From f27d442882948f58b7417105b3acdb2e4e3c4055 Mon Sep 17 00:00:00 2001 From: Bastian Hofmann Date: Mon, 9 Aug 2021 16:23:53 +0200 Subject: [PATCH 01/10] Update FAQ regarding Hashicorp Vault This clarifies that there is no built-in integration at the moment, but that you can use Vault with its standard Kubernetes integration. Signed-off-by: Bastian Hofmann --- content/rancher/v2.5/en/faq/_index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/rancher/v2.5/en/faq/_index.md b/content/rancher/v2.5/en/faq/_index.md index 7cd76f88e5d..47366434f30 100644 --- a/content/rancher/v2.5/en/faq/_index.md +++ b/content/rancher/v2.5/en/faq/_index.md @@ -39,7 +39,7 @@ Furthermore, Istio is implemented in our micro-PaaS "Rio", which works on Ranche **Will Rancher v2.x support Hashicorp's Vault for storing secrets?** -Secrets management is on our roadmap but we haven't assigned it to a specific release yet. +There is no built-in integration of Rancher and Hashicorp's Vault. Rancher manages Kubernetes and integrates with secrets via the Kubernetes API. Thus in any downstream (managed) cluster, you can use a secret vault of your choice provided it integrates with Kubernetes, including [Vault](https://www.vaultproject.io/docs/platform/k8s).
From 50edf0551955cb6ce3552ae032a09d8608f5ae2a Mon Sep 17 00:00:00 2001 From: dereknola Date: Thu, 12 Aug 2021 17:11:31 -0700 Subject: [PATCH 02/10] Added skip file documentation, fixed typo Signed-off-by: dereknola --- .../en/installation/disable-flags/_index.md | 23 +++++++++++++++---- .../en/installation/install-options/_index.md | 2 +- 2 files changed, 20 insertions(+), 5 deletions(-) diff --git a/content/k3s/latest/en/installation/disable-flags/_index.md b/content/k3s/latest/en/installation/disable-flags/_index.md index 6652c85d704..0afa10aa1bb 100644 --- a/content/k3s/latest/en/installation/disable-flags/_index.md +++ b/content/k3s/latest/en/installation/disable-flags/_index.md @@ -3,7 +3,7 @@ title: "Disable Components Flags" weight: 60 --- -When starting K3s server with --cluster-init it will run all control plane components that includes (api server, controller manager, scheduler, and etcd). However you can run server nodes with certain components and execlude others, the following sectiohs will explain how to do that. +When starting K3s server with --cluster-init it will run all control plane components that includes (api server, controller manager, scheduler, and etcd). However you can run server nodes with certain components and execlude others, the following sections will explain how to do that. # ETCD Only Nodes @@ -34,7 +34,7 @@ ip-172-31-13-32 Ready etcd 5h39m v1.20.4+k3s1 ip-172-31-14-69 Ready control-plane,master 5h39m v1.20.4+k3s1 ``` -Note that you can run `kubectl` commands only on the k3s server that has the api running, and you cant run `kubectl` commands on etcd only nodes. +Note that you can run `kubectl` commands only on the k3s server that has the api running, and you can't run `kubectl` commands on etcd only nodes. ### Re-enabling control components @@ -57,7 +57,7 @@ Notice that role labels has been re-added to the node `ip-172-31-13-32` with the # Add disable flags using the config file -In any of the previous situation you can use the config file instead of running the curl commands with the associated flags, for example to run an etcd only node you can add the following options to the `/etc/rancher/k3s/config.yaml` file: +In any of the previous situations you can use the config file instead of running the curl commands with the associated flags, for example to run an etcd only node you can add the following options to the `/etc/rancher/k3s/config.yaml` file: ``` --- @@ -70,4 +70,19 @@ and then start K3s using the curl command without any arguents: ``` curl -fL https://get.k3s.io | sh - -``` \ No newline at end of file +``` +# Disable components using .skip files + +For any yaml file under `/var/lib/rancher/k3s/server/manifests` (coredns, traefik, local-storeage, etc.) you can add a `.skip` file which will cause K3s to not apply the associated yaml file. +For example, adding `traefik.yaml.skip` in the manifests directory will cause K3s to skip `traefik.yaml`. +``` +ls /var/lib/rancher/k3s/server/manifests +ccm.yaml local-storage.yaml rolebindings.yaml traefik.yaml.skip +coredns.yaml traefik.yaml + +kubectl get pods -A +NAMESPACE NAME READY STATUS RESTARTS AGE +kube-system local-path-provisioner-64ffb68fd-xx98j 1/1 Running 0 74s +kube-system metrics-server-5489f84d5d-7zwkt 1/1 Running 0 74s +kube-system coredns-85cb69466-vcq7j 1/1 Running 0 74s +``` diff --git a/content/k3s/latest/en/installation/install-options/_index.md b/content/k3s/latest/en/installation/install-options/_index.md index af4845e5f50..e38f4cb7f01 100644 --- a/content/k3s/latest/en/installation/install-options/_index.md +++ b/content/k3s/latest/en/installation/install-options/_index.md @@ -46,7 +46,7 @@ When using this method to install K3s, the following environment variables can b | `INSTALL_K3S_CHANNEL_URL` | Channel URL for fetching K3s download URL. Defaults to https://update.k3s.io/v1-release/channels. | | `INSTALL_K3S_CHANNEL` | Channel to use for fetching K3s download URL. Defaults to "stable". Options include: `stable`, `latest`, `testing`. | -This example shows where to place aformentioned environment variables as options (after the pipe): +This example shows where to place aforementioned environment variables as options (after the pipe): ``` curl -sfL https://get.k3s.io | INSTALL_K3S_CHANNEL=latest sh - From c08175980c2ccdb871767a12a83b0ee9595b382c Mon Sep 17 00:00:00 2001 From: dereknola Date: Fri, 13 Aug 2021 10:30:23 -0700 Subject: [PATCH 03/10] Updated incorrect flag name Signed-off-by: dereknola --- .../k3s/latest/en/installation/disable-flags/_index.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/content/k3s/latest/en/installation/disable-flags/_index.md b/content/k3s/latest/en/installation/disable-flags/_index.md index 0afa10aa1bb..83b6b692cca 100644 --- a/content/k3s/latest/en/installation/disable-flags/_index.md +++ b/content/k3s/latest/en/installation/disable-flags/_index.md @@ -9,10 +9,10 @@ When starting K3s server with --cluster-init it will run all control plane compo This document assumes you run K3s server with embedded etcd by passing `--cluster-init` flag to the server process. -To run a K3s server with only etcd components you can pass `--disable-api-server --disable-controller-manager --disable-scheduler` flags to k3s, this will result in running a server node with only etcd, for example to run K3s server with those flags: +To run a K3s server with only etcd components you can pass `--disable-apiserver --disable-controller-manager --disable-scheduler` flags to k3s, this will result in running a server node with only etcd, for example to run K3s server with those flags: ``` -curl -fL https://get.k3s.io | sh -s - server --cluster-init --disable-api-server --disable-controller-manager --disable-scheduler +curl -fL https://get.k3s.io | sh -s - server --cluster-init --disable-apiserver --disable-controller-manager --disable-scheduler ``` You can join other nodes to the cluster normally after that. @@ -39,7 +39,7 @@ Note that you can run `kubectl` commands only on the k3s server that has the api ### Re-enabling control components -In both cases you can re-enable any component that you already disabled simply by removing the corresponding flag that disables them, so for example if you want to revert the etcd only node back to a full k3s server with all components you can just remove the following 3 flags `--disable-api-server --disable-controller-manager --disable-scheduler`, so in our example to revert back node `ip-172-31-13-32` to a full k3s server you can just re-run the curl command without the disable flags: +In both cases you can re-enable any component that you already disabled simply by removing the corresponding flag that disables them, so for example if you want to revert the etcd only node back to a full k3s server with all components you can just remove the following 3 flags `--disable-apiserver --disable-controller-manager --disable-scheduler`, so in our example to revert back node `ip-172-31-13-32` to a full k3s server you can just re-run the curl command without the disable flags: ``` curl -fL https://get.k3s.io | sh -s - server --cluster-init ``` @@ -61,7 +61,7 @@ In any of the previous situations you can use the config file instead of running ``` --- -disable-api-server: true +disable-apiserver: true disable-controller-manager: true disable-scheduler: true cluster-init: true From 2ab49c20c782e132b320f74de3d7176e904356e8 Mon Sep 17 00:00:00 2001 From: Jennifer Travinski Date: Fri, 13 Aug 2021 15:00:49 -0400 Subject: [PATCH 04/10] Clarified wording on authorized cluster endpoints --- .../v2.5/en/cluster-provisioning/rke-clusters/options/_index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/rancher/v2.5/en/cluster-provisioning/rke-clusters/options/_index.md b/content/rancher/v2.5/en/cluster-provisioning/rke-clusters/options/_index.md index aef26507b12..e8c4b446960 100644 --- a/content/rancher/v2.5/en/cluster-provisioning/rke-clusters/options/_index.md +++ b/content/rancher/v2.5/en/cluster-provisioning/rke-clusters/options/_index.md @@ -108,7 +108,7 @@ See the [RKE documentation on private registries]({{}}/rke/latest/en/co Authorized Cluster Endpoint can be used to directly access the Kubernetes API server, without requiring communication through Rancher. -> The authorized cluster endpoint only works on Rancher-launched Kubernetes clusters. In other words, it only works in clusters where Rancher [used RKE]({{}}/rancher/v2.5/en/overview/architecture/#tools-for-provisioning-kubernetes-clusters) to provision the cluster. It is not available for clusters in a hosted Kubernetes provider, such as Amazon's EKS. +> The authorized cluster endpoint is available only in clusters that Rancher has launched and provisioned [using RKE]({{}}/rancher/v2.5/en/overview/architecture/#tools-for-provisioning-kubernetes-clusters). It is not available for clusters in hosted Kubernetes providers, such as Amazon's EKS. This is enabled by default in Rancher-launched Kubernetes clusters, using the IP of the node with the `controlplane` role and the default Kubernetes self signed certificates. From 0d6970b7f6780e18f0065986b9a19e6ea4c8a2d6 Mon Sep 17 00:00:00 2001 From: Jennifer Travinski Date: Fri, 13 Aug 2021 16:01:46 -0400 Subject: [PATCH 05/10] Updated importing info for cluster endpoint --- .../v2.5/en/cluster-provisioning/rke-clusters/options/_index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/rancher/v2.5/en/cluster-provisioning/rke-clusters/options/_index.md b/content/rancher/v2.5/en/cluster-provisioning/rke-clusters/options/_index.md index e8c4b446960..90704fa8027 100644 --- a/content/rancher/v2.5/en/cluster-provisioning/rke-clusters/options/_index.md +++ b/content/rancher/v2.5/en/cluster-provisioning/rke-clusters/options/_index.md @@ -108,7 +108,7 @@ See the [RKE documentation on private registries]({{}}/rke/latest/en/co Authorized Cluster Endpoint can be used to directly access the Kubernetes API server, without requiring communication through Rancher. -> The authorized cluster endpoint is available only in clusters that Rancher has launched and provisioned [using RKE]({{}}/rancher/v2.5/en/overview/architecture/#tools-for-provisioning-kubernetes-clusters). It is not available for clusters in hosted Kubernetes providers, such as Amazon's EKS. +> The authorized cluster endpoint is available only in clusters that Rancher has provisioned [using RKE]({{}}/rancher/v2.5/en/overview/architecture/#tools-for-provisioning-kubernetes-clusters). It is not available for clusters in hosted Kubernetes providers, such as Amazon's EKS. Additionally, the authorized cluster endpoint cannot be enabled nor imported into Rancher from an RKE cluster; it is available only on Rancher-launched Kubernetes clusters. This is enabled by default in Rancher-launched Kubernetes clusters, using the IP of the node with the `controlplane` role and the default Kubernetes self signed certificates. From 66d1cf84fafd2e765c5c3e9a2b2659b1bbf401bc Mon Sep 17 00:00:00 2001 From: Jennifer Travinski Date: Fri, 13 Aug 2021 15:00:49 -0400 Subject: [PATCH 06/10] Clarified wording on authorized cluster endpoints --- .../v2.5/en/cluster-provisioning/rke-clusters/options/_index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/rancher/v2.5/en/cluster-provisioning/rke-clusters/options/_index.md b/content/rancher/v2.5/en/cluster-provisioning/rke-clusters/options/_index.md index aef26507b12..e8c4b446960 100644 --- a/content/rancher/v2.5/en/cluster-provisioning/rke-clusters/options/_index.md +++ b/content/rancher/v2.5/en/cluster-provisioning/rke-clusters/options/_index.md @@ -108,7 +108,7 @@ See the [RKE documentation on private registries]({{}}/rke/latest/en/co Authorized Cluster Endpoint can be used to directly access the Kubernetes API server, without requiring communication through Rancher. -> The authorized cluster endpoint only works on Rancher-launched Kubernetes clusters. In other words, it only works in clusters where Rancher [used RKE]({{}}/rancher/v2.5/en/overview/architecture/#tools-for-provisioning-kubernetes-clusters) to provision the cluster. It is not available for clusters in a hosted Kubernetes provider, such as Amazon's EKS. +> The authorized cluster endpoint is available only in clusters that Rancher has launched and provisioned [using RKE]({{}}/rancher/v2.5/en/overview/architecture/#tools-for-provisioning-kubernetes-clusters). It is not available for clusters in hosted Kubernetes providers, such as Amazon's EKS. This is enabled by default in Rancher-launched Kubernetes clusters, using the IP of the node with the `controlplane` role and the default Kubernetes self signed certificates. From 79512f699310dc922c766c9727b3b8f13948a461 Mon Sep 17 00:00:00 2001 From: Jennifer Travinski Date: Fri, 13 Aug 2021 16:01:46 -0400 Subject: [PATCH 07/10] Updated importing info for cluster endpoint --- .../v2.5/en/cluster-provisioning/rke-clusters/options/_index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/rancher/v2.5/en/cluster-provisioning/rke-clusters/options/_index.md b/content/rancher/v2.5/en/cluster-provisioning/rke-clusters/options/_index.md index e8c4b446960..90704fa8027 100644 --- a/content/rancher/v2.5/en/cluster-provisioning/rke-clusters/options/_index.md +++ b/content/rancher/v2.5/en/cluster-provisioning/rke-clusters/options/_index.md @@ -108,7 +108,7 @@ See the [RKE documentation on private registries]({{}}/rke/latest/en/co Authorized Cluster Endpoint can be used to directly access the Kubernetes API server, without requiring communication through Rancher. -> The authorized cluster endpoint is available only in clusters that Rancher has launched and provisioned [using RKE]({{}}/rancher/v2.5/en/overview/architecture/#tools-for-provisioning-kubernetes-clusters). It is not available for clusters in hosted Kubernetes providers, such as Amazon's EKS. +> The authorized cluster endpoint is available only in clusters that Rancher has provisioned [using RKE]({{}}/rancher/v2.5/en/overview/architecture/#tools-for-provisioning-kubernetes-clusters). It is not available for clusters in hosted Kubernetes providers, such as Amazon's EKS. Additionally, the authorized cluster endpoint cannot be enabled nor imported into Rancher from an RKE cluster; it is available only on Rancher-launched Kubernetes clusters. This is enabled by default in Rancher-launched Kubernetes clusters, using the IP of the node with the `controlplane` role and the default Kubernetes self signed certificates. From 3ce499e0d103f3ef01f8cd9d65c694900337a23c Mon Sep 17 00:00:00 2001 From: Jennifer Travinski Date: Mon, 16 Aug 2021 18:08:13 -0400 Subject: [PATCH 08/10] Update ACE --- .../cluster-provisioning/cluster-capabilities-table/index.md | 3 ++- .../en/cluster-provisioning/rke-clusters/options/_index.md | 2 +- .../cluster-provisioning/cluster-capabilities-table/index.md | 5 +++-- .../en/cluster-provisioning/rke-clusters/options/_index.md | 2 +- .../en/cluster-provisioning/rke-clusters/options/_index.md | 2 +- 5 files changed, 8 insertions(+), 6 deletions(-) diff --git a/content/rancher/v2.0-v2.4/en/cluster-provisioning/cluster-capabilities-table/index.md b/content/rancher/v2.0-v2.4/en/cluster-provisioning/cluster-capabilities-table/index.md index 2af054da595..a1c3bb4f8e6 100644 --- a/content/rancher/v2.0-v2.4/en/cluster-provisioning/cluster-capabilities-table/index.md +++ b/content/rancher/v2.0-v2.4/en/cluster-provisioning/cluster-capabilities-table/index.md @@ -16,7 +16,8 @@ headless: true | [Ability to back up your Kubernetes Clusters]({{}}/rancher/v2.0-v2.4/en/cluster-admin/backing-up-etcd/) | ✓ | | | | [Ability to recover and restore etcd]({{}}/rancher/v2.0-v2.4/en/cluster-admin/restoring-etcd/) | ✓ | | | | [Cleaning Kubernetes components when clusters are no longer reachable from Rancher]({{}}/rancher/v2.0-v2.4/en/cluster-admin/cleaning-cluster-nodes/) | ✓ | | | -| [Configuring Pod Security Policies]({{}}/rancher/v2.0-v2.4/en/cluster-admin/pod-security-policy/) | ✓ | | | +| [Configuring Pod Security Policies]({{}}/rancher/v2.0-v2.4/en/cluster-admin/pod-security-policy/) | ✓ | | | | [Running Security Scans]({{}}/rancher/v2.0-v2.4/en/security/security-scan/) | ✓ | | | +| [Authorized Cluster Endpoint]({{}}/rancher/v2.0-v2.4/en/cluster-provisioning/rke-clusters/options/#authorized-cluster-endpoint) | ✓ | | | \* Cluster configuration options can't be edited for imported clusters, except for K3s clusters. diff --git a/content/rancher/v2.0-v2.4/en/cluster-provisioning/rke-clusters/options/_index.md b/content/rancher/v2.0-v2.4/en/cluster-provisioning/rke-clusters/options/_index.md index bc6c50f0c99..a02c277da87 100644 --- a/content/rancher/v2.0-v2.4/en/cluster-provisioning/rke-clusters/options/_index.md +++ b/content/rancher/v2.0-v2.4/en/cluster-provisioning/rke-clusters/options/_index.md @@ -108,7 +108,7 @@ _Available as of v2.2.0_ Authorized Cluster Endpoint can be used to directly access the Kubernetes API server, without requiring communication through Rancher. -> The authorized cluster endpoint only works on Rancher-launched Kubernetes clusters. In other words, it only works in clusters where Rancher [used RKE]({{}}/rancher/v2.0-v2.4/en/overview/architecture/#tools-for-provisioning-kubernetes-clusters) to provision the cluster. It is not available for clusters in a hosted Kubernetes provider, such as Amazon's EKS. +> The authorized cluster endpoint is available only in clusters that Rancher has provisioned [using RKE]({{}}/rancher/v2.0-v2.4/en/cluster-provisioning/rke-clusters/options/#authorized-cluster-endpoint). It is not available for clusters in hosted Kubernetes providers, such as Amazon's EKS. Additionally, the authorized cluster endpoint cannot be enabled for RKE clusters that are imported into Rancher; it is available only on Rancher-launched Kubernetes clusters. This is enabled by default in Rancher-launched Kubernetes clusters, using the IP of the node with the `controlplane` role and the default Kubernetes self signed certificates. diff --git a/content/rancher/v2.5/en/cluster-provisioning/cluster-capabilities-table/index.md b/content/rancher/v2.5/en/cluster-provisioning/cluster-capabilities-table/index.md index 17ee1f9c6a1..9375f30b6ba 100644 --- a/content/rancher/v2.5/en/cluster-provisioning/cluster-capabilities-table/index.md +++ b/content/rancher/v2.5/en/cluster-provisioning/cluster-capabilities-table/index.md @@ -17,10 +17,11 @@ headless: true | [Configuring Tools (Alerts, Notifiers, Logging, Monitoring, Istio)]({{}}/rancher/v2.5/en/cluster-admin/tools/) | ✓ | ✓ | ✓ | ✓ | | [Running Security Scans]({{}}/rancher/v2.5/en/security/security-scan/) | ✓ | ✓ | ✓ | ✓ | | [Use existing configuration to create additional clusters]({{}}/rancher/v2.5/en/cluster-admin/cloning-clusters/)| ✓ | ✓ |✓ | | -| [Ability to rotate certificates]({{}}/rancher/v2.5/en/cluster-admin/certificate-rotation/) | ✓ | ✓ | | | +| [Ability to rotate certificates]({{}}/rancher/v2.5/en/cluster-admin/certificate-rotation/) | ✓ | ✓ | | | | Ability to [backup]({{}}/rancher/v2.5/en/cluster-admin/backing-up-etcd/) and [restore]({{}}/rancher/v2.5/en/cluster-admin/restoring-etcd/) Rancher-launched clusters | ✓ | ✓ | | ✓4 | | [Cleaning Kubernetes components when clusters are no longer reachable from Rancher]({{}}/rancher/v2.5/en/cluster-admin/cleaning-cluster-nodes/) | ✓ | | | | -| [Configuring Pod Security Policies]({{}}/rancher/v2.5/en/cluster-admin/pod-security-policy/) | ✓ | ✓ | || +| [Configuring Pod Security Policies]({{}}/rancher/v2.5/en/cluster-admin/pod-security-policy/) | ✓ | ✓ | | | +| [Authorized Cluster Endpoint]({{}}/rancher/v2.5/en/cluster-provisioning/rke-clusters/options/#authorized-cluster-endpoint) | ✓ | | | | 1. Registered GKE and EKS clusters have the same options available as GKE and EKS clusters created from the Rancher UI. The difference is that when a registered cluster is deleted from the Rancher UI, [it is not destroyed.]({{}}/rancher/v2.5/en/cluster-provisioning/registered-clusters/#additional-features-for-registered-eks-and-gke-clusters) diff --git a/content/rancher/v2.5/en/cluster-provisioning/rke-clusters/options/_index.md b/content/rancher/v2.5/en/cluster-provisioning/rke-clusters/options/_index.md index 90704fa8027..7105f8937d3 100644 --- a/content/rancher/v2.5/en/cluster-provisioning/rke-clusters/options/_index.md +++ b/content/rancher/v2.5/en/cluster-provisioning/rke-clusters/options/_index.md @@ -108,7 +108,7 @@ See the [RKE documentation on private registries]({{}}/rke/latest/en/co Authorized Cluster Endpoint can be used to directly access the Kubernetes API server, without requiring communication through Rancher. -> The authorized cluster endpoint is available only in clusters that Rancher has provisioned [using RKE]({{}}/rancher/v2.5/en/overview/architecture/#tools-for-provisioning-kubernetes-clusters). It is not available for clusters in hosted Kubernetes providers, such as Amazon's EKS. Additionally, the authorized cluster endpoint cannot be enabled nor imported into Rancher from an RKE cluster; it is available only on Rancher-launched Kubernetes clusters. +> The authorized cluster endpoint is available only in clusters that Rancher has provisioned [using RKE]({{}}/rancher/v2.5/en/overview/architecture/#tools-for-provisioning-kubernetes-clusters). It is not available for clusters in hosted Kubernetes providers, such as Amazon's EKS. Additionally, the authorized cluster endpoint cannot be enabled for RKE clusters that are registered with Rancher; it is available only on Rancher-launched Kubernetes clusters. This is enabled by default in Rancher-launched Kubernetes clusters, using the IP of the node with the `controlplane` role and the default Kubernetes self signed certificates. diff --git a/content/rancher/v2.x/en/cluster-provisioning/rke-clusters/options/_index.md b/content/rancher/v2.x/en/cluster-provisioning/rke-clusters/options/_index.md index a7f4c4580d3..a03651da243 100644 --- a/content/rancher/v2.x/en/cluster-provisioning/rke-clusters/options/_index.md +++ b/content/rancher/v2.x/en/cluster-provisioning/rke-clusters/options/_index.md @@ -109,7 +109,7 @@ _Available as of v2.2.0_ Authorized Cluster Endpoint can be used to directly access the Kubernetes API server, without requiring communication through Rancher. -> The authorized cluster endpoint only works on Rancher-launched Kubernetes clusters. In other words, it only works in clusters where Rancher [used RKE]({{}}/rancher/v2.x/en/overview/architecture/#tools-for-provisioning-kubernetes-clusters) to provision the cluster. It is not available for clusters in a hosted Kubernetes provider, such as Amazon's EKS. +> The authorized cluster endpoint is available only in clusters that Rancher has provisioned [using RKE]({{}}/rancher/v2.x/en/overview/architecture/#tools-for-provisioning-kubernetes-clusters). It is not available for clusters in hosted Kubernetes providers, such as Amazon's EKS. Additionally, the authorized cluster endpoint cannot be enabled for RKE clusters that are imported into Rancher; it is available only on Rancher-launched Kubernetes clusters. This is enabled by default in Rancher-launched Kubernetes clusters, using the IP of the node with the `controlplane` role and the default Kubernetes self signed certificates. From 332703120d3da70ea7436d2e286a59d1a0ac3ac5 Mon Sep 17 00:00:00 2001 From: Jennifer Travinski Date: Wed, 18 Aug 2021 10:17:36 -0400 Subject: [PATCH 09/10] Updated SLES and RHEL_OL_CentOS links --- content/rke/latest/en/os/_index.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/content/rke/latest/en/os/_index.md b/content/rke/latest/en/os/_index.md index 843d66304e5..92b406f5a18 100644 --- a/content/rke/latest/en/os/_index.md +++ b/content/rke/latest/en/os/_index.md @@ -7,14 +7,14 @@ weight: 5 - [Operating System](#operating-system) - [General Linux Requirements](#general-linux-requirements) - - [SUSE Linux Enterprise Server (SLES) / openSUSE](#suse-linux-enterprise-server-sles--opensuse) + - [SUSE Linux Enterprise Server (SLES) / openSUSE](#suse-linux-enterprise-server-sles-opensuse) - [Using Upstream Docker](#using-upstream-docker) - [Using SUSE/openSUSE packaged Docker](#using-suseopensuse-packaged-docker) - [Adding the Software Repository for Docker](#adding-the-software-repository-for-docker) - [openSUSE MicroOS/Kubic (Atomic)](#opensuse-microoskubic-atomic) - [openSUSE MicroOS](#opensuse-microos) - [openSUSE Kubic](#opensuse-kubic) - - [Red Hat Enterprise Linux (RHEL) / Oracle Linux (OL) / CentOS](#red-hat-enterprise-linux-rhel--oracle-linux-ol--centos) + - [Red Hat Enterprise Linux (RHEL) / Oracle Linux (OL) / CentOS](#red-hat-enterprise-linux-rhel-oracle-linux-ol-centos) - [Using upstream Docker](#using-upstream-docker-1) - [Using RHEL/CentOS packaged Docker](#using-rhelcentos-packaged-docker) - [Red Hat Atomic](#red-hat-atomic) From ad26c547e72a74a32a10184fa3db9c1465af1ebf Mon Sep 17 00:00:00 2001 From: Jennifer Travinski Date: Wed, 18 Aug 2021 18:12:18 -0400 Subject: [PATCH 10/10] Updated links in Rancher Docs Requirements --- content/rke/latest/en/os/_index.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/content/rke/latest/en/os/_index.md b/content/rke/latest/en/os/_index.md index 92b406f5a18..d60aa9c39ed 100644 --- a/content/rke/latest/en/os/_index.md +++ b/content/rke/latest/en/os/_index.md @@ -9,14 +9,14 @@ weight: 5 - [General Linux Requirements](#general-linux-requirements) - [SUSE Linux Enterprise Server (SLES) / openSUSE](#suse-linux-enterprise-server-sles-opensuse) - [Using Upstream Docker](#using-upstream-docker) - - [Using SUSE/openSUSE packaged Docker](#using-suseopensuse-packaged-docker) + - [Using SUSE/openSUSE packaged Docker](#using-suse-opensuse-packaged-docker) - [Adding the Software Repository for Docker](#adding-the-software-repository-for-docker) - - [openSUSE MicroOS/Kubic (Atomic)](#opensuse-microoskubic-atomic) + - [openSUSE MicroOS/Kubic (Atomic)](#opensuse-microos-kubic-atomic) - [openSUSE MicroOS](#opensuse-microos) - [openSUSE Kubic](#opensuse-kubic) - [Red Hat Enterprise Linux (RHEL) / Oracle Linux (OL) / CentOS](#red-hat-enterprise-linux-rhel-oracle-linux-ol-centos) - [Using upstream Docker](#using-upstream-docker-1) - - [Using RHEL/CentOS packaged Docker](#using-rhelcentos-packaged-docker) + - [Using RHEL/CentOS packaged Docker](#using-rhel-centos-packaged-docker) - [Red Hat Atomic](#red-hat-atomic) - [OpenSSH version](#openssh-version) - [Creating a Docker Group](#creating-a-docker-group) @@ -28,8 +28,8 @@ weight: 5 - [Installing Docker](#installing-docker) - [Checking the Installed Docker Version](#checking-the-installed-docker-version) - [Ports](#ports) - - [Opening port TCP/6443 using `iptables`](#opening-port-tcp6443-using-iptables) - - [Opening port TCP/6443 using `firewalld`](#opening-port-tcp6443-using-firewalld) + - [Opening port TCP/6443 using `iptables`](#opening-port-tcp-6443-using-iptables) + - [Opening port TCP/6443 using `firewalld`](#opening-port-tcp-6443-using-firewalld) - [SSH Server Configuration](#ssh-server-configuration)