From 3180f9b2847778a3c7021919321af1a04e303ae6 Mon Sep 17 00:00:00 2001
From: Klaas Demter <Klaas-@users.noreply.github.com>
Date: Sun, 28 Mar 2021 09:55:57 +0200
Subject: [PATCH 1/4] k3s: add note about firewalld for el

Refs k3s-io/k3s#3122 follow up suggested in rancher/docs#2740
---
 content/k3s/latest/en/advanced/_index.md                  | 8 ++++++++
 .../en/installation/installation-requirements/_index.md   | 1 +
 2 files changed, 9 insertions(+)

diff --git a/content/k3s/latest/en/advanced/_index.md b/content/k3s/latest/en/advanced/_index.md
index f48955149c4..0fc3948d20f 100644
--- a/content/k3s/latest/en/advanced/_index.md
+++ b/content/k3s/latest/en/advanced/_index.md
@@ -21,6 +21,7 @@ This section contains advanced information describing the different ways you can
 - [Enabling legacy iptables on Raspbian Buster](#enabling-legacy-iptables-on-raspbian-buster)
 - [Enabling cgroups for Raspbian Buster](#enabling-cgroups-for-raspbian-buster)
 - [SELinux Support](#selinux-support)
+- [Additional preparation for (Red Hat/CentOS) Enterprise Linux](#additional-preparation-for-el)
 
 # Certificate Rotation
 
@@ -366,3 +367,10 @@ Using a custom `--data-dir` under SELinux is not supported. To customize it, you
 
 {{%/tab%}}
 {{% /tabs %}}
+
+# Additional preparation for (Red Hat/CentOS) Enterprise Linux
+
+It is recommended to turn off firewalld:
+```
+systemctl disable firewalld --now
+```
diff --git a/content/k3s/latest/en/installation/installation-requirements/_index.md b/content/k3s/latest/en/installation/installation-requirements/_index.md
index 796451ac6a3..8f8db3d0160 100644
--- a/content/k3s/latest/en/installation/installation-requirements/_index.md
+++ b/content/k3s/latest/en/installation/installation-requirements/_index.md
@@ -23,6 +23,7 @@ Some OSs have specific requirements:
 
 - If you are using **Raspbian Buster**, follow [these steps]({{<baseurl>}}/k3s/latest/en/advanced/#enabling-legacy-iptables-on-raspbian-buster) to switch to legacy iptables.
 - If you are using **Alpine Linux**, follow [these steps]({{<baseurl>}}/k3s/latest/en/advanced/#additional-preparation-for-alpine-linux-setup) for additional setup.
+- If you are using **(Red Hat/CentOS) Enterprise Linux**, follow [these steps]({{<baseurl>}}/k3s/latest/en/advanced/#additional-preparation-for-el) for additional setup.
 
 For more information on which OSs were tested with Rancher managed K3s clusters, refer to the [Rancher support and maintenance terms.](https://rancher.com/support-maintenance-terms/)
 

From d3728a63403b0caac1f7a43aa3d42fe938b90864 Mon Sep 17 00:00:00 2001
From: Catherine Luse <catherine.luse@gmail.com>
Date: Fri, 9 Apr 2021 09:57:19 -0700
Subject: [PATCH 2/4] Change internal link

---
 content/k3s/latest/en/advanced/_index.md | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/content/k3s/latest/en/advanced/_index.md b/content/k3s/latest/en/advanced/_index.md
index 0fc3948d20f..b6a654ab2e9 100644
--- a/content/k3s/latest/en/advanced/_index.md
+++ b/content/k3s/latest/en/advanced/_index.md
@@ -21,7 +21,7 @@ This section contains advanced information describing the different ways you can
 - [Enabling legacy iptables on Raspbian Buster](#enabling-legacy-iptables-on-raspbian-buster)
 - [Enabling cgroups for Raspbian Buster](#enabling-cgroups-for-raspbian-buster)
 - [SELinux Support](#selinux-support)
-- [Additional preparation for (Red Hat/CentOS) Enterprise Linux](#additional-preparation-for-el)
+- [Additional preparation for (Red Hat/CentOS) Enterprise Linux](#additional-preparation-for-red-hat-centos-enterprise-linux)
 
 # Certificate Rotation
 
@@ -229,7 +229,8 @@ $ k3s server
 INFO[2019-01-22T15:16:19.908493986-07:00] Starting k3s dev                             
 INFO[2019-01-22T15:16:19.908934479-07:00] Running kube-apiserver --allow-privileged=true --authorization-mode Node,RBAC --service-account-signing-key-file /var/lib/rancher/k3s/server/tls/service.key --service-cluster-ip-range 10.43.0.0/16 --advertise-port 6445 --advertise-address 127.0.0.1 --insecure-port 0 --secure-port 6444 --bind-address 127.0.0.1 --tls-cert-file /var/lib/rancher/k3s/server/tls/localhost.crt --tls-private-key-file /var/lib/rancher/k3s/server/tls/localhost.key --service-account-key-file /var/lib/rancher/k3s/server/tls/service.key --service-account-issuer k3s --api-audiences unknown --basic-auth-file /var/lib/rancher/k3s/server/cred/passwd --kubelet-client-certificate /var/lib/rancher/k3s/server/tls/token-node.crt --kubelet-client-key /var/lib/rancher/k3s/server/tls/token-node.key 
 Flag --insecure-port has been deprecated, This flag will be removed in a future version.
-INFO[2019-01-22T15:16:20.196766005-07:00] Running kube-scheduler --kubeconfig /var/lib/rancher/k3s/server/cred/kubeconfig-system.yaml --port 0 --secure-port 0 --leader-elect=false 
+INFO[2019-01-22T15:16:20.196766005-07:00] Running kube-scheduler --kubeconfig /var/lib/rancher/k3s/server/cred/kubeconfig-system.yaml --port 0 --secure-port 0 --leader
+ect=false 
 INFO[2019-01-22T15:16:20.196880841-07:00] Running kube-controller-manager --kubeconfig /var/lib/rancher/k3s/server/cred/kubeconfig-system.yaml --service-account-private-key-file /var/lib/rancher/k3s/server/tls/service.key --allocate-node-cidrs --cluster-cidr 10.42.0.0/16 --root-ca-file /var/lib/rancher/k3s/server/tls/token-ca.crt --port 0 --secure-port 0 --leader-elect=false 
 Flag --port has been deprecated, see --secure-port instead.
 INFO[2019-01-22T15:16:20.273441984-07:00] Listening on :6443                           

From 84c9cd93c0b4e9cac92152ba3698a5d179a8543a Mon Sep 17 00:00:00 2001
From: Catherine Luse <catherine.luse@gmail.com>
Date: Fri, 9 Apr 2021 09:59:05 -0700
Subject: [PATCH 3/4] Revert typo

---
 content/k3s/latest/en/advanced/_index.md | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/content/k3s/latest/en/advanced/_index.md b/content/k3s/latest/en/advanced/_index.md
index b6a654ab2e9..a557e491fc4 100644
--- a/content/k3s/latest/en/advanced/_index.md
+++ b/content/k3s/latest/en/advanced/_index.md
@@ -229,8 +229,7 @@ $ k3s server
 INFO[2019-01-22T15:16:19.908493986-07:00] Starting k3s dev                             
 INFO[2019-01-22T15:16:19.908934479-07:00] Running kube-apiserver --allow-privileged=true --authorization-mode Node,RBAC --service-account-signing-key-file /var/lib/rancher/k3s/server/tls/service.key --service-cluster-ip-range 10.43.0.0/16 --advertise-port 6445 --advertise-address 127.0.0.1 --insecure-port 0 --secure-port 6444 --bind-address 127.0.0.1 --tls-cert-file /var/lib/rancher/k3s/server/tls/localhost.crt --tls-private-key-file /var/lib/rancher/k3s/server/tls/localhost.key --service-account-key-file /var/lib/rancher/k3s/server/tls/service.key --service-account-issuer k3s --api-audiences unknown --basic-auth-file /var/lib/rancher/k3s/server/cred/passwd --kubelet-client-certificate /var/lib/rancher/k3s/server/tls/token-node.crt --kubelet-client-key /var/lib/rancher/k3s/server/tls/token-node.key 
 Flag --insecure-port has been deprecated, This flag will be removed in a future version.
-INFO[2019-01-22T15:16:20.196766005-07:00] Running kube-scheduler --kubeconfig /var/lib/rancher/k3s/server/cred/kubeconfig-system.yaml --port 0 --secure-port 0 --leader
-ect=false 
+INFO[2019-01-22T15:16:20.196766005-07:00] Running kube-scheduler --kubeconfig /var/lib/rancher/k3s/server/cred/kubeconfig-system.yaml --port 0 --secure-port 0 --leader-elect=false
 INFO[2019-01-22T15:16:20.196880841-07:00] Running kube-controller-manager --kubeconfig /var/lib/rancher/k3s/server/cred/kubeconfig-system.yaml --service-account-private-key-file /var/lib/rancher/k3s/server/tls/service.key --allocate-node-cidrs --cluster-cidr 10.42.0.0/16 --root-ca-file /var/lib/rancher/k3s/server/tls/token-ca.crt --port 0 --secure-port 0 --leader-elect=false 
 Flag --port has been deprecated, see --secure-port instead.
 INFO[2019-01-22T15:16:20.273441984-07:00] Listening on :6443                           

From ec9faa13ef9c63c8c94a9d091646878026f8847d Mon Sep 17 00:00:00 2001
From: Catherine Luse <catherine.luse@gmail.com>
Date: Fri, 9 Apr 2021 09:59:47 -0700
Subject: [PATCH 4/4] Change internal link

---
 .../latest/en/installation/installation-requirements/_index.md  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/content/k3s/latest/en/installation/installation-requirements/_index.md b/content/k3s/latest/en/installation/installation-requirements/_index.md
index 8f8db3d0160..1b5d14825de 100644
--- a/content/k3s/latest/en/installation/installation-requirements/_index.md
+++ b/content/k3s/latest/en/installation/installation-requirements/_index.md
@@ -23,7 +23,7 @@ Some OSs have specific requirements:
 
 - If you are using **Raspbian Buster**, follow [these steps]({{<baseurl>}}/k3s/latest/en/advanced/#enabling-legacy-iptables-on-raspbian-buster) to switch to legacy iptables.
 - If you are using **Alpine Linux**, follow [these steps]({{<baseurl>}}/k3s/latest/en/advanced/#additional-preparation-for-alpine-linux-setup) for additional setup.
-- If you are using **(Red Hat/CentOS) Enterprise Linux**, follow [these steps]({{<baseurl>}}/k3s/latest/en/advanced/#additional-preparation-for-el) for additional setup.
+- If you are using **(Red Hat/CentOS) Enterprise Linux**, follow [these steps]({{<baseurl>}}/k3s/latest/en/advanced/#additional-preparation-for-red-hat-centos-enterprise-linux) for additional setup.
 
 For more information on which OSs were tested with Rancher managed K3s clusters, refer to the [Rancher support and maintenance terms.](https://rancher.com/support-maintenance-terms/)