-Webhook to inspect specific requests sent to the Kubernetes API server, and add custom, Rancher-specific validation and mutations to the requests that are specific to Rancher. Rancher-Webhook manages the resources to be validated using the `rancher.cattle.io` `ValidatingWebhookConfiguration` and the `rancher.cattle.io` `MutatingWebhookConfiguration`, and will override any manual edits. -Rancher deploys Rancher-Webhook as a separate deployment and service in both local and downstream clusters. Rancher manages Rancher-Webhook using Helm. It's important to note that Rancher may override modifications made by users to the Helm release. +Rancher deploys Rancher-Webhook as a separate deployment and service in both local and downstream clusters. Rancher manages Rancher-Webhook using Helm. It's important to note that Rancher may override modifications made by users to the Helm release. To safely modify these values see [Customizing Rancher-Webhook Configuration](#customizing-rancher-webhook-configuration). Each Rancher version is designed to be compatible with a single version of the webhook. The compatible versions are provided below for convenience. @@ -49,20 +49,59 @@ To bypass the webhook, impersonate both the `rancher-webhook-sudo` service accou kubectl create -f example.yaml --as=system:serviceaccount:cattle-system:rancher-webhook-sudo --as-group=system:masters ``` +## Customizing Rancher-Webhook Configuration + +You can add custom Helm values when you install Rancher-Webhook via Helm. During a Helm install of the Rancher-Webhook chart, Rancher checks for custom Helm values. These custom values must be defined in a ConfigMap named `rancher-config`, in the `cattle-system` namespace, under the data key, `rancher-webhook`. The value of this key must be valid YAML. +``` yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: rancher-config + namespace: cattle-system + labels: + app.kubernetes.io/part-of: "rancher" +data: + rancher-webhook: '{"port": 9553, "priorityClassName": "system-node-critical"}' + +``` + +Rancher redeploys the Rancher-Webhook chart when changes to the ConfigMap values are detected. + +### Customizing Rancher-Webhook During Rancher Installation + +When you use Helm to install the Rancher chart, you can add custom Helm values to the Rancher-Webhook of the local cluster. All values in the Rancher-Webhook chart are accessible as nested variables under the `webhook` name. +These values are synced to the `rancher-config` ConfigMap during installation. + +```bash +helm install rancher rancher-/rancher \ + --namespace cattle-system \ + ... + --set webhook.port=9553 \ + --set webhook.priorityClassName="system-node-critical" +``` + ## Common Issues ### EKS Cluster with Calico CNI Users running an EKS cluster with Calico CNI may run into errors when the Kubernetes API server attempts to contact the Rancher-Webhook. -One workaround for this issue [documented by Calico](https://docs.tigera.io/calico/latest/getting-started/kubernetes/managed-public-cloud/eks#install-eks-with-calico-networking) involves setting `hostNetwork=true` for the webhook deployment. Users can change this using the Helm commands below on the affected clusters. +One workaround for this issue, as [documented by Calico](https://docs.tigera.io/calico/latest/getting-started/kubernetes/managed-public-cloud/eks#install-eks-with-calico-networking) involves setting `hostNetwork=true` for the webhook deployment. You can change this value by adding the Helm value `global.hostNetwork=true` to the `rancher-config` ConfigMap. See [Customizing Rancher-Webhook Configuration](#customizing-rancher-webhook-configuration) for more info. ``` bash -helm repo add rancher-charts https://charts.rancher.io -helm upgrade --reuse-values rancher-webhook rancher-charts/rancher-webhook -n cattle-system --set global.hostNetwork=true +apiVersion: v1 +kind: ConfigMap +metadata: + name: rancher-config + namespace: cattle-system + labels: + app.kubernetes.io/part-of: "rancher" +data: + rancher-webhook: '{"global": {"hostNetwork": true}}' ``` + **Note:** This temporary workaround may violate an environment's security policy. This workaround also requires that port 9443 is unused on the host network. -**Note:** Helm uses secrets by default. This is a datatype that some webhook versions validate to store information. In these cases, directly update the deployment with the hostNetwork=true value using kubectl, then run the Helm commands listed above to prevent drift between the Helm configuration and the actual state of the cluster. +**Note:** By default, Helm stores information as secrets. Secrets are a resource that some webhook versions validate. In these cases, directly update the deployment with the `hostNetwork=true` value using kubectl, then update the webhook configuration as specified above. ### Private GKE Cluster diff --git a/versioned_docs/version-2.7/reference-guides/rancher-webhook.md b/versioned_docs/version-2.7/reference-guides/rancher-webhook.md index f4c37a9311f..32c77bc990f 100644 --- a/versioned_docs/version-2.7/reference-guides/rancher-webhook.md +++ b/versioned_docs/version-2.7/reference-guides/rancher-webhook.md @@ -9,7 +9,8 @@ title: Rancher Webhook Rancher-Webhook is an essential component of Rancher that works in conjunction with Kubernetes to enhance security and enable critical features for Rancher-managed clusters. It integrates with Kubernetes' extensible admission controllers, as described in the [Kubernetes documentation](https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/), which allows Rancher-Webhook to inspect specific requests sent to the Kubernetes API server, and add custom, Rancher-specific validation and mutations to the requests that are specific to Rancher. Rancher-Webhook manages the resources to be validated using the `rancher.cattle.io` `ValidatingWebhookConfiguration` and the `rancher.cattle.io` `MutatingWebhookConfiguration`, and will override any manual edits. -Rancher deploys Rancher-Webhook as a separate deployment and service in both local and downstream clusters. Rancher manages Rancher-Webhook using Helm. It's important to note that Rancher may override modifications made by users to the Helm release. + +Rancher deploys Rancher-Webhook as a separate deployment and service in both local and downstream clusters. Rancher manages Rancher-Webhook using Helm. It's important to note that Rancher may override modifications made by users to the Helm release. To safely modify these values see [Customizing Rancher-Webhook Configuration](#customizing-rancher-webhook-configuration). Each Rancher version is designed to be compatible with a single version of the webhook. The compatible versions are provided below for convenience. @@ -57,6 +58,39 @@ To bypass the webhook, impersonate both the `rancher-webhook-sudo` service accou kubectl create -f example.yaml --as=system:serviceaccount:cattle-system:rancher-webhook-sudo --as-group=system:masters ``` +## Customizing Rancher-Webhook Configuration + +You can add custom Helm values when you install Rancher-Webhook via Helm. During a Helm install of the Rancher-Webhook chart, Rancher checks for custom Helm values. These custom values must be defined in a ConfigMap named `rancher-config`, in the `cattle-system` namespace, under the data key, `rancher-webhook`. The value of this key must be valid YAML. + +``` yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: rancher-config + namespace: cattle-system + labels: + app.kubernetes.io/part-of: "rancher" +data: + rancher-webhook: '{"port": 9553, "priorityClassName": "system-node-critical"}' + +``` + +Rancher redeploys the Rancher-Webhook chart when changes to the ConfigMap values are detected. + +### Customizing Rancher-Webhook During Rancher Installation + +When you use Helm to install the Rancher chart, you can add custom Helm values to the Rancher-Webhook of the local cluster. All values in the Rancher-Webhook chart are accessible as nested variables under the `webhook` name. + +These values are synced to the `rancher-config` ConfigMap during installation. + +```bash +helm install rancher rancher-/rancher \ + --namespace cattle-system \ + ... + --set webhook.port=9553 \ + --set webhook.priorityClassName="system-node-critical" +``` + ## Common Issues ### EKS Cluster with Calico CNI diff --git a/versioned_docs/version-2.8/reference-guides/rancher-webhook.md b/versioned_docs/version-2.8/reference-guides/rancher-webhook.md index f8921c90692..1693be6c5da 100644 --- a/versioned_docs/version-2.8/reference-guides/rancher-webhook.md +++ b/versioned_docs/version-2.8/reference-guides/rancher-webhook.md @@ -9,7 +9,8 @@ title: Rancher Webhook Rancher-Webhook is an essential component of Rancher that works in conjunction with Kubernetes to enhance security and enable critical features for Rancher-managed clusters. It integrates with Kubernetes' extensible admission controllers, as described in the [Kubernetes documentation](https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/), which allows Rancher-Webhook to inspect specific requests sent to the Kubernetes API server, and add custom, Rancher-specific validation and mutations to the requests that are specific to Rancher. Rancher-Webhook manages the resources to be validated using the `rancher.cattle.io` `ValidatingWebhookConfiguration` and the `rancher.cattle.io` `MutatingWebhookConfiguration`, and will override any manual edits. -Rancher deploys Rancher-Webhook as a separate deployment and service in both local and downstream clusters. Rancher manages Rancher-Webhook using Helm. It's important to note that Rancher may override modifications made by users to the Helm release. + +Rancher deploys Rancher-Webhook as a separate deployment and service in both local and downstream clusters. Rancher manages Rancher-Webhook using Helm. It's important to note that Rancher may override modifications made by users to the Helm release. To safely modify these values see [Customizing Rancher-Webhook Configuration](#customizing-rancher-webhook-configuration). Each Rancher version is designed to be compatible with a single version of the webhook. The compatible versions are provided below for convenience. @@ -49,6 +50,39 @@ To bypass the webhook, impersonate both the `rancher-webhook-sudo` service accou kubectl create -f example.yaml --as=system:serviceaccount:cattle-system:rancher-webhook-sudo --as-group=system:masters ``` +## Customizing Rancher-Webhook Configuration + +You can add custom Helm values when you install Rancher-Webhook via Helm. During a Helm install of the Rancher-Webhook chart, Rancher checks for custom Helm values. These custom values must be defined in a ConfigMap named `rancher-config`, in the `cattle-system` namespace, under the data key, `rancher-webhook`. The value of this key must be valid YAML. + +``` yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: rancher-config + namespace: cattle-system + labels: + app.kubernetes.io/part-of: "rancher" +data: + rancher-webhook: '{"port": 9553, "priorityClassName": "system-node-critical"}' + +``` + +Rancher redeploys the Rancher-Webhook chart when changes to the ConfigMap values are detected. + +### Customizing Rancher-Webhook During Rancher Installation + +When you use Helm to install the Rancher chart, you can add custom Helm values to the Rancher-Webhook of the local cluster. All values in the Rancher-Webhook chart are accessible as nested variables under the `webhook` name. + +These values are synced to the `rancher-config` ConfigMap during installation. + +```bash +helm install rancher rancher-/rancher \ + --namespace cattle-system \ + ... + --set webhook.port=9553 \ + --set webhook.priorityClassName="system-node-critical" +``` + ## Common Issues ### EKS Cluster with Calico CNI From c3aff0b8e457a9ff9ef4e28fc9e95853441c8d37 Mon Sep 17 00:00:00 2001 From: Billy Tat Date: Wed, 14 Feb 2024 16:31:55 -0800 Subject: [PATCH 10/28] Indicate Prime/Community availability --- docs/reference-guides/rancher-webhook.md | 10 +++---- .../reference-guides/rancher-webhook.md | 26 +++++++++---------- .../reference-guides/rancher-webhook.md | 10 +++---- 3 files changed, 23 insertions(+), 23 deletions(-) diff --git a/docs/reference-guides/rancher-webhook.md b/docs/reference-guides/rancher-webhook.md index fa37e7eba2c..e1aeb7b6750 100644 --- a/docs/reference-guides/rancher-webhook.md +++ b/docs/reference-guides/rancher-webhook.md @@ -17,11 +17,11 @@ Each Rancher version is designed to be compatible with a single version of the w -| Rancher Version | Webhook Version | -|-----------------|:---------------:| -| v2.8.0 | v0.4.2 | -| v2.8.1 | v0.4.2 | -| v2.8.2 | v0.4.2 | +| Rancher Version | Webhook Version | Prime | Community | +|-----------------|-----------------|---------|-----------| +| v2.8.2 | v0.4.2 | ✓ | ✓ | +| v2.8.1 | v0.4.2 | ✓ | ✓ | +| v2.8.0 | v0.4.2 | | ✓ | ## Why Do We Need It? diff --git a/versioned_docs/version-2.7/reference-guides/rancher-webhook.md b/versioned_docs/version-2.7/reference-guides/rancher-webhook.md index 32c77bc990f..a79691713f2 100644 --- a/versioned_docs/version-2.7/reference-guides/rancher-webhook.md +++ b/versioned_docs/version-2.7/reference-guides/rancher-webhook.md @@ -18,19 +18,19 @@ Each Rancher version is designed to be compatible with a single version of the w -| Rancher Version | Webhook Version | -|-----------------|:---------------:| -| v2.7.0 | v0.3.0 | -| v2.7.1 | v0.3.0 | -| v2.7.2 | v0.3.2 | -| v2.7.3 | v0.3.3 | -| v2.7.4 | v0.3.4 | -| v2.7.5 | v0.3.5 | -| v2.7.6 | v0.3.5 | -| v2.7.7 | v0.3.6 | -| v2.7.8 | v0.3.6 | -| v2.7.9 | v0.3.6 | -| v2.7.10 | v0.3.6 | +| Rancher Version | Webhook Version | Prime | Community | +|-----------------|-----------------|---------|-----------| +| v2.7.10 | v0.3.6 | ✓ | ✓ | +| v2.7.9 | v0.3.6 | | ✓ | +| v2.7.8 | v0.3.6 | | ✓ | +| v2.7.7 | v0.3.6 | ✓ | ✓ | +| v2.7.6 | v0.3.5 | ✓ | ✓ | +| v2.7.5 | v0.3.5 | ✓ | ✓ | +| v2.7.4 | v0.3.4 | ✓ | ✓ | +| v2.7.3 | v0.3.3 | ✓ | ✓ | +| v2.7.2 | v0.3.2 | ✓ | ✓ | +| v2.7.1 | v0.3.0 | ✓ | ✓ | +| v2.7.0 | v0.3.0 | ✓ | ✓ | ## Why Do We Need It? diff --git a/versioned_docs/version-2.8/reference-guides/rancher-webhook.md b/versioned_docs/version-2.8/reference-guides/rancher-webhook.md index 1693be6c5da..b789245b4dd 100644 --- a/versioned_docs/version-2.8/reference-guides/rancher-webhook.md +++ b/versioned_docs/version-2.8/reference-guides/rancher-webhook.md @@ -18,11 +18,11 @@ Each Rancher version is designed to be compatible with a single version of the w -| Rancher Version | Webhook Version | -|-----------------|:---------------:| -| v2.8.0 | v0.4.2 | -| v2.8.1 | v0.4.2 | -| v2.8.2 | v0.4.2 | +| Rancher Version | Webhook Version | Prime | Community | +|-----------------|-----------------|---------|-----------| +| v2.8.2 | v0.4.2 | ✓ | ✓ | +| v2.8.1 | v0.4.2 | ✓ | ✓ | +| v2.8.0 | v0.4.2 | | ✓ | ## Why Do We Need It? From a4bb88e67d4d698a5f62180238a08d62275ce592 Mon Sep 17 00:00:00 2001 From: Billy Tat Date: Thu, 15 Feb 2024 09:24:55 -0800 Subject: [PATCH 11/28] Indicate Prime/Community availability --- src/pages/versions.md | 82 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 82 insertions(+) diff --git a/src/pages/versions.md b/src/pages/versions.md index 05bf9753061..1cd136486c3 100644 --- a/src/pages/versions.md +++ b/src/pages/versions.md @@ -9,28 +9,54 @@ title: Rancher Documentation Versions Below are the documentation and release notes for the currently released version of Rancher 2.8.x: + + + + + + + + + +
VersionDocumentationRelease NotesSupport MatrixPrimeCommunity
v2.8.2 Documentation Release Notes Support Matrix
Below are the documentation and release notes for the currently released version of Rancher 2.7.x: + + + + + + + + + +
VersionDocumentationRelease NotesSupport MatrixPrimeCommunity
v2.7.10 Documentation Release Notes Support Matrix
Below are the documentation and release notes for the currently released version of Rancher 2.6.x: + + + + + + @@ -44,17 +70,29 @@ Below are the documentation and release notes for the currently released version Below are the documentation and release notes for previous versions of Rancher 2.8.x:
VersionDocumentationRelease NotesSupport Matrix
v2.6.14 Documentation
+ + + + + + + + + + + +
VersionDocumentationRelease NotesSupport MatrixPrimeCommunity
v2.8.1 Documentation Release Notes Support Matrix
v2.8.0 Documentation Release Notes
N/A
N/A
@@ -63,65 +101,93 @@ Below are the documentation and release notes for previous versions of Rancher 2 Below are the documentation and release notes for previous versions of Rancher 2.7.x: + + + + + + + + + + + + + + + + + + + + + + + + + + + +
VersionDocumentationRelease NotesSupport MatrixPrimeCommunity
v2.7.9 Documentation Release Notes Support Matrix
v2.7.8 Documentation Release Notes
N/A
N/A
v2.7.7 Documentation Release Notes
N/A
N/A
v2.7.6 Documentation Release Notes Support Matrix
v2.7.5 Documentation Release Notes Support Matrix
v2.7.4 Documentation Release Notes Support Matrix
v2.7.3 Documentation Release Notes Support Matrix
v2.7.2 Documentation Release Notes Support Matrix
v2.7.1 Documentation Release Notes Support Matrix
v2.7.0 Documentation Release Notes Support Matrix
@@ -130,6 +196,12 @@ Below are the documentation and release notes for previous versions of Rancher 2 Below are the documentation and release notes for previous versions of Rancher 2.6.x: + + + + + + @@ -223,6 +295,12 @@ Below are the documentation and release notes for previous versions of Rancher 2 Below are the documentation and release notes for legacy versions of Rancher 2.5.x:
VersionDocumentationRelease NotesSupport Matrix
v2.6.13 Documentation
+ + + + + + @@ -338,6 +416,10 @@ Below are the documentation and release notes for legacy versions of Rancher 2.5 Below is the documentation for legacy versions of Rancher 2.0 - 2.4.x:
VersionDocumentationRelease NotesSupport Matrix
v2.5.17 Documentation
+ + + + From 755080de3dd703ffba652ef53cdfef1b80414d53 Mon Sep 17 00:00:00 2001 From: Paulo Gomes Date: Fri, 16 Feb 2024 15:58:27 +0000 Subject: [PATCH 12/28] Update CVE page --- .../rancher-security/security-advisories-and-cves.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/reference-guides/rancher-security/security-advisories-and-cves.md b/docs/reference-guides/rancher-security/security-advisories-and-cves.md index a142092fa2d..0891c0d180c 100644 --- a/docs/reference-guides/rancher-security/security-advisories-and-cves.md +++ b/docs/reference-guides/rancher-security/security-advisories-and-cves.md @@ -10,6 +10,7 @@ Rancher is committed to informing the community of security issues in our produc | ID | Description | Date | Resolution | |----|-------------|------|------------| +| [CVE-2024-22030](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22030) | A vulnerability was discovered in Rancher's and Fleet's agents, currently deemed a medium to high severity CVE, that under very specific circumstances allows a malicious actor to take over existing Rancher nodes. The attacker would need to have control of an expired domain or execute a DNS spoofing/hijacking attack against the domain in order to exploit this vulnerability. The targeted domain is the one used as the Rancher URL (the server-url of the Rancher cluster). At the moment there is no fix available and it affects all supported versions of Rancher. Customers and users are advised to follow the recommendations and best practices described in our [blog post](https://www.suse.com/c/rancher-security-update/). | 16 Feb 2024 | Pending | | [CVE-2023-32193](https://github.com/rancher/norman/security/advisories/GHSA-r8f4-hv23-6qp6) | An issue was discovered in Rancher versions up to and including 2.6.13, 2.7.9 and 2.8.1, where multiple Cross-Site Scripting (XSS) vulnerabilities can be exploited via the Rancher UI (Norman). | 8 Feb 2024 | Rancher [v2.8.2](https://github.com/rancher/rancher/releases/tag/v2.8.2), [v2.7.10](https://github.com/rancher/rancher/releases/tag/v2.7.10) and [v2.6.14](https://github.com/rancher/rancher/releases/tag/v2.6.14) | | [CVE-2023-32192](https://github.com/rancher/apiserver/security/advisories/GHSA-833m-37f7-jq55) | An issue was discovered in Rancher versions up to and including 2.6.13, 2.7.9 and 2.8.1, where multiple Cross-Site Scripting (XSS) vulnerabilities can be exploited via the Rancher UI (Apiserver). | 8 Feb 2024 | Rancher [v2.8.2](https://github.com/rancher/rancher/releases/tag/v2.8.2), [v2.7.10](https://github.com/rancher/rancher/releases/tag/v2.7.10) and [v2.6.14](https://github.com/rancher/rancher/releases/tag/v2.6.14) | | [CVE-2023-22649](https://github.com/rancher/rancher/security/advisories/GHSA-xfj7-qf8w-2gcr) | An issue was discovered in Rancher versions up to and including 2.6.13, 2.7.9 and 2.8.1, in which sensitive data may be leaked into Rancher's audit logs. | 8 Feb 2024 | Rancher [v2.8.2](https://github.com/rancher/rancher/releases/tag/v2.8.2), [v2.7.10](https://github.com/rancher/rancher/releases/tag/v2.7.10) and [v2.6.14](https://github.com/rancher/rancher/releases/tag/v2.6.14) | From 2a02adeb721791411c1d42503486c6879507e02b Mon Sep 17 00:00:00 2001 From: Billy Tat Date: Fri, 16 Feb 2024 15:34:04 -0800 Subject: [PATCH 13/28] Add purpose of Prime/Community columns in section intros. Also link to Prime page --- src/pages/versions.md | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/src/pages/versions.md b/src/pages/versions.md index 1cd136486c3..3738aecf1bd 100644 --- a/src/pages/versions.md +++ b/src/pages/versions.md @@ -6,7 +6,7 @@ title: Rancher Documentation Versions ### Current versions -Below are the documentation and release notes for the currently released version of Rancher 2.8.x: +Here you can find links to supporting documentation for the current released version of Rancher v2.8, and its availability for [Rancher Prime](/v2.8/getting-started/quick-start-guides/deploy-rancher-manager/prime) and the Community version of Rancher:
VersionDocumentation
v2.0 - v2.4 Documentation
@@ -27,7 +27,7 @@ Below are the documentation and release notes for the currently released version
-Below are the documentation and release notes for the currently released version of Rancher 2.7.x: +Here you can find links to supporting documentation for the current released version of Rancher v2.7, and its availability for [Rancher Prime](/v2.7/getting-started/quick-start-guides/deploy-rancher-manager/prime) and the Community version of Rancher: @@ -48,7 +48,7 @@ Below are the documentation and release notes for the currently released version
-Below are the documentation and release notes for the currently released version of Rancher 2.6.x: +Here you can find links to supporting documentation for the current released version of Rancher v2.6: @@ -67,7 +67,7 @@ Below are the documentation and release notes for the currently released version ### Past versions -Below are the documentation and release notes for previous versions of Rancher 2.8.x: +Here you can find links to supporting documentation for previous versions of Rancher v2.8, and their availability for [Rancher Prime](/v2.8/getting-started/quick-start-guides/deploy-rancher-manager/prime) and the Community version of Rancher:
@@ -98,7 +98,7 @@ Below are the documentation and release notes for previous versions of Rancher 2
-Below are the documentation and release notes for previous versions of Rancher 2.7.x: +Here you can find links to supporting documentation for previous versions of Rancher v2.7, and their availability for [Rancher Prime](/v2.7/getting-started/quick-start-guides/deploy-rancher-manager/prime) and the Community version of Rancher:
@@ -193,7 +193,7 @@ Below are the documentation and release notes for previous versions of Rancher 2
-Below are the documentation and release notes for previous versions of Rancher 2.6.x: +Here you can find links to supporting documentation for previous versions of Rancher v2.6:
@@ -292,7 +292,7 @@ Below are the documentation and release notes for previous versions of Rancher 2 ### Legacy versions (EOL) -Below are the documentation and release notes for legacy versions of Rancher 2.5.x: +Here you can find links to supporting documentation for legacy versions of Rancher v2.5:
@@ -413,7 +413,7 @@ Below are the documentation and release notes for legacy versions of Rancher 2.5
-Below is the documentation for legacy versions of Rancher 2.0 - 2.4.x: +Here you can find links to supporting documentation for legacy versions of v2.0-v2.4:
@@ -421,7 +421,7 @@ Below is the documentation for legacy versions of Rancher 2.0 - 2.4.x: - +
Documentation
v2.0 - v2.4v2.0-v2.4 Documentation
\ No newline at end of file From d9ba7f2e958095eca651a1cd48dc202576fb6d5e Mon Sep 17 00:00:00 2001 From: Yilin Zeng <36651058+yzeng25@users.noreply.github.com> Date: Wed, 21 Feb 2024 03:17:51 +0800 Subject: [PATCH 14/28] chore: update copyright message to 2024 (#1132) --- i18n/zh/docusaurus-theme-classic/footer.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/i18n/zh/docusaurus-theme-classic/footer.json b/i18n/zh/docusaurus-theme-classic/footer.json index 07aa991f00e..231806094e0 100644 --- a/i18n/zh/docusaurus-theme-classic/footer.json +++ b/i18n/zh/docusaurus-theme-classic/footer.json @@ -1,6 +1,6 @@ { "copyright": { - "message": "Copyright © 2023 SUSE Rancher. All Rights Reserved.", + "message": "Copyright © 2024 SUSE Rancher. All Rights Reserved.", "description": "The footer copyright" } } From 17af76d76f7d10cf115a197bb20902278614519e Mon Sep 17 00:00:00 2001 From: Meera Belur Date: Wed, 21 Feb 2024 09:04:19 -0800 Subject: [PATCH 15/28] Updated csp-adapter version table (#1134) --- .../cloud-marketplace/aws-cloud-marketplace/install-adapter.md | 1 + 1 file changed, 1 insertion(+) diff --git a/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/aws-cloud-marketplace/install-adapter.md b/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/aws-cloud-marketplace/install-adapter.md index a4240a0156e..09291fb0ecd 100644 --- a/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/aws-cloud-marketplace/install-adapter.md +++ b/versioned_docs/version-2.7/integrations-in-rancher/cloud-marketplace/aws-cloud-marketplace/install-adapter.md @@ -29,6 +29,7 @@ In order to deploy and run the adapter successfully, you need to ensure its vers | v2.7.7 | v2.0.2 | | v2.7.8 | v2.0.2 | | v2.7.9 | v2.0.2 | +| v2.7.10 | v2.0.2 | ### 1. Gain Access to the Local Cluster From d56729e94a0bee07ec0c68c96a71411c11e75ae2 Mon Sep 17 00:00:00 2001 From: Marty Hernandez Avedon Date: Wed, 21 Feb 2024 13:24:54 -0500 Subject: [PATCH 16/28] #995 Correct configure teams receiver commands (#1014) * 995 - Correct receivers.md * every heading uses the same verb form * rm'd sentence fragment --- .../monitoring-v2-configuration/receivers.md | 28 ++++++++----------- 1 file changed, 11 insertions(+), 17 deletions(-) diff --git a/docs/reference-guides/monitoring-v2-configuration/receivers.md b/docs/reference-guides/monitoring-v2-configuration/receivers.md index dc459f34378..79d9749dc18 100644 --- a/docs/reference-guides/monitoring-v2-configuration/receivers.md +++ b/docs/reference-guides/monitoring-v2-configuration/receivers.md @@ -24,8 +24,6 @@ This section assumes familiarity with how monitoring components work together. F ::: -To create notification receivers in the Rancher UI, - @@ -152,24 +150,20 @@ The Teams receiver is not a native receiver and must be enabled before it can be 1. Select the **Teams** option and click **Install**. 1. Take note of the namespace used as it will be required in a later step. -### Configure the Teams Receiver +### Configuring the Teams Receiver -The Teams receiver can be configured by updating its ConfigMap. For example, the following is a minimal Teams receiver configuration. +1. To configure the Teams receiver, update its ConfigMap. The following example is a minimal Teams receiver configuration: -```yaml -[Microsoft Teams] -teams-instance-1: https://your-teams-webhook-url -``` + ```yaml + [Microsoft Teams] + connector: https://your-teams-webhook-url + ``` -When configuration is complete, add the receiver using the steps in [this section](#creating-receivers-in-the-rancher-ui). +2. After you update the configuration, follow the instructions in [Creating Receivers in the Rancher UI](#creating-receivers-in-the-rancher-ui) to add the receiver. Use the example below to form your URL. Make sure to replace `` with the namespace of the `rancher-alerting-drivers` app: -Use the example below as the URL where: - -- `ns-1` is replaced with the namespace where the `rancher-alerting-drivers` app is installed - -```yaml -url: http://rancher-alerting-drivers-prom2teams.ns-1.svc:8089/v2/teams-instance-1 -``` + ```yaml + url: http://rancher-alerting-drivers-prom2teams..svc:8089/v2/connector + ``` @@ -187,7 +181,7 @@ The SMS receiver is not a native receiver and must be enabled before it can be u 1. Select the **SMS** option and click **Install**. 1. Take note of the namespace used as it will be required in a later step. -### Configure the SMS Receiver +### Configuring the SMS Receiver The SMS receiver can be configured by updating its ConfigMap. For example, the following is a minimal SMS receiver configuration. From 5a9d423cb63bd035f74bc0b6ed73d46ed4fc9ec9 Mon Sep 17 00:00:00 2001 From: Billy Tat Date: Wed, 21 Feb 2024 10:55:26 -0800 Subject: [PATCH 17/28] Globally import CNI popularity --- docs/faq/container-network-interface-providers.md | 2 -- src/theme/MDXComponents.js | 4 ++++ .../faq/container-network-interface-providers.md | 2 -- .../version-2.5/faq/container-network-interface-providers.md | 2 -- .../version-2.6/faq/container-network-interface-providers.md | 2 -- .../version-2.7/faq/container-network-interface-providers.md | 2 -- .../version-2.8/faq/container-network-interface-providers.md | 2 -- 7 files changed, 4 insertions(+), 12 deletions(-) diff --git a/docs/faq/container-network-interface-providers.md b/docs/faq/container-network-interface-providers.md index a8662eaf14a..cb65dd9238d 100644 --- a/docs/faq/container-network-interface-providers.md +++ b/docs/faq/container-network-interface-providers.md @@ -184,8 +184,6 @@ The following table summarizes the different features available for each CNI net ## CNI Community Popularity -import CNIPopularityTable from '/shared-files/_cni-popularity.md'; - ## Which CNI Provider Should I Use? diff --git a/src/theme/MDXComponents.js b/src/theme/MDXComponents.js index b2618e44a67..a3ad9fedc5d 100644 --- a/src/theme/MDXComponents.js +++ b/src/theme/MDXComponents.js @@ -6,6 +6,8 @@ import TabItem from '@theme/TabItem'; import { CardSection, Card } from '../components/CardComponents'; +import CNIPopularityTable from '/shared-files/_cni-popularity.md'; + export default { // Re-use the default mapping ...MDXComponents, @@ -15,4 +17,6 @@ export default { CardSection, Card, + + CNIPopularityTable, }; diff --git a/versioned_docs/version-2.0-2.4/faq/container-network-interface-providers.md b/versioned_docs/version-2.0-2.4/faq/container-network-interface-providers.md index 4c2662c0a91..8c9b3a5351b 100644 --- a/versioned_docs/version-2.0-2.4/faq/container-network-interface-providers.md +++ b/versioned_docs/version-2.0-2.4/faq/container-network-interface-providers.md @@ -136,8 +136,6 @@ The following table summarizes the different features available for each CNI net ### CNI Community Popularity -import CNIPopularityTable from '/shared-files/_cni-popularity.md'; - ### Which CNI Provider Should I Use? diff --git a/versioned_docs/version-2.5/faq/container-network-interface-providers.md b/versioned_docs/version-2.5/faq/container-network-interface-providers.md index 3e11f8cb90b..2368ea0fc81 100644 --- a/versioned_docs/version-2.5/faq/container-network-interface-providers.md +++ b/versioned_docs/version-2.5/faq/container-network-interface-providers.md @@ -134,8 +134,6 @@ The following table summarizes the different features available for each CNI net ### CNI Community Popularity -import CNIPopularityTable from '/shared-files/_cni-popularity.md'; - ### Which CNI Provider Should I Use? diff --git a/versioned_docs/version-2.6/faq/container-network-interface-providers.md b/versioned_docs/version-2.6/faq/container-network-interface-providers.md index a8662eaf14a..cb65dd9238d 100644 --- a/versioned_docs/version-2.6/faq/container-network-interface-providers.md +++ b/versioned_docs/version-2.6/faq/container-network-interface-providers.md @@ -184,8 +184,6 @@ The following table summarizes the different features available for each CNI net ## CNI Community Popularity -import CNIPopularityTable from '/shared-files/_cni-popularity.md'; - ## Which CNI Provider Should I Use? diff --git a/versioned_docs/version-2.7/faq/container-network-interface-providers.md b/versioned_docs/version-2.7/faq/container-network-interface-providers.md index a8662eaf14a..cb65dd9238d 100644 --- a/versioned_docs/version-2.7/faq/container-network-interface-providers.md +++ b/versioned_docs/version-2.7/faq/container-network-interface-providers.md @@ -184,8 +184,6 @@ The following table summarizes the different features available for each CNI net ## CNI Community Popularity -import CNIPopularityTable from '/shared-files/_cni-popularity.md'; - ## Which CNI Provider Should I Use? diff --git a/versioned_docs/version-2.8/faq/container-network-interface-providers.md b/versioned_docs/version-2.8/faq/container-network-interface-providers.md index a8662eaf14a..cb65dd9238d 100644 --- a/versioned_docs/version-2.8/faq/container-network-interface-providers.md +++ b/versioned_docs/version-2.8/faq/container-network-interface-providers.md @@ -184,8 +184,6 @@ The following table summarizes the different features available for each CNI net ## CNI Community Popularity -import CNIPopularityTable from '/shared-files/_cni-popularity.md'; - ## Which CNI Provider Should I Use? From afa972e2b203cf68dddaa0e8cc3660d7d20bd539 Mon Sep 17 00:00:00 2001 From: Marty Hernandez Avedon Date: Wed, 21 Feb 2024 15:42:51 -0500 Subject: [PATCH 18/28] Syncing versions for #1014 (#1136) Accidentally merged after confirmation w/o realizing that the PR needed to be versioned --- .../monitoring-v2-configuration/receivers.md | 26 ++++++++--------- .../monitoring-v2-configuration/receivers.md | 28 ++++++++----------- .../monitoring-v2-configuration/receivers.md | 28 ++++++++----------- 3 files changed, 33 insertions(+), 49 deletions(-) diff --git a/versioned_docs/version-2.6/reference-guides/monitoring-v2-configuration/receivers.md b/versioned_docs/version-2.6/reference-guides/monitoring-v2-configuration/receivers.md index 631e589009c..fa55d466451 100644 --- a/versioned_docs/version-2.6/reference-guides/monitoring-v2-configuration/receivers.md +++ b/versioned_docs/version-2.6/reference-guides/monitoring-v2-configuration/receivers.md @@ -167,24 +167,20 @@ The Teams receiver is not a native receiver and must be enabled before it can be -### Configure the Teams Receiver +### Configuring the Teams Receiver -The Teams receiver can be configured by updating its ConfigMap. For example, the following is a minimal Teams receiver configuration. +1. To configure the Teams receiver, update its ConfigMap. The following example is a minimal Teams receiver configuration: -```yaml -[Microsoft Teams] -teams-instance-1: https://your-teams-webhook-url -``` + ```yaml + [Microsoft Teams] + connector: https://your-teams-webhook-url + ``` -When configuration is complete, add the receiver using the steps in [this section](#creating-receivers-in-the-rancher-ui). +2. After you update the configuration, follow the instructions in [Creating Receivers in the Rancher UI](#creating-receivers-in-the-rancher-ui) to add the receiver. Use the example below to form your URL. Make sure to replace `` with the namespace of the `rancher-alerting-drivers` app: -Use the example below as the URL where: - -- `ns-1` is replaced with the namespace where the `rancher-alerting-drivers` app is installed - -```yaml -url: http://rancher-alerting-drivers-prom2teams.ns-1.svc:8089/v2/teams-instance-1 -``` + ```yaml + url: http://rancher-alerting-drivers-prom2teams..svc:8089/v2/connector + ``` @@ -202,7 +198,7 @@ The SMS receiver is not a native receiver and must be enabled before it can be u 1. Select the **SMS** option and click **Install**. 1. Take note of the namespace used as it will be required in a later step. -### Configure the SMS Receiver +### Configuring the SMS Receiver The SMS receiver can be configured by updating its ConfigMap. For example, the following is a minimal SMS receiver configuration. diff --git a/versioned_docs/version-2.7/reference-guides/monitoring-v2-configuration/receivers.md b/versioned_docs/version-2.7/reference-guides/monitoring-v2-configuration/receivers.md index dc459f34378..79d9749dc18 100644 --- a/versioned_docs/version-2.7/reference-guides/monitoring-v2-configuration/receivers.md +++ b/versioned_docs/version-2.7/reference-guides/monitoring-v2-configuration/receivers.md @@ -24,8 +24,6 @@ This section assumes familiarity with how monitoring components work together. F ::: -To create notification receivers in the Rancher UI, - @@ -152,24 +150,20 @@ The Teams receiver is not a native receiver and must be enabled before it can be 1. Select the **Teams** option and click **Install**. 1. Take note of the namespace used as it will be required in a later step. -### Configure the Teams Receiver +### Configuring the Teams Receiver -The Teams receiver can be configured by updating its ConfigMap. For example, the following is a minimal Teams receiver configuration. +1. To configure the Teams receiver, update its ConfigMap. The following example is a minimal Teams receiver configuration: -```yaml -[Microsoft Teams] -teams-instance-1: https://your-teams-webhook-url -``` + ```yaml + [Microsoft Teams] + connector: https://your-teams-webhook-url + ``` -When configuration is complete, add the receiver using the steps in [this section](#creating-receivers-in-the-rancher-ui). +2. After you update the configuration, follow the instructions in [Creating Receivers in the Rancher UI](#creating-receivers-in-the-rancher-ui) to add the receiver. Use the example below to form your URL. Make sure to replace `` with the namespace of the `rancher-alerting-drivers` app: -Use the example below as the URL where: - -- `ns-1` is replaced with the namespace where the `rancher-alerting-drivers` app is installed - -```yaml -url: http://rancher-alerting-drivers-prom2teams.ns-1.svc:8089/v2/teams-instance-1 -``` + ```yaml + url: http://rancher-alerting-drivers-prom2teams..svc:8089/v2/connector + ``` @@ -187,7 +181,7 @@ The SMS receiver is not a native receiver and must be enabled before it can be u 1. Select the **SMS** option and click **Install**. 1. Take note of the namespace used as it will be required in a later step. -### Configure the SMS Receiver +### Configuring the SMS Receiver The SMS receiver can be configured by updating its ConfigMap. For example, the following is a minimal SMS receiver configuration. diff --git a/versioned_docs/version-2.8/reference-guides/monitoring-v2-configuration/receivers.md b/versioned_docs/version-2.8/reference-guides/monitoring-v2-configuration/receivers.md index dc459f34378..79d9749dc18 100644 --- a/versioned_docs/version-2.8/reference-guides/monitoring-v2-configuration/receivers.md +++ b/versioned_docs/version-2.8/reference-guides/monitoring-v2-configuration/receivers.md @@ -24,8 +24,6 @@ This section assumes familiarity with how monitoring components work together. F ::: -To create notification receivers in the Rancher UI, - @@ -152,24 +150,20 @@ The Teams receiver is not a native receiver and must be enabled before it can be 1. Select the **Teams** option and click **Install**. 1. Take note of the namespace used as it will be required in a later step. -### Configure the Teams Receiver +### Configuring the Teams Receiver -The Teams receiver can be configured by updating its ConfigMap. For example, the following is a minimal Teams receiver configuration. +1. To configure the Teams receiver, update its ConfigMap. The following example is a minimal Teams receiver configuration: -```yaml -[Microsoft Teams] -teams-instance-1: https://your-teams-webhook-url -``` + ```yaml + [Microsoft Teams] + connector: https://your-teams-webhook-url + ``` -When configuration is complete, add the receiver using the steps in [this section](#creating-receivers-in-the-rancher-ui). +2. After you update the configuration, follow the instructions in [Creating Receivers in the Rancher UI](#creating-receivers-in-the-rancher-ui) to add the receiver. Use the example below to form your URL. Make sure to replace `` with the namespace of the `rancher-alerting-drivers` app: -Use the example below as the URL where: - -- `ns-1` is replaced with the namespace where the `rancher-alerting-drivers` app is installed - -```yaml -url: http://rancher-alerting-drivers-prom2teams.ns-1.svc:8089/v2/teams-instance-1 -``` + ```yaml + url: http://rancher-alerting-drivers-prom2teams..svc:8089/v2/connector + ``` @@ -187,7 +181,7 @@ The SMS receiver is not a native receiver and must be enabled before it can be u 1. Select the **SMS** option and click **Install**. 1. Take note of the namespace used as it will be required in a later step. -### Configure the SMS Receiver +### Configuring the SMS Receiver The SMS receiver can be configured by updating its ConfigMap. For example, the following is a minimal SMS receiver configuration. From ba0fefb289af19aea3332dfa27d54bf94cc9c7de Mon Sep 17 00:00:00 2001 From: Sunil Singh Date: Thu, 22 Feb 2024 10:39:31 -0800 Subject: [PATCH 19/28] Updating CNI table with current stats as part of maintenance check list for 2.7.11. Signed-off-by: Sunil Singh --- shared-files/_cni-popularity.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/shared-files/_cni-popularity.md b/shared-files/_cni-popularity.md index aebd14ed3fd..1135809c068 100644 --- a/shared-files/_cni-popularity.md +++ b/shared-files/_cni-popularity.md @@ -5,6 +5,6 @@ The following table summarizes different GitHub metrics to give you an idea of e | ---- | ---- | ---- | ---- | ---- | | Canal | https://github.com/projectcalico/canal | 708 | 103 | 20 | | Flannel | https://github.com/flannel-io/flannel | 8.4k | 2.9k | 231 | -| Calico | https://github.com/projectcalico/calico | 5.3k | 1.2k | 335 | -| Weave | https://github.com/weaveworks/weave/ | 6.5k | 670 | 87 | -| Cilium | https://github.com/cilium/cilium | 17.8k | 2.6k | 699 | +| Calico | https://github.com/projectcalico/calico | 5.3k | 1.2k | 336 | +| Weave | https://github.com/weaveworks/weave/ | 6.6k | 679 | 87 | +| Cilium | https://github.com/cilium/cilium | 18k | 2.6k | 706 | From b29b762dd6d608f1ba69a2fb8dd6979639536ea2 Mon Sep 17 00:00:00 2001 From: Max Sokolovsky Date: Thu, 22 Feb 2024 21:17:16 +0000 Subject: [PATCH 20/28] Add a note about project deletion in Public API Update docs/api/workflows/projects.md Co-authored-by: Marty Hernandez Avedon --- docs/api/workflows/projects.md | 2 ++ versioned_docs/version-2.8/api/workflows/projects.md | 2 ++ 2 files changed, 4 insertions(+) diff --git a/docs/api/workflows/projects.md b/docs/api/workflows/projects.md index f746ade11d6..549ceff5423 100644 --- a/docs/api/workflows/projects.md +++ b/docs/api/workflows/projects.md @@ -111,3 +111,5 @@ Delete the project under the cluster namespace: ```bash kubectl --namespace c-m-abcde delete project p-vwxyz ``` + +Note that this command doesn't delete the namespaces and resources that formerly belonged to the project. diff --git a/versioned_docs/version-2.8/api/workflows/projects.md b/versioned_docs/version-2.8/api/workflows/projects.md index f746ade11d6..b6f9a3b1d8b 100644 --- a/versioned_docs/version-2.8/api/workflows/projects.md +++ b/versioned_docs/version-2.8/api/workflows/projects.md @@ -111,3 +111,5 @@ Delete the project under the cluster namespace: ```bash kubectl --namespace c-m-abcde delete project p-vwxyz ``` + +Note that this command doesn't delete the namespaces and resources that formerly belonged to the project. From 1e76595c2fde07bd1b03dbf4775101c07e52799a Mon Sep 17 00:00:00 2001 From: Billy Tat Date: Thu, 22 Feb 2024 16:20:11 -0800 Subject: [PATCH 21/28] Add OPA Gatekeeper deprecation notice --- docs/integrations-in-rancher/opa-gatekeeper.md | 2 ++ docs/reference-guides/rancher-cluster-tools.md | 3 +++ shared-files/_deprecation-opa-gatekeeper.md | 5 +++++ src/theme/MDXComponents.js | 2 ++ .../version-2.8/integrations-in-rancher/opa-gatekeeper.md | 2 ++ .../version-2.8/reference-guides/rancher-cluster-tools.md | 3 +++ 6 files changed, 17 insertions(+) create mode 100644 shared-files/_deprecation-opa-gatekeeper.md diff --git a/docs/integrations-in-rancher/opa-gatekeeper.md b/docs/integrations-in-rancher/opa-gatekeeper.md index f2185dff685..cea9732b36c 100644 --- a/docs/integrations-in-rancher/opa-gatekeeper.md +++ b/docs/integrations-in-rancher/opa-gatekeeper.md @@ -6,6 +6,8 @@ title: OPA Gatekeeper + + To ensure consistency and compliance, every organization needs the ability to define and enforce policies in its environment in an automated way. [OPA (Open Policy Agent)](https://www.openpolicyagent.org/) is a policy engine that facilitates policy-based control for cloud native environments. Rancher provides the ability to enable OPA Gatekeeper in Kubernetes clusters, and also installs a couple of built-in policy definitions, which are also called constraint templates. OPA provides a high-level declarative language that lets you specify policy as code and ability to extend simple APIs to offload policy decision-making. diff --git a/docs/reference-guides/rancher-cluster-tools.md b/docs/reference-guides/rancher-cluster-tools.md index ca037f533de..5221e0f150e 100644 --- a/docs/reference-guides/rancher-cluster-tools.md +++ b/docs/reference-guides/rancher-cluster-tools.md @@ -41,8 +41,11 @@ For more information, refer to the monitoring documentation [here.](../integrati Rancher's integration with Istio was improved in Rancher v2.5. For more information, refer to the Istio documentation [here.](../integrations-in-rancher/istio/istio.md) + ## OPA Gatekeeper + + [OPA Gatekeeper](https://github.com/open-policy-agent/gatekeeper) is an open-source project that provides integration between OPA and Kubernetes to provide policy control via admission controller webhooks. For details on how to enable Gatekeeper in Rancher, refer to the [OPA Gatekeeper section.](../integrations-in-rancher/opa-gatekeeper.md) ## CIS Scans diff --git a/shared-files/_deprecation-opa-gatekeeper.md b/shared-files/_deprecation-opa-gatekeeper.md new file mode 100644 index 00000000000..3a88f57b0d6 --- /dev/null +++ b/shared-files/_deprecation-opa-gatekeeper.md @@ -0,0 +1,5 @@ +:::warning + +OPA Gatekeeper is deprecated and will be removed in a future release. As a replacement for OPA Gatekeeper, consider switching to Kubewarden. + +::: diff --git a/src/theme/MDXComponents.js b/src/theme/MDXComponents.js index a3ad9fedc5d..540ac390d56 100644 --- a/src/theme/MDXComponents.js +++ b/src/theme/MDXComponents.js @@ -7,6 +7,7 @@ import TabItem from '@theme/TabItem'; import { CardSection, Card } from '../components/CardComponents'; import CNIPopularityTable from '/shared-files/_cni-popularity.md'; +import DeprecationOPAGatekeeper from '/shared-files/_deprecation-opa-gatekeeper.md'; export default { // Re-use the default mapping @@ -19,4 +20,5 @@ export default { Card, CNIPopularityTable, + DeprecationOPAGatekeeper, }; diff --git a/versioned_docs/version-2.8/integrations-in-rancher/opa-gatekeeper.md b/versioned_docs/version-2.8/integrations-in-rancher/opa-gatekeeper.md index f2185dff685..cea9732b36c 100644 --- a/versioned_docs/version-2.8/integrations-in-rancher/opa-gatekeeper.md +++ b/versioned_docs/version-2.8/integrations-in-rancher/opa-gatekeeper.md @@ -6,6 +6,8 @@ title: OPA Gatekeeper + + To ensure consistency and compliance, every organization needs the ability to define and enforce policies in its environment in an automated way. [OPA (Open Policy Agent)](https://www.openpolicyagent.org/) is a policy engine that facilitates policy-based control for cloud native environments. Rancher provides the ability to enable OPA Gatekeeper in Kubernetes clusters, and also installs a couple of built-in policy definitions, which are also called constraint templates. OPA provides a high-level declarative language that lets you specify policy as code and ability to extend simple APIs to offload policy decision-making. diff --git a/versioned_docs/version-2.8/reference-guides/rancher-cluster-tools.md b/versioned_docs/version-2.8/reference-guides/rancher-cluster-tools.md index ca037f533de..5221e0f150e 100644 --- a/versioned_docs/version-2.8/reference-guides/rancher-cluster-tools.md +++ b/versioned_docs/version-2.8/reference-guides/rancher-cluster-tools.md @@ -41,8 +41,11 @@ For more information, refer to the monitoring documentation [here.](../integrati Rancher's integration with Istio was improved in Rancher v2.5. For more information, refer to the Istio documentation [here.](../integrations-in-rancher/istio/istio.md) + ## OPA Gatekeeper + + [OPA Gatekeeper](https://github.com/open-policy-agent/gatekeeper) is an open-source project that provides integration between OPA and Kubernetes to provide policy control via admission controller webhooks. For details on how to enable Gatekeeper in Rancher, refer to the [OPA Gatekeeper section.](../integrations-in-rancher/opa-gatekeeper.md) ## CIS Scans From f2a8dfaa0a9130adda7070b8fcf1140a68630c71 Mon Sep 17 00:00:00 2001 From: Sunil Singh Date: Fri, 23 Feb 2024 14:15:15 -0800 Subject: [PATCH 22/28] Increasing the heap size as recent build failed due to heap allocation error. Signed-off-by: Sunil Singh --- .github/workflows/deploy.yml | 2 +- .github/workflows/test-deploy.yml | 2 +- package.json | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index bed50097307..f228eefae5f 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -22,7 +22,7 @@ jobs: run: yarn install --frozen-lockfile - name: Build website env: - NODE_OPTIONS: "--max_old_space_size=6144" + NODE_OPTIONS: "--max_old_space_size=7168" run: yarn build --no-minify # Popular action to deploy to GitHub Pages: diff --git a/.github/workflows/test-deploy.yml b/.github/workflows/test-deploy.yml index 3af251f1453..39e8fa97909 100644 --- a/.github/workflows/test-deploy.yml +++ b/.github/workflows/test-deploy.yml @@ -24,5 +24,5 @@ jobs: run: yarn run remark --quiet --use remark-lint-no-dead-urls ./docs - name: Test build website env: - NODE_OPTIONS: "--max_old_space_size=6144" + NODE_OPTIONS: "--max_old_space_size=7168" run: yarn build --no-minify \ No newline at end of file diff --git a/package.json b/package.json index e7d60f81353..4b7bac95674 100644 --- a/package.json +++ b/package.json @@ -5,7 +5,7 @@ "scripts": { "docusaurus": "docusaurus", "start": "docusaurus start", - "build": "NODE_OPTIONS='--max-old-space-size=6144' docusaurus build", + "build": "NODE_OPTIONS='--max-old-space-size=7168' docusaurus build", "swizzle": "docusaurus swizzle", "deploy": "docusaurus deploy", "clear": "docusaurus clear", From 53357bc7f06fbb67d99f5be7c3a51c6cd866e090 Mon Sep 17 00:00:00 2001 From: Billy Tat Date: Wed, 21 Feb 2024 10:53:01 -0800 Subject: [PATCH 23/28] Explicitly indicate when unavaiable. More descriptive headers --- docs/reference-guides/rancher-webhook.md | 10 +++---- .../reference-guides/rancher-webhook.md | 26 +++++++++---------- .../reference-guides/rancher-webhook.md | 10 +++---- 3 files changed, 23 insertions(+), 23 deletions(-) diff --git a/docs/reference-guides/rancher-webhook.md b/docs/reference-guides/rancher-webhook.md index e1aeb7b6750..b2237a1d442 100644 --- a/docs/reference-guides/rancher-webhook.md +++ b/docs/reference-guides/rancher-webhook.md @@ -17,11 +17,11 @@ Each Rancher version is designed to be compatible with a single version of the w -| Rancher Version | Webhook Version | Prime | Community | -|-----------------|-----------------|---------|-----------| -| v2.8.2 | v0.4.2 | ✓ | ✓ | -| v2.8.1 | v0.4.2 | ✓ | ✓ | -| v2.8.0 | v0.4.2 | | ✓ | +| Rancher Version | Webhook Version | Availability in Prime | Availability in Community | +|-----------------|-----------------|-----------------------|---------------------------| +| v2.8.2 | v0.4.2 | ✓ | ✓ | +| v2.8.1 | v0.4.2 | ✓ | ✓ | +| v2.8.0 | v0.4.2 | ✗ | ✓ | ## Why Do We Need It? diff --git a/versioned_docs/version-2.7/reference-guides/rancher-webhook.md b/versioned_docs/version-2.7/reference-guides/rancher-webhook.md index a79691713f2..f408f5893d5 100644 --- a/versioned_docs/version-2.7/reference-guides/rancher-webhook.md +++ b/versioned_docs/version-2.7/reference-guides/rancher-webhook.md @@ -18,19 +18,19 @@ Each Rancher version is designed to be compatible with a single version of the w -| Rancher Version | Webhook Version | Prime | Community | -|-----------------|-----------------|---------|-----------| -| v2.7.10 | v0.3.6 | ✓ | ✓ | -| v2.7.9 | v0.3.6 | | ✓ | -| v2.7.8 | v0.3.6 | | ✓ | -| v2.7.7 | v0.3.6 | ✓ | ✓ | -| v2.7.6 | v0.3.5 | ✓ | ✓ | -| v2.7.5 | v0.3.5 | ✓ | ✓ | -| v2.7.4 | v0.3.4 | ✓ | ✓ | -| v2.7.3 | v0.3.3 | ✓ | ✓ | -| v2.7.2 | v0.3.2 | ✓ | ✓ | -| v2.7.1 | v0.3.0 | ✓ | ✓ | -| v2.7.0 | v0.3.0 | ✓ | ✓ | +| Rancher Version | Webhook Version | Availability in Prime | Availability in Community | +|-----------------|-----------------|-----------------------|---------------------------| +| v2.7.10 | v0.3.6 | ✓ | ✓ | +| v2.7.9 | v0.3.6 | ✗ | ✓ | +| v2.7.8 | v0.3.6 | ✗ | ✓ | +| v2.7.7 | v0.3.6 | ✓ | ✓ | +| v2.7.6 | v0.3.5 | ✓ | ✓ | +| v2.7.5 | v0.3.5 | ✓ | ✓ | +| v2.7.4 | v0.3.4 | ✓ | ✓ | +| v2.7.3 | v0.3.3 | ✓ | ✓ | +| v2.7.2 | v0.3.2 | ✓ | ✓ | +| v2.7.1 | v0.3.0 | ✓ | ✓ | +| v2.7.0 | v0.3.0 | ✓ | ✓ | ## Why Do We Need It? diff --git a/versioned_docs/version-2.8/reference-guides/rancher-webhook.md b/versioned_docs/version-2.8/reference-guides/rancher-webhook.md index b789245b4dd..f998b2f2ed7 100644 --- a/versioned_docs/version-2.8/reference-guides/rancher-webhook.md +++ b/versioned_docs/version-2.8/reference-guides/rancher-webhook.md @@ -18,11 +18,11 @@ Each Rancher version is designed to be compatible with a single version of the w -| Rancher Version | Webhook Version | Prime | Community | -|-----------------|-----------------|---------|-----------| -| v2.8.2 | v0.4.2 | ✓ | ✓ | -| v2.8.1 | v0.4.2 | ✓ | ✓ | -| v2.8.0 | v0.4.2 | | ✓ | +| Rancher Version | Webhook Version | Availability in Prime | Availability in Community | +|-----------------|-----------------|-----------------------|---------------------------| +| v2.8.2 | v0.4.2 | ✓ | ✓ | +| v2.8.1 | v0.4.2 | ✓ | ✓ | +| v2.8.0 | v0.4.2 | ✗ | ✓ | ## Why Do We Need It? From a7ce4ff08f9717ea1762d071b9f21c85dfa6af60 Mon Sep 17 00:00:00 2001 From: Billy Tat Date: Mon, 26 Feb 2024 16:22:39 -0800 Subject: [PATCH 24/28] Add Helm 2 deprecation note --- .../install-upgrade-on-a-kubernetes-cluster/upgrades.md | 3 +++ .../rancher-behind-an-http-proxy/install-rancher.md | 2 ++ .../resources/helm-version-requirements.md | 2 ++ .../resources/upgrade-cert-manager.md | 2 ++ shared-files/_deprecation-helm2.md | 5 +++++ src/theme/MDXComponents.js | 2 ++ .../install-upgrade-on-a-kubernetes-cluster/upgrades.md | 3 +++ .../rancher-behind-an-http-proxy/install-rancher.md | 2 ++ .../resources/helm-version-requirements.md | 2 ++ .../resources/upgrade-cert-manager.md | 2 ++ .../install-upgrade-on-a-kubernetes-cluster/upgrades.md | 3 +++ .../rancher-behind-an-http-proxy/install-rancher.md | 2 ++ .../resources/helm-version-requirements.md | 2 ++ .../resources/upgrade-cert-manager.md | 2 ++ 14 files changed, 34 insertions(+) create mode 100644 shared-files/_deprecation-helm2.md diff --git a/docs/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/upgrades.md b/docs/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/upgrades.md index 3932fd5c4b9..6a5107aea05 100644 --- a/docs/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/upgrades.md +++ b/docs/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/upgrades.md @@ -28,10 +28,13 @@ The kubeconfig can also be manually targeted for the intended cluster with the ` Review the list of known issues for each Rancher version, which can be found in the release notes on [GitHub](https://github.com/rancher/rancher/releases) and on the [Rancher forums.](https://forums.rancher.com/c/announcements/12) Note that upgrades _to_ or _from_ any chart in the [rancher-alpha repository](../resources/choose-a-rancher-version.md#helm-chart-repositories) aren't supported. + ### Helm Version The upgrade instructions assume you are using Helm 3. + + For migration of installs started with Helm 2, refer to the official [Helm 2 to 3 migration docs.](https://helm.sh/blog/migrate-from-helm-v2-to-helm-v3/) The [Helm 2 upgrade page here](/versioned_docs/version-2.0-2.4/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/upgrades/helm2.md)provides a copy of the older upgrade instructions that used Helm 2, and it is intended to be used if upgrading to Helm 3 is not feasible. ### For air-gapped installs: Populate private registry diff --git a/docs/getting-started/installation-and-upgrade/other-installation-methods/rancher-behind-an-http-proxy/install-rancher.md b/docs/getting-started/installation-and-upgrade/other-installation-methods/rancher-behind-an-http-proxy/install-rancher.md index 9d4a4c8393e..c2a6ace6343 100644 --- a/docs/getting-started/installation-and-upgrade/other-installation-methods/rancher-behind-an-http-proxy/install-rancher.md +++ b/docs/getting-started/installation-and-upgrade/other-installation-methods/rancher-behind-an-http-proxy/install-rancher.md @@ -10,6 +10,8 @@ Now that you have a running RKE cluster, you can install Rancher in it. For secu ### Install the Helm CLI + + Install the [Helm](https://helm.sh/docs/intro/install/) CLI on a host where you have a kubeconfig to access your Kubernetes cluster: ``` diff --git a/docs/getting-started/installation-and-upgrade/resources/helm-version-requirements.md b/docs/getting-started/installation-and-upgrade/resources/helm-version-requirements.md index 8d98fe60458..6118e567f0c 100644 --- a/docs/getting-started/installation-and-upgrade/resources/helm-version-requirements.md +++ b/docs/getting-started/installation-and-upgrade/resources/helm-version-requirements.md @@ -10,6 +10,8 @@ This section contains the requirements for Helm, which is the tool used to insta > The installation instructions have been updated for Helm 3. For migration of installs started with Helm 2, refer to the official [Helm 2 to 3 Migration Docs.](https://helm.sh/blog/migrate-from-helm-v2-to-helm-v3/) [This section](/versioned_docs/version-2.0-2.4/pages-for-subheaders/helm2.md) provides a copy of the older high-availability Rancher installation instructions that used Helm 2, and it is intended to be used if upgrading to Helm 3 is not feasible. + + - Helm v3.2.x or higher is required to install or upgrade Rancher v2.5. - Helm v2.16.0 or higher is required for Kubernetes v1.16. For the default Kubernetes version, refer to the [release notes](https://github.com/rancher/rke/releases) for the version of RKE that you are using. - Helm v2.15.0 should not be used, because of an issue with converting/comparing numbers. diff --git a/docs/getting-started/installation-and-upgrade/resources/upgrade-cert-manager.md b/docs/getting-started/installation-and-upgrade/resources/upgrade-cert-manager.md index dd00964ef02..ff5f495f501 100644 --- a/docs/getting-started/installation-and-upgrade/resources/upgrade-cert-manager.md +++ b/docs/getting-started/installation-and-upgrade/resources/upgrade-cert-manager.md @@ -145,6 +145,8 @@ Before you can perform the upgrade, you must prepare your air gapped environment --set cainjector.image.repository=/quay.io/jetstack/cert-manager-cainjector ``` + + The Helm 2 command is as follows: ```plain diff --git a/shared-files/_deprecation-helm2.md b/shared-files/_deprecation-helm2.md new file mode 100644 index 00000000000..7bb9bb3a8e3 --- /dev/null +++ b/shared-files/_deprecation-helm2.md @@ -0,0 +1,5 @@ +:::warning + +Helm v2 support is deprecated as of the Rancher v2.7 line and will be removed in Rancher v2.9. + +::: diff --git a/src/theme/MDXComponents.js b/src/theme/MDXComponents.js index 540ac390d56..e13c8e76ba4 100644 --- a/src/theme/MDXComponents.js +++ b/src/theme/MDXComponents.js @@ -8,6 +8,7 @@ import { CardSection, Card } from '../components/CardComponents'; import CNIPopularityTable from '/shared-files/_cni-popularity.md'; import DeprecationOPAGatekeeper from '/shared-files/_deprecation-opa-gatekeeper.md'; +import DeprecationHelm2 from '/shared-files/_deprecation-helm2.md'; export default { // Re-use the default mapping @@ -21,4 +22,5 @@ export default { CNIPopularityTable, DeprecationOPAGatekeeper, + DeprecationHelm2, }; diff --git a/versioned_docs/version-2.7/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/upgrades.md b/versioned_docs/version-2.7/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/upgrades.md index 70c112fb611..bc75b3a4680 100644 --- a/versioned_docs/version-2.7/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/upgrades.md +++ b/versioned_docs/version-2.7/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/upgrades.md @@ -28,8 +28,11 @@ The kubeconfig can also be manually targeted for the intended cluster with the ` Review the list of known issues for each Rancher version, which can be found in the release notes on [GitHub](https://github.com/rancher/rancher/releases) and on the [Rancher forums.](https://forums.rancher.com/c/announcements/12) Note that upgrades _to_ or _from_ any chart in the [rancher-alpha repository](../resources/choose-a-rancher-version.md#helm-chart-repositories) aren't supported. + ### Helm Version + + The upgrade instructions assume you are using Helm 3. For migration of installs started with Helm 2, refer to the official [Helm 2 to 3 migration docs.](https://helm.sh/blog/migrate-from-helm-v2-to-helm-v3/) The [Helm 2 upgrade page here](/versioned_docs/version-2.0-2.4/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/upgrades/helm2.md)provides a copy of the older upgrade instructions that used Helm 2, and it is intended to be used if upgrading to Helm 3 is not feasible. diff --git a/versioned_docs/version-2.7/getting-started/installation-and-upgrade/other-installation-methods/rancher-behind-an-http-proxy/install-rancher.md b/versioned_docs/version-2.7/getting-started/installation-and-upgrade/other-installation-methods/rancher-behind-an-http-proxy/install-rancher.md index 9d4a4c8393e..c2a6ace6343 100644 --- a/versioned_docs/version-2.7/getting-started/installation-and-upgrade/other-installation-methods/rancher-behind-an-http-proxy/install-rancher.md +++ b/versioned_docs/version-2.7/getting-started/installation-and-upgrade/other-installation-methods/rancher-behind-an-http-proxy/install-rancher.md @@ -10,6 +10,8 @@ Now that you have a running RKE cluster, you can install Rancher in it. For secu ### Install the Helm CLI + + Install the [Helm](https://helm.sh/docs/intro/install/) CLI on a host where you have a kubeconfig to access your Kubernetes cluster: ``` diff --git a/versioned_docs/version-2.7/getting-started/installation-and-upgrade/resources/helm-version-requirements.md b/versioned_docs/version-2.7/getting-started/installation-and-upgrade/resources/helm-version-requirements.md index 8d98fe60458..6118e567f0c 100644 --- a/versioned_docs/version-2.7/getting-started/installation-and-upgrade/resources/helm-version-requirements.md +++ b/versioned_docs/version-2.7/getting-started/installation-and-upgrade/resources/helm-version-requirements.md @@ -10,6 +10,8 @@ This section contains the requirements for Helm, which is the tool used to insta > The installation instructions have been updated for Helm 3. For migration of installs started with Helm 2, refer to the official [Helm 2 to 3 Migration Docs.](https://helm.sh/blog/migrate-from-helm-v2-to-helm-v3/) [This section](/versioned_docs/version-2.0-2.4/pages-for-subheaders/helm2.md) provides a copy of the older high-availability Rancher installation instructions that used Helm 2, and it is intended to be used if upgrading to Helm 3 is not feasible. + + - Helm v3.2.x or higher is required to install or upgrade Rancher v2.5. - Helm v2.16.0 or higher is required for Kubernetes v1.16. For the default Kubernetes version, refer to the [release notes](https://github.com/rancher/rke/releases) for the version of RKE that you are using. - Helm v2.15.0 should not be used, because of an issue with converting/comparing numbers. diff --git a/versioned_docs/version-2.7/getting-started/installation-and-upgrade/resources/upgrade-cert-manager.md b/versioned_docs/version-2.7/getting-started/installation-and-upgrade/resources/upgrade-cert-manager.md index dd00964ef02..ff5f495f501 100644 --- a/versioned_docs/version-2.7/getting-started/installation-and-upgrade/resources/upgrade-cert-manager.md +++ b/versioned_docs/version-2.7/getting-started/installation-and-upgrade/resources/upgrade-cert-manager.md @@ -145,6 +145,8 @@ Before you can perform the upgrade, you must prepare your air gapped environment --set cainjector.image.repository=/quay.io/jetstack/cert-manager-cainjector ``` + + The Helm 2 command is as follows: ```plain diff --git a/versioned_docs/version-2.8/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/upgrades.md b/versioned_docs/version-2.8/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/upgrades.md index 157151bdc04..b629e768d54 100644 --- a/versioned_docs/version-2.8/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/upgrades.md +++ b/versioned_docs/version-2.8/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/upgrades.md @@ -28,8 +28,11 @@ The kubeconfig can also be manually targeted for the intended cluster with the ` Review the list of known issues for each Rancher version, which can be found in the release notes on [GitHub](https://github.com/rancher/rancher/releases) and on the [Rancher forums.](https://forums.rancher.com/c/announcements/12) Note that upgrades _to_ or _from_ any chart in the [rancher-alpha repository](../resources/choose-a-rancher-version.md#helm-chart-repositories) aren't supported. + ### Helm Version + + The upgrade instructions assume you are using Helm 3. For migration of installs started with Helm 2, refer to the official [Helm 2 to 3 migration docs.](https://helm.sh/blog/migrate-from-helm-v2-to-helm-v3/) The [Helm 2 upgrade page here](/versioned_docs/version-2.0-2.4/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/upgrades/helm2.md)provides a copy of the older upgrade instructions that used Helm 2, and it is intended to be used if upgrading to Helm 3 is not feasible. diff --git a/versioned_docs/version-2.8/getting-started/installation-and-upgrade/other-installation-methods/rancher-behind-an-http-proxy/install-rancher.md b/versioned_docs/version-2.8/getting-started/installation-and-upgrade/other-installation-methods/rancher-behind-an-http-proxy/install-rancher.md index 9d4a4c8393e..c2a6ace6343 100644 --- a/versioned_docs/version-2.8/getting-started/installation-and-upgrade/other-installation-methods/rancher-behind-an-http-proxy/install-rancher.md +++ b/versioned_docs/version-2.8/getting-started/installation-and-upgrade/other-installation-methods/rancher-behind-an-http-proxy/install-rancher.md @@ -10,6 +10,8 @@ Now that you have a running RKE cluster, you can install Rancher in it. For secu ### Install the Helm CLI + + Install the [Helm](https://helm.sh/docs/intro/install/) CLI on a host where you have a kubeconfig to access your Kubernetes cluster: ``` diff --git a/versioned_docs/version-2.8/getting-started/installation-and-upgrade/resources/helm-version-requirements.md b/versioned_docs/version-2.8/getting-started/installation-and-upgrade/resources/helm-version-requirements.md index 8d98fe60458..6118e567f0c 100644 --- a/versioned_docs/version-2.8/getting-started/installation-and-upgrade/resources/helm-version-requirements.md +++ b/versioned_docs/version-2.8/getting-started/installation-and-upgrade/resources/helm-version-requirements.md @@ -10,6 +10,8 @@ This section contains the requirements for Helm, which is the tool used to insta > The installation instructions have been updated for Helm 3. For migration of installs started with Helm 2, refer to the official [Helm 2 to 3 Migration Docs.](https://helm.sh/blog/migrate-from-helm-v2-to-helm-v3/) [This section](/versioned_docs/version-2.0-2.4/pages-for-subheaders/helm2.md) provides a copy of the older high-availability Rancher installation instructions that used Helm 2, and it is intended to be used if upgrading to Helm 3 is not feasible. + + - Helm v3.2.x or higher is required to install or upgrade Rancher v2.5. - Helm v2.16.0 or higher is required for Kubernetes v1.16. For the default Kubernetes version, refer to the [release notes](https://github.com/rancher/rke/releases) for the version of RKE that you are using. - Helm v2.15.0 should not be used, because of an issue with converting/comparing numbers. diff --git a/versioned_docs/version-2.8/getting-started/installation-and-upgrade/resources/upgrade-cert-manager.md b/versioned_docs/version-2.8/getting-started/installation-and-upgrade/resources/upgrade-cert-manager.md index dd00964ef02..3590d08ce55 100644 --- a/versioned_docs/version-2.8/getting-started/installation-and-upgrade/resources/upgrade-cert-manager.md +++ b/versioned_docs/version-2.8/getting-started/installation-and-upgrade/resources/upgrade-cert-manager.md @@ -145,6 +145,8 @@ Before you can perform the upgrade, you must prepare your air gapped environment --set cainjector.image.repository=/quay.io/jetstack/cert-manager-cainjector ``` + + The Helm 2 command is as follows: ```plain From f9bb639344ee5aab57498694fe8467dc8fdc111c Mon Sep 17 00:00:00 2001 From: joshmeranda Date: Tue, 27 Feb 2024 19:27:18 -0500 Subject: [PATCH 25/28] clarify monitoring read only role limitations --- .../monitoring-and-alerting/rbac-for-monitoring.md | 8 ++++++-- .../monitoring-and-alerting/rbac-for-monitoring.md | 8 ++++++-- .../monitoring-and-alerting/rbac-for-monitoring.md | 8 ++++++-- 3 files changed, 18 insertions(+), 6 deletions(-) diff --git a/docs/integrations-in-rancher/monitoring-and-alerting/rbac-for-monitoring.md b/docs/integrations-in-rancher/monitoring-and-alerting/rbac-for-monitoring.md index 1caa47cc30b..3c538ba5d07 100644 --- a/docs/integrations-in-rancher/monitoring-and-alerting/rbac-for-monitoring.md +++ b/docs/integrations-in-rancher/monitoring-and-alerting/rbac-for-monitoring.md @@ -112,7 +112,7 @@ Monitoring also creates additional `ClusterRoles` that aren't assigned to users | Role | Purpose | | ------------------------------| ---------------------------| -| monitoring-ui-view | _Available as of Monitoring v2 14.5.100+_ This ClusterRole allows users with write access to the project to view metrics graphs for the specified cluster in the Rancher UI. This is done by granting Read-only access to external Monitoring UIs. Users with this role have permission to list the Prometheus, Alertmanager, and Grafana endpoints and make GET requests to Prometheus, Alertmanager, and Grafana UIs through the Rancher proxy. | +| monitoring-ui-view | _Available as of Monitoring v2 14.5.100+_ This ClusterRole allows users with write access to the project to view metrics graphs for the specified cluster in the Rancher UI. This is done by granting Read-only access to external Monitoring UIs. Users with this role have permission to list the Prometheus, Alertmanager, and Grafana endpoints and make GET requests to Prometheus, Alertmanager, and Grafana UIs through the Rancher proxy.

This role does not grant access to monitoring endpoints. As a result, users with this role will not be able to view cluster monitoring graphs and dashboards in the rancher UI; however, they are able to access the monitoring Grafana, Prometheus, and Alertmanager UIs if provided those links. | :::note @@ -216,7 +216,11 @@ In addition to these default roles, the following Rancher project roles can be a |--------------------------|-------------------------------|-------|------| | View Monitoring* | [monitoring-ui-view](#additional-monitoring-clusterroles) | 2.4.8+ | 9.4.204+ | -\* A user bound to the **View Monitoring** Rancher role and read-only project permissions can't view links in the Monitoring UI. They can still access external monitoring UIs if provided links to those UIs. If you wish to grant access to users with the **View Monitoring** role and read-only project permissions, move the `cattle-monitoring-system` namespace into the project. +:::note + +A user bound to the **View Monitoring** Rancher role and read-only project permissions can't view links in the Monitoring UI. They can still access external monitoring UIs if provided links to those UIs. If you wish to grant access to users with the **View Monitoring** role and read-only project permissions, move the `cattle-monitoring-system` namespace into the project. + +::: ### Differences in 2.5.x diff --git a/versioned_docs/version-2.7/integrations-in-rancher/monitoring-and-alerting/rbac-for-monitoring.md b/versioned_docs/version-2.7/integrations-in-rancher/monitoring-and-alerting/rbac-for-monitoring.md index 0072c5da17c..e7b59526286 100644 --- a/versioned_docs/version-2.7/integrations-in-rancher/monitoring-and-alerting/rbac-for-monitoring.md +++ b/versioned_docs/version-2.7/integrations-in-rancher/monitoring-and-alerting/rbac-for-monitoring.md @@ -112,7 +112,7 @@ Monitoring also creates additional `ClusterRoles` that aren't assigned to users | Role | Purpose | | ------------------------------| ---------------------------| -| monitoring-ui-view | _Available as of Monitoring v2 14.5.100+_ This ClusterRole allows users with write access to the project to view metrics graphs for the specified cluster in the Rancher UI. This is done by granting Read-only access to external Monitoring UIs. Users with this role have permission to list the Prometheus, Alertmanager, and Grafana endpoints and make GET requests to Prometheus, Grafana, and Alertmanager UIs through the Rancher proxy. | +| monitoring-ui-view | _Available as of Monitoring v2 14.5.100+_ This ClusterRole allows users with write access to the project to view metrics graphs for the specified cluster in the Rancher UI. This is done by granting Read-only access to external Monitoring UIs. Users with this role have permission to list the Prometheus, Alertmanager, and Grafana endpoints and make GET requests to Prometheus, Alertmanager, and Grafana UIs through the Rancher proxy.

This role does not grant access to monitoring endpoints. As a result, users with this role will not be able to view cluster monitoring graphs and dashboards in the rancher UI; however, they are able to access the monitoring Grafana, Prometheus, and Alertmanager UIs if provided those links. | :::note @@ -216,7 +216,11 @@ In addition to these default roles, the following Rancher project roles can be a |--------------------------|-------------------------------|-------|------| | View Monitoring* | [monitoring-ui-view](#additional-monitoring-clusterroles) | 2.4.8+ | 9.4.204+ | -\* A user bound to the **View Monitoring** Rancher role and read-only project permissions can't view links in the Monitoring UI. They can still access external monitoring UIs if provided links to those UIs. If you wish to grant access to users with the **View Monitoring** role and read-only project permissions, move the `cattle-monitoring-system` namespace into the project. +:::note + + A user bound to the **View Monitoring** Rancher role and read-only project permissions can't view links in the Monitoring UI. They can still access external monitoring UIs if provided links to those UIs. If you wish to grant access to users with the **View Monitoring** role and read-only project permissions, move the `cattle-monitoring-system` namespace into the project. + +:::note ### Differences in 2.5.x diff --git a/versioned_docs/version-2.8/integrations-in-rancher/monitoring-and-alerting/rbac-for-monitoring.md b/versioned_docs/version-2.8/integrations-in-rancher/monitoring-and-alerting/rbac-for-monitoring.md index a1711b57170..3c538ba5d07 100644 --- a/versioned_docs/version-2.8/integrations-in-rancher/monitoring-and-alerting/rbac-for-monitoring.md +++ b/versioned_docs/version-2.8/integrations-in-rancher/monitoring-and-alerting/rbac-for-monitoring.md @@ -112,7 +112,7 @@ Monitoring also creates additional `ClusterRoles` that aren't assigned to users | Role | Purpose | | ------------------------------| ---------------------------| -| monitoring-ui-view | _Available as of Monitoring v2 14.5.100+_ This ClusterRole allows users with write access to the project to view metrics graphs for the specified cluster in the Rancher UI. This is done by granting Read-only access to external Monitoring UIs. Users with this role have permission to list the Prometheus, Alertmanager, and Grafana endpoints and make GET requests to Prometheus, Grafana, and Alertmanager UIs through the Rancher proxy. | +| monitoring-ui-view | _Available as of Monitoring v2 14.5.100+_ This ClusterRole allows users with write access to the project to view metrics graphs for the specified cluster in the Rancher UI. This is done by granting Read-only access to external Monitoring UIs. Users with this role have permission to list the Prometheus, Alertmanager, and Grafana endpoints and make GET requests to Prometheus, Alertmanager, and Grafana UIs through the Rancher proxy.

This role does not grant access to monitoring endpoints. As a result, users with this role will not be able to view cluster monitoring graphs and dashboards in the rancher UI; however, they are able to access the monitoring Grafana, Prometheus, and Alertmanager UIs if provided those links. | :::note @@ -216,7 +216,11 @@ In addition to these default roles, the following Rancher project roles can be a |--------------------------|-------------------------------|-------|------| | View Monitoring* | [monitoring-ui-view](#additional-monitoring-clusterroles) | 2.4.8+ | 9.4.204+ | -\* A user bound to the **View Monitoring** Rancher role and read-only project permissions can't view links in the Monitoring UI. They can still access external monitoring UIs if provided links to those UIs. If you wish to grant access to users with the **View Monitoring** role and read-only project permissions, move the `cattle-monitoring-system` namespace into the project. +:::note + +A user bound to the **View Monitoring** Rancher role and read-only project permissions can't view links in the Monitoring UI. They can still access external monitoring UIs if provided links to those UIs. If you wish to grant access to users with the **View Monitoring** role and read-only project permissions, move the `cattle-monitoring-system` namespace into the project. + +::: ### Differences in 2.5.x From 48bb9052b4d67fe6debc2680583255cd14860ce7 Mon Sep 17 00:00:00 2001 From: joshmeranda Date: Wed, 28 Feb 2024 13:46:08 -0500 Subject: [PATCH 26/28] add visibility to monitoring-ui-view --- .../monitoring-and-alerting/monitoring-and-alerting.md | 8 +++++++- .../monitoring-and-alerting/monitoring-and-alerting.md | 8 +++++++- .../monitoring-and-alerting/monitoring-and-alerting.md | 8 +++++++- 3 files changed, 21 insertions(+), 3 deletions(-) diff --git a/docs/integrations-in-rancher/monitoring-and-alerting/monitoring-and-alerting.md b/docs/integrations-in-rancher/monitoring-and-alerting/monitoring-and-alerting.md index 41b8662bcf5..1081e252d52 100644 --- a/docs/integrations-in-rancher/monitoring-and-alerting/monitoring-and-alerting.md +++ b/docs/integrations-in-rancher/monitoring-and-alerting/monitoring-and-alerting.md @@ -55,7 +55,13 @@ For a list of monitoring components exposed in the Rancher UI, along with common ## Role-based Access Control -For information on configuring access to monitoring, see [this page.](rbac-for-monitoring.md) +For more information on configuring access to monitoring, see [this page.](rbac-for-monitoring.md) + +:::note + +Rancher and Project read permissions do not necessarily apply to monitoring resources. See [monitoring-ui-view](rbac-for-monitoring.md#additional-monitoring-clusterroles) for more details. + +::: ## Guides diff --git a/versioned_docs/version-2.7/integrations-in-rancher/monitoring-and-alerting/monitoring-and-alerting.md b/versioned_docs/version-2.7/integrations-in-rancher/monitoring-and-alerting/monitoring-and-alerting.md index 07056fd3bdf..9975a11b356 100644 --- a/versioned_docs/version-2.7/integrations-in-rancher/monitoring-and-alerting/monitoring-and-alerting.md +++ b/versioned_docs/version-2.7/integrations-in-rancher/monitoring-and-alerting/monitoring-and-alerting.md @@ -55,7 +55,13 @@ For a list of monitoring components exposed in the Rancher UI, along with common ## Role-based Access Control -For information on configuring access to monitoring, see [this page.](rbac-for-monitoring.md) +For more information on configuring access to monitoring, see [this page.](rbac-for-monitoring.md) + +:::note + +Rancher and Project read permissions do not necessarily apply to monitoring resources. See [monitoring-ui-view](rbac-for-monitoring.md#additional-monitoring-clusterroles) for more details. + +::: ## Guides diff --git a/versioned_docs/version-2.8/integrations-in-rancher/monitoring-and-alerting/monitoring-and-alerting.md b/versioned_docs/version-2.8/integrations-in-rancher/monitoring-and-alerting/monitoring-and-alerting.md index 41b8662bcf5..1081e252d52 100644 --- a/versioned_docs/version-2.8/integrations-in-rancher/monitoring-and-alerting/monitoring-and-alerting.md +++ b/versioned_docs/version-2.8/integrations-in-rancher/monitoring-and-alerting/monitoring-and-alerting.md @@ -55,7 +55,13 @@ For a list of monitoring components exposed in the Rancher UI, along with common ## Role-based Access Control -For information on configuring access to monitoring, see [this page.](rbac-for-monitoring.md) +For more information on configuring access to monitoring, see [this page.](rbac-for-monitoring.md) + +:::note + +Rancher and Project read permissions do not necessarily apply to monitoring resources. See [monitoring-ui-view](rbac-for-monitoring.md#additional-monitoring-clusterroles) for more details. + +::: ## Guides From de7cab18916e4a1967ba2336976fd7df6bc50575 Mon Sep 17 00:00:00 2001 From: Marty Hernandez Avedon Date: Wed, 28 Feb 2024 15:56:27 -0500 Subject: [PATCH 27/28] Update README.md (#1150) --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 5fea49ee99f..6e9adbc8dac 100644 --- a/README.md +++ b/README.md @@ -23,7 +23,7 @@ If a file is moved or renamed, you'll also need to edit the `sidebars.js` files ### Navigate the Repo -The file paths in the repo correspond to the URLs for pages on the docs website. The docs for the latest version of Rancher are located in `/docs`. Most index pages are found within the `/pages-for-subheaders` directory in `/docs`. All images are in `/static/img` in the top level of the repo. Older docs are found within `/versioned_docs` and generally follow the same structure as the files in `/docs`. +The file paths in the repo correspond to the URLs for pages on the docs website. The docs for the latest version of Rancher are located in `/docs`. All images are in `/static/img` in the top level of the repo. Older docs are found within `/versioned_docs` and generally follow the same structure as the files in `/docs`. ### Style & Formatting From d8180384be9efb042705e53f1abddfad1d5f40c9 Mon Sep 17 00:00:00 2001 From: Marty Hernandez Avedon Date: Thu, 29 Feb 2024 13:45:48 -0500 Subject: [PATCH 28/28] Apply suggestions from code review --- .../monitoring-and-alerting/monitoring-and-alerting.md | 2 +- .../monitoring-and-alerting/rbac-for-monitoring.md | 2 +- .../monitoring-and-alerting/monitoring-and-alerting.md | 2 +- .../monitoring-and-alerting/rbac-for-monitoring.md | 2 +- .../monitoring-and-alerting/monitoring-and-alerting.md | 2 +- .../monitoring-and-alerting/rbac-for-monitoring.md | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/docs/integrations-in-rancher/monitoring-and-alerting/monitoring-and-alerting.md b/docs/integrations-in-rancher/monitoring-and-alerting/monitoring-and-alerting.md index 1081e252d52..06bd0ac2297 100644 --- a/docs/integrations-in-rancher/monitoring-and-alerting/monitoring-and-alerting.md +++ b/docs/integrations-in-rancher/monitoring-and-alerting/monitoring-and-alerting.md @@ -59,7 +59,7 @@ For more information on configuring access to monitoring, see [this page.](rbac- :::note -Rancher and Project read permissions do not necessarily apply to monitoring resources. See [monitoring-ui-view](rbac-for-monitoring.md#additional-monitoring-clusterroles) for more details. +Rancher and Project read permissions don't necessarily apply to monitoring resources. See [monitoring-ui-view](rbac-for-monitoring.md#additional-monitoring-clusterroles) for more details. ::: diff --git a/docs/integrations-in-rancher/monitoring-and-alerting/rbac-for-monitoring.md b/docs/integrations-in-rancher/monitoring-and-alerting/rbac-for-monitoring.md index 3c538ba5d07..583611b99c0 100644 --- a/docs/integrations-in-rancher/monitoring-and-alerting/rbac-for-monitoring.md +++ b/docs/integrations-in-rancher/monitoring-and-alerting/rbac-for-monitoring.md @@ -112,7 +112,7 @@ Monitoring also creates additional `ClusterRoles` that aren't assigned to users | Role | Purpose | | ------------------------------| ---------------------------| -| monitoring-ui-view | _Available as of Monitoring v2 14.5.100+_ This ClusterRole allows users with write access to the project to view metrics graphs for the specified cluster in the Rancher UI. This is done by granting Read-only access to external Monitoring UIs. Users with this role have permission to list the Prometheus, Alertmanager, and Grafana endpoints and make GET requests to Prometheus, Alertmanager, and Grafana UIs through the Rancher proxy.

This role does not grant access to monitoring endpoints. As a result, users with this role will not be able to view cluster monitoring graphs and dashboards in the rancher UI; however, they are able to access the monitoring Grafana, Prometheus, and Alertmanager UIs if provided those links. | +| monitoring-ui-view | _Available as of Monitoring v2 14.5.100+_ This ClusterRole allows users with write access to the project to view metrics graphs for the specified cluster in the Rancher UI. This is done by granting Read-only access to external Monitoring UIs. Users with this role have permission to list the Prometheus, Alertmanager, and Grafana endpoints and make GET requests to Prometheus, Alertmanager, and Grafana UIs through the Rancher proxy.

This role doesn't grant access to monitoring endpoints. As a result, users with this role won't be able to view cluster monitoring graphs and dashboards in the Rancher UI; however, they are able to access the monitoring Grafana, Prometheus, and Alertmanager UIs if provided those links. | :::note diff --git a/versioned_docs/version-2.7/integrations-in-rancher/monitoring-and-alerting/monitoring-and-alerting.md b/versioned_docs/version-2.7/integrations-in-rancher/monitoring-and-alerting/monitoring-and-alerting.md index 9975a11b356..da6460a0da7 100644 --- a/versioned_docs/version-2.7/integrations-in-rancher/monitoring-and-alerting/monitoring-and-alerting.md +++ b/versioned_docs/version-2.7/integrations-in-rancher/monitoring-and-alerting/monitoring-and-alerting.md @@ -59,7 +59,7 @@ For more information on configuring access to monitoring, see [this page.](rbac- :::note -Rancher and Project read permissions do not necessarily apply to monitoring resources. See [monitoring-ui-view](rbac-for-monitoring.md#additional-monitoring-clusterroles) for more details. +Rancher and Project read permissions don't necessarily apply to monitoring resources. See [monitoring-ui-view](rbac-for-monitoring.md#additional-monitoring-clusterroles) for more details. ::: diff --git a/versioned_docs/version-2.7/integrations-in-rancher/monitoring-and-alerting/rbac-for-monitoring.md b/versioned_docs/version-2.7/integrations-in-rancher/monitoring-and-alerting/rbac-for-monitoring.md index e7b59526286..01d7c5dd6e5 100644 --- a/versioned_docs/version-2.7/integrations-in-rancher/monitoring-and-alerting/rbac-for-monitoring.md +++ b/versioned_docs/version-2.7/integrations-in-rancher/monitoring-and-alerting/rbac-for-monitoring.md @@ -112,7 +112,7 @@ Monitoring also creates additional `ClusterRoles` that aren't assigned to users | Role | Purpose | | ------------------------------| ---------------------------| -| monitoring-ui-view | _Available as of Monitoring v2 14.5.100+_ This ClusterRole allows users with write access to the project to view metrics graphs for the specified cluster in the Rancher UI. This is done by granting Read-only access to external Monitoring UIs. Users with this role have permission to list the Prometheus, Alertmanager, and Grafana endpoints and make GET requests to Prometheus, Alertmanager, and Grafana UIs through the Rancher proxy.

This role does not grant access to monitoring endpoints. As a result, users with this role will not be able to view cluster monitoring graphs and dashboards in the rancher UI; however, they are able to access the monitoring Grafana, Prometheus, and Alertmanager UIs if provided those links. | +| monitoring-ui-view | _Available as of Monitoring v2 14.5.100+_ This ClusterRole allows users with write access to the project to view metrics graphs for the specified cluster in the Rancher UI. This is done by granting Read-only access to external Monitoring UIs. Users with this role have permission to list the Prometheus, Alertmanager, and Grafana endpoints and make GET requests to Prometheus, Alertmanager, and Grafana UIs through the Rancher proxy.

This role doesn't grant access to monitoring endpoints. As a result, users with this role won't be able to view cluster monitoring graphs and dashboards in the Rancher UI; however, they are able to access the monitoring Grafana, Prometheus, and Alertmanager UIs if provided those links. | :::note diff --git a/versioned_docs/version-2.8/integrations-in-rancher/monitoring-and-alerting/monitoring-and-alerting.md b/versioned_docs/version-2.8/integrations-in-rancher/monitoring-and-alerting/monitoring-and-alerting.md index 1081e252d52..06bd0ac2297 100644 --- a/versioned_docs/version-2.8/integrations-in-rancher/monitoring-and-alerting/monitoring-and-alerting.md +++ b/versioned_docs/version-2.8/integrations-in-rancher/monitoring-and-alerting/monitoring-and-alerting.md @@ -59,7 +59,7 @@ For more information on configuring access to monitoring, see [this page.](rbac- :::note -Rancher and Project read permissions do not necessarily apply to monitoring resources. See [monitoring-ui-view](rbac-for-monitoring.md#additional-monitoring-clusterroles) for more details. +Rancher and Project read permissions don't necessarily apply to monitoring resources. See [monitoring-ui-view](rbac-for-monitoring.md#additional-monitoring-clusterroles) for more details. ::: diff --git a/versioned_docs/version-2.8/integrations-in-rancher/monitoring-and-alerting/rbac-for-monitoring.md b/versioned_docs/version-2.8/integrations-in-rancher/monitoring-and-alerting/rbac-for-monitoring.md index 3c538ba5d07..583611b99c0 100644 --- a/versioned_docs/version-2.8/integrations-in-rancher/monitoring-and-alerting/rbac-for-monitoring.md +++ b/versioned_docs/version-2.8/integrations-in-rancher/monitoring-and-alerting/rbac-for-monitoring.md @@ -112,7 +112,7 @@ Monitoring also creates additional `ClusterRoles` that aren't assigned to users | Role | Purpose | | ------------------------------| ---------------------------| -| monitoring-ui-view | _Available as of Monitoring v2 14.5.100+_ This ClusterRole allows users with write access to the project to view metrics graphs for the specified cluster in the Rancher UI. This is done by granting Read-only access to external Monitoring UIs. Users with this role have permission to list the Prometheus, Alertmanager, and Grafana endpoints and make GET requests to Prometheus, Alertmanager, and Grafana UIs through the Rancher proxy.

This role does not grant access to monitoring endpoints. As a result, users with this role will not be able to view cluster monitoring graphs and dashboards in the rancher UI; however, they are able to access the monitoring Grafana, Prometheus, and Alertmanager UIs if provided those links. | +| monitoring-ui-view | _Available as of Monitoring v2 14.5.100+_ This ClusterRole allows users with write access to the project to view metrics graphs for the specified cluster in the Rancher UI. This is done by granting Read-only access to external Monitoring UIs. Users with this role have permission to list the Prometheus, Alertmanager, and Grafana endpoints and make GET requests to Prometheus, Alertmanager, and Grafana UIs through the Rancher proxy.

This role doesn't grant access to monitoring endpoints. As a result, users with this role won't be able to view cluster monitoring graphs and dashboards in the Rancher UI; however, they are able to access the monitoring Grafana, Prometheus, and Alertmanager UIs if provided those links. | :::note