From 82667d93f9595d19eecb272e43ab5a72329d37a3 Mon Sep 17 00:00:00 2001 From: Catherine Luse Date: Fri, 9 Sep 2022 17:52:11 -0700 Subject: [PATCH] Replace Hugo shortcodes --- .../upgrades.md | 14 +- .../port-requirements.md | 27 +- .../install-rancher-ha.md | 17 +- .../resources/choose-a-rancher-version.md | 14 +- .../configure-keycloak-saml.md | 9 +- .../configure-okta-saml.md | 9 +- .../configure-pingidentity.md | 9 +- .../manage-users-and-groups.md | 9 +- .../about-authentication.md | 9 +- ...re-microsoft-ad-federation-service-saml.md | 9 +- ...install-upgrade-on-a-kubernetes-cluster.md | 18 +- docs/pages-for-subheaders/vsphere.md | 3 +- src/components/PortsCustomNodes.js | 263 ++++++++++++++++++ src/components/PortsIaasNodes.js | 257 +++++++++++++++++ src/components/PortsImportedHosted.js | 82 ++++++ src/components/SslFaqHa.js | 120 ++++++++ src/components/YouTube.js | 24 ++ src/css/custom.css | 16 ++ .../air-gap-helm2/install-rancher.md | 17 +- .../rke-add-on/layer-4-lb.md | 3 +- .../rke-add-on/layer-7-lb.md | 3 +- .../upgrades/helm2.md | 14 +- .../port-requirements.md | 27 +- .../install-rancher-ha.md | 17 +- .../resources/choose-a-rancher-version.md | 14 +- .../configure-keycloak.md | 9 +- .../configure-okta-saml.md | 9 +- .../configure-pingidentity.md | 9 +- .../manage-users-and-groups.md | 9 +- .../about-authentication.md | 9 +- ...re-microsoft-ad-federation-service-saml.md | 9 +- .../pages-for-subheaders/helm-rancher.md | 18 +- .../helm2-rke-add-on-layer-4-lb.md | 3 +- .../helm2-rke-add-on-layer-7-lb.md | 3 +- ...install-upgrade-on-a-kubernetes-cluster.md | 18 +- .../migrate-from-v1.6-v2.x.md | 3 +- .../pages-for-subheaders/upgrades.md | 14 +- .../pages-for-subheaders/vsphere.md | 3 +- .../upgrades.md | 14 +- .../port-requirements.md | 27 +- .../install-rancher-ha.md | 17 +- .../resources/choose-a-rancher-version.md | 14 +- .../configure-keycloak.md | 9 +- .../configure-okta-saml.md | 9 +- .../configure-pingidentity.md | 9 +- .../manage-users-and-groups.md | 9 +- .../about-authentication.md | 9 +- ...re-microsoft-ad-federation-service-saml.md | 9 +- ...install-upgrade-on-a-kubernetes-cluster.md | 18 +- .../pages-for-subheaders/vsphere.md | 3 +- 50 files changed, 1139 insertions(+), 128 deletions(-) create mode 100644 src/components/PortsCustomNodes.js create mode 100644 src/components/PortsIaasNodes.js create mode 100644 src/components/PortsImportedHosted.js create mode 100644 src/components/SslFaqHa.js create mode 100644 src/components/YouTube.js diff --git a/docs/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/upgrades.md b/docs/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/upgrades.md index 330337cf43b..e7b45d3612f 100644 --- a/docs/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/upgrades.md +++ b/docs/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster/upgrades.md @@ -74,7 +74,19 @@ You'll use the backup as a restore point if something goes wrong during upgrade. For information about the repos and their differences, see [Helm Chart Repositories](../../../reference-guides/installation-references/helm-chart-options.md#helm-chart-repositories). - {{< release-channel >}} + - Latest: Recommended for trying out the newest features + ``` + helm repo add rancher-latest https://releases.rancher.com/server-charts/latest + ``` + - Stable: Recommended for production environments + ``` + helm repo add rancher-stable https://releases.rancher.com/server-charts/stable + ``` + - Alpha: Experimental preview of upcoming releases. + ``` + helm repo add rancher-stable https://releases.rancher.com/server-charts/stable + ``` + Note: Upgrades are not supported to, from, or between Alphas. ``` helm repo list diff --git a/docs/getting-started/installation-and-upgrade/installation-requirements/port-requirements.md b/docs/getting-started/installation-and-upgrade/installation-requirements/port-requirements.md index 6dcd2ce95f7..46f3cb96569 100644 --- a/docs/getting-started/installation-and-upgrade/installation-requirements/port-requirements.md +++ b/docs/getting-started/installation-and-upgrade/installation-requirements/port-requirements.md @@ -6,25 +6,12 @@ weight: 300 import Tabs from '@theme/Tabs'; import TabItem from '@theme/TabItem'; +import PortsIaasNodes from '@site/src/components/PortsIaasNodes' +import PortsCustomNodes from '@site/src/components/PortsCustomNodes' +import PortsImportedHosted from '@site/src/components/PortsImportedHosted' To operate properly, Rancher requires a number of ports to be open on Rancher nodes and on downstream Kubernetes cluster nodes. -- [Rancher Nodes](#rancher-nodes) - - [Ports for Rancher Server Nodes on K3s](#ports-for-rancher-server-nodes-on-k3s) - - [Ports for Rancher Server Nodes on RKE](#ports-for-rancher-server-nodes-on-rke) - - [Ports for Rancher Server Nodes on RKE2](#ports-for-rancher-server-nodes-on-rke2) - - [Ports for Rancher Server in Docker](#ports-for-rancher-server-in-docker) -- [Downstream Kubernetes Cluster Nodes](#downstream-kubernetes-cluster-nodes) - - [Ports for Rancher Launched Kubernetes Clusters using Node Pools](#ports-for-rancher-launched-kubernetes-clusters-using-node-pools) - - [Ports for Rancher Launched Kubernetes Clusters using Custom Nodes](#ports-for-rancher-launched-kubernetes-clusters-using-custom-nodes) - - [Ports for Hosted Kubernetes Clusters](#ports-for-hosted-kubernetes-clusters) - - [Ports for Registered Clusters](#ports-for-registered-clusters) -- [Other Port Considerations](#other-port-considerations) - - [Commonly Used Ports](#commonly-used-ports) - - [Local Node Traffic](#local-node-traffic) - - [Rancher AWS EC2 Security Group](#rancher-aws-ec2-security-group) - - [Opening SUSE Linux Ports](#opening-suse-linux-ports) - # Rancher Nodes The following table lists the ports that need to be open to and from nodes that are running the Rancher server. @@ -219,7 +206,7 @@ The required ports are automatically opened by Rancher during creation of cluste ::: -{{< ports-iaas-nodes >}} + @@ -230,7 +217,7 @@ The required ports are automatically opened by Rancher during creation of cluste The following table depicts the port requirements for [Rancher Launched Kubernetes](../../../pages-for-subheaders/launch-kubernetes-with-rancher.md) with [Custom Nodes](../../../pages-for-subheaders/use-existing-nodes.md). -{{< ports-custom-nodes >}} + @@ -241,7 +228,7 @@ The following table depicts the port requirements for [Rancher Launched Kubernet The following table depicts the port requirements for [hosted clusters](../../../pages-for-subheaders/set-up-clusters-from-hosted-kubernetes-providers.md). -{{< ports-imported-hosted >}} + @@ -258,7 +245,7 @@ Registered clusters were called imported clusters before Rancher v2.5. The following table depicts the port requirements for [registered clusters](../../../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/register-existing-clusters.md). -{{< ports-imported-hosted >}} + diff --git a/docs/getting-started/installation-and-upgrade/other-installation-methods/air-gapped-helm-cli-install/install-rancher-ha.md b/docs/getting-started/installation-and-upgrade/other-installation-methods/air-gapped-helm-cli-install/install-rancher-ha.md index e8c457aac93..968baad0764 100644 --- a/docs/getting-started/installation-and-upgrade/other-installation-methods/air-gapped-helm-cli-install/install-rancher-ha.md +++ b/docs/getting-started/installation-and-upgrade/other-installation-methods/air-gapped-helm-cli-install/install-rancher-ha.md @@ -31,10 +31,19 @@ From a system that has access to the internet, fetch the latest Helm chart and c 1. If you haven't already, install `helm` locally on a workstation that has internet access. Note: Refer to the [Helm version requirements](../../resources/helm-version-requirements.md) to choose a version of Helm to install Rancher. 2. Use `helm repo add` command to add the Helm chart repository that contains charts to install Rancher. For more information about the repository choices and which is best for your use case, see [Choosing a Version of Rancher](../../../../reference-guides/installation-references/helm-chart-options.md#helm-chart-repositories). - {{< release-channel >}} - ``` - helm repo add rancher- https://releases.rancher.com/server-charts/ - ``` + - Latest: Recommended for trying out the newest features + ``` + helm repo add rancher-latest https://releases.rancher.com/server-charts/latest + ``` + - Stable: Recommended for production environments + ``` + helm repo add rancher-stable https://releases.rancher.com/server-charts/stable + ``` + - Alpha: Experimental preview of upcoming releases. + ``` + helm repo add rancher-stable https://releases.rancher.com/server-charts/stable + ``` + Note: Upgrades are not supported to, from, or between Alphas. 3. Fetch the latest Rancher chart. This will pull down the chart and save it in the current directory as a `.tgz` file. ```plain diff --git a/docs/getting-started/installation-and-upgrade/resources/choose-a-rancher-version.md b/docs/getting-started/installation-and-upgrade/resources/choose-a-rancher-version.md index 5dccca87fb6..1895eaab17e 100644 --- a/docs/getting-started/installation-and-upgrade/resources/choose-a-rancher-version.md +++ b/docs/getting-started/installation-and-upgrade/resources/choose-a-rancher-version.md @@ -59,7 +59,19 @@ Because the rancher-alpha repository contains only alpha charts, switching betwe ::: -{{< release-channel >}} +- Latest: Recommended for trying out the newest features + ``` + helm repo add rancher-latest https://releases.rancher.com/server-charts/latest + ``` +- Stable: Recommended for production environments + ``` + helm repo add rancher-stable https://releases.rancher.com/server-charts/stable + ``` +- Alpha: Experimental preview of upcoming releases. + ``` + helm repo add rancher-stable https://releases.rancher.com/server-charts/stable + ``` + Note: Upgrades are not supported to, from, or between Alphas. 1. List the current Helm chart repositories. diff --git a/docs/how-to-guides/advanced-user-guides/authentication-permissions-and-global-configuration/about-authentication/authentication-config/configure-keycloak-saml.md b/docs/how-to-guides/advanced-user-guides/authentication-permissions-and-global-configuration/about-authentication/authentication-config/configure-keycloak-saml.md index db51fa5a7df..6133b16cfe0 100644 --- a/docs/how-to-guides/advanced-user-guides/authentication-permissions-and-global-configuration/about-authentication/authentication-config/configure-keycloak-saml.md +++ b/docs/how-to-guides/advanced-user-guides/authentication-permissions-and-global-configuration/about-authentication/authentication-config/configure-keycloak-saml.md @@ -129,7 +129,14 @@ The following is an example process for Firefox, but will vary slightly for othe **Result:** Rancher is configured to work with Keycloak. Your users can now sign into Rancher using their Keycloak logins. -{{< saml_caveats >}} +:::note SAML Provider Caveats: + +- SAML Protocol does not support search or lookup for users or groups. Therefore, there is no validation on users or groups when adding them to Rancher. +- When adding users, the exact user IDs (i.e. `UID Field`) must be entered correctly. As you type the user ID, there will be no search for other user IDs that may match. +- When adding groups, you must select the group from the drop-down that is next to the text box. Rancher assumes that any input from the text box is a user. +- The group drop-down shows only the groups that you are a member of. You will not be able to add groups that you are not a member of. + +::: ## Configuration Reference diff --git a/docs/how-to-guides/advanced-user-guides/authentication-permissions-and-global-configuration/about-authentication/authentication-config/configure-okta-saml.md b/docs/how-to-guides/advanced-user-guides/authentication-permissions-and-global-configuration/about-authentication/authentication-config/configure-okta-saml.md index b39e0c951be..96de7afcf60 100644 --- a/docs/how-to-guides/advanced-user-guides/authentication-permissions-and-global-configuration/about-authentication/authentication-config/configure-okta-saml.md +++ b/docs/how-to-guides/advanced-user-guides/authentication-permissions-and-global-configuration/about-authentication/authentication-config/configure-okta-saml.md @@ -59,4 +59,11 @@ Setting | Value **Result:** Rancher is configured to work with Okta. Your users can now sign into Rancher using their Okta logins. -{{< saml_caveats >}} +:::note SAML Provider Caveats: + +- SAML Protocol does not support search or lookup for users or groups. Therefore, there is no validation on users or groups when adding them to Rancher. +- When adding users, the exact user IDs (i.e. `UID Field`) must be entered correctly. As you type the user ID, there will be no search for other user IDs that may match. +- When adding groups, you must select the group from the drop-down that is next to the text box. Rancher assumes that any input from the text box is a user. +- The group drop-down shows only the groups that you are a member of. You will not be able to add groups that you are not a member of. + +::: diff --git a/docs/how-to-guides/advanced-user-guides/authentication-permissions-and-global-configuration/about-authentication/authentication-config/configure-pingidentity.md b/docs/how-to-guides/advanced-user-guides/authentication-permissions-and-global-configuration/about-authentication/authentication-config/configure-pingidentity.md index 042a20bfb01..a14d241b0c4 100644 --- a/docs/how-to-guides/advanced-user-guides/authentication-permissions-and-global-configuration/about-authentication/authentication-config/configure-pingidentity.md +++ b/docs/how-to-guides/advanced-user-guides/authentication-permissions-and-global-configuration/about-authentication/authentication-config/configure-pingidentity.md @@ -53,4 +53,11 @@ Note that these URLs will not return valid data until the authentication configu **Result:** Rancher is configured to work with PingIdentity. Your users can now sign into Rancher using their PingIdentity logins. -{{< saml_caveats >}} +:::note SAML Provider Caveats: + +- SAML Protocol does not support search or lookup for users or groups. Therefore, there is no validation on users or groups when adding them to Rancher. +- When adding users, the exact user IDs (i.e. `UID Field`) must be entered correctly. As you type the user ID, there will be no search for other user IDs that may match. +- When adding groups, you must select the group from the drop-down that is next to the text box. Rancher assumes that any input from the text box is a user. +- The group drop-down shows only the groups that you are a member of. You will not be able to add groups that you are not a member of. + +::: diff --git a/docs/how-to-guides/advanced-user-guides/authentication-permissions-and-global-configuration/about-authentication/authentication-config/manage-users-and-groups.md b/docs/how-to-guides/advanced-user-guides/authentication-permissions-and-global-configuration/about-authentication/authentication-config/manage-users-and-groups.md index a98c27e2fce..8d9ebd1f42e 100644 --- a/docs/how-to-guides/advanced-user-guides/authentication-permissions-and-global-configuration/about-authentication/authentication-config/manage-users-and-groups.md +++ b/docs/how-to-guides/advanced-user-guides/authentication-permissions-and-global-configuration/about-authentication/authentication-config/manage-users-and-groups.md @@ -13,7 +13,14 @@ When adding a user or group to a resource, you can search for users or groups by All users, whether they are local users or from an authentication provider, can be viewed and managed. In the upper left corner, click **☰ > Users & Authentication**. In the left navigation bar, click **Users**. -{{< saml_caveats >}} +:::note SAML Provider Caveats: + +- SAML Protocol does not support search or lookup for users or groups. Therefore, there is no validation on users or groups when adding them to Rancher. +- When adding users, the exact user IDs (i.e. `UID Field`) must be entered correctly. As you type the user ID, there will be no search for other user IDs that may match. +- When adding groups, you must select the group from the drop-down that is next to the text box. Rancher assumes that any input from the text box is a user. +- The group drop-down shows only the groups that you are a member of. You will not be able to add groups that you are not a member of. + +::: ## User Information diff --git a/docs/pages-for-subheaders/about-authentication.md b/docs/pages-for-subheaders/about-authentication.md index 305c9075efe..42a9e7a124d 100644 --- a/docs/pages-for-subheaders/about-authentication.md +++ b/docs/pages-for-subheaders/about-authentication.md @@ -63,7 +63,14 @@ To set the Rancher access level for users in the authorization service, follow t **Result:** The Rancher access configuration settings are applied. -{{< saml_caveats >}} +:::note SAML Provider Caveats: + +- SAML Protocol does not support search or lookup for users or groups. Therefore, there is no validation on users or groups when adding them to Rancher. +- When adding users, the exact user IDs (i.e. `UID Field`) must be entered correctly. As you type the user ID, there will be no search for other user IDs that may match. +- When adding groups, you must select the group from the drop-down that is next to the text box. Rancher assumes that any input from the text box is a user. +- The group drop-down shows only the groups that you are a member of. You will not be able to add groups that you are not a member of. + +::: ## External Authentication Configuration and Principal Users diff --git a/docs/pages-for-subheaders/configure-microsoft-ad-federation-service-saml.md b/docs/pages-for-subheaders/configure-microsoft-ad-federation-service-saml.md index f06cc7b47d5..2b1e139988b 100644 --- a/docs/pages-for-subheaders/configure-microsoft-ad-federation-service-saml.md +++ b/docs/pages-for-subheaders/configure-microsoft-ad-federation-service-saml.md @@ -24,7 +24,14 @@ Setting up Microsoft AD FS with Rancher Server requires configuring AD FS on you - [1. Configuring Microsoft AD FS for Rancher](../how-to-guides/advanced-user-guides/authentication-permissions-and-global-configuration/about-authentication/configure-microsoft-ad-federation-service-saml/configure-ms-adfs-for-rancher.md) - [2. Configuring Rancher for Microsoft AD FS](../how-to-guides/advanced-user-guides/authentication-permissions-and-global-configuration/about-authentication/configure-microsoft-ad-federation-service-saml/configure-rancher-for-ms-adfs.md) -{{< saml_caveats >}} +:::note SAML Provider Caveats: + +- SAML Protocol does not support search or lookup for users or groups. Therefore, there is no validation on users or groups when adding them to Rancher. +- When adding users, the exact user IDs (i.e. `UID Field`) must be entered correctly. As you type the user ID, there will be no search for other user IDs that may match. +- When adding groups, you must select the group from the drop-down that is next to the text box. Rancher assumes that any input from the text box is a user. +- The group drop-down shows only the groups that you are a member of. You will not be able to add groups that you are not a member of. + +::: ### [Next: Configuring Microsoft AD FS for Rancher](../how-to-guides/advanced-user-guides/authentication-permissions-and-global-configuration/about-authentication/configure-microsoft-ad-federation-service-saml/configure-ms-adfs-for-rancher.md) diff --git a/docs/pages-for-subheaders/install-upgrade-on-a-kubernetes-cluster.md b/docs/pages-for-subheaders/install-upgrade-on-a-kubernetes-cluster.md index 50ebb1b0364..99b4cbdac9c 100644 --- a/docs/pages-for-subheaders/install-upgrade-on-a-kubernetes-cluster.md +++ b/docs/pages-for-subheaders/install-upgrade-on-a-kubernetes-cluster.md @@ -80,11 +80,19 @@ To set up Rancher, Use `helm repo add` command to add the Helm chart repository that contains charts to install Rancher. For more information about the repository choices and which is best for your use case, see [Choosing a Version of Rancher](../reference-guides/installation-references/helm-chart-options.md#helm-chart-repositories). -{{< release-channel >}} - -``` -helm repo add rancher- https://releases.rancher.com/server-charts/ -``` +- Latest: Recommended for trying out the newest features + ``` + helm repo add rancher-latest https://releases.rancher.com/server-charts/latest + ``` +- Stable: Recommended for production environments + ``` + helm repo add rancher-stable https://releases.rancher.com/server-charts/stable + ``` +- Alpha: Experimental preview of upcoming releases. + ``` + helm repo add rancher-stable https://releases.rancher.com/server-charts/stable + ``` + Note: Upgrades are not supported to, from, or between Alphas. ### 2. Create a Namespace for Rancher diff --git a/docs/pages-for-subheaders/vsphere.md b/docs/pages-for-subheaders/vsphere.md index aa5931abd80..d27e2e6d7e0 100644 --- a/docs/pages-for-subheaders/vsphere.md +++ b/docs/pages-for-subheaders/vsphere.md @@ -5,6 +5,7 @@ description: Use Rancher to create a vSphere cluster. It may consist of groups o metaDescription: Use Rancher to create a vSphere cluster. It may consist of groups of VMs with distinct properties which allow for fine-grained control over the sizing of nodes. weight: 2225 --- +import YouTube from '@site/src/components/YouTube' By using Rancher with vSphere, you can bring cloud operations on-premises. @@ -45,7 +46,7 @@ You can provision VMs with any operating system that supports `cloud-init`. Only In this YouTube video, we demonstrate how to set up a node template with the new features designed to help you bring cloud operations to on-premises clusters. -{{< youtube id="dPIwg6x1AlU">}} + # Creating a vSphere Cluster diff --git a/src/components/PortsCustomNodes.js b/src/components/PortsCustomNodes.js new file mode 100644 index 00000000000..3018b5e8ead --- /dev/null +++ b/src/components/PortsCustomNodes.js @@ -0,0 +1,263 @@ +import React from 'react'; +const PortsCustomNodes = () => ( + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
From / ToRancher Nodesetcd Plane NodesControl Plane NodesWorker Plane NodesExternal Rancher Load BalancerInternet
Rancher Nodes (1)git.rancher.io
etcd Plane Nodes443 TCP (3)2379 TCP443 TCP
2380 TCP
6443 TCP
8472 UDP
4789 UDP (6)
9099 TCP (4)
Control Plane Nodes443 TCP (3)2379 TCP443 TCP
2380 TCP
6443 TCP
8472 UDP
4789 UDP (6)
10250 TCP
9099 TCP (4)
10254 TCP (4)
Worker Plane Nodes443 TCP (3)6443 TCP443 TCP
8472 UDP
4789 UDP (6)
9099 TCP (4)
10254 TCP (4)
Kubernetes API Clients6443 TCP (5)
Workload Clients or Load Balancer30000-32767 TCP / UDP
(nodeport)
80 TCP (Ingress)
443 TCP (Ingress)
Notes:

1. Nodes running standalone server or Rancher HA deployment.
2. Required to fetch Rancher chart library.
3. Only without external load balancer in front of Rancher.
4. Local traffic to the node itself (not across nodes).
5. Only if Authorized Cluster Endpoints are activated.
6. Only if using Overlay mode on Windows cluster. +
+) +export default PortsCustomNodes; \ No newline at end of file diff --git a/src/components/PortsIaasNodes.js b/src/components/PortsIaasNodes.js new file mode 100644 index 00000000000..ed0736efc2e --- /dev/null +++ b/src/components/PortsIaasNodes.js @@ -0,0 +1,257 @@ +import React from 'react'; +const PortsIaasNodes = () => ( + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
From / ToRancher Nodesetcd Plane NodesControl Plane NodesWorker Plane NodesExternal Rancher Load BalancerInternet
Rancher Nodes (1)22 TCPgit.rancher.io
2376 TCP
etcd Plane Nodes443 TCP (3)2379 TCP443 TCP
2380 TCP
6443 TCP
8472 UDP
9099 TCP (4)
Control Plane Nodes443 TCP (3)2379 TCP443 TCP
2380 TCP
6443 TCP
8472 UDP
10250 TCP
9099 TCP (4)
10254 TCP (4)
Worker Plane Nodes443 TCP (3)6443 TCP443 TCP
8472 UDP
9099 TCP (4)
10254 TCP (4)
Kubernetes API Clients6443 TCP (5)
Workload Clients or Load Balancer30000-32767 TCP / UDP
(nodeport)
80 TCP (Ingress)
443 TCP (Ingress)
Notes: +
+
1. Nodes running standalone server or Rancher HA deployment.
2. Required to fetch Rancher chart library.
3. Only without external load balancer in front of Rancher. +
4. Local traffic to the node itself (not across nodes).
5. Only if Authorized Cluster Endpoints are activated. +
+) +export default PortsIaasNodes \ No newline at end of file diff --git a/src/components/PortsImportedHosted.js b/src/components/PortsImportedHosted.js new file mode 100644 index 00000000000..ffb62d1f4af --- /dev/null +++ b/src/components/PortsImportedHosted.js @@ -0,0 +1,82 @@ +import React from 'react'; +const PortsImportedHosted = () => ( + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
From / ToRancher NodesHosted / Imported ClusterExternal Rancher Load BalancerInternet
Rancher Nodes (1)Kubernetes API
Endpoint Port (2)		git.rancher.io
8443 TCP
9443 TCP
Hosted / Imported Cluster443 TCP (4)(5)443 TCP (5)
Kubernetes API ClientsCluster / Provider Specific (6)
Workload ClientCluster / Provider Specific (7)
Notes:

1. Nodes running standalone server or Rancher HA deployment.
2. Only for hosted clusters.
3. Required to fetch Rancher chart library.
4. Only without external load balancer.
5. From worker nodes.
6. For direct access to the Kubernetes API without Rancher.
7. Usually Ingress backed by infrastructure load balancer and/or nodeport.
+) +export default PortsImportedHosted; \ No newline at end of file diff --git a/src/components/SslFaqHa.js b/src/components/SslFaqHa.js new file mode 100644 index 00000000000..4f619b8f9e9 --- /dev/null +++ b/src/components/SslFaqHa.js @@ -0,0 +1,120 @@ +import React from 'react'; +const SslFaqHa = () => ( +
+ +

How Do I Know if My Certificates are in PEM Format?

+ +

You can recognize the PEM format by the following traits:

+
    +
  • The file begins with the following header:
    -----BEGIN CERTIFICATE-----
    • +
  • The header is followed by a long string of characters. Like, really long.
    • +
  • The file ends with a footer:
    -----END CERTIFICATE-----
    • +
+ +

PEM Certificate Example:

+ + 
+    ----BEGIN CERTIFICATE-----
+    MIIGVDCCBDygAwIBAgIJAMiIrEm29kRLMA0GCSqGSIb3DQEBCwUAMHkxCzAJBgNV
+    ... more lines
+    VWQqljhfacYPgp8KJUJENQ9h5hZ2nSCrI+W00Jcw4QcEdCI8HL5wmg==
+    -----END CERTIFICATE-----
+
+ +

How Can I Encode My PEM Files in base64?

+ +

To encode your certificates in base64:

+ +
    +
  1. Change directory to where the PEM file resides.
    2. +
  2. Run one of the following commands. Replace FILENAME with the name of your certificate. + 
    +    # MacOS
+    cat FILENAME | base64
+    # Linux
+    cat FILENAME | base64 -w0
+    # Windows
+    certutil -encode FILENAME FILENAME.base64
+
    +
    3. +
+ +

How Can I Verify My Generated base64 String For The Certificates?

+ +

To decode your certificates in base64:

+ +
    +
  1. Copy the generated base64 string.
    2. +
  2. Run one of the following commands. Replace YOUR_BASE64_STRING with the previously copied base64 + string. + 
    +    # MacOS
+    echo YOUR_BASE64_STRING | base64 -D
+    # Linux
+    echo YOUR_BASE64_STRING | base64 -d
+    # Windows
+    certutil -decode FILENAME.base64 FILENAME.verify
+
    +
    3. +
+ + +

What is the Order of Certificates if I Want to Add My Intermediate(s)?

+ +

The order of adding certificates is as follows:

+ + 
+    -----BEGIN CERTIFICATE-----
+    %YOUR_CERTIFICATE%
+    -----END CERTIFICATE-----
+    -----BEGIN CERTIFICATE-----
+    %YOUR_INTERMEDIATE_CERTIFICATE%
+    -----END CERTIFICATE-----
+
+ +

How Do I Validate My Certificate Chain?

+ +

You can validate the certificate chain by using the openssl binary. If the output of the command (see + the command example below) ends with Verify return code: 0 (ok), your certificate chain is valid. The + ca.pem file must be the same as you added to the rancher/rancher container. When using a + certificate signed by a recognized Certificate Authority, you can omit the -CAfile parameter.

+ +

Command:

+ 
+    openssl s_client -CAfile ca.pem -connect rancher.yourdomain.com:443 -servername rancher.yourdomain.com
+    ...
+        Verify return code: 0 (ok)
+
+
+) +export default SslFaqHa \ No newline at end of file diff --git a/src/components/YouTube.js b/src/components/YouTube.js new file mode 100644 index 00000000000..f070ae27f71 --- /dev/null +++ b/src/components/YouTube.js @@ -0,0 +1,24 @@ +import React from "react"; +import PropTypes from "prop-types"; + +// This code was authored by bravemaster619 https://dev.to/bravemaster619/simplest-way-to-embed-a-youtube-video-in-your-react-app-3bk2 + +const YoutubeEmbed = ({ id }) => ( +
+