diff --git a/.github/stale.yml b/.github/stale.yml new file mode 100644 index 00000000000..972e235a185 --- /dev/null +++ b/.github/stale.yml @@ -0,0 +1,39 @@ +# Configuration for probot-stale - https://github.com/probot/stale + +# Number of days of inactivity before an Issue or Pull Request becomes stale +daysUntilStale: 90 + +# Number of days of inactivity before an Issue or Pull Request with the stale label is closed. +# Set to false to disable. If disabled, issues still need to be closed manually, but will remain marked as stale. +daysUntilClose: 30 + +# Only issues or pull requests with all of these labels are check if stale. Defaults to `[]` (disabled) +onlyLabels: [] + +# Issues or Pull Requests with these labels will never be considered stale. Set to `[]` to disable +exemptLabels: [] + +# Set to true to ignore issues in a project (defaults to false) +exemptProjects: true + +# Set to true to ignore issues in a milestone (defaults to false) +exemptMilestones: true + +# Set to true to ignore issues with an assignee (defaults to false) +exemptAssignees: true + +# Label to use when marking as stale +staleLabel: status/stale + +# Comment to post when marking as stale. Set to `false` to disable +markComment: > + This repository uses a bot to automatically label issues which have not had any activity (commit/comment/label) + for 90 days. This helps us manage the community issues better. If the issue is still relevant, please add a comment to the + issue so the bot can remove the label and we know it is still valid. If it is no longer relevant (or possibly fixed in the + latest release), the bot will automatically close the issue in 30 days. Thank you for your contributions. + +# Limit the number of actions per hour, from 1-30. Default is 30 +limitPerRun: 30 + +# Limit to only `issues` +only: issues diff --git a/Dockerfile.build b/Dockerfile.build index 614b1980fc8..a50a0e1e472 100644 --- a/Dockerfile.build +++ b/Dockerfile.build @@ -1,4 +1,4 @@ -FROM node:8-alpine +FROM node:16-alpine RUN apk update && apk add py-pygments bash git asciidoc gcompat && rm -rf /var/cache/apk/* diff --git a/content/k3s/latest/en/backup-restore/_index.md b/content/k3s/latest/en/backup-restore/_index.md index 8e9569e2948..13031a06c35 100644 --- a/content/k3s/latest/en/backup-restore/_index.md +++ b/content/k3s/latest/en/backup-restore/_index.md @@ -57,7 +57,7 @@ These options can be passed in with the command line, or in the [configuration f | Options | Description | | ----------- | --------------- | | `--etcd-disable-snapshots` | Disable automatic etcd snapshots | -| `--etcd-snapshot-schedule-cron` value | Snapshot interval time in cron spec. eg. every 5 hours `* */5 * * *`(default: `0 */12 * * *`) | +| `--etcd-snapshot-schedule-cron` value | Snapshot interval time in cron spec. eg. every 5 hours `0 */5 * * *`(default: `0 */12 * * *`) | | `--etcd-snapshot-retention` value | Number of snapshots to retain (default: 5) | | `--etcd-snapshot-dir` value | Directory to save db snapshots. (Default location: `${data-dir}/db/snapshots`) | | `--cluster-reset` | Forget all peers and become sole member of a new cluster. This can also be set with the environment variable `[$K3S_CLUSTER_RESET]`. diff --git a/content/k3s/latest/en/helm/_index.md b/content/k3s/latest/en/helm/_index.md index 89d21d70ba5..5d43acbb78f 100644 --- a/content/k3s/latest/en/helm/_index.md +++ b/content/k3s/latest/en/helm/_index.md @@ -96,8 +96,9 @@ metadata: namespace: kube-system spec: valuesContent: |- - image: traefik - imageTag: v1.7.26-alpine + image: + name: traefik + tag: v2.6.1 proxyProtocol: enabled: true trustedIPs: diff --git a/content/k3s/latest/en/installation/disable-flags/_index.md b/content/k3s/latest/en/installation/disable-flags/_index.md index 83b6b692cca..2dbbfeb8920 100644 --- a/content/k3s/latest/en/installation/disable-flags/_index.md +++ b/content/k3s/latest/en/installation/disable-flags/_index.md @@ -3,7 +3,7 @@ title: "Disable Components Flags" weight: 60 --- -When starting K3s server with --cluster-init it will run all control plane components that includes (api server, controller manager, scheduler, and etcd). However you can run server nodes with certain components and execlude others, the following sections will explain how to do that. +Starting the K3s server with `--cluster-init` will run all control plane components, including the api server, controller manager, scheduler, and etcd. However, you can run server nodes with certain components and exclude others; the following sections will explain how to do that. # ETCD Only Nodes diff --git a/content/k3s/latest/en/installation/ha-embedded/_index.md b/content/k3s/latest/en/installation/ha-embedded/_index.md index 9526a67c61e..9d4a1d85cc6 100644 --- a/content/k3s/latest/en/installation/ha-embedded/_index.md +++ b/content/k3s/latest/en/installation/ha-embedded/_index.md @@ -29,3 +29,6 @@ There are a few config flags that must be the same in all server nodes: * Network related flags: `--cluster-dns`, `--cluster-domain`, `--cluster-cidr`, `--service-cidr` * Flags controlling the deployment of certain components: `--disable-helm-controller`, `--disable-kube-proxy`, `--disable-network-policy` and any component passed to `--disable` * Feature related flags: `--secrets-encryption` + +## Existing clusters +If you have an existing cluster using the default embedded SQLite database, you can convert it to etcd by simply restarting your K3s server with the `--cluster-init` flag. Once you've done that, you'll be able to add additional instances as described above. diff --git a/content/k3s/latest/en/storage/_index.md b/content/k3s/latest/en/storage/_index.md index fd0dcba1168..883128ee118 100644 --- a/content/k3s/latest/en/storage/_index.md +++ b/content/k3s/latest/en/storage/_index.md @@ -9,6 +9,26 @@ A persistent volume (PV) is a piece of storage in the Kubernetes cluster, while This page describes how to set up persistent storage with a local storage provider, or with [Longhorn.](#setting-up-longhorn) +# What's changed in K3s storage? + +K3s removes several optional volume plugins and all built-in (sometimes referred to as "in-tree") cloud providers. We do this in order to achieve a smaller binary size and to avoid dependence on third-party cloud or data center technologies and services, which may not be available in many K3s use cases. We are able to do this because their removal affects neither core Kubernetes functionality nor conformance. + +The following volume plugins have been removed from K3s: + +* cephfs +* fc +* flocker +* git_repo +* glusterfs +* portworx +* quobyte +* rbd +* storageos + +Both components have out-of-tree alternatives that can be used with K3s: The Kubernetes [Container Storage Interface (CSI)](https://github.com/container-storage-interface/spec/blob/master/spec.md) and [Cloud Provider Interface (CPI)](https://kubernetes.io/docs/tasks/administer-cluster/running-cloud-controller/). + +Kubernetes maintainers are actively migrating in-tree volume plugins to CSI drivers. For more information on this migration, please refer [here](https://kubernetes.io/blog/2021/12/10/storage-in-tree-to-csi-migration-status-update/). + # Setting up the Local Storage Provider K3s comes with Rancher's Local Path Provisioner and this enables the ability to create persistent volume claims out of the box using local storage on the respective node. Below we cover a simple example. For more information please reference the official documentation [here](https://github.com/rancher/local-path-provisioner/blob/master/README.md#usage). diff --git a/content/rancher/v2.0-v2.4/_index.md b/content/rancher/v2.0-v2.4/_index.md index 25b54e1aff6..4d23120e33c 100644 --- a/content/rancher/v2.0-v2.4/_index.md +++ b/content/rancher/v2.0-v2.4/_index.md @@ -1,5 +1,5 @@ --- -title: v2.0-v2.4.x +title: Rancher 2.0-2.4 weight: 3 showBreadcrumb: false --- diff --git a/content/rancher/v2.0-v2.4/en/_index.md b/content/rancher/v2.0-v2.4/en/_index.md index 153f22c3b87..6720ef85a73 100644 --- a/content/rancher/v2.0-v2.4/en/_index.md +++ b/content/rancher/v2.0-v2.4/en/_index.md @@ -1,8 +1,8 @@ --- -title: "Rancher v2.0-v2.4" +title: "Rancher 2.0-2.4" shortTitle: "Rancher 2.0-2.4" description: "Rancher adds significant value on top of Kubernetes: managing hundreds of clusters from one interface, centralizing RBAC, enabling monitoring and alerting. Read more." -metaTitle: "Rancher 2.x Docs: What is New?" +metaTitle: "Rancher 2.0-2.4 Docs: What is New?" metaDescription: "Rancher 2 adds significant value on top of Kubernetes: managing hundreds of clusters from one interface, centralizing RBAC, enabling monitoring and alerting. Read more." insertOneSix: true weight: 1 @@ -18,4 +18,4 @@ Rancher adds significant value on top of Kubernetes, first by centralizing authe It then enables detailed monitoring and alerting for clusters and their resources, ships logs to external providers, and integrates directly with Helm via the Application Catalog. If you have an external CI/CD system, you can plug it into Rancher, but if you don't, Rancher even includes a pipeline engine to help you automatically deploy and upgrade workloads. -Rancher is a _complete_ container management platform for Kubernetes, giving you the tools to successfully run Kubernetes anywhere. \ No newline at end of file +Rancher is a _complete_ container management platform for Kubernetes, giving you the tools to successfully run Kubernetes anywhere. diff --git a/content/rancher/v2.0-v2.4/en/helm-charts/tutorial/_index.md b/content/rancher/v2.0-v2.4/en/helm-charts/tutorial/_index.md index 5a23d0b7092..09b5c493fc1 100644 --- a/content/rancher/v2.0-v2.4/en/helm-charts/tutorial/_index.md +++ b/content/rancher/v2.0-v2.4/en/helm-charts/tutorial/_index.md @@ -50,20 +50,20 @@ You can fill your custom catalogs with either Helm Charts or Rancher Charts, alt - CMS questions: - variable: persistence.enabled - default: "false" - description: "Enable persistent volume for WordPress" - type: boolean - required: true - label: WordPress Persistent Volume Enabled - show_subquestion_if: true - group: "WordPress Settings" - subquestions: - - variable: persistence.size + default: "false" + description: "Enable persistent volume for WordPress" + type: boolean + required: true + label: WordPress Persistent Volume Enabled + show_subquestion_if: true + group: "WordPress Settings" + subquestions: + - variable: persistence.size default: "10Gi" description: "WordPress Persistent Volume Size" type: string label: WordPress Volume Size - - variable: persistence.storageClass + - variable: persistence.storageClass default: "" description: "If undefined or null, uses the default StorageClass. Default to null" type: storageclass diff --git a/content/rancher/v2.0-v2.4/en/installation/install-rancher-on-k8s/_index.md b/content/rancher/v2.0-v2.4/en/installation/install-rancher-on-k8s/_index.md index b98a08e0085..0e79ce86a0d 100644 --- a/content/rancher/v2.0-v2.4/en/installation/install-rancher-on-k8s/_index.md +++ b/content/rancher/v2.0-v2.4/en/installation/install-rancher-on-k8s/_index.md @@ -196,7 +196,7 @@ helm install rancher rancher-/rancher \ --namespace cattle-system \ --set hostname=rancher.my.org \ --set ingress.tls.source=letsEncrypt \ - --set letsEncrypt.email=me@example.org + --set letsEncrypt.email=me@example.org \ ``` Wait for Rancher to be rolled out: diff --git a/content/rancher/v2.0-v2.4/en/installation/install-rancher-on-k8s/chart-options/_index.md b/content/rancher/v2.0-v2.4/en/installation/install-rancher-on-k8s/chart-options/_index.md index ff6631bef9a..f027000a6cb 100644 --- a/content/rancher/v2.0-v2.4/en/installation/install-rancher-on-k8s/chart-options/_index.md +++ b/content/rancher/v2.0-v2.4/en/installation/install-rancher-on-k8s/chart-options/_index.md @@ -126,7 +126,7 @@ To customize or use a different ingress with Rancher server you can set your own Example on setting a custom certificate issuer: ```plain ---set ingress.extraAnnotations.'certmanager\.k8s\.io/cluster-issuer'=ca-key-pair +--set ingress.extraAnnotations.'cert-manager\.io/cluster-issuer'=issuer-name ``` Example on setting a static proxy header with `ingress.configurationSnippet`. This value is parsed like a template so variables can be used. diff --git a/content/rancher/v2.0-v2.4/en/installation/install-rancher-on-k8s/upgrades/_index.md b/content/rancher/v2.0-v2.4/en/installation/install-rancher-on-k8s/upgrades/_index.md index e49c62f7d23..cb3cf8b9655 100644 --- a/content/rancher/v2.0-v2.4/en/installation/install-rancher-on-k8s/upgrades/_index.md +++ b/content/rancher/v2.0-v2.4/en/installation/install-rancher-on-k8s/upgrades/_index.md @@ -168,7 +168,7 @@ helm upgrade rancher rancher-/rancher \ ### Option B: Reinstalling Rancher and cert-manager -If you are currently running the cert-manger whose version is older than v0.11, and want to upgrade both Rancher and cert-manager to a newer version, then you need to reinstall both Rancher and cert-manger due to the API change in cert-manger v0.11. +If you are currently running the cert-manager whose version is older than v0.11, and want to upgrade both Rancher and cert-manager to a newer version, then you need to reinstall both Rancher and cert-manager due to the API change in cert-manager v0.11. 1. Uninstall Rancher diff --git a/content/rancher/v2.0-v2.4/en/installation/install-rancher-on-k8s/upgrades/helm2/_index.md b/content/rancher/v2.0-v2.4/en/installation/install-rancher-on-k8s/upgrades/helm2/_index.md index 7895c69d7af..e0f9ac2787c 100644 --- a/content/rancher/v2.0-v2.4/en/installation/install-rancher-on-k8s/upgrades/helm2/_index.md +++ b/content/rancher/v2.0-v2.4/en/installation/install-rancher-on-k8s/upgrades/helm2/_index.md @@ -114,7 +114,7 @@ helm upgrade --install rancher rancher-/rancher \ {{% accordion label="Option B: Reinstalling Rancher chart" %}} -If you are currently running the cert-manger whose version is older than v0.11, and want to upgrade both Rancher and cert-manager to a newer version, then you need to reinstall both Rancher and cert-manger due to the API change in cert-manger v0.11. +If you are currently running the cert-manager whose version is older than v0.11, and want to upgrade both Rancher and cert-manager to a newer version, then you need to reinstall both Rancher and cert-manager due to the API change in cert-manager v0.11. 1. Uninstall Rancher diff --git a/content/rancher/v2.0-v2.4/en/installation/requirements/installing-docker/_index.md b/content/rancher/v2.0-v2.4/en/installation/requirements/installing-docker/_index.md index 4414cb08794..9fdeb407a47 100644 --- a/content/rancher/v2.0-v2.4/en/installation/requirements/installing-docker/_index.md +++ b/content/rancher/v2.0-v2.4/en/installation/requirements/installing-docker/_index.md @@ -3,7 +3,7 @@ title: Installing Docker weight: 1 --- -For Helm CLI installs, Docker is required to be installed on any node that runs the Rancher server. +Docker is required to be installed on nodes where the Rancher server will be installed with Helm or Docker. There are a couple of options for installing Docker. One option is to refer to the [official Docker documentation](https://docs.docker.com/install/) about how to install Docker on Linux. The steps will vary based on the Linux distribution. diff --git a/content/rancher/v2.0-v2.4/en/installation/resources/advanced/helm2/helm-rancher/_index.md b/content/rancher/v2.0-v2.4/en/installation/resources/advanced/helm2/helm-rancher/_index.md index 985141b076a..dc96db26d41 100644 --- a/content/rancher/v2.0-v2.4/en/installation/resources/advanced/helm2/helm-rancher/_index.md +++ b/content/rancher/v2.0-v2.4/en/installation/resources/advanced/helm2/helm-rancher/_index.md @@ -131,7 +131,12 @@ deployment "rancher" successfully rolled out This option uses `cert-manager` to automatically request and renew [Let's Encrypt](https://letsencrypt.org/) certificates. This is a free service that provides you with a valid certificate as Let's Encrypt is a trusted CA. This configuration uses HTTP validation (`HTTP-01`) so the load balancer must have a public DNS record and be accessible from the internet. -- Set `hostname` to the public DNS record, set `ingress.tls.source` to `letsEncrypt` and `letsEncrypt.email` to the email address used for communication about your certificate (for example, expiry notices) +In the following command, + +- Set `hostname` to the public DNS record that resolves to your load balancer. +- Set `ingress.tls.source` to `letsEncrypt`. +- Set `letsEncrypt.email` to the email address used for communication about your certificate (for example, expiry notices). +- Set `letsEncrypt.ingress.class` to whatever your ingress controller is, e.g., `traefik`, `nginx`, `haproxy`, etc. - If you are installing an alpha version, Helm requires adding the `--devel` option to the command. ``` @@ -140,7 +145,8 @@ helm install rancher-/rancher \ --namespace cattle-system \ --set hostname=rancher.my.org \ --set ingress.tls.source=letsEncrypt \ - --set letsEncrypt.email=me@example.org + --set letsEncrypt.email=me@example.org \ + --set letsEncrypt.ingress.class=nginx ``` Wait for Rancher to be rolled out: diff --git a/content/rancher/v2.0-v2.4/en/installation/resources/feature-flags/_index.md b/content/rancher/v2.0-v2.4/en/installation/resources/feature-flags/_index.md index c235116ee24..3c0c500c5aa 100644 --- a/content/rancher/v2.0-v2.4/en/installation/resources/feature-flags/_index.md +++ b/content/rancher/v2.0-v2.4/en/installation/resources/feature-flags/_index.md @@ -107,7 +107,7 @@ When installing Rancher with Docker, use the `--features` option. In the below e docker run -d -p 80:80 -p 443:443 \ --restart=unless-stopped \ rancher/rancher:rancher-latest \ - --features==true,=true # Available as of v2.3.0 + --features==true,=true # Available as of v2.3.0 ``` {{% /tab %}} diff --git a/content/rancher/v2.0-v2.4/en/installation/resources/installing-docker/_index.md b/content/rancher/v2.0-v2.4/en/installation/resources/installing-docker/_index.md deleted file mode 100644 index faec8aed59c..00000000000 --- a/content/rancher/v2.0-v2.4/en/installation/resources/installing-docker/_index.md +++ /dev/null @@ -1,20 +0,0 @@ ---- -title: Installing Docker -weight: 1 -aliases: - - /rancher/v2.0-v2.4/en/installation/requirements/installing-docker ---- - -Docker is required to be installed on nodes where the Rancher server will be installed with Helm or Docker. - -There are a couple of options for installing Docker. One option is to refer to the [official Docker documentation](https://docs.docker.com/install/) about how to install Docker on Linux. The steps will vary based on the Linux distribution. - -Another option is to use one of Rancher's Docker installation scripts, which are available for most recent versions of Docker. - -For example, this command could be used to install Docker 19.03 on Ubuntu: - -``` -curl https://releases.rancher.com/install-docker/19.03.sh | sh -``` - -Rancher has installation scripts for every version of upstream Docker that Kubernetes supports. To find out whether a script is available for installing a certain Docker version, refer to this [GitHub repository,](https://github.com/rancher/install-docker) which contains all of Rancher's Docker installation scripts. \ No newline at end of file diff --git a/content/rancher/v2.0-v2.4/en/installation/resources/upgrading-cert-manager/_index.md b/content/rancher/v2.0-v2.4/en/installation/resources/upgrading-cert-manager/_index.md index 4d8266873c8..29d2e411443 100644 --- a/content/rancher/v2.0-v2.4/en/installation/resources/upgrading-cert-manager/_index.md +++ b/content/rancher/v2.0-v2.4/en/installation/resources/upgrading-cert-manager/_index.md @@ -19,7 +19,7 @@ To address these changes, this guide will do two things: 1. Explain the cert-manager API changes and link to cert-manager's official documentation for migrating your data > **Important:** -> If you are currently running the cert-manger whose version is older than v0.11, and want to upgrade both Rancher and cert-manager to a newer version, you need to reinstall both of them: +> If you are currently running the cert-manager whose version is older than v0.11, and want to upgrade both Rancher and cert-manager to a newer version, you need to reinstall both of them: > 1. Take a one-time snapshot of your Kubernetes cluster running Rancher server > 2. Uninstall Rancher, cert-manager, and the CustomResourceDefinition for cert-manager diff --git a/content/rancher/v2.0-v2.4/en/installation/resources/upgrading-cert-manager/helm-2-instructions/_index.md b/content/rancher/v2.0-v2.4/en/installation/resources/upgrading-cert-manager/helm-2-instructions/_index.md index aba42eb1959..968cd6d6666 100644 --- a/content/rancher/v2.0-v2.4/en/installation/resources/upgrading-cert-manager/helm-2-instructions/_index.md +++ b/content/rancher/v2.0-v2.4/en/installation/resources/upgrading-cert-manager/helm-2-instructions/_index.md @@ -19,7 +19,7 @@ To address these changes, this guide will do two things: 1. Explain the cert-manager API changes and link to cert-manager's offficial documentation for migrating your data > **Important:** -> If you are currently running the cert-manger whose version is older than v0.11, and want to upgrade both Rancher and cert-manager to a newer version, you need to reinstall both of them: +> If you are currently running the cert-manager whose version is older than v0.11, and want to upgrade both Rancher and cert-manager to a newer version, you need to reinstall both of them: > 1. Take a one-time snapshot of your Kubernetes cluster running Rancher server > 2. Uninstall Rancher, cert-manager, and the CustomResourceDefinition for cert-manager diff --git a/content/rancher/v2.0-v2.4/en/overview/_index.md b/content/rancher/v2.0-v2.4/en/overview/_index.md index b572069fbbb..16d8a5d0590 100644 --- a/content/rancher/v2.0-v2.4/en/overview/_index.md +++ b/content/rancher/v2.0-v2.4/en/overview/_index.md @@ -37,7 +37,7 @@ The Rancher API server is built on top of an embedded Kubernetes API server and - **Provisioning Kubernetes clusters:** The Rancher API server can [provision Kubernetes]({{}}/rancher/v2.0-v2.4/en/cluster-provisioning/) on existing nodes, or perform [Kubernetes upgrades.]({{}}/rancher/v2.0-v2.4/en/cluster-admin/upgrading-kubernetes) - **Catalog management:** Rancher provides the ability to use a [catalog of Helm charts]({{}}/rancher/v2.0-v2.4/en/catalog/) that make it easy to repeatedly deploy applications. -- **Managing projects:** A project is a group of multiple namespaces and access control policies within a cluster. A project is a Rancher concept, not a Kubernetes concept, which allows you manage multiple namespaces as a group and perform Kubernetes operations in them. The Rancher UI provides features for [project administration]({{}}/rancher/v2.0-v2.4/en/project-admin/) and for [managing applications within projects.]({{}}/rancher/v2.0-v2.4/en/k8s-in-rancher/) +- **Managing projects:** A project is a group of multiple namespaces and access control policies within a cluster. A project is a Rancher concept, not a Kubernetes concept, which allows you to manage multiple namespaces as a group and perform Kubernetes operations in them. The Rancher UI provides features for [project administration]({{}}/rancher/v2.0-v2.4/en/project-admin/) and for [managing applications within projects.]({{}}/rancher/v2.0-v2.4/en/k8s-in-rancher/) - **Pipelines:** Setting up a [pipeline]({{}}/rancher/v2.0-v2.4/en/project-admin/pipelines/) can help developers deliver new software as quickly and efficiently as possible. Within Rancher, you can configure pipelines for each of your Rancher projects. - **Istio:** Our [integration with Istio]({{}}/rancher/v2.0-v2.4/en/cluster-admin/tools/istio/) is designed so that a Rancher operator, such as an administrator or cluster owner, can deliver Istio to developers. Then developers can use Istio to enforce security policies, troubleshoot problems, or manage traffic for green/blue deployments, canary deployments, or A/B testing. diff --git a/content/rancher/v2.0-v2.4/en/project-admin/tools/_index.md b/content/rancher/v2.0-v2.4/en/project-admin/tools/_index.md index bdd701e0d31..c1adfb7bc85 100644 --- a/content/rancher/v2.0-v2.4/en/project-admin/tools/_index.md +++ b/content/rancher/v2.0-v2.4/en/project-admin/tools/_index.md @@ -43,4 +43,4 @@ For details on project-level logging, see [this section.](./project-logging) _Available as of v2.2.0_ -Using Rancher, you can monitor the state and processes of your cluster nodes, Kubernetes components, and software deployments through integration with [Prometheus](https://prometheus.io/), a leading open-source monitoring solution. For details, refer to the [monitoring section.]({{}}/rancher/v2.0-v2.4/en/cluster-admin/tools/monitoring) +Using Rancher, you can monitor the state and processes of your cluster nodes, Kubernetes components, and software deployments through integration with [Prometheus](https://prometheus.io/), a leading open-source monitoring solution. For details, refer to the [monitoring section.]({{}}/rancher/v2.0-v2.4/en/cluster-admin/tools/cluster-monitoring) diff --git a/content/rancher/v2.5/_index.md b/content/rancher/v2.5/_index.md index 89c7c0d8e09..61f266de705 100644 --- a/content/rancher/v2.5/_index.md +++ b/content/rancher/v2.5/_index.md @@ -1,5 +1,5 @@ --- -title: Rancher 2.5.7-2.5.9 +title: Rancher 2.5 weight: 2 showBreadcrumb: false --- diff --git a/content/rancher/v2.5/en/_index.md b/content/rancher/v2.5/en/_index.md index 513fb4d9836..95a369285c1 100644 --- a/content/rancher/v2.5/en/_index.md +++ b/content/rancher/v2.5/en/_index.md @@ -2,7 +2,7 @@ title: "Rancher 2.5" shortTitle: "Rancher 2.5" description: "Rancher adds significant value on top of Kubernetes: managing hundreds of clusters from one interface, centralizing RBAC, enabling monitoring and alerting. Read more." -metaTitle: "Rancher 2.5.7-2.5.9 Docs: What is New?" +metaTitle: "Rancher 2.5 Docs: What is New?" metaDescription: "Rancher 2 adds significant value on top of Kubernetes: managing hundreds of clusters from one interface, centralizing RBAC, enabling monitoring and alerting. Read more." insertOneSix: false weight: 2 diff --git a/content/rancher/v2.5/en/backups/migrating-rancher/_index.md b/content/rancher/v2.5/en/backups/migrating-rancher/_index.md index e8084657e17..e84fe21de1b 100644 --- a/content/rancher/v2.5/en/backups/migrating-rancher/_index.md +++ b/content/rancher/v2.5/en/backups/migrating-rancher/_index.md @@ -21,13 +21,19 @@ Rancher can be installed on any Kubernetes cluster, including hosted Kubernetes - [K3s Kubernetes installation docs]({{}}/k3s/latest/en/installation/) ### 1. Install the rancher-backup Helm chart -Install version 1.x.x of the rancher-backup chart. +Install version 1.x.x of the rancher-backup chart. The following assumes a connected environment with access to DockerHub: + ``` helm repo add rancher-charts https://charts.rancher.io helm repo update helm install rancher-backup-crd rancher-charts/rancher-backup-crd -n cattle-resources-system --create-namespace --version $CHART_VERSION helm install rancher-backup rancher-charts/rancher-backup -n cattle-resources-system --version $CHART_VERSION ``` +
+For an **air-gapped environment**, use the option below to pull the `backup-restore-operator` image from your private registry when installing the rancher-backup-crd helm chart. +``` +--set image.repository $REGISTRY/rancher/backup-restore-operator +``` ### 2. Restore from backup using a Restore custom resource diff --git a/content/rancher/v2.5/en/cluster-admin/volumes-and-storage/iscsi-volumes/_index.md b/content/rancher/v2.5/en/cluster-admin/volumes-and-storage/iscsi-volumes/_index.md index 1a30d52540d..deaaaac4fc5 100644 --- a/content/rancher/v2.5/en/cluster-admin/volumes-and-storage/iscsi-volumes/_index.md +++ b/content/rancher/v2.5/en/cluster-admin/volumes-and-storage/iscsi-volumes/_index.md @@ -19,9 +19,12 @@ If you encounter this issue, you can work around it by installing the initiator After installing the initiator tool on your nodes, edit the YAML for your cluster, editing the kubelet configuration to mount the iSCSI binary and configuration, as shown in the sample below. ->**Note:** +>**Notes:** +> +>- Before updating your Kubernetes YAML to mount the iSCSI binary and configuration, make sure either the `open-iscsi` (deb) or `iscsi-initiator-utils` (yum) package is installed on your cluster nodes. If this package isn't installed _before_ the bind mounts are created in your Kubernetes YAML, Docker will automatically create the directories and files on each node and will not allow the package install to succeed.
+>
> ->Before updating your Kubernetes YAML to mount the iSCSI binary and configuration, make sure either the `open-iscsi` (deb) or `iscsi-initiator-utils` (yum) package is installed on your cluster nodes. If this package isn't installed _before_ the bind mounts are created in your Kubernetes YAML, Docker will automatically create the directories and files on each node and will not allow the package install to succeed. +>- The example YAML below does not apply to K3s, but only to RKE clusters. Since the K3s kubelet does not run in a container, adding extra binds is not necessary. However, all iSCSI tools must still be installed on your K3s nodes. ``` services: diff --git a/content/rancher/v2.5/en/cluster-provisioning/registered-clusters/_index.md b/content/rancher/v2.5/en/cluster-provisioning/registered-clusters/_index.md index 22995693f7a..0e1ee65c004 100644 --- a/content/rancher/v2.5/en/cluster-provisioning/registered-clusters/_index.md +++ b/content/rancher/v2.5/en/cluster-provisioning/registered-clusters/_index.md @@ -23,13 +23,13 @@ The control that Rancher has to manage a registered cluster depends on the type {{% tabs %}} {{% tab "v2.5.9+" %}} -## Kubernetes Node Roles +### Kubernetes Node Roles Registered RKE Kubernetes clusters must have all three node roles - etcd, controlplane and worker. A cluster with only controlplane components cannot be registered in Rancher. For more information on RKE node roles, see the [best practices.]({{}}/rancher/v2.5/en/cluster-provisioning/production/#cluster-architecture) -## Permissions +### Permissions If your existing Kubernetes cluster already has a `cluster-admin` role defined, you must have this `cluster-admin` privilege to register the cluster in Rancher. @@ -47,10 +47,14 @@ By default, GKE users are not given this privilege, so you will need to run the If you are registering a K3s cluster, make sure the `cluster.yml` is readable. It is protected by default. For details, refer to [Configuring a K3s cluster to enable importation to Rancher.](#configuring-a-k3s-cluster-to-enable-registration-in-rancher) +### EKS Clusters + +EKS clusters must have at least one managed node group to be imported into Rancher or provisioned from Rancher successfully. + {{% /tab %}} {{% tab "Rancher before v2.5.9" %}} -## Permissions +### Permissions If your existing Kubernetes cluster already has a `cluster-admin` role defined, you must have this `cluster-admin` privilege to register the cluster in Rancher. @@ -67,6 +71,11 @@ before running the `kubectl` command to register the cluster. By default, GKE users are not given this privilege, so you will need to run the command before registering GKE clusters. To learn more about role-based access control for GKE, please click [here](https://cloud.google.com/kubernetes-engine/docs/how-to/role-based-access-control). If you are registering a K3s cluster, make sure the `cluster.yml` is readable. It is protected by default. For details, refer to [Configuring a K3s cluster to enable importation to Rancher.](#configuring-a-k3s-cluster-to-enable-registration-in-rancher) + +### EKS Clusters + +EKS clusters must have at least one managed node group to be imported into Rancher or provisioned from Rancher successfully. + {{% /tab %}} {{% /tabs %}} @@ -110,6 +119,34 @@ The option can also be specified using the environment variable `K3S_KUBECONFIG_ $ curl -sfL https://get.k3s.io | K3S_KUBECONFIG_MODE="644" sh -s - ``` +### Configuring an Imported EKS Cluster with Terraform + +You should define **only** the minimum fields that Rancher requires when importing an EKS cluster with Terraform. This is important as Rancher will overwrite what was in the EKS cluster with any config that the user has provided. + +>**Warning:** Even a small difference between the current EKS cluster and a user-provided config could have unexpected results. + +The minimum config fields required by Rancher to import EKS clusters with Terraform using `eks_config_v2` are as follows: + +- cloud_credential_id +- name +- region +- imported (this field should always be set to `true` for imported clusters) + +Example YAML configuration for imported EKS clusters: + +``` +resource "rancher2_cluster" "my-eks-to-import" { + name = "my-eks-to-import" + description = "Terraform EKS Cluster" + eks_config_v2 { + cloud_credential_id = rancher2_cloud_credential.aws.id + name = var.aws_eks_name + region = var.aws_region + imported = true + } +} +``` + # Management Capabilities for Registered Clusters The control that Rancher has to manage a registered cluster depends on the type of cluster. diff --git a/content/rancher/v2.5/en/installation/_index.md b/content/rancher/v2.5/en/installation/_index.md index 409e36d4d8e..9f49f7a1b73 100644 --- a/content/rancher/v2.5/en/installation/_index.md +++ b/content/rancher/v2.5/en/installation/_index.md @@ -17,7 +17,7 @@ In this section, - **RKE (Rancher Kubernetes Engine)** is a certified Kubernetes distribution and CLI/library which creates and manages a Kubernetes cluster. - **K3s (Lightweight Kubernetes)** is also a fully compliant Kubernetes distribution. It is newer than RKE, easier to use, and more lightweight, with a binary size of less than 100 MB. - **RKE2** is a fully conformant Kubernetes distribution that focuses on security and compliance within the U.S. Federal Government sector. -- **RancherD** is a new tool for installing Rancher, which is available as of Rancher v2.5.4. It is an experimental feature. RancherD is a single binary that first launches an RKE2 Kubernetes cluster, then installs the Rancher server Helm chart on the cluster. +- **RancherD** was an experimental tool for installing Rancher; a single binary that first launched an RKE2 Kubernetes cluster, then installed the Rancher server Helm chart on the cluster. It was available as part of Rancher v2.5.4 through v2.5.10 but is now deprecated and not available for recent releases. # Changes to Installation in Rancher v2.5 @@ -37,9 +37,7 @@ We recommend using Helm, a Kubernetes package manager, to install Rancher on mul ### High-availability Kubernetes Install with RancherD -_Available as of v2.5.4_ - -> This is an experimental feature. +> **Note:** RancherD was an experimental feature available as part of Rancher v2.5.4 through v2.5.10 but is now deprecated and not available for recent releases. RancherD is a single binary that first launches an RKE2 Kubernetes cluster, then installs the Rancher server Helm chart on the cluster. diff --git a/content/rancher/v2.5/en/installation/install-rancher-on-k8s/_index.md b/content/rancher/v2.5/en/installation/install-rancher-on-k8s/_index.md index cd3d7cef001..c9b1d6d8c5d 100644 --- a/content/rancher/v2.5/en/installation/install-rancher-on-k8s/_index.md +++ b/content/rancher/v2.5/en/installation/install-rancher-on-k8s/_index.md @@ -190,7 +190,7 @@ deployment "rancher" successfully rolled out This option uses `cert-manager` to automatically request and renew [Let's Encrypt](https://letsencrypt.org/) certificates. This is a free service that provides you with a valid certificate as Let's Encrypt is a trusted CA. ->**Note:**: You need to have port 80 open as the HTTP-01 challenge can only be done on port 80. +>**Note:** You need to have port 80 open as the HTTP-01 challenge can only be done on port 80. In the following command, @@ -198,6 +198,7 @@ In the following command, - Set `replicas` to the number of replicas to use for the Rancher Deployment. This defaults to 3; if you have less than 3 nodes in your cluster you should reduce it accordingly. - Set `ingress.tls.source` to `letsEncrypt`. - Set `letsEncrypt.email` to the email address used for communication about your certificate (for example, expiry notices). +- Set `letsEncrypt.ingress.class` to whatever your ingress controller is, e.g., `traefik`, `nginx`, `haproxy`, etc. - To install a specific Rancher version, use the `--version` flag, example: `--version 2.3.6`. - If you are installing an alpha version, Helm requires adding the `--devel` option to the command. @@ -207,7 +208,8 @@ helm install rancher rancher-/rancher \ --set hostname=rancher.my.org \ --set replicas=3 \ --set ingress.tls.source=letsEncrypt \ - --set letsEncrypt.email=me@example.org + --set letsEncrypt.email=me@example.org \ + --set letsEncrypt.ingress.class=nginx ``` Wait for Rancher to be rolled out: diff --git a/content/rancher/v2.5/en/installation/install-rancher-on-k8s/chart-options/_index.md b/content/rancher/v2.5/en/installation/install-rancher-on-k8s/chart-options/_index.md index 5f922b37e88..e1572af146b 100644 --- a/content/rancher/v2.5/en/installation/install-rancher-on-k8s/chart-options/_index.md +++ b/content/rancher/v2.5/en/installation/install-rancher-on-k8s/chart-options/_index.md @@ -124,7 +124,7 @@ To customize or use a different ingress with Rancher server you can set your own Example on setting a custom certificate issuer: ```plain ---set ingress.extraAnnotations.'certmanager\.k8s\.io/cluster-issuer'=ca-key-pair +--set ingress.extraAnnotations.'cert-manager\.io/cluster-issuer'=issuer-name ``` Example on setting a static proxy header with `ingress.configurationSnippet`. This value is parsed like a template so variables can be used. diff --git a/content/rancher/v2.5/en/installation/install-rancher-on-k8s/upgrades/_index.md b/content/rancher/v2.5/en/installation/install-rancher-on-k8s/upgrades/_index.md index 49ce4d505fc..8e1acae6ce0 100644 --- a/content/rancher/v2.5/en/installation/install-rancher-on-k8s/upgrades/_index.md +++ b/content/rancher/v2.5/en/installation/install-rancher-on-k8s/upgrades/_index.md @@ -165,7 +165,7 @@ helm upgrade rancher rancher-/rancher \ ### Option B: Reinstalling Rancher and cert-manager -If you are currently running the cert-manger whose version is older than v0.11, and want to upgrade both Rancher and cert-manager to a newer version, then you need to reinstall both Rancher and cert-manger due to the API change in cert-manger v0.11. +If you are currently running the cert-manager whose version is older than v0.11, and want to upgrade both Rancher and cert-manager to a newer version, then you need to reinstall both Rancher and cert-manager due to the API change in cert-manager v0.11. 1. Uninstall Rancher diff --git a/content/rancher/v2.5/en/installation/other-installation-methods/install-rancher-on-linux/_index.md b/content/rancher/v2.5/en/installation/other-installation-methods/install-rancher-on-linux/_index.md index 8b3d6e7b472..19c6afd9c62 100644 --- a/content/rancher/v2.5/en/installation/other-installation-methods/install-rancher-on-linux/_index.md +++ b/content/rancher/v2.5/en/installation/other-installation-methods/install-rancher-on-linux/_index.md @@ -6,9 +6,7 @@ aliases: - /rancher/v2.x/en/installation/install-rancher-on-linux/ --- -_Available as of Rancher v2.5.4_ - -> This is an experimental feature. +> **Note:** RancherD was an experimental feature available as part of Rancher v2.5.4 through v2.5.10 but is now deprecated and not available for recent releases. We are excited to introduce a new, simpler way to install Rancher called RancherD. diff --git a/content/rancher/v2.5/en/installation/other-installation-methods/install-rancher-on-linux/rancherd-configuration/_index.md b/content/rancher/v2.5/en/installation/other-installation-methods/install-rancher-on-linux/rancherd-configuration/_index.md index 770326f9bd7..01986082057 100644 --- a/content/rancher/v2.5/en/installation/other-installation-methods/install-rancher-on-linux/rancherd-configuration/_index.md +++ b/content/rancher/v2.5/en/installation/other-installation-methods/install-rancher-on-linux/rancherd-configuration/_index.md @@ -6,7 +6,7 @@ aliases: - /rancher/v2.x/en/installation/install-rancher-on-linux/rancherd-configuration/ --- -> RancherD is an experimental feature. +> **Note:** RancherD was an experimental feature available as part of Rancher v2.5.4 through v2.5.10 but is now deprecated and not available for recent releases. In RancherD, a server node is defined as a machine (bare-metal or virtual) running the `rancherd server` command. The server runs the Kubernetes API as well as Kubernetes workloads. @@ -22,7 +22,7 @@ In the RancherD installation instructions, we recommend running three server nod # Certificates for the Rancher Server -Rancherd does not use cert-manger to provision certs. Instead RancherD allows you to bring your own self-signed or trusted certs by storing the .pem files in `/etc/rancher/ssl/`. When doing this you should also set the `publicCA` parameter to `true` in your HelmChartConfig. For more information on the HelmChartConfig, refer to the section about [customizing the RancherD Helm chart.](#customizing-the-rancherd-helm-chart) +Rancherd does not use cert-manager to provision certs. Instead RancherD allows you to bring your own self-signed or trusted certs by storing the .pem files in `/etc/rancher/ssl/`. When doing this you should also set the `publicCA` parameter to `true` in your HelmChartConfig. For more information on the HelmChartConfig, refer to the section about [customizing the RancherD Helm chart.](#customizing-the-rancherd-helm-chart) Private key: `/etc/rancher/ssl/key.pem` diff --git a/content/rancher/v2.5/en/installation/other-installation-methods/install-rancher-on-linux/rollbacks/_index.md b/content/rancher/v2.5/en/installation/other-installation-methods/install-rancher-on-linux/rollbacks/_index.md index d9144867731..01ade576014 100644 --- a/content/rancher/v2.5/en/installation/other-installation-methods/install-rancher-on-linux/rollbacks/_index.md +++ b/content/rancher/v2.5/en/installation/other-installation-methods/install-rancher-on-linux/rollbacks/_index.md @@ -6,6 +6,6 @@ aliases: - /rancher/v2.x/en/installation/install-rancher-on-linux/rollbacks/ --- -> RancherD is an experimental feature. +> **Note:** RancherD was an experimental feature available as part of Rancher v2.5.4 through v2.5.10 but is now deprecated and not available for recent releases. To roll back Rancher to a previous version, re-run the installation script with the previous version specified in the `INSTALL_RANCHERD_VERSION` environment variable. \ No newline at end of file diff --git a/content/rancher/v2.5/en/installation/other-installation-methods/install-rancher-on-linux/upgrades/_index.md b/content/rancher/v2.5/en/installation/other-installation-methods/install-rancher-on-linux/upgrades/_index.md index 66f41139153..3f63915f6f5 100644 --- a/content/rancher/v2.5/en/installation/other-installation-methods/install-rancher-on-linux/upgrades/_index.md +++ b/content/rancher/v2.5/en/installation/other-installation-methods/install-rancher-on-linux/upgrades/_index.md @@ -6,7 +6,7 @@ aliases: - /rancher/v2.x/en/installation/install-rancher-on-linux/upgrades/ --- -> RancherD is an experimental feature. +> **Note:** RancherD was an experimental feature available as part of Rancher v2.5.4 through v2.5.10 but is now deprecated and not available for recent releases. When RancherD is upgraded, the Rancher Helm controller and the Fleet pods are upgraded. diff --git a/content/rancher/v2.5/en/installation/requirements/_index.md b/content/rancher/v2.5/en/installation/requirements/_index.md index 5d4113fc217..3c8c1dd3f20 100644 --- a/content/rancher/v2.5/en/installation/requirements/_index.md +++ b/content/rancher/v2.5/en/installation/requirements/_index.md @@ -80,7 +80,7 @@ If you are installing Rancher on a K3s cluster with Alpine Linux, follow [these ### RancherD Specific Requirements -_The RancherD install is available as of v2.5.4. It is an experimental feature._ +> **Note:** RancherD was an experimental feature available as part of Rancher v2.5.4 through v2.5.10 but is now deprecated and not available for recent releases. At this time, only Linux OSes that leverage systemd are supported. @@ -103,6 +103,7 @@ The Ingress should be deployed as DaemonSet to ensure your load balancer can suc Docker is required for Helm chart installs, and it can be installed by following the steps in the official [Docker documentation.](https://docs.docker.com/) Rancher also provides [scripts]({{}}/rancher/v2.5/en/installation/requirements/installing-docker) to install Docker with one command. Docker is not required for RancherD installs. + # Hardware Requirements The following sections describe the CPU, memory, and disk requirements for the nodes where the Rancher server is installed. @@ -143,7 +144,7 @@ These CPU and memory requirements apply to each host in a [K3s Kubernetes cluste ### RancherD -_RancherD is available as of v2.5.4. It is an experimental feature._ +> **Note:** RancherD was an experimental feature available as part of Rancher v2.5.4 through v2.5.10 but is now deprecated and not available for recent releases. These CPU and memory requirements apply to each instance with RancherD installed. Minimum recommendations are outlined here. diff --git a/content/rancher/v2.5/en/installation/requirements/installing-docker/_index.md b/content/rancher/v2.5/en/installation/requirements/installing-docker/_index.md index 02a005d245f..8b16d157505 100644 --- a/content/rancher/v2.5/en/installation/requirements/installing-docker/_index.md +++ b/content/rancher/v2.5/en/installation/requirements/installing-docker/_index.md @@ -3,7 +3,7 @@ title: Installing Docker weight: 1 --- -For Helm CLI installs, Docker is required to be installed on any node that runs the Rancher server. +Docker is required to be installed on nodes where the Rancher server will be installed with Helm or Docker. There are a couple of options for installing Docker. One option is to refer to the [official Docker documentation](https://docs.docker.com/install/) about how to install Docker on Linux. The steps will vary based on the Linux distribution. diff --git a/content/rancher/v2.5/en/installation/requirements/ports/_index.md b/content/rancher/v2.5/en/installation/requirements/ports/_index.md index fb88592b0ca..af7f109a891 100644 --- a/content/rancher/v2.5/en/installation/requirements/ports/_index.md +++ b/content/rancher/v2.5/en/installation/requirements/ports/_index.md @@ -119,6 +119,8 @@ The following tables break down the port requirements for inbound and outbound t ### Ports for Rancher Server Nodes on RancherD or RKE2 +> **Note:** RancherD was an experimental feature available as part of Rancher v2.5.4 through v2.5.10 but is now deprecated and not available for recent releases. + {{% accordion label="Click to expand" %}} The RancherD (or RKE2) server needs port 6443 and 9345 to be accessible by other nodes in the cluster. diff --git a/content/rancher/v2.5/en/installation/resources/choosing-version/_index.md b/content/rancher/v2.5/en/installation/resources/choosing-version/_index.md index 9d7ec763c11..618e8e36c33 100644 --- a/content/rancher/v2.5/en/installation/resources/choosing-version/_index.md +++ b/content/rancher/v2.5/en/installation/resources/choosing-version/_index.md @@ -14,6 +14,8 @@ For Docker installations of Rancher, which is used for development and testing, The Helm chart version also applies to RancherD installs because RancherD installs the Rancher Helm chart on a Kubernetes cluster. +> **Note:** RancherD was an experimental feature available as part of Rancher v2.5.4 through v2.5.10 but is now deprecated and not available for recent releases. + {{% tabs %}} {{% tab "Helm Charts" %}} diff --git a/content/rancher/v2.5/en/installation/resources/feature-flags/_index.md b/content/rancher/v2.5/en/installation/resources/feature-flags/_index.md index d134423b4cb..b06257e74e4 100644 --- a/content/rancher/v2.5/en/installation/resources/feature-flags/_index.md +++ b/content/rancher/v2.5/en/installation/resources/feature-flags/_index.md @@ -56,7 +56,7 @@ When you install Rancher, enable the feature you want with a feature flag. The c > **Note:** Values set from the Rancher API will override the value passed in through the command line. -When installing Rancher with a Helm chart, use the `--features` option. In the below example, two features are enabled by passing the feature flag names names in a comma separated list: +When installing Rancher with a Helm chart, use the `--set` option. In the below example, two features are enabled by passing the feature flag names in a comma separated list: ``` helm install rancher-latest/rancher \ @@ -131,7 +131,7 @@ When installing Rancher with Docker, use the `--features` option. In the below e docker run -d -p 80:80 -p 443:443 \ --restart=unless-stopped \ rancher/rancher:rancher-latest \ - --features==true,=true + --features==true,=true ``` diff --git a/content/rancher/v2.5/en/installation/resources/installing-docker/_index.md b/content/rancher/v2.5/en/installation/resources/installing-docker/_index.md deleted file mode 100644 index ceb75b12645..00000000000 --- a/content/rancher/v2.5/en/installation/resources/installing-docker/_index.md +++ /dev/null @@ -1,20 +0,0 @@ ---- -title: Installing Docker -weight: 1 -aliases: - - /rancher/v2.5/en/installation/requirements/installing-docker ---- - -Docker is required to be installed on nodes where the Rancher server will be installed with Helm or Docker. Docker is not required for RancherD installs. - -There are a couple of options for installing Docker. One option is to refer to the [official Docker documentation](https://docs.docker.com/install/) about how to install Docker on Linux. The steps will vary based on the Linux distribution. - -Another option is to use one of Rancher's Docker installation scripts, which are available for most recent versions of Docker. - -For example, this command could be used to install Docker 19.03 on Ubuntu: - -``` -curl https://releases.rancher.com/install-docker/19.03.sh | sh -``` - -Rancher has installation scripts for every version of upstream Docker that Kubernetes supports. To find out whether a script is available for installing a certain Docker version, refer to this [GitHub repository,](https://github.com/rancher/install-docker) which contains all of Rancher's Docker installation scripts. \ No newline at end of file diff --git a/content/rancher/v2.5/en/installation/resources/upgrading-cert-manager/_index.md b/content/rancher/v2.5/en/installation/resources/upgrading-cert-manager/_index.md index a3be656b66a..9b557f0ccc7 100644 --- a/content/rancher/v2.5/en/installation/resources/upgrading-cert-manager/_index.md +++ b/content/rancher/v2.5/en/installation/resources/upgrading-cert-manager/_index.md @@ -20,7 +20,7 @@ To address these changes, this guide will do two things: 1. Explain the cert-manager API changes and link to cert-manager's official documentation for migrating your data > **Important:** -> If you are currently running the cert-manger whose version is older than v0.11, and want to upgrade both Rancher and cert-manager to a newer version, you need to reinstall both of them: +> If you are currently running the cert-manager whose version is older than v0.11, and want to upgrade both Rancher and cert-manager to a newer version, you need to reinstall both of them: > 1. Take a one-time snapshot of your Kubernetes cluster running Rancher server > 2. Uninstall Rancher, cert-manager, and the CustomResourceDefinition for cert-manager diff --git a/content/rancher/v2.5/en/installation/resources/upgrading-cert-manager/helm-2-instructions/_index.md b/content/rancher/v2.5/en/installation/resources/upgrading-cert-manager/helm-2-instructions/_index.md index 761a2487d26..070dff28f02 100644 --- a/content/rancher/v2.5/en/installation/resources/upgrading-cert-manager/helm-2-instructions/_index.md +++ b/content/rancher/v2.5/en/installation/resources/upgrading-cert-manager/helm-2-instructions/_index.md @@ -18,7 +18,7 @@ To address these changes, this guide will do two things: 1. Explain the cert-manager API changes and link to cert-manager's offficial documentation for migrating your data > **Important:** -> If you are currently running the cert-manger whose version is older than v0.11, and want to upgrade both Rancher and cert-manager to a newer version, you need to reinstall both of them: +> If you are currently running the cert-manager whose version is older than v0.11, and want to upgrade both Rancher and cert-manager to a newer version, you need to reinstall both of them: > 1. Take a one-time snapshot of your Kubernetes cluster running Rancher server > 2. Uninstall Rancher, cert-manager, and the CustomResourceDefinition for cert-manager diff --git a/content/rancher/v2.5/en/overview/_index.md b/content/rancher/v2.5/en/overview/_index.md index dea44182edd..0bfde58d339 100644 --- a/content/rancher/v2.5/en/overview/_index.md +++ b/content/rancher/v2.5/en/overview/_index.md @@ -39,7 +39,7 @@ The Rancher API server is built on top of an embedded Kubernetes API server and - **Provisioning Kubernetes clusters:** The Rancher API server can [provision Kubernetes]({{}}/rancher/v2.5/en/cluster-provisioning/) on existing nodes, or perform [Kubernetes upgrades.]({{}}/rancher/v2.5/en/cluster-admin/upgrading-kubernetes) - **Catalog management:** Rancher provides the ability to use a [catalog of Helm charts]({{}}/rancher/v2.5/en/catalog/) that make it easy to repeatedly deploy applications. -- **Managing projects:** A project is a group of multiple namespaces and access control policies within a cluster. A project is a Rancher concept, not a Kubernetes concept, which allows you manage multiple namespaces as a group and perform Kubernetes operations in them. The Rancher UI provides features for [project administration]({{}}/rancher/v2.5/en/project-admin/) and for [managing applications within projects.]({{}}/rancher/v2.5/en/k8s-in-rancher/) +- **Managing projects:** A project is a group of multiple namespaces and access control policies within a cluster. A project is a Rancher concept, not a Kubernetes concept, which allows you to manage multiple namespaces as a group and perform Kubernetes operations in them. The Rancher UI provides features for [project administration]({{}}/rancher/v2.5/en/project-admin/) and for [managing applications within projects.]({{}}/rancher/v2.5/en/k8s-in-rancher/) - **Pipelines:** Setting up a [pipeline]({{}}/rancher/v2.5/en/project-admin/pipelines/) can help developers deliver new software as quickly and efficiently as possible. Within Rancher, you can configure pipelines for each of your Rancher projects. - **Istio:** Our [integration with Istio]({{}}/rancher/v2.5/en/istio/) is designed so that a Rancher operator, such as an administrator or cluster owner, can deliver Istio to developers. Then developers can use Istio to enforce security policies, troubleshoot problems, or manage traffic for green/blue deployments, canary deployments, or A/B testing. diff --git a/content/rancher/v2.6/_index.md b/content/rancher/v2.6/_index.md index a1ea29d36e4..5060194d87d 100644 --- a/content/rancher/v2.6/_index.md +++ b/content/rancher/v2.6/_index.md @@ -1,5 +1,5 @@ --- -title: v2.6.x +title: Rancher 2.6 weight: 1 showBreadcrumb: false --- diff --git a/content/rancher/v2.6/en/_index.md b/content/rancher/v2.6/en/_index.md index d8bfd4a20c3..98bdedcac77 100644 --- a/content/rancher/v2.6/en/_index.md +++ b/content/rancher/v2.6/en/_index.md @@ -2,7 +2,7 @@ title: "Rancher 2.6" shortTitle: "Rancher 2.6 (Latest)" description: "Rancher adds significant value on top of Kubernetes: managing hundreds of clusters from one interface, centralizing RBAC, enabling monitoring and alerting. Read more." -metaTitle: "Rancher 2.x Docs: What is New?" +metaTitle: "Rancher 2.6 Docs: What is New?" metaDescription: "Rancher 2 adds significant value on top of Kubernetes: managing hundreds of clusters from one interface, centralizing RBAC, enabling monitoring and alerting. Read more." insertOneSix: false weight: 1 diff --git a/content/rancher/v2.6/en/admin-settings/rke-templates/enforcement/_index.md b/content/rancher/v2.6/en/admin-settings/rke-templates/enforcement/_index.md index 9125f7ff342..cd51f196341 100644 --- a/content/rancher/v2.6/en/admin-settings/rke-templates/enforcement/_index.md +++ b/content/rancher/v2.6/en/admin-settings/rke-templates/enforcement/_index.md @@ -25,6 +25,8 @@ To require new clusters to use an RKE template, administrators can turn on RKE t 1. Go to the `cluster-template-enforcement` setting. Click **⋮ > Edit Setting**. 1. Set the value to **True** and click **Save**. + >**Important:** When the admin sets the `cluster-template-enforcement` to True, they also need to share the `clusterTemplates` with users so that users can select one of these templates to create the cluster. + **Result:** All clusters provisioned by Rancher must use a template, unless the creator is an administrator. # Disabling RKE Template Enforcement diff --git a/content/rancher/v2.6/en/backups/migrating-rancher/_index.md b/content/rancher/v2.6/en/backups/migrating-rancher/_index.md index 605d917fea0..651c300d66b 100644 --- a/content/rancher/v2.6/en/backups/migrating-rancher/_index.md +++ b/content/rancher/v2.6/en/backups/migrating-rancher/_index.md @@ -9,7 +9,7 @@ If you are migrating Rancher to a new Kubernetes cluster, you don't need to inst These instructions assume you have [created a backup](../back-up-rancher) and you have already installed a new Kubernetes cluster where Rancher will be deployed. -It is required to use the same hostname that was set as the server URL in the first cluster. +>**Warning:** It is required to use the same hostname that was set as the server URL in the first cluster. If not done, downstream clusters will show as unavailable in the cluster management page of the UI, and you won't be able to click inside the cluster or on the cluster's Explore button. Rancher version must be v2.5.0 and up @@ -19,13 +19,18 @@ Rancher can be installed on any Kubernetes cluster, including hosted Kubernetes - [K3s Kubernetes installation docs]({{}}/k3s/latest/en/installation/) ### 1. Install the rancher-backup Helm chart -Install version 2.x.x of the rancher-backup chart. +Install version 2.x.x of the rancher-backup chart. The following assumes a connected environment with access to DockerHub: ``` helm repo add rancher-charts https://charts.rancher.io helm repo update helm install rancher-backup-crd rancher-charts/rancher-backup-crd -n cattle-resources-system --create-namespace --version $CHART_VERSION helm install rancher-backup rancher-charts/rancher-backup -n cattle-resources-system --version $CHART_VERSION ``` +
+For an **air-gapped environment**, use the option below to pull the `backup-restore-operator` image from your private registry when installing the rancher-backup-crd helm chart. +``` +--set image.repository $REGISTRY/rancher/backup-restore-operator +``` ### 2. Restore from backup using a Restore custom resource @@ -36,7 +41,9 @@ helm install rancher-backup rancher-charts/rancher-backup -n cattle-resources-sy > > - Note that when making or restoring backups for v1.22, the Rancher version and the local cluster's Kubernetes version should be the same. The Kubernetes version should be considered when restoring a backup since the supported apiVersion in the cluster and in the backup file could be different. -If you are using an S3 store as the backup source, and need to use your S3 credentials for restore, create a secret in this cluster using your S3 credentials. The Secret data must have two keys, `accessKey` and `secretKey` containing the s3 credentials like this: +If you are using an S3 store as the backup source and need to use your S3 credentials for restore, create a secret in this cluster using your S3 credentials. The Secret data must have two keys - `accessKey` and `secretKey` - that contain the S3 credentials. + +**Warning:** The values `accessKey` and `secretKey` in the example below must be base64-encoded first when creating the object directly. If not encoded first, the pasted values will cause errors when you are attempting to backup or restore. ```yaml apiVersion: v1 @@ -49,7 +56,7 @@ stringData: secretKey: ``` -This secret can be created in any namespace, with the above example it will get created in the default namespace +This secret can be created in any namespace; with the above example, it will get created in the default namespace. In the Restore custom resource, `prune` must be set to false. diff --git a/content/rancher/v2.6/en/cluster-admin/editing-clusters/gke-config-reference/_index.md b/content/rancher/v2.6/en/cluster-admin/editing-clusters/gke-config-reference/_index.md index 30b22867584..b87543a3157 100644 --- a/content/rancher/v2.6/en/cluster-admin/editing-clusters/gke-config-reference/_index.md +++ b/content/rancher/v2.6/en/cluster-admin/editing-clusters/gke-config-reference/_index.md @@ -103,13 +103,13 @@ The address range assigned to the services in the cluster. Must be a valid CIDR _Mutable: no_ -> Warning: private clusters require additional planning and configuration outside of Rancher. Refer to the [private cluster guide]({{< baseurl >}}/rancher/v2.6/en/cluster-provisioning/hosted-kubernetes-clusters/gke/private-clusters/). +> Warning: private clusters require additional planning and configuration outside of Rancher. Refer to the [private cluster guide]({{< baseurl >}}/rancher/v2.6/en/cluster-admin/editing-clusters/gke-config-reference/private-clusters/). Assign nodes only internal IP addresses. Private cluster nodes cannot access the public internet unless additional networking steps are taken in GCP. ### Enable Private Endpoint -> Warning: private clusters require additional planning and configuration outside of Rancher. Refer to the [private cluster guide]({{< baseurl >}}/rancher/v2.6/en/cluster-provisioning/hosted-kubernetes-clusters/gke/#private-clusters). +> Warning: private clusters require additional planning and configuration outside of Rancher. Refer to the [private cluster guide]({{< baseurl >}}/rancher/v2.6/en/cluster-admin/editing-clusters/gke-config-reference/private-clusters/). _Mutable: no_ diff --git a/content/rancher/v2.6/en/cluster-admin/editing-clusters/rke2-config-reference/_index.md b/content/rancher/v2.6/en/cluster-admin/editing-clusters/rke2-config-reference/_index.md index 907fbfb3aea..54539ceb934 100644 --- a/content/rancher/v2.6/en/cluster-admin/editing-clusters/rke2-config-reference/_index.md +++ b/content/rancher/v2.6/en/cluster-admin/editing-clusters/rke2-config-reference/_index.md @@ -8,7 +8,7 @@ This section covers the configuration options that are available in Rancher for # Overview -You can configure the Kubernetes options one of two ways: +You can configure the Kubernetes options in one of the two following ways: - [Rancher UI](#configuration-options-in-the-rancher-ui): Use the Rancher UI to select options that are commonly customized when setting up a Kubernetes cluster. - [Cluster Config File](#cluster-config-file): Instead of using the Rancher UI to choose Kubernetes options for the cluster, advanced users can create an RKE2 config file. Using a config file allows you to set any of the [options](https://docs.rke2.io/install/install_options/install_options) available in an RKE2 installation. @@ -28,15 +28,17 @@ For more detail, see [Upgrading Kubernetes]({{}}/rancher/v2.6/en/cluste The [Network Provider](https://kubernetes.io/docs/concepts/cluster-administration/networking/) that the cluster uses. -> After you launch the cluster, you cannot change your network provider. Therefore, choose which network provider you want to use carefully, as Kubernetes doesn't allow switching between network providers. Once a cluster is created with a network provider, changing network providers would require you tear down the entire cluster and all its applications. +> After you launch the cluster, you cannot change your network provider. Therefore, choose which network provider you want to use carefully, as Kubernetes doesn't allow switching between network providers. Once a cluster is created with a network provider, changing network providers would require you to tear down the entire cluster and all its applications. Out of the box, Rancher is compatible with the following network providers: - [Canal](https://github.com/projectcalico/canal) -- [Cilium](https://cilium.io/) +- [Cilium](https://cilium.io/)* - [Calico](https://docs.projectcalico.org/v3.11/introduction/) - [Multus](https://github.com/k8snetworkplumbingwg/multus-cni) +\* When using [project network isolation](#project-network-isolation) in the [Cilium CNI]({{}}/rancher/v2.6/en/faq/networking/cni-providers/#cilium), it is possible to enable cross-node ingress routing. Click the [CNI provider docs]({{}}/rancher/v2.6/en/faq/networking/cni-providers/#ingress-routing-across-nodes-in-cilium) to learn more. + For more details on the different networking providers and how to configure them, please view our [RKE2 documentation](https://docs.rke2.io/install/network_options/). #### Cloud Provider @@ -81,7 +83,7 @@ Each cloud provider capable of launching a cluster using RKE2 can collect metric ### Add-On Config -Additional Kubernetes manifests, managed as a [Add-on](https://kubernetes.io/docs/concepts/cluster-administration/addons/), to apply to the cluster on startup. Refer to the [RKE2 documentation](https://docs.rke2.io/helm/#automatically-deploying-manifests-and-helm-charts) for details. +Additional Kubernetes manifests, managed as an [Add-on](https://kubernetes.io/docs/concepts/cluster-administration/addons/), to apply to the cluster on startup. Refer to the [RKE2 documentation](https://docs.rke2.io/helm/#automatically-deploying-manifests-and-helm-charts) for details. ### Agent Environment Vars @@ -139,7 +141,7 @@ Select the image repository to pull Rancher images from. For more details and co ### Upgrade Strategy -#### Controle Plane Concurrency +#### Control Plane Concurrency Select how many nodes can be upgraded at the same time. Can be a fixed number or percentage. diff --git a/content/rancher/v2.6/en/cluster-admin/volumes-and-storage/iscsi-volumes/_index.md b/content/rancher/v2.6/en/cluster-admin/volumes-and-storage/iscsi-volumes/_index.md index 01d87aabd59..c8a14cb458d 100644 --- a/content/rancher/v2.6/en/cluster-admin/volumes-and-storage/iscsi-volumes/_index.md +++ b/content/rancher/v2.6/en/cluster-admin/volumes-and-storage/iscsi-volumes/_index.md @@ -17,9 +17,12 @@ If you encounter this issue, you can work around it by installing the initiator After installing the initiator tool on your nodes, edit the YAML for your cluster, editing the kubelet configuration to mount the iSCSI binary and configuration, as shown in the sample below. ->**Note:** +>**Notes:** +> +>- Before updating your Kubernetes YAML to mount the iSCSI binary and configuration, make sure either the `open-iscsi` (deb) or `iscsi-initiator-utils` (yum) package is installed on your cluster nodes. If this package isn't installed _before_ the bind mounts are created in your Kubernetes YAML, Docker will automatically create the directories and files on each node and will not allow the package install to succeed.
+>
> ->Before updating your Kubernetes YAML to mount the iSCSI binary and configuration, make sure either the `open-iscsi` (deb) or `iscsi-initiator-utils` (yum) package is installed on your cluster nodes. If this package isn't installed _before_ the bind mounts are created in your Kubernetes YAML, Docker will automatically create the directories and files on each node and will not allow the package install to succeed. +>- The example YAML below does not apply to K3s, but only to RKE clusters. Since the K3s kubelet does not run in a container, adding extra binds is not necessary. However, all iSCSI tools must still be installed on your K3s nodes. ``` services: diff --git a/content/rancher/v2.6/en/cluster-provisioning/_index.md b/content/rancher/v2.6/en/cluster-provisioning/_index.md index 5a33cad88f8..9e9f44c4c87 100644 --- a/content/rancher/v2.6/en/cluster-provisioning/_index.md +++ b/content/rancher/v2.6/en/cluster-provisioning/_index.md @@ -20,6 +20,7 @@ This section covers the following topics: - [Launching Kubernetes and Provisioning Nodes in an Infrastructure Provider](#launching-kubernetes-and-provisioning-nodes-in-an-infrastructure-provider) - [Launching Kubernetes on Existing Custom Nodes](#launching-kubernetes-on-existing-custom-nodes) - [Registering Existing Clusters](#registering-existing-clusters) +- [Programmatically Creating Clusters](#programmatically-creating-clusters) @@ -78,3 +79,9 @@ Registering EKS clusters now provides additional benefits. For the most part, re When you delete an EKS cluster that was created in Rancher, the cluster is destroyed. When you delete an EKS cluster that was registered in Rancher, it is disconnected from the Rancher server, but it still exists and you can still access it in the same way you did before it was registered in Rancher. For more information, see [this page.](./registered-clusters) + +# Programmatically Creating Clusters + +The most common way to programmatically deploy Kubernetes clusters through Rancher is by using the Rancher2 Terraform provider. The documentation for creating clusters with Terraform is [here.](https://registry.terraform.io/providers/rancher/rancher2/latest/docs/resources/cluster) + +EKS, GKE, AKS clusters and RKE clusters can be created or imported with Terraform. \ No newline at end of file diff --git a/content/rancher/v2.6/en/cluster-provisioning/hosted-kubernetes-clusters/aks/_index.md b/content/rancher/v2.6/en/cluster-provisioning/hosted-kubernetes-clusters/aks/_index.md index e3aa18629c8..a0ad8a5c24f 100644 --- a/content/rancher/v2.6/en/cluster-provisioning/hosted-kubernetes-clusters/aks/_index.md +++ b/content/rancher/v2.6/en/cluster-provisioning/hosted-kubernetes-clusters/aks/_index.md @@ -16,6 +16,7 @@ You can use Rancher to create a cluster hosted in Microsoft Azure Kubernetes Ser - [Private Clusters](#private-clusters) - [Minimum AKS Permissions](#minimum-aks-permissions) - [Syncing](#syncing) +- [Programmatically Creating AKS Clusters](#programmatically-creating-aks-clusters) # Prerequisites in Microsoft Azure @@ -152,3 +153,7 @@ For more information about connecting to an AKS private cluster, see the [AKS do The AKS provisioner can synchronize the state of an AKS cluster between Rancher and the provider. For an in-depth technical explanation of how this works, see [Syncing.]({{}}/rancher/v2.6/en/cluster-admin/editing-clusters/syncing) For information on configuring the refresh interval, see [this section.]({{}}/rancher/v2.6/en/cluster-admin/editing-clusters/gke-config-reference/#configuring-the-refresh-interval) + +# Programmatically Creating AKS Clusters + +The most common way to programmatically deploy AKS clusters through Rancher is by using the Rancher2 Terraform provider. The documentation for creating clusters with Terraform is [here.](https://registry.terraform.io/providers/rancher/rancher2/latest/docs/resources/cluster) \ No newline at end of file diff --git a/content/rancher/v2.6/en/cluster-provisioning/hosted-kubernetes-clusters/eks/_index.md b/content/rancher/v2.6/en/cluster-provisioning/hosted-kubernetes-clusters/eks/_index.md index 3235e46801c..3f55612fbdd 100644 --- a/content/rancher/v2.6/en/cluster-provisioning/hosted-kubernetes-clusters/eks/_index.md +++ b/content/rancher/v2.6/en/cluster-provisioning/hosted-kubernetes-clusters/eks/_index.md @@ -17,6 +17,7 @@ Amazon EKS provides a managed control plane for your Kubernetes cluster. Amazon - [Minimum EKS Permissions](#minimum-eks-permissions) - [Syncing](#syncing) - [Troubleshooting](#troubleshooting) +- [Programmatically Creating EKS Clusters](#programmatically-creating-eks-clusters) # Prerequisites in Amazon Web Services >**Note** @@ -108,4 +109,8 @@ If your changes were overwritten, it could be due to the way the cluster data is If an unauthorized error is returned while attempting to modify or register the cluster and the cluster was not created with the role or user that your credentials belong to, refer to [Security and Compliance.](#security-and-compliance) -For any issues or troubleshooting details for your Amazon EKS Kubernetes cluster, please see this [documentation](https://docs.aws.amazon.com/eks/latest/userguide/troubleshooting.html). \ No newline at end of file +For any issues or troubleshooting details for your Amazon EKS Kubernetes cluster, please see this [documentation](https://docs.aws.amazon.com/eks/latest/userguide/troubleshooting.html). + +# Programmatically Creating EKS Clusters + +The most common way to programmatically deploy EKS clusters through Rancher is by using the Rancher2 Terraform provider. The documentation for creating clusters with Terraform is [here.](https://registry.terraform.io/providers/rancher/rancher2/latest/docs/resources/cluster) \ No newline at end of file diff --git a/content/rancher/v2.6/en/cluster-provisioning/hosted-kubernetes-clusters/gke/_index.md b/content/rancher/v2.6/en/cluster-provisioning/hosted-kubernetes-clusters/gke/_index.md index 0f1d1eec0e1..95567faa8c9 100644 --- a/content/rancher/v2.6/en/cluster-provisioning/hosted-kubernetes-clusters/gke/_index.md +++ b/content/rancher/v2.6/en/cluster-provisioning/hosted-kubernetes-clusters/gke/_index.md @@ -10,6 +10,7 @@ weight: 2105 - [Configuration Reference](#configuration-reference) - [Updating Kubernetes Version](#updating-kubernetes-version) - [Syncing](#syncing) +- [Programmatically Creating GKE Clusters](#programmatically-creating-gke-clusters) # Prerequisites @@ -98,3 +99,6 @@ The GKE provisioner can synchronize the state of a GKE cluster between Rancher a For information on configuring the refresh interval, see [this section.]({{}}/rancher/v2.6/en/cluster-admin/editing-clusters/gke-config-reference/#configuring-the-refresh-interval) +# Programmatically Creating GKE Clusters + +The most common way to programmatically deploy GKE clusters through Rancher is by using the Rancher2 Terraform provider. The documentation for creating clusters with Terraform is [here.](https://registry.terraform.io/providers/rancher/rancher2/latest/docs/resources/cluster) \ No newline at end of file diff --git a/content/rancher/v2.6/en/cluster-provisioning/registered-clusters/_index.md b/content/rancher/v2.6/en/cluster-provisioning/registered-clusters/_index.md index 0891f46df79..4d9ab0c2a1f 100644 --- a/content/rancher/v2.6/en/cluster-provisioning/registered-clusters/_index.md +++ b/content/rancher/v2.6/en/cluster-provisioning/registered-clusters/_index.md @@ -17,13 +17,13 @@ The control that Rancher has to manage a registered cluster depends on the type # Prerequisites -## Kubernetes Node Roles +### Kubernetes Node Roles Registered RKE Kubernetes clusters must have all three node roles - etcd, controlplane and worker. A cluster with only controlplane components cannot be registered in Rancher. For more information on RKE node roles, see the [best practices.]({{}}/rancher/v2.6/en/cluster-provisioning/production/#cluster-architecture) -## Permissions +### Permissions If your existing Kubernetes cluster already has a `cluster-admin` role defined, you must have this `cluster-admin` privilege to register the cluster in Rancher. @@ -41,12 +41,16 @@ By default, GKE users are not given this privilege, so you will need to run the If you are registering a K3s cluster, make sure the `cluster.yml` is readable. It is protected by default. For details, refer to [Configuring a K3s cluster to enable importation to Rancher.](#configuring-a-k3s-cluster-to-enable-registration-in-rancher) +### EKS Clusters + +EKS clusters must have at least one managed node group to be imported into Rancher or provisioned from Rancher successfully. + # Registering a Cluster 1. Click **☰ > Cluster Management**. 1. On the **Clusters** page, **Import Existing**. -1. Enter a **Cluster Name**. 1. Choose the type of cluster. +1. Enter a **Cluster Name**. 4. Use **Member Roles** to configure user authorization for the cluster. Click **Add Member** to add users that can access the cluster. Use the **Role** drop-down to set permissions for each user. 5. If it is a generic custom cluster, use **Agent Environment Variables** under **Cluster Options** to set environment variables for [rancher cluster agent]({{}}/rancher/v2.6/en/cluster-provisioning/rke-clusters/rancher-agents/). The environment variables can be set using key value pairs. If rancher agent requires use of proxy to communicate with Rancher server, `HTTP_PROXY`, `HTTPS_PROXY` and `NO_PROXY` environment variables can be set using agent environment variables. 6. Click **Create**. @@ -82,6 +86,34 @@ The option can also be specified using the environment variable `K3S_KUBECONFIG_ $ curl -sfL https://get.k3s.io | K3S_KUBECONFIG_MODE="644" sh -s - ``` +### Configuring an Imported EKS Cluster with Terraform + +You should define **only** the minimum fields that Rancher requires when importing an EKS cluster with Terraform. This is important as Rancher will overwrite what was in the EKS cluster with any config that the user has provided. + +>**Warning:** Even a small difference between the current EKS cluster and a user-provided config could have unexpected results. + +The minimum config fields required by Rancher to import EKS clusters with Terraform using `eks_config_v2` are as follows: + +- cloud_credential_id +- name +- region +- imported (this field should always be set to `true` for imported clusters) + +Example YAML configuration for imported EKS clusters: + +``` +resource "rancher2_cluster" "my-eks-to-import" { + name = "my-eks-to-import" + description = "Terraform EKS Cluster" + eks_config_v2 { + cloud_credential_id = rancher2_cloud_credential.aws.id + name = var.aws_eks_name + region = var.aws_region + imported = true + } +} +``` + # Management Capabilities for Registered Clusters The control that Rancher has to manage a registered cluster depends on the type of cluster. @@ -168,7 +200,7 @@ Authorized Cluster Endpoint (ACE) support has been added for registered RKE2 and > > - The following steps will work on both RKE2 and K3s clusters registered in v2.6.x as well as those registered (or imported) from a previous version of Rancher with an upgrade to v2.6.x. > -> - These steps will alter the configuration of the downstream RKE2 and K3s clusters and deploy the `kube-api-authn-webhook`. If a future implementation of ACE requires an update to the `kube-api-authn-webhook`, then this would also have to be done manually. For more information on this webhook, click [here]({{}}/rancher/v2.6/en/cluster-admin/cluster-access/ace/#about-the-kube-api-auth-authentication-webhook). +> - These steps will alter the configuration of the downstream RKE2 and K3s clusters and deploy the `kube-api-authn-webhook`. If a future implementation of the ACE requires an update to the `kube-api-authn-webhook`, then this would also have to be done manually. For more information on this webhook, click [here]({{}}/rancher/v2.6/en/cluster-admin/cluster-access/ace/#about-the-kube-api-auth-authentication-webhook). ###### **Manual steps to be taken on the control plane of each downstream cluster to enable ACE:** @@ -197,11 +229,15 @@ Authorized Cluster Endpoint (ACE) support has been added for registered RKE2 and kube-apiserver-arg: - authentication-token-webhook-config-file=/var/lib/rancher/{rke2,k3s}/kube-api-authn-webhook.yaml -1. Finally, run the following commands: +1. Run the following commands: sudo systemctl stop {rke2,k3s}-server sudo systemctl start {rke2,k3s}-server +1. Finally, you **must** go back to the Rancher UI and edit the imported cluster there to complete the ACE enablement. Click on **⋮ > Edit Config**, then click the **Networking** tab under Cluster Configuration. Finally, click the **Enabled** button for **Authorized Endpoint**. Once the ACE is enabled, you then have the option of entering a fully qualified domain name (FQDN) and certificate information. + + >**Note:** The FQDN field is optional, and if one is entered, it should point to the downstream cluster. Certificate information is only needed if there is a load balancer in front of the downstream cluster that is using an untrusted certificate. If you have a valid certificate, then nothing needs to be added to the CA Certificates field. + # Annotating Registered Clusters For all types of registered Kubernetes clusters except for K3s Kubernetes clusters, Rancher doesn't have any information about how the cluster is provisioned or configured. diff --git a/content/rancher/v2.6/en/cluster-provisioning/rke-clusters/_index.md b/content/rancher/v2.6/en/cluster-provisioning/rke-clusters/_index.md index 66fea5d3088..0b5c79028c5 100644 --- a/content/rancher/v2.6/en/cluster-provisioning/rke-clusters/_index.md +++ b/content/rancher/v2.6/en/cluster-provisioning/rke-clusters/_index.md @@ -54,3 +54,7 @@ In this scenario, you want to install Kubernetes on bare-metal servers, on-prem If you want to reuse a node from a previous custom cluster, [clean the node]({{}}/rancher/v2.6/en/cluster-admin/cleaning-cluster-nodes/) before using it in a cluster again. If you reuse a node that hasn't been cleaned, cluster provisioning may fail. For more information, refer to the section on [custom nodes.]({{}}/rancher/v2.6/en/cluster-provisioning/rke-clusters/custom-nodes/) + +# Programmatically Creating RKE Clusters + +The most common way to programmatically deploy RKE clusters through Rancher is by using the Rancher2 Terraform provider. The documentation for creating clusters with Terraform is [here.](https://registry.terraform.io/providers/rancher/rancher2/latest/docs/resources/cluster) diff --git a/content/rancher/v2.6/en/cluster-provisioning/rke-clusters/windows-clusters/_index.md b/content/rancher/v2.6/en/cluster-provisioning/rke-clusters/windows-clusters/_index.md index 0e4f17f8abc..ebd32e5397d 100644 --- a/content/rancher/v2.6/en/cluster-provisioning/rke-clusters/windows-clusters/_index.md +++ b/content/rancher/v2.6/en/cluster-provisioning/rke-clusters/windows-clusters/_index.md @@ -28,7 +28,7 @@ This guide covers the following topics: - [Configuration for Storage Classes in Azure](#configuration-for-storage-classes-in-azure) - # Changes in Rancher v2.6 +# Changes in Rancher v2.6 _Tech Preview_ @@ -43,6 +43,8 @@ The RKE2 provisioning tech preview also includes installing RKE2 on Windows clus Windows Support for RKE2 Custom Clusters requires choosing Calico as the CNI. +>**Important:** Rancher will allow Windows workload pods to deploy on both Windows and Linux worker nodes by default. When creating mixed clusters in RKE2, you must edit the `nodeSelector` in the chart to direct the pods to be placed onto a compatible Windows node. Refer to the [Kubernetes documentation](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector) for more information on how to use `nodeSelector` to assign pods to nodes. + # Requirements for Windows Clusters The general node requirements for networking, operating systems, and Docker are the same as the node requirements for a [Rancher installation]({{}}/rancher/v2.6/en/installation/requirements/). diff --git a/content/rancher/v2.6/en/cluster-provisioning/rke-clusters/windows-clusters/windows-parity/_index.md b/content/rancher/v2.6/en/cluster-provisioning/rke-clusters/windows-clusters/windows-parity/_index.md index 1a6e9f9f215..8264e28c28d 100644 --- a/content/rancher/v2.6/en/cluster-provisioning/rke-clusters/windows-clusters/windows-parity/_index.md +++ b/content/rancher/v2.6/en/cluster-provisioning/rke-clusters/windows-clusters/windows-parity/_index.md @@ -11,7 +11,7 @@ The following chart describes the feature parity between Windows and Linux on Ra --- | --- | --- **Distributions** | | RKE | Supported | Supported -RKE2 | Supported | Tenatively Planned For 2.6.x +RKE2 | Supported | In Preview in Rancher 2.6.0, General Availability Planned for Rancher 2.6.4 K3S | Supported | Not Supported EKS | Supported | Not Supported GKE | Supported | Not Supported @@ -38,7 +38,7 @@ Backup/Restore Operator | Supported | Not Supported **CNI / Add-ons** | | Flannel | Supported | Supported Canal | Supported | Not Supported -Calico | Supported | Tentatively Planned for 2.6.x +Calico | Supported | In Preview in Rancher 2.6.0, General Availability Planned for Rancher 2.6.4 Cilium | Supported | Not Supported Multus | Supported | Not Supported Traefik | Supported | Not Supported diff --git a/content/rancher/v2.6/en/faq/dockershim/_index.md b/content/rancher/v2.6/en/faq/dockershim/_index.md new file mode 100644 index 00000000000..a9f79c0bddd --- /dev/null +++ b/content/rancher/v2.6/en/faq/dockershim/_index.md @@ -0,0 +1,46 @@ +--- +title: Dockershim +weight: 300 +--- + +The Dockershim is the CRI compliant layer between the Kubelet and the Docker daemon. As part of the Kubernetes 1.20 release, the [deprecation of the in-tree Dockershim was announced](https://kubernetes.io/blog/2020/12/02/dont-panic-kubernetes-and-docker/). Removal is currently scheduled for Kubernetes 1.24. For more information on the deprecation and its timelines, see the [Kubernetes Dockershim Deprecation FAQ](https://kubernetes.io/blog/2020/12/02/dockershim-faq/#when-will-dockershim-be-removed). + +RKE clusters, starting with Kubernetes 1.21, now support the external Dockershim to continue leveraging Docker as the CRI runtime. We now implement the upstream open source community Dockershim announced by [Mirantis and Docker](https://www.mirantis.com/blog/mirantis-to-take-over-support-of-kubernetes-dockershim-2/) to ensure RKE clusters can continue to leverage Docker. + +To enable the external Dockershim, configure the following option. + +``` +enable_cri_dockerd: true +``` + +For users looking to use another container runtime, Rancher has the edge-focused K3s and datacenter-focused RKE2 Kubernetes distributions that use containerd as the default runtime. Imported RKE2 and K3s Kubernetes clusters can then be upgraded and managed through Rancher even after the removal of in-tree Dockershim in Kubernetes 1.24. + +### FAQ + +
+ +Q. Do I have to upgrade Rancher to get Rancher’s support of the upstream Dockershim? + +The upstream support of Dockershim begins for RKE in Kubernetes 1.21. You will need to be on Rancher 2.6 or above to have support for RKE with Kubernetes 1.21. See our [support matrix](https://rancher.com/support-maintenance-terms/all-supported-versions/rancher-v2.6.0/) for details. + +
+ +Q. I am currently on RKE with Kubernetes 1.20. Do I need to upgrade to RKE with Kubernetes 1.21 sooner to avoid being out of support for Dockershim? + +A. The version of Dockershim in RKE with Kubernetes 1.20 will continue to work and is not scheduled for removal upstream until Kubernetes 1.24. It will only emit a warning of its future deprecation, which Rancher has mitigated in RKE with Kubernetes 1.21. You can plan your upgrade to Kubernetes 1.21 as you would normally, but should consider enabling the external Dockershim by Kubernetes 1.22. The external Dockershim will need to be enabled before upgrading to Kubernetes 1.24, at which point the existing implementation will be removed. + +For more information on the deprecation and its timeline, see the [Kubernetes Dockershim Deprecation FAQ](https://kubernetes.io/blog/2020/12/02/dockershim-faq/#when-will-dockershim-be-removed). + +
+ +Q: What are my other options if I don’t want to depend on the Dockershim? + +A: You can use a runtime like containerd with Kubernetes that does not require Dockershim support. RKE2 or K3s are two options for doing this. + +
+ +Q: If I am already using RKE1 and want to switch to RKE2, what are my migration options? + +A: Rancher is exploring the possibility of an in-place upgrade path. Alternatively you can always migrate workloads from one cluster to another using kubectl. + +
diff --git a/content/rancher/v2.6/en/faq/networking/cni-providers/_index.md b/content/rancher/v2.6/en/faq/networking/cni-providers/_index.md index 189c4d95a9b..cb8fdb4b278 100644 --- a/content/rancher/v2.6/en/faq/networking/cni-providers/_index.md +++ b/content/rancher/v2.6/en/faq/networking/cni-providers/_index.md @@ -58,7 +58,7 @@ Canal is a CNI network provider that gives you the best of Flannel and Calico. I In Rancher, Canal is the default CNI network provider combined with Flannel and VXLAN encapsulation. -Kubernetes workers should open UDP port `8472` (VXLAN) and TCP port `9099` (healthcheck). For details, refer to [the port requirements for user clusters.]({{}}/rancher/v2.6/en/cluster-provisioning/node-requirements/) +Kubernetes workers should open UDP port `8472` (VXLAN) and TCP port `9099` (health checks). If using Wireguard, you should open UDP ports `51820` and `51821`. For more details, refer to [the port requirements for user clusters]({{}}/rancher/v2.6/en/cluster-provisioning/node-requirements/). {{< img "/img/rancher/canal-diagram.png" "Canal Diagram">}} @@ -75,7 +75,7 @@ Encapsulated traffic is unencrypted by default. Flannel provides two solutions f * [IPSec](https://github.com/flannel-io/flannel/blob/master/Documentation/backends.md#ipsec), which makes use of [strongSwan](https://www.strongswan.org/) to establish encrypted IPSec tunnels between Kubernetes workers. It is an experimental backend for encryption. * [WireGuard](https://github.com/flannel-io/flannel/blob/master/Documentation/backends.md#wireguard), which is a more faster-performing alternative to strongSwan. -Kubernetes workers should open UDP port `8472` (VXLAN) and TCP port `9099` (healthcheck). See [the port requirements for user clusters]({{}}/rancher/v2.6/en/cluster-provisioning/node-requirements/#networking-requirements) for more details. +Kubernetes workers should open UDP port `8472` (VXLAN). See [the port requirements for user clusters]({{}}/rancher/v2.6/en/cluster-provisioning/node-requirements/#networking-requirements) for more details. ![Flannel Diagram]({{}}/img/rancher/flannel-diagram.png) @@ -107,7 +107,7 @@ Calico enables networking and network policy in Kubernetes clusters across the c Calico also provides a stateless IP-in-IP or VXLAN encapsulation mode that can be used, if necessary. Calico also offers policy isolation, allowing you to secure and govern your Kubernetes workloads using advanced ingress and egress policies. -Kubernetes workers should open TCP port `179` (BGP). See [the port requirements for user clusters]({{}}/rancher/v2.6/en/cluster-provisioning/node-requirements/#networking-requirements) for more details. +Kubernetes workers should open TCP port `179` if using BGP or UDP port `4789` if using VXLAN encapsulation. In addition, TCP port `5473` is needed when using Typha. See [the port requirements for user clusters]({{}}/rancher/v2.6/en/cluster-provisioning/node-requirements/#networking-requirements) for more details. ![Calico Diagram]({{}}/img/rancher/calico-diagram.svg) @@ -122,7 +122,26 @@ For more information, see the following pages: Cilium enables networking and network policies (L3, L4, and L7) in Kubernetes. By default, Cilium uses eBPF technologies to route packets inside the node and VXLAN to send packets to other nodes. Unencapsulated techniques can also be configured. -Cilium recommends kernel versions greater than 5.2 to be able to leverage the full potential of eBPF. Kubernetes workers should open TCP port `8472` for VXLAN and TCP port `4140` for health checks. In addition, ICMP 8/0 must be enabled for health checks. For more information, check [Cilium System Requirements](https://docs.cilium.io/en/latest/operations/system_requirements/#firewall-requirements). +Cilium recommends kernel versions greater than 5.2 to be able to leverage the full potential of eBPF. Kubernetes workers should open TCP port `8472` for VXLAN and TCP port `4240` for health checks. In addition, ICMP 8/0 must be enabled for health checks. For more information, check [Cilium System Requirements](https://docs.cilium.io/en/latest/operations/system_requirements/#firewall-requirements). + +##### Ingress Routing Across Nodes in Cilium +
+By default, Cilium does not allow pods to contact pods on other nodes. To work around this, enable the ingress controller to route requests across nodes with a `CiliumNetworkPolicy`. + +After selecting the Cilium CNI and enabling Project Network Isolation for your new cluster, configure as follows: + +``` +apiVersion: cilium.io/v2 +kind: CiliumNetworkPolicy +metadata: + name: hn-nodes + namespace: default +spec: + endpointSelector: {} + ingress: + - fromEntities: + - remote-node +``` ## CNI Features by Provider diff --git a/content/rancher/v2.6/en/installation/install-rancher-on-k8s/_index.md b/content/rancher/v2.6/en/installation/install-rancher-on-k8s/_index.md index 5f9e50cc198..5d27916781c 100644 --- a/content/rancher/v2.6/en/installation/install-rancher-on-k8s/_index.md +++ b/content/rancher/v2.6/en/installation/install-rancher-on-k8s/_index.md @@ -181,7 +181,7 @@ deployment "rancher" successfully rolled out This option uses `cert-manager` to automatically request and renew [Let's Encrypt](https://letsencrypt.org/) certificates. This is a free service that provides you with a valid certificate as Let's Encrypt is a trusted CA. ->**Note:**: You need to have port 80 open as the HTTP-01 challenge can only be done on port 80. +>**Note:** You need to have port 80 open as the HTTP-01 challenge can only be done on port 80. In the following command, @@ -189,6 +189,7 @@ In the following command, - Set the `bootstrapPassword` to something unique for the `admin` user. - `ingress.tls.source` is set to `letsEncrypt` - `letsEncrypt.email` is set to the email address used for communication about your certificate (for example, expiry notices) +- Set `letsEncrypt.ingress.class` to whatever your ingress controller is, e.g., `traefik`, `nginx`, `haproxy`, etc. - If you are installing an alpha version, Helm requires adding the `--devel` option to the command. ``` @@ -197,7 +198,8 @@ helm install rancher rancher-/rancher \ --set hostname=rancher.my.org \ --set bootstrapPassword=admin \ --set ingress.tls.source=letsEncrypt \ - --set letsEncrypt.email=me@example.org + --set letsEncrypt.email=me@example.org \ + --set letsEncrypt.ingress.class=nginx ``` Wait for Rancher to be rolled out: diff --git a/content/rancher/v2.6/en/installation/install-rancher-on-k8s/chart-options/_index.md b/content/rancher/v2.6/en/installation/install-rancher-on-k8s/chart-options/_index.md index 9ce31bc66f9..4436fcfe473 100644 --- a/content/rancher/v2.6/en/installation/install-rancher-on-k8s/chart-options/_index.md +++ b/content/rancher/v2.6/en/installation/install-rancher-on-k8s/chart-options/_index.md @@ -137,7 +137,7 @@ To customize or use a different ingress with Rancher server you can set your own Example on setting a custom certificate issuer: ```plain ---set ingress.extraAnnotations.'certmanager\.k8s\.io/cluster-issuer'=ca-key-pair +--set ingress.extraAnnotations.'cert-manager\.io/cluster-issuer'=issuer-name ``` Example on setting a static proxy header with `ingress.configurationSnippet`. This value is parsed like a template so variables can be used. diff --git a/content/rancher/v2.6/en/installation/install-rancher-on-k8s/upgrades/_index.md b/content/rancher/v2.6/en/installation/install-rancher-on-k8s/upgrades/_index.md index 562a1d8223b..5c25a7f24b8 100644 --- a/content/rancher/v2.6/en/installation/install-rancher-on-k8s/upgrades/_index.md +++ b/content/rancher/v2.6/en/installation/install-rancher-on-k8s/upgrades/_index.md @@ -148,7 +148,7 @@ helm upgrade rancher rancher-/rancher \ ### Option B: Reinstalling Rancher and cert-manager -If you are currently running the cert-manger whose version is older than v0.11, and want to upgrade both Rancher and cert-manager to a newer version, then you need to reinstall both Rancher and cert-manger due to the API change in cert-manger v0.11. +If you are currently running the cert-manager whose version is older than v0.11, and want to upgrade both Rancher and cert-manager to a newer version, then you need to reinstall both Rancher and cert-manager due to the API change in cert-manager v0.11. 1. Uninstall Rancher diff --git a/content/rancher/v2.6/en/installation/requirements/_index.md b/content/rancher/v2.6/en/installation/requirements/_index.md index 0fd9eaa5669..3c089d6023c 100644 --- a/content/rancher/v2.6/en/installation/requirements/_index.md +++ b/content/rancher/v2.6/en/installation/requirements/_index.md @@ -180,12 +180,4 @@ To operate properly, Rancher requires a number of ports to be open on Rancher no # Dockershim Support -In Kubernetes v1.20, the dockershim became deprecated, and Docker became deprecated as a container runtime for Kubernetes. Dockershim was built into Kubernetes as a type of adapter that allowed Kubernetes to manage Docker containers. It was necessary because the Docker Daemon was not compliant with the CRI (Container Runtime Interface) that was created for Kubernetes. The dockershim is still included in the kubelet in Kubernetes v1.20. - -Rancher plans to implement the [upstream open source community Dockershim announced by Mirantis and Docker](https://www.mirantis.com/blog/mirantis-to-take-over-support-of-kubernetes-dockershim-2/) to ensure RKE clusters can continue to leverage Docker as their container runtime. Users of RKE will be able to continue upgrading and building new RKE clusters leveraging Docker as the runtime and install method. - -For users looking to use another container runtime, Rancher has the edge-focused K3s and datacenter-focused RKE2 Kubernetes distributions that use containerd as the default runtime. Imported RKE2 and K3s Kubernetes clusters can then be upgraded and managed through Rancher going forward. - -For more information on the deprecation of Docker as a container runtime for Kubernetes, see the [official Kubernetes blog post](https://kubernetes.io/blog/2020/12/02/dont-panic-kubernetes-and-docker/) and the [official blog post from Mirantis.](https://www.mirantis.com/blog/mirantis-to-take-over-support-of-kubernetes-dockershim-2/) - -The dockershim deprecation schedule is tracked by the upstream Kubernetes community in [Kubernetes Enhancement Proposal (KEP) 1985.](https://github.com/kubernetes/enhancements/tree/master/keps/sig-node/1985-remove-dockershim) \ No newline at end of file +For more information on Dockershim support, refer to [this page]({{}}/rancher/v2.6/en/installation/requirements/dockershim/). diff --git a/content/rancher/v2.6/en/installation/requirements/dockershim/_index.md b/content/rancher/v2.6/en/installation/requirements/dockershim/_index.md new file mode 100644 index 00000000000..e4c3490c4b2 --- /dev/null +++ b/content/rancher/v2.6/en/installation/requirements/dockershim/_index.md @@ -0,0 +1,44 @@ +--- +title: Dockershim +weight: 300 +--- + +The Dockershim is the CRI compliant layer between the Kubelet and the Docker daemon. As part of the Kubernetes 1.20 release, the [deprecation of the in-tree Dockershim was announced](https://kubernetes.io/blog/2020/12/02/dont-panic-kubernetes-and-docker/). For more information on the deprecation and its timelines, see the [Kubernetes Dockershim Deprecation FAQ](https://kubernetes.io/blog/2020/12/02/dockershim-faq/#when-will-dockershim-be-removed). + +RKE clusters now support the external Dockershim to continue leveraging Docker as the CRI runtime. We now implement the upstream open source community external Dockershim announced by [Mirantis and Docker](https://www.mirantis.com/blog/mirantis-to-take-over-support-of-kubernetes-dockershim-2/) to ensure RKE clusters can continue to leverage Docker. + +To enable the external Dockershim, configure the following option. + +``` +enable_cri_dockerd: true +``` + +For users looking to use another container runtime, Rancher has the edge-focused K3s and datacenter-focused RKE2 Kubernetes distributions that use containerd as the default runtime. Imported RKE2 and K3s Kubernetes clusters can then be upgraded and managed through Rancher going forward. + +### FAQ + +
+ +Q. Do I have to upgrade Rancher to get Rancher’s support of the upstream Dockershim? + +A The upstream support of Dockershim begins for RKE in Kubernetes 1.21. You will need to be on a version of Rancher that supports RKE 1.21. See our support matrix for details. + +
+ +Q. I am currently on RKE with Kubernetes 1.20. Do I need to upgrade to RKE with Kubernetes 1.21 sooner to avoid being out of support for Dockershim? + +A. The version of Dockershim in RKE with Kubernetes 1.20 will continue to work and it is not deprecated until a later release. For information on the timeline, see the [Kubernetes Dockershim Deprecation FAQ](https://kubernetes.io/blog/2020/12/02/dockershim-faq/#when-will-dockershim-be-removed). It will only emit a warning of its future deprecation, which Rancher has mitigated in RKE with Kubernetes 1.21. You can plan your upgrade to 1.21 as you would normally. + +
+ +Q: What are my other options if I don’t want to depend on the Dockershim? + +A: You can use a runtime like containerd with Kubernetes that does not require Dockershim support. RKE2 or K3s are two options for doing this. + +
+ +Q: If I am already using RKE1 and want to switch to RKE2, what are my migration options? + +A: Today, you can stand up a new cluster and migrate workloads to a new RKE2 cluster that uses containerd. Rancher is exploring the possibility of an in-place upgrade path. + +
diff --git a/content/rancher/v2.6/en/installation/requirements/installing-docker/_index.md b/content/rancher/v2.6/en/installation/requirements/installing-docker/_index.md index 02a005d245f..8b16d157505 100644 --- a/content/rancher/v2.6/en/installation/requirements/installing-docker/_index.md +++ b/content/rancher/v2.6/en/installation/requirements/installing-docker/_index.md @@ -3,7 +3,7 @@ title: Installing Docker weight: 1 --- -For Helm CLI installs, Docker is required to be installed on any node that runs the Rancher server. +Docker is required to be installed on nodes where the Rancher server will be installed with Helm or Docker. There are a couple of options for installing Docker. One option is to refer to the [official Docker documentation](https://docs.docker.com/install/) about how to install Docker on Linux. The steps will vary based on the Linux distribution. diff --git a/content/rancher/v2.6/en/installation/requirements/ports/_index.md b/content/rancher/v2.6/en/installation/requirements/ports/_index.md index 9e724310864..a9eaaf1bd81 100644 --- a/content/rancher/v2.6/en/installation/requirements/ports/_index.md +++ b/content/rancher/v2.6/en/installation/requirements/ports/_index.md @@ -88,6 +88,7 @@ The following tables break down the port requirements for traffic between the Ra | TCP | 2379 | etcd client requests | | TCP | 2380 | etcd peer communication | | TCP | 6443 | Kubernetes apiserver | +| TCP | 8443 | Nginx Ingress's Validating Webhook | | UDP | 8472 | Canal/Flannel VXLAN overlay networking | | TCP | 9099 | Canal/Flannel livenessProbe/readinessProbe | | TCP | 10250 | Metrics server communication with all nodes | diff --git a/content/rancher/v2.6/en/installation/resources/feature-flags/_index.md b/content/rancher/v2.6/en/installation/resources/feature-flags/_index.md index a3fac147dad..a1f92902d3d 100644 --- a/content/rancher/v2.6/en/installation/resources/feature-flags/_index.md +++ b/content/rancher/v2.6/en/installation/resources/feature-flags/_index.md @@ -26,12 +26,12 @@ For example, if you install Rancher, then set a feature flag to true with the Ra The following is a list of the feature flags available in Rancher: - `harvester`: This feature flag is available starting in v2.6.1. It is used to manage access to the Virtualization Management page where users can navigate directly to Harvester clusters and access the Harvester UI. For more information, see [this page]({{}}/rancher/v2.6/en/virtualization-admin/#feature-flag/). -- `rke2`: We have introduced the ability to provision RKE2 clusters as tech preview. By default, this feature flag is enabled, which allows users to attempt to provision these type of clusters. +- `rke2`: We have introduced the ability to provision RKE2 clusters as tech preview. By default, this feature flag is enabled, which allows users to attempt to provision these type of clusters. - `fleet`: The previous `fleet` feature flag is now required to be enabled as the Fleet capabilities are leveraged within the new provisioning framework. If you had this feature flag disabled in earlier versions, upon upgrading to Rancher v2.6, the flag will automatically be enabled. See this [page]({{}}/rancher/v2.6/en/deploy-across-clusters/fleet) for more information. - `continuous-delivery`: In Rancher v2.5.x, Fleet came with a GitOps feature that could not be disabled separately from Fleet. In Rancher v2.6, the `continuous-delivery` feature flag was introduced to allow the GitOps feature of Fleet to be disabled. For more information, see [this page.](./continuous-delivery). - `legacy`: There are a set of features from previous versions that are slowly being phased out of Rancher for newer iterations of the feature. This is a mix of deprecated features as well as features that will eventually be moved to newer variations in Rancher. By default, this feature flag is disabled for new installations. If you are upgrading from a previous version, this feature flag would be enabled. - `token-hashing`: Used to enable new token-hashing feature. Once enabled, existing tokens will be hashed and all new tokens will be hashed automatically using the SHA256 algorithm. Once a token is hashed it cannot be undone. Once this feature flag is enabled, it cannot be disabled. See [hashing of tokens]({{}}/rancher/v2.6/en/api/api-tokens) for more information. -- `unsupported-storage-drivers`: This feature [allows unsupported storage drivers.]({{}}/rancher/v2.6/en/installation/resources/feature-flags/enable-not-default-storage-drivers). In other words, it enables types for storage providers and provisioners that are not enabled by default. +- `unsupported-storage-drivers`: This feature [allows unsupported storage drivers.]({{}}/rancher/v2.6/en/installation/resources/feature-flags/enable-not-default-storage-drivers). In other words, it enables types for storage providers and provisioners that are not enabled by default. - `istio-virtual-service-ui`: This feature enables a [UI to create, read, update, and delete Istio virtual services and destination rules,]({{}}/rancher/v2.6/en/installation/resources/feature-flags/istio-virtual-service-ui) which are traffic management features of Istio. - `multi-cluster-management`: Used for multi-cluster provisioning and management of Kubernetes clusters. This feature flag can only be set at install time and not changed afterwards. @@ -61,7 +61,7 @@ When you install Rancher, enable the feature you want with a feature flag. The c > **Note:** Values set from the Rancher API will override the value passed in through the command line. -When installing Rancher with a Helm chart, use the `--features` option. In the below example, two features are enabled by passing the feature flag names names in a comma separated list: +When installing Rancher with a Helm chart, use the `--set` option. In the below example, two features are enabled by passing the feature flag names in a comma separated list: ``` helm install rancher rancher-latest/rancher \ @@ -102,7 +102,7 @@ When installing Rancher with Docker, use the `--features` option. In the below e docker run -d -p 80:80 -p 443:443 \ --restart=unless-stopped \ rancher/rancher:rancher-latest \ - --features==true,=true + --features==true,=true ``` diff --git a/content/rancher/v2.6/en/installation/resources/installing-docker/_index.md b/content/rancher/v2.6/en/installation/resources/installing-docker/_index.md deleted file mode 100644 index 69be5eb6baa..00000000000 --- a/content/rancher/v2.6/en/installation/resources/installing-docker/_index.md +++ /dev/null @@ -1,18 +0,0 @@ ---- -title: Installing Docker -weight: 1 ---- - -Docker is required to be installed on nodes where the Rancher server will be installed with Helm or Docker. - -There are a couple of options for installing Docker. One option is to refer to the [official Docker documentation](https://docs.docker.com/install/) about how to install Docker on Linux. The steps will vary based on the Linux distribution. - -Another option is to use one of Rancher's Docker installation scripts, which are available for most recent versions of Docker. - -For example, this command could be used to install Docker 19.03 on Ubuntu: - -``` -curl https://releases.rancher.com/install-docker/19.03.sh | sh -``` - -Rancher has installation scripts for every version of upstream Docker that Kubernetes supports. To find out whether a script is available for installing a certain Docker version, refer to this [GitHub repository,](https://github.com/rancher/install-docker) which contains all of Rancher's Docker installation scripts. \ No newline at end of file diff --git a/content/rancher/v2.6/en/installation/resources/k8s-tutorials/ha-RKE/_index.md b/content/rancher/v2.6/en/installation/resources/k8s-tutorials/ha-RKE/_index.md index 65ab4409c3d..ce46ab810c0 100644 --- a/content/rancher/v2.6/en/installation/resources/k8s-tutorials/ha-RKE/_index.md +++ b/content/rancher/v2.6/en/installation/resources/k8s-tutorials/ha-RKE/_index.md @@ -80,6 +80,8 @@ ingress: > Please see the [RKE Documentation]({{}}/rke/latest/en/config-options/) for the full list of options and capabilities. > > For tuning your etcd cluster for larger Rancher installations, see the [etcd settings guide]({{}}/rancher/v2.6/en/installation/resources/advanced/etcd/). +> +> For more information regarding Dockershim support, refer to [this page]({{}}/rancher/v2.6/en/installation/requirements/dockershim/) ### 2. Run RKE diff --git a/content/rancher/v2.6/en/installation/resources/upgrading-cert-manager/_index.md b/content/rancher/v2.6/en/installation/resources/upgrading-cert-manager/_index.md index da62f1e9deb..3879ab15d1f 100644 --- a/content/rancher/v2.6/en/installation/resources/upgrading-cert-manager/_index.md +++ b/content/rancher/v2.6/en/installation/resources/upgrading-cert-manager/_index.md @@ -15,7 +15,7 @@ To address these changes, this guide will do two things: 1. Explain the cert-manager API changes and link to cert-manager's official documentation for migrating your data > **Important:** -> If you are currently running the cert-manger whose version is older than v0.11, and want to upgrade both Rancher and cert-manager to a newer version, you need to reinstall both of them: +> If you are currently running the cert-manager whose version is older than v0.11, and want to upgrade both Rancher and cert-manager to a newer version, you need to reinstall both of them: > 1. Take a one-time snapshot of your Kubernetes cluster running Rancher server > 2. Uninstall Rancher, cert-manager, and the CustomResourceDefinition for cert-manager diff --git a/content/rancher/v2.6/en/overview/_index.md b/content/rancher/v2.6/en/overview/_index.md index 69002e77d81..22d719374d7 100644 --- a/content/rancher/v2.6/en/overview/_index.md +++ b/content/rancher/v2.6/en/overview/_index.md @@ -38,7 +38,7 @@ The Rancher API server is built on top of an embedded Kubernetes API server and - **Provisioning Kubernetes clusters:** The Rancher API server can [provision Kubernetes]({{}}/rancher/v2.6/en/cluster-provisioning/) on existing nodes, or perform [Kubernetes upgrades.]({{}}/rancher/v2.6/en/cluster-admin/upgrading-kubernetes) - **Catalog management:** Rancher provides the ability to use a [catalog of Helm charts]({{}}/rancher/v2.6/en/helm-charts/) that make it easy to repeatedly deploy applications. -- **Managing projects:** A project is a group of multiple namespaces and access control policies within a cluster. A project is a Rancher concept, not a Kubernetes concept, which allows you manage multiple namespaces as a group and perform Kubernetes operations in them. The Rancher UI provides features for [project administration]({{}}/rancher/v2.6/en/project-admin/) and for [managing applications within projects.]({{}}/rancher/v2.6/en/k8s-in-rancher/) +- **Managing projects:** A project is a group of multiple namespaces and access control policies within a cluster. A project is a Rancher concept, not a Kubernetes concept, which allows you to manage multiple namespaces as a group and perform Kubernetes operations in them. The Rancher UI provides features for [project administration]({{}}/rancher/v2.6/en/project-admin/) and for [managing applications within projects.]({{}}/rancher/v2.6/en/k8s-in-rancher/) - **Pipelines:** Setting up a [pipeline]({{}}/rancher/v2.6/en/project-admin/pipelines/) can help developers deliver new software as quickly and efficiently as possible. Within Rancher, you can configure pipelines for each of your Rancher projects. - **Istio:** Our [integration with Istio]({{}}/rancher/v2.6/en/istio/) is designed so that a Rancher operator, such as an administrator or cluster owner, can deliver Istio to developers. Then developers can use Istio to enforce security policies, troubleshoot problems, or manage traffic for green/blue deployments, canary deployments, or A/B testing. diff --git a/content/rancher/v2.6/en/overview/architecture-recommendations/_index.md b/content/rancher/v2.6/en/overview/architecture-recommendations/_index.md index 179346f74aa..112388c36c9 100644 --- a/content/rancher/v2.6/en/overview/architecture-recommendations/_index.md +++ b/content/rancher/v2.6/en/overview/architecture-recommendations/_index.md @@ -110,4 +110,4 @@ If you are using an [authorized cluster endpoint (ACE),]({{}}/rancher/v If you are using private CA signed certificates on the load balancer, you have to supply the CA certificate, which will be included in the generated kubeconfig file to validate the certificate chain. See the documentation on [kubeconfig files]({{}}/rancher/v2.6/en/cluster-admin/cluster-access/kubectl/) and [API keys]({{}}/rancher/v2.6/en/user-settings/api-keys/#creating-an-api-key) for more information. -As of Rancher v2.6.3, ACE support is available for registered RKE2 and K3s clusters. To view the manual steps to perform on the downstream cluster to enable the ACE, click [here]({{}}/v2.6/en/cluster-provisioning/registered-clusters/#authorized-cluster-endpoint-support-for-rke2-and-k3s-clusters). +As of Rancher v2.6.3, ACE support is available for registered RKE2 and K3s clusters. To view the manual steps to perform on the downstream cluster to enable the ACE, click [here]({{}}/rancher/v2.6/en/cluster-provisioning/registered-clusters/#authorized-cluster-endpoint-support-for-rke2-and-k3s-clusters). diff --git a/content/rancher/v2.6/en/overview/architecture/_index.md b/content/rancher/v2.6/en/overview/architecture/_index.md index a42fe9a2015..a6c09157de9 100644 --- a/content/rancher/v2.6/en/overview/architecture/_index.md +++ b/content/rancher/v2.6/en/overview/architecture/_index.md @@ -109,7 +109,7 @@ An authorized cluster endpoint allows users to connect to the Kubernetes API ser > The authorized cluster endpoint only works on Rancher-launched Kubernetes clusters. In other words, it only works in clusters where Rancher [used RKE]({{}}/rancher/v2.6/en/cluster-provisioning/rke-clusters) to provision the cluster. The ACE is not available for clusters in a hosted Kubernetes provider, such as Amazon's EKS. -> The [ACE is available for registered RKE2 and K3s clusters]({{}}/v2.6/en/cluster-provisioning/registered-clusters/#authorized-cluster-endpoint-support-for-rke2-and-k3s-clusters) as of Rancher v2.6.3. +> The [ACE is available for registered RKE2 and K3s clusters]({{}}/rancher/v2.6/en/cluster-provisioning/registered-clusters/#authorized-cluster-endpoint-support-for-rke2-and-k3s-clusters) as of Rancher v2.6.3. There are two main reasons why a user might need the authorized cluster endpoint: diff --git a/content/rancher/v2.6/en/quick-start-guide/deployment/_index.md b/content/rancher/v2.6/en/quick-start-guide/deployment/_index.md index b3169225fe4..fa4236b3a6f 100644 --- a/content/rancher/v2.6/en/quick-start-guide/deployment/_index.md +++ b/content/rancher/v2.6/en/quick-start-guide/deployment/_index.md @@ -5,12 +5,14 @@ weight: 100 Use one of the following guides to deploy and provision Rancher and a Kubernetes cluster in the provider of your choice. -- [DigitalOcean](./digital-ocean-qs) (uses Terraform) - [AWS](./amazon-aws-qs) (uses Terraform) +- [AWS Marketplace](./amazon-aws-marketplace-qs) (uses Amazon EKS) - [Azure](./microsoft-azure-qs) (uses Terraform) +- [DigitalOcean](./digital-ocean-qs) (uses Terraform) - [GCP](./google-gcp-qs) (uses Terraform) - [Hetzner Cloud](./hetzner-cloud-qs) (uses Terraform) - [Vagrant](./quickstart-vagrant) +- [Equinix Metal](./equinix-metal-qs) If you prefer, the following guide will take you through the same process in individual steps. Use this if you want to run Rancher in a different provider, on prem, or if you would just like to see how easy it is. diff --git a/content/rancher/v2.6/en/quick-start-guide/deployment/amazon-aws-marketplace-qs/_index.md b/content/rancher/v2.6/en/quick-start-guide/deployment/amazon-aws-marketplace-qs/_index.md new file mode 100644 index 00000000000..bac47239b49 --- /dev/null +++ b/content/rancher/v2.6/en/quick-start-guide/deployment/amazon-aws-marketplace-qs/_index.md @@ -0,0 +1,7 @@ +--- +title: Rancher AWS Marketplace Quick Start +description: Use Amazon EKS to deploy Rancher server. +weight: 110 +--- + +There is now an additional way for you to deploy the Rancher server in AWS by using Amazon EKS. To learn more, see our [Amazon Marketplace listing](https://aws.amazon.com/marketplace/pp/prodview-2yzbnvagmi4as). \ No newline at end of file diff --git a/content/rancher/v2.6/en/quick-start-guide/deployment/amazon-aws-qs/_index.md b/content/rancher/v2.6/en/quick-start-guide/deployment/amazon-aws-qs/_index.md index faa98f548a5..619dd062518 100644 --- a/content/rancher/v2.6/en/quick-start-guide/deployment/amazon-aws-qs/_index.md +++ b/content/rancher/v2.6/en/quick-start-guide/deployment/amazon-aws-qs/_index.md @@ -53,11 +53,11 @@ Suggestions include: 8. Paste the `rancher_server_url` from the output above into the browser. Log in when prompted (default username is `admin`, use the password set in `rancher_server_admin_password`). 9. ssh to the Rancher Server using the `id_rsa` key generated in `quickstart/aws`. -#### Result +##### Result Two Kubernetes clusters are deployed into your AWS account, one running Rancher Server and the other ready for experimentation deployments. Please note that while this setup is a great way to explore Rancher functionality, a production setup should follow our high availability setup guidelines. SSH keys for the VMs are auto-generated and stored in the module directory. -### What's Next? +## What's Next? Use Rancher to create a deployment. For more information, see [Creating Deployments]({{}}/rancher/v2.6/en/quick-start-guide/workload). diff --git a/content/rancher/v2.6/en/quick-start-guide/deployment/digital-ocean-qs/_index.md b/content/rancher/v2.6/en/quick-start-guide/deployment/digital-ocean-qs/_index.md index 1fa897d157f..1ecafe31489 100644 --- a/content/rancher/v2.6/en/quick-start-guide/deployment/digital-ocean-qs/_index.md +++ b/content/rancher/v2.6/en/quick-start-guide/deployment/digital-ocean-qs/_index.md @@ -1,7 +1,7 @@ --- title: Rancher DigitalOcean Quick Start Guide description: Read this step by step Rancher DigitalOcean guide to quickly deploy a Rancher server with a single-node downstream Kubernetes cluster attached. -weight: 100 +weight: 120 --- The following steps will quickly deploy a Rancher server on DigitalOcean in a single-node K3s Kubernetes cluster, with a single-node downstream Kubernetes cluster attached. diff --git a/content/rancher/v2.6/en/quick-start-guide/deployment/equinix-metal-qs/_index.md b/content/rancher/v2.6/en/quick-start-guide/deployment/equinix-metal-qs/_index.md index 0daf725fdbc..3961de9af9b 100644 --- a/content/rancher/v2.6/en/quick-start-guide/deployment/equinix-metal-qs/_index.md +++ b/content/rancher/v2.6/en/quick-start-guide/deployment/equinix-metal-qs/_index.md @@ -1,6 +1,6 @@ --- title: Rancher Equinix Metal Quick Start -weight: 300 +weight: 250 --- ## This tutorial walks you through the following: diff --git a/content/rancher/v2.6/en/quick-start-guide/deployment/google-gcp-qs/_index.md b/content/rancher/v2.6/en/quick-start-guide/deployment/google-gcp-qs/_index.md index 7cbd4667640..cc459c5c5ad 100644 --- a/content/rancher/v2.6/en/quick-start-guide/deployment/google-gcp-qs/_index.md +++ b/content/rancher/v2.6/en/quick-start-guide/deployment/google-gcp-qs/_index.md @@ -1,7 +1,7 @@ --- title: Rancher GCP Quick Start Guide description: Read this step by step Rancher GCP guide to quickly deploy a Rancher server with a single-node downstream Kubernetes cluster attached. -weight: 100 +weight: 130 --- The following steps will quickly deploy a Rancher server on GCP in a single-node K3s Kubernetes cluster, with a single-node downstream Kubernetes cluster attached. diff --git a/content/rancher/v2.6/en/quick-start-guide/deployment/hetzner-cloud-qs/_index.md b/content/rancher/v2.6/en/quick-start-guide/deployment/hetzner-cloud-qs/_index.md index 1e37d2d23f2..1d388888722 100644 --- a/content/rancher/v2.6/en/quick-start-guide/deployment/hetzner-cloud-qs/_index.md +++ b/content/rancher/v2.6/en/quick-start-guide/deployment/hetzner-cloud-qs/_index.md @@ -1,7 +1,7 @@ --- title: Rancher Hetzner Cloud Quick Start Guide description: Read this step by step Rancher Hetzner Cloud guide to quickly deploy a Rancher server with a single-node downstream Kubernetes cluster attached. -weight: 100 +weight: 140 --- The following steps will quickly deploy a Rancher server on Hetzner Cloud in a single-node K3s Kubernetes cluster, with a single-node downstream Kubernetes cluster attached. diff --git a/content/rancher/v2.6/en/quick-start-guide/deployment/microsoft-azure-qs/_index.md b/content/rancher/v2.6/en/quick-start-guide/deployment/microsoft-azure-qs/_index.md index a0033fe5ca5..f774350cbad 100644 --- a/content/rancher/v2.6/en/quick-start-guide/deployment/microsoft-azure-qs/_index.md +++ b/content/rancher/v2.6/en/quick-start-guide/deployment/microsoft-azure-qs/_index.md @@ -1,7 +1,7 @@ --- title: Rancher Azure Quick Start Guide description: Read this step by step Rancher Azure guide to quickly deploy a Rancher server with a single-node downstream Kubernetes cluster attached. -weight: 100 +weight: 115 --- The following steps will quickly deploy a Rancher server on Azure in a single-node K3s Kubernetes cluster, with a single-node downstream Kubernetes cluster attached. diff --git a/content/rancher/v2.6/en/quick-start-guide/deployment/quickstart-vagrant/_index.md b/content/rancher/v2.6/en/quick-start-guide/deployment/quickstart-vagrant/_index.md index 0eb0d0ef169..86736685e48 100644 --- a/content/rancher/v2.6/en/quick-start-guide/deployment/quickstart-vagrant/_index.md +++ b/content/rancher/v2.6/en/quick-start-guide/deployment/quickstart-vagrant/_index.md @@ -30,7 +30,7 @@ The following steps quickly deploy a Rancher Server with a single node cluster a 4. To initiate the creation of the environment run, `vagrant up --provider=virtualbox`. -5. Once provisioning finishes, go to `https://192.168.56.101` in the browser. The default user/password is `admin/admin`. +5. Once provisioning finishes, go to `https://192.168.56.101` in the browser. The default user/password is `admin/adminPassword`. **Result:** Rancher Server and your Kubernetes cluster is installed on VirtualBox. diff --git a/content/rke/latest/en/config-options/add-ons/_index.md b/content/rke/latest/en/config-options/add-ons/_index.md index 31c819d4b00..e449e079d77 100644 --- a/content/rke/latest/en/config-options/add-ons/_index.md +++ b/content/rke/latest/en/config-options/add-ons/_index.md @@ -27,10 +27,9 @@ There are a few things worth noting: As of version v0.1.7, add-ons are split into two categories: -- **Critical add-ons:** If these add-ons fail to deploy for any reason, RKE will error out. -- **Non-critical add-ons:** If these add-ons fail to deploy, RKE will only log a warning and continue deploying any other add-ons. +- **Critical add-ons:** If these add-ons fail to deploy for any reason, RKE will error out. All system add-ons, such as the [network plug-in]({{}}/rke/latest/en/config-options/add-ons/network-plugins/), KubeDNS, and [ingress controllers]({{}}/rke/latest/en/config-options/add-ons/ingress-controllers/), are considered critical. -Currently, only the [network plug-in]({{}}/rke/latest/en/config-options/add-ons/network-plugins/) is considered critical. KubeDNS, [ingress controllers]({{}}/rke/latest/en/config-options/add-ons/ingress-controllers/) and [user-defined add-ons]({{}}/rke/latest/en/config-options/add-ons/user-defined-add-ons/) are considered non-critical. +- **Non-critical add-ons:** If these add-ons fail to deploy, RKE will only log a warning and continue deploying any other add-ons. [User-defined add-ons]({{}}/rke/latest/en/config-options/add-ons/user-defined-add-ons/) are considered non-critical. # Add-on Deployment Jobs diff --git a/content/rke/latest/en/config-options/secrets-encryption/_index.md b/content/rke/latest/en/config-options/secrets-encryption/_index.md index 81e24ff9bf9..ff8bab209a6 100644 --- a/content/rke/latest/en/config-options/secrets-encryption/_index.md +++ b/content/rke/latest/en/config-options/secrets-encryption/_index.md @@ -106,14 +106,14 @@ OPTIONS: This command will perform the following actions: - Generate a new random 32-byte encryption key -- Generate a new provider configuration with the new key as the first provider and the second key as the second provider. When the secrets are rewritten, the first key will be used to encrypt the data on the write operation, while the second key (the old key) will be used to decrypt the stored data during the the read operation +- Generate a new provider configuration with the new key as the first provider and the old key as the second provider. When the secrets are rewritten, the first key will be used to encrypt the data on the write operation, while the second key (the old key) will be used to decrypt the stored data during the the read operation - Deploy the new provider configuration to all `controlplane` nodes and restart the `kube-apiserver` - Rewrite all secrets. This process will re-encrypt all the secrets with the new key. - Update the configuration to remove the old key and restart the `kube-apiserver` ### Rotating Keys by Disabling and Re-enabling Encryption in cluster.yml -For a cluster with encryption enabled, you can rotate the encryption keys by updating `cluster.yml`. If you enable and re-enable the data encryption in the `cluster.yml`, RKE will not reuse old keys. Instead, it will generate new keys every time, yielding the same result as a key rotation with the RKE CLI. +For a cluster with encryption enabled, you can rotate the encryption keys by updating `cluster.yml`. If you disable and re-enable the data encryption in the `cluster.yml`, RKE will not reuse old keys. Instead, it will generate new keys every time, yielding the same result as a key rotation with the RKE CLI. # Custom At-Rest Data Encryption Configuration With managed configuration, RKE provides the user with a very simple way to enable and disable encryption with minimal interaction and configuration. However, it doesn't allow for any customization to the configuration. diff --git a/layouts/_default/list.html b/layouts/_default/list.html index 7da558dd82a..50583bb7514 100644 --- a/layouts/_default/list.html +++ b/layouts/_default/list.html @@ -15,11 +15,11 @@
- +
- + {{ $url := urls.Parse .Permalink }} {{ $path := split $url.Path "/" }} {{ $product := index $path 1 }} @@ -37,10 +37,15 @@ {{end}} {{ if in .Dir "os/v1.x" }}
- RancherOS 1.x is currently in a maintain-only-as-essential mode. It is no longer being actively maintained at a code level other than addressing critical or security fixes. For more information about the support status of RancherOS, see this page. + RancherOS 1.x is currently in a maintain-only-as-essential mode. It is no longer being actively maintained at a code level other than addressing critical or security fixes. For more information about the support status of RancherOS, see this page.
{{end}} - + {{ if or (in .Dir "/v2.0-v2.4") (in .Dir "/v2.5") }} +
+ You are viewing the documentation for an older Rancher release. If you're looking for the documentation for the latest Rancher release, go to this page instead. +
+ {{end}} +