diff --git a/content/rancher/v2.x/en/api/api-tokens/_index.md b/content/rancher/v2.x/en/api/api-tokens/_index.md index 46d2c93d662..36f164526fc 100644 --- a/content/rancher/v2.x/en/api/api-tokens/_index.md +++ b/content/rancher/v2.x/en/api/api-tokens/_index.md @@ -22,7 +22,7 @@ Here is the complete list of tokens that are generated with `ttl=0`: | Token | Description | |-------|-------------| -| `kubeconfig-*` | Kubeconfig token | +| `kubeconfig-*` | Kubeconfig token | | `kubectl-shell-*` | Access to `kubectl` shell in the browser | | `agent-*` | Token for agent deployment | | `compose-token-*` | Token for compose | @@ -37,14 +37,15 @@ _**Available as of v2.4.6**_ Starting Rancher v2.4.6, admins can set a global TTL on Kubeconfig tokens. Once the token expires the kubectl command will require the user to authenticate to Rancher. +_**Note:**_: + +Existing kubeconfig tokens won't be updated with the new TTL. Admins can [delete old kubeconfig tokens](#deleting-tokens). + 1. Disable the kubeconfig-generate-token setting in the Rancher API view at `https:// * Follow the instructions from this page for restoring rancher on the same cluster where it was backed up from. In order to migrate rancher to a new cluster, follow the steps to [migrate rancher.](../migrating-rancher) > * While restoring rancher on the same setup, the operator will scale down the rancher deployment when restore starts, and it will scale back up the deployment once restore completes. So Rancher will be unavailable during the restore. -### Create the Restore Custom Resource +First, create the Restore custom resource. Then restart Rancher using the previous Rancher version. + +### 1. Create the Restore Custom Resource 1. In the **Cluster Explorer,** go to the dropdown menu in the upper left corner and click **Rancher Backups.** 1. Click **Restore.** @@ -42,7 +44,7 @@ A restore is performed by creating a Restore custom resource. 1. Click **Create.** -**Result:** The rancher-operator scales down the rancher deployment during restore, and scales it back up once the restore completes. The resources are restored in this order: +The rancher-operator scales down the rancher deployment during restore, and scales it back up once the restore completes. The resources are restored in this order: 1. Custom Resource Definitions (CRDs) 2. Cluster-scoped resources @@ -53,4 +55,33 @@ To check how the restore is progressing, you can check the logs of the operator. ```yaml kubectl get pods -n cattle-resources-system kubectl logs -n cattle-resources-system -f +``` + +2. Restart Rancher + +Rancher has to be started with the lower/previous version after a rollback using the Rancher backup operator. It should be started with the same Helm chart values as the previous install. + +Get the values, which were passed with `--set`, from the current Rancher Helm chart that is installed: + +``` +helm get values rancher -n cattle-system + +hostname: rancher.my.org +``` + +> **Note:** There will be more values that are listed with this command. This is just an example of one of the values. + +Alternatively, it's possible to export the current values to a file and reference that file during upgrade. For example, to only change the Rancher version: + +``` +helm get values rancher -n cattle-system -o yaml > values.yaml +``` + +Then upgrade the Helm chart to the previous Rancher version, using the previous values. In this example, the values are taken from the file: + +``` +helm upgrade rancher rancher-/rancher \ + --namespace cattle-system \ + -f values.yaml \ + --version=X.Y.Z ``` \ No newline at end of file diff --git a/content/rancher/v2.x/en/cluster-admin/backing-up-etcd/_index.md b/content/rancher/v2.x/en/cluster-admin/backing-up-etcd/_index.md index c517623ec3d..e73b9b11d8f 100644 --- a/content/rancher/v2.x/en/cluster-admin/backing-up-etcd/_index.md +++ b/content/rancher/v2.x/en/cluster-admin/backing-up-etcd/_index.md @@ -143,10 +143,10 @@ In the **Advanced Cluster Options** section, there are several options available | Option | Description | Default Value| | --- | ---| --- | -|[etcd Snapshot Backup Target](#snapshot-backup-targets)| Select where you want the snapshots to be saved. Options are either local or in S3 | local| +| etcd Snapshot Backup Target | Select where you want the snapshots to be saved. Options are either local or in S3 | local| |Recurring etcd Snapshot Enabled| Enable/Disable recurring snapshots | Yes| -|[Recurring etcd Snapshot Creation Period](#snapshot-creation-period-and-retention-count) | Time in hours between recurring snapshots| 12 hours | -|[Recurring etcd Snapshot Retention Count](#snapshot-creation-period-and-retention-count)| Number of snapshots to retain| 6 | +| Recurring etcd Snapshot Creation Period | Time in hours between recurring snapshots| 12 hours | +| Recurring etcd Snapshot Retention Count | Number of snapshots to retain| 6 | # One-Time Snapshots diff --git a/content/rancher/v2.x/en/cluster-admin/cluster-access/_index.md b/content/rancher/v2.x/en/cluster-admin/cluster-access/_index.md index 519679de5e4..418726bd95a 100644 --- a/content/rancher/v2.x/en/cluster-admin/cluster-access/_index.md +++ b/content/rancher/v2.x/en/cluster-admin/cluster-access/_index.md @@ -20,8 +20,8 @@ Rancher provides an intuitive user interface for interacting with your clusters. You can use the Kubernetes command-line tool, [kubectl](https://kubernetes.io/docs/reference/kubectl/overview/), to manage your clusters. You have two options for using kubectl: -- **Rancher kubectl shell:** Interact with your clusters by launching a kubectl shell available in the Rancher UI. This option requires no configuration actions on your part. For more information, see [Accessing Clusters with kubectl Shell]({{}}/rancher/v2.x/en/k8s-in-rancher/kubectl/#accessing-clusters-with-kubectl-shell). -- **Terminal remote connection:** You can also interact with your clusters by installing [kubectl](https://kubernetes.io/docs/tasks/tools/install-kubectl/) on your local desktop and then copying the cluster's kubeconfig file to your local `~/.kube/config` directory. For more information, see [Accessing Clusters with kubectl and a kubeconfig File]({{}}/rancher/v2.x/en/k8s-in-rancher/kubectl/#accessing-clusters-with-kubectl-and-a-kubeconfig-file). +- **Rancher kubectl shell:** Interact with your clusters by launching a kubectl shell available in the Rancher UI. This option requires no configuration actions on your part. For more information, see [Accessing Clusters with kubectl Shell]({{}}/rancher/v2.x/en/k8s-in-rancher/kubectl/). +- **Terminal remote connection:** You can also interact with your clusters by installing [kubectl](https://kubernetes.io/docs/tasks/tools/install-kubectl/) on your local desktop and then copying the cluster's kubeconfig file to your local `~/.kube/config` directory. For more information, see [Accessing Clusters with kubectl and a kubeconfig File](./kubectl/). ### Rancher CLI diff --git a/content/rancher/v2.x/en/cluster-admin/editing-clusters/_index.md b/content/rancher/v2.x/en/cluster-admin/editing-clusters/_index.md index d95af0109e0..aa7c68fbad7 100644 --- a/content/rancher/v2.x/en/cluster-admin/editing-clusters/_index.md +++ b/content/rancher/v2.x/en/cluster-admin/editing-clusters/_index.md @@ -31,7 +31,7 @@ Note that these options are not available for imported clusters or hosted Kubern Option | Description | ---------|----------| Kubernetes Version | The version of Kubernetes installed on each cluster node. For more detail, see [Upgrading Kubernetes]({{}}/rancher/v2.x/en/cluster-admin/upgrading-kubernetes). | - Network Provider | The [container networking interface]({{}}/rancher/v2.x/en/faq/networking/#cni-providers) that powers networking for your cluster.

**Note:** You can only choose this option while provisioning your cluster. It cannot be edited later. | + Network Provider | The \container networking interface (CNI) that powers networking for your cluster.

**Note:** You can only choose this option while provisioning your cluster. It cannot be edited later. | Project Network Isolation | As of Rancher v2.0.7, if you're using the Canal network provider, you can choose whether to enable or disable inter-project communication. | Nginx Ingress | If you want to publish your applications in a high-availability configuration, and you're hosting your nodes with a cloud-provider that doesn't have a native load-balancing feature, enable this option to use Nginx ingress within the cluster. | Metrics Server Monitoring | Each cloud provider capable of launching a cluster using RKE can collect metrics and monitor for your cluster nodes. Enable this option to view your node metrics from your cloud provider's portal. | diff --git a/content/rancher/v2.x/en/cluster-admin/nodes/_index.md b/content/rancher/v2.x/en/cluster-admin/nodes/_index.md index b5406cb379b..6bb4c664b62 100644 --- a/content/rancher/v2.x/en/cluster-admin/nodes/_index.md +++ b/content/rancher/v2.x/en/cluster-admin/nodes/_index.md @@ -28,7 +28,7 @@ This section covers the following topics: # Node Options Available for Each Cluster Creation Option -The following table lists which node options are available for each [type of cluster]({{}}/rancher/v2.x/en/cluster-provisioning/#cluster-creation-options) in Rancher. Click the links in the **Option** column for more detailed information about each feature. +The following table lists which node options are available for each type of cluster in Rancher. Click the links in the **Option** column for more detailed information about each feature. | Option | [Nodes Hosted by an Infrastructure Provider][1] | [Custom Node][2] | [Hosted Cluster][3] | [Imported Nodes][4] | Description | | ------------------------------------------------ | ------------------------------------------------ | ---------------- | ------------------- | ------------------- | ------------------------------------------------------------------ | @@ -51,7 +51,7 @@ Node pools are available when you provision Rancher-launched Kubernetes clusters Clusters provisioned using [one of the node pool options]({{}}/rancher/v2.x/en/cluster-provisioning/rke-clusters/node-pools/#node-pools) can be scaled up or down if the node pool is edited. -A node pool can also automatically maintain the node scale that's set during the initial cluster provisioning if [node auto-replace is enabled.]({{}}/rancher/v2.x/en/cluster-provisioning/rke-clusters/node-pools/#node-auto-replace) This scale determines the number of active nodes that Rancher maintains for the cluster. +A node pool can also automatically maintain the node scale that's set during the initial cluster provisioning if [node auto-replace is enabled.]({{}}/rancher/v2.x/en/cluster-provisioning/rke-clusters/node-pools/#about-node-auto-replace) This scale determines the number of active nodes that Rancher maintains for the cluster. Rancher uses [node templates]({{}}/rancher/v2.x/en/cluster-provisioning/rke-clusters/node-pools/#node-templates) to replace nodes in the node pool. Each node template uses cloud provider credentials to allow Rancher to set up the node in the infrastructure provider. @@ -82,7 +82,7 @@ Select this option to view the node's [API endpoints]({{< baseurl >}}/rancher/v2 Use **Delete** to remove defective nodes from the cloud provider. -When you the delete a defective node, Rancher can automatically replace it with an identically provisioned node if the node is in a node pool and [node auto-replace is enabled.]({{}}/rancher/v2.x/en/cluster-provisioning/rke-clusters/node-pools/#node-auto-replace) +When you the delete a defective node, Rancher can automatically replace it with an identically provisioned node if the node is in a node pool and [node auto-replace is enabled.]({{}}/rancher/v2.x/en/cluster-provisioning/rke-clusters/node-pools/#about-node-auto-replace) >**Tip:** If your cluster is hosted by an infrastructure provider, and you want to scale your cluster down instead of deleting a defective node, [scale down](#scaling-nodes) rather than delete. diff --git a/content/rancher/v2.x/en/cluster-admin/projects-and-namespaces/_index.md b/content/rancher/v2.x/en/cluster-admin/projects-and-namespaces/_index.md index ebf5ca55eb8..f034677f065 100644 --- a/content/rancher/v2.x/en/cluster-admin/projects-and-namespaces/_index.md +++ b/content/rancher/v2.x/en/cluster-admin/projects-and-namespaces/_index.md @@ -58,7 +58,7 @@ Because projects are a concept introduced by Rancher, kubectl does not have the This means that when standard users with project-scoped permissions create a namespaces with `kubectl`, it may be unusable because `kubectl` doesn't require the new namespace to be scoped within a certain project. -If your permissions are restricted to the project level, it is better to [create a namespace through Rancher]({{}}/rancher/v2.x/en/project-admin/namespaces/#creating-namespaces) to ensure that you will have permission to access the namespace. +If your permissions are restricted to the project level, it is better to [create a namespace through Rancher]({{}}/rancher/v2.x/en/project-admin/namespaces/) to ensure that you will have permission to access the namespace. If a standard user is a project owner, the user will be able to create namespaces within that project. The Rancher UI will prevent that user from creating namespaces outside the scope of the projects they have access to. @@ -110,7 +110,7 @@ The `system` project: >**Note:** In clusters where both: > -> - The [Canal network plug-in]({{}}/rancher/v2.x/en/cluster-provisioning/rke-clusters/options/#canal) is in use. +> - The Canal network plug-in is in use. > - The Project Network Isolation option is enabled. > >The `system` project overrides the Project Network Isolation option so that it can communicate with other projects, collect logs, and check health. @@ -179,9 +179,9 @@ Resource quotas limit the resources that a project (and its namespaces) can cons To add a resource quota, 1. Click **Add Quota**. -1. Select a [Resource Type]({{}}/rancher/v2.x/en/k8s-in-rancher/projects-and-namespaces/resource-quotas/#resource-quota-types). +1. Select a Resource Type. For more information, see [Resource Quotas.]({{}}/rancher/v2.x/en/k8s-in-rancher/projects-and-namespaces/resource-quotas/). 1. Enter values for the **Project Limit** and the **Namespace Default Limit**. -1. **Optional:** Specify **Container Default Resource Limit**, which will be applied to every container started in the project. The parameter is recommended if you have CPU or Memory limits set by the Resource Quota. It can be overridden on per an individual namespace or a container level. For more information, see [Container Default Resource Limit]({{}}/rancher/v2.x/en/project-admin/resource-quotas/#setting-container-default-resource-limit) Note: This option is available as of v2.2.0. +1. **Optional:** Specify **Container Default Resource Limit**, which will be applied to every container started in the project. The parameter is recommended if you have CPU or Memory limits set by the Resource Quota. It can be overridden on per an individual namespace or a container level. For more information, see [Container Default Resource Limit]({{}}/rancher/v2.x/en/project-admin/resource-quotas/) Note: This option is available as of v2.2.0. 1. Click **Create**. **Result:** Your project is created. You can view it from the cluster's **Projects/Namespaces** view. diff --git a/content/rancher/v2.x/en/cluster-admin/restoring-etcd/_index.md b/content/rancher/v2.x/en/cluster-admin/restoring-etcd/_index.md index 1db7ba0c9cc..0396053a967 100644 --- a/content/rancher/v2.x/en/cluster-admin/restoring-etcd/_index.md +++ b/content/rancher/v2.x/en/cluster-admin/restoring-etcd/_index.md @@ -80,7 +80,7 @@ When rolling back to a prior Kubernetes version, the [upgrade strategy options]( ## Recovering etcd without a Snapshot -If the group of etcd nodes loses quorum, the Kubernetes cluster will report a failure because no operations, e.g. deploying workloads, can be executed in the Kubernetes cluster. Please review the best practices for the what the [number of etcd nodes]({{}}/rancher/v2.x/en/cluster-provisioning/production/#count-of-etcd-nodes) should be in a Kubernetes cluster. If you want to recover your set of etcd nodes, follow these instructions: +If the group of etcd nodes loses quorum, the Kubernetes cluster will report a failure because no operations, e.g. deploying workloads, can be executed in the Kubernetes cluster. The cluster should have three etcd nodes to prevent a loss of quorum. If you want to recover your set of etcd nodes, follow these instructions: 1. Keep only one etcd node in the cluster by removing all other etcd nodes. diff --git a/content/rancher/v2.x/en/cluster-admin/volumes-and-storage/attaching-existing-storage/_index.md b/content/rancher/v2.x/en/cluster-admin/volumes-and-storage/attaching-existing-storage/_index.md index 0044a07d13b..71256c0ff1d 100644 --- a/content/rancher/v2.x/en/cluster-admin/volumes-and-storage/attaching-existing-storage/_index.md +++ b/content/rancher/v2.x/en/cluster-admin/volumes-and-storage/attaching-existing-storage/_index.md @@ -12,7 +12,7 @@ To set up storage, follow these steps: 1. [Set up persistent storage.](#1-set-up-persistent-storage) 2. [Add a persistent volume that refers to the persistent storage.](#2-add-a-persistent-volume-that-refers-to-the-persistent-storage) 3. [Add a persistent volume claim that refers to the persistent volume.](#3-add-a-persistent-volume-claim-that-refers-to-the-persistent-volume) -4. [Mount the persistent volume claim as a volume in your workload.](#4-mount-the-persistent-storage-claim-as-a-volume-in-your-workload) +4. [Mount the persistent volume claim as a volume in your workload.](#4-mount-the-persistent-volume-claim-as-a-volume-in-your-workload) ### Prerequisites diff --git a/content/rancher/v2.x/en/cluster-admin/volumes-and-storage/examples/nfs/_index.md b/content/rancher/v2.x/en/cluster-admin/volumes-and-storage/examples/nfs/_index.md index a9be8884a31..632169475cb 100644 --- a/content/rancher/v2.x/en/cluster-admin/volumes-and-storage/examples/nfs/_index.md +++ b/content/rancher/v2.x/en/cluster-admin/volumes-and-storage/examples/nfs/_index.md @@ -65,4 +65,4 @@ Before you can use the NFS storage volume plug-in with Rancher deployments, you ## What's Next? -Within Rancher, add the NFS server as a [storage volume]({{}}/rancher/v2.x/en/k8s-in-rancher/volumes-and-storage/#adding-a-persistent-volume) and/or [storage class]({{}}/rancher/v2.x/en/k8s-in-rancher/volumes-and-storage/#adding-storage-classes). After adding the server, you can use it for storage for your deployments. +Within Rancher, add the NFS server as a storage volume and/or storage class. After adding the server, you can use it for storage for your deployments. diff --git a/content/rancher/v2.x/en/cluster-admin/volumes-and-storage/examples/vsphere/_index.md b/content/rancher/v2.x/en/cluster-admin/volumes-and-storage/examples/vsphere/_index.md index 41437462a9f..676861820a8 100644 --- a/content/rancher/v2.x/en/cluster-admin/volumes-and-storage/examples/vsphere/_index.md +++ b/content/rancher/v2.x/en/cluster-admin/volumes-and-storage/examples/vsphere/_index.md @@ -5,7 +5,7 @@ aliases: - /rancher/v2.x/en/tasks/clusters/adding-storage/provisioning-storage/vsphere/ --- -To provide stateful workloads with vSphere storage, we recommend creating a vSphereVolume [storage class]({{}}/rancher/v2.x/en/k8s-in-rancher/volumes-and-storage/#storage-classes). This practice dynamically provisions vSphere storage when workloads request volumes through a [persistent volume claim]({{}}/rancher/v2.x/en/k8s-in-rancher/volumes-and-storage/persistent-volume-claims/). +To provide stateful workloads with vSphere storage, we recommend creating a vSphereVolume StorageClass. This practice dynamically provisions vSphere storage when workloads request volumes through a [persistent volume claim]({{}}/rancher/v2.x/en/k8s-in-rancher/volumes-and-storage/persistent-volume-claims/). In order to dynamically provision storage in vSphere, the vSphere provider must be [enabled.]({{}}/rancher/v2.x/en/cluster-provisioning/rke-clusters/cloud-providers/vsphere) diff --git a/content/rancher/v2.x/en/cluster-provisioning/_index.md b/content/rancher/v2.x/en/cluster-provisioning/_index.md index e4c8f1ce492..620bce21a4b 100644 --- a/content/rancher/v2.x/en/cluster-provisioning/_index.md +++ b/content/rancher/v2.x/en/cluster-provisioning/_index.md @@ -18,7 +18,7 @@ This section covers the following topics: -- [Setting up clusters in a hosted Kubernetes provider](#setting-up-clusters-in-a-hosted-kubernetes-cluster) +- [Setting up clusters in a hosted Kubernetes provider](#setting-up-clusters-in-a-hosted-kubernetes-provider) - [Launching Kubernetes with Rancher](#launching-kubernetes-with-rancher) - [Launching Kubernetes and Provisioning Nodes in an Infrastructure Provider](#launching-kubernetes-and-provisioning-nodes-in-an-infrastructure-provider) - [Launching Kubernetes on Existing Custom Nodes](#launching-kubernetes-on-existing-custom-nodes) @@ -96,7 +96,7 @@ When a K3s cluster is imported, Rancher will recognize it as K3s, and the Ranche - The ability to upgrade the K3s version - The ability to see a read-only version of the K3s cluster's configuration arguments and environment variables used to launch each node in the cluster. -For more information, refer to the section on [imported K3s clusters.]({{}}/rancher/v2.x/en/cluster-provisioning/imported-clusters/#additional-features-of-imported-k3s-clusters) +For more information, refer to the section on [imported K3s clusters.]({{}}/rancher/v2.x/en/cluster-provisioning/imported-clusters/) # Registering Existing Clusters diff --git a/content/rancher/v2.x/en/cluster-provisioning/hosted-kubernetes-clusters/eks/_index.md b/content/rancher/v2.x/en/cluster-provisioning/hosted-kubernetes-clusters/eks/_index.md index aca3043c154..e5069253cd4 100644 --- a/content/rancher/v2.x/en/cluster-provisioning/hosted-kubernetes-clusters/eks/_index.md +++ b/content/rancher/v2.x/en/cluster-provisioning/hosted-kubernetes-clusters/eks/_index.md @@ -115,12 +115,12 @@ Due to the way that the cluster data is synced with EKS, if the cluster is modif -Complete each drop-down and field using the information obtained for your [IAM policy.](#iam-policy) +Complete each drop-down and field using the information obtained for your IAM policy. | Setting | Description | | ---------- | -------------------------------------------------------------------------------------------------------------------- | | Region | From the drop-down choose the geographical region in which to build your cluster. | -| Cloud Credentials | Select the cloud credentials that you created for your [IAM policy.](#iam-policy) For more information on creating cloud credentials in Rancher, refer to [this page.]({{}}/rancher/v2.x/en/user-settings/cloud-credentials/) | +| Cloud Credentials | Select the cloud credentials that you created for your IAM policy. For more information on creating cloud credentials in Rancher, refer to [this page.]({{}}/rancher/v2.x/en/user-settings/cloud-credentials/) | ### Service Role @@ -225,13 +225,13 @@ Amazon will use the [EKS-optimized AMI](https://docs.aws.amazon.com/eks/latest/u -Complete each drop-down and field using the information obtained for your [IAM policy.](#iam-policy) +Complete each drop-down and field using the information obtained for your IAM policy. | Setting | Description | | ---------- | -------------------------------------------------------------------------------------------------------------------- | | Region | From the drop-down choose the geographical region in which to build your cluster. | -| Access Key | Enter the access key that you created for your [IAM policy.](#iam-policy) | -| Secret Key | Enter the secret key that you created for your [IAM policy.](#iam-policy) | +| Access Key | Enter the access key that you created for your IAM policy. | +| Secret Key | Enter the secret key that you created for your IAM policy. | ### Service Role diff --git a/content/rancher/v2.x/en/cluster-provisioning/hosted-kubernetes-clusters/tke/_index.md b/content/rancher/v2.x/en/cluster-provisioning/hosted-kubernetes-clusters/tke/_index.md index 5eb529df3ca..fa85750ca33 100644 --- a/content/rancher/v2.x/en/cluster-provisioning/hosted-kubernetes-clusters/tke/_index.md +++ b/content/rancher/v2.x/en/cluster-provisioning/hosted-kubernetes-clusters/tke/_index.md @@ -31,7 +31,7 @@ You can use Rancher to create a cluster hosted in Tencent Kubernetes Engine (TKE 4. Use **Member Roles** to configure user authorization for the cluster. Click **Add Member** to add users that can access the cluster. Use the **Role** drop-down to set permissions for each user. -5. Configure **Account Access** for the TKE cluster. Complete each drop-down and field using the information obtained in [Prerequisites](#prerequisites). +5. Configure **Account Access** for the TKE cluster. Complete each drop-down and field using the information obtained in [Prerequisites](#prerequisites-in-tencent). | Option | Description | | ---------- | -------------------------------------------------------------------------------------------------------------------- | diff --git a/content/rancher/v2.x/en/cluster-provisioning/node-requirements/_index.md b/content/rancher/v2.x/en/cluster-provisioning/node-requirements/_index.md index ee0a8ac9afa..2f309c7ed0c 100644 --- a/content/rancher/v2.x/en/cluster-provisioning/node-requirements/_index.md +++ b/content/rancher/v2.x/en/cluster-provisioning/node-requirements/_index.md @@ -14,9 +14,9 @@ Make sure the nodes for the Rancher server fulfill the following requirements: - [Networking Requirements](#networking-requirements) - [Optional: Security Considerations](#optional-security-considerations) -# Operating Systems and Docker Requirements +# Operating Systems and Container Runtime Requirements -Rancher should work with any modern Linux distribution and any modern Docker version. Linux is required for the etcd and controlplane nodes of all downstream clusters. Worker nodes may run Linux or [Windows Server.](#requirements-for-windows-nodes) The capability to use Windows worker nodes in downstream clusters was added in Rancher v2.3.0. +Rancher should work with any modern Linux distribution and any modern Docker version. Linux is required for the etcd and controlplane nodes of all downstream clusters. Worker nodes may run Linux or [Windows Server.](#windows-nodes) The capability to use Windows worker nodes in downstream clusters was added in Rancher v2.3.0. For details on which OS and Docker versions were tested with each Rancher version, refer to the [support maintenance terms.](https://rancher.com/support-maintenance-terms/) @@ -104,7 +104,7 @@ For hardware recommendations for etcd clusters in production, refer to the offic For a production cluster, we recommend that you restrict traffic by opening only the ports defined in the port requirements below. -The ports required to be open are different depending on how the user cluster is launched. Each of the sections below list the ports that need to be opened for different [cluster creation options]({{}}/rancher/v2.x/en/cluster-provisioning/#cluster-creation-options). +The ports required to be open are different depending on how the user cluster is launched. Each of the sections below list the ports that need to be opened for different [cluster creation options]({{}}/rancher/v2.x/en/cluster-provisioning/). For a breakdown of the port requirements for etcd nodes, controlplane nodes, and worker nodes in a Kubernetes cluster, refer to the [port requirements for the Rancher Kubernetes Engine.]({{}}/rke/latest/en/os/#ports) diff --git a/content/rancher/v2.x/en/cluster-provisioning/production/_index.md b/content/rancher/v2.x/en/cluster-provisioning/production/_index.md index 2aea2df7329..2da635a7901 100644 --- a/content/rancher/v2.x/en/cluster-provisioning/production/_index.md +++ b/content/rancher/v2.x/en/cluster-provisioning/production/_index.md @@ -17,7 +17,7 @@ For a full list of all the best practices that we recommend, refer to the [best ### Back up etcd -* Enable etcd snapshots. Verify that snapshots are being created, and run a disaster recovery scenario to verify the snapshots are valid. etcd is the location where the state of your cluster is stored, and losing etcd data means losing your cluster. Make sure you configure [etcd Recurring Snapshots]({{}}/rancher/v2.x/en/backups/backups/ha-backups/#option-a-recurring-snapshots) for your cluster(s), and make sure the snapshots are stored externally (off the node) as well. +* Enable etcd snapshots. Verify that snapshots are being created, and run a disaster recovery scenario to verify the snapshots are valid. etcd is the location where the state of your cluster is stored, and losing etcd data means losing your cluster. Make sure you configure [etcd Recurring Snapshots]({{}}/rancher/v2.x/en/backups/v2.0.x-v2.4.x/backup/rke-backups/#option-a-recurring-snapshots) for your cluster(s), and make sure the snapshots are stored externally (off the node) as well. ### Cluster Architecture diff --git a/content/rancher/v2.x/en/cluster-provisioning/production/recommended-architecture/_index.md b/content/rancher/v2.x/en/cluster-provisioning/production/recommended-architecture/_index.md index 1e730d650bd..b075f9c67c9 100644 --- a/content/rancher/v2.x/en/cluster-provisioning/production/recommended-architecture/_index.md +++ b/content/rancher/v2.x/en/cluster-provisioning/production/recommended-architecture/_index.md @@ -9,7 +9,7 @@ There are three roles that can be assigned to nodes: `etcd`, `controlplane` and When designing your cluster(s), you have two options: -* Use dedicated nodes for each role. This ensures resource availability for the components needed for the specified role. It also strictly isolates network traffic between each of the roles according to the [port requirements]({{}}/rancher/v2.x/en/cluster-provisioning/node-requirements/#networking-requirements/). +* Use dedicated nodes for each role. This ensures resource availability for the components needed for the specified role. It also strictly isolates network traffic between each of the roles according to the [port requirements]({{}}/rancher/v2.x/en/cluster-provisioning/node-requirements/#networking-requirements). * Assign the `etcd` and `controlplane` roles to the same nodes. These nodes must meet the hardware requirements for both roles. In either case, the `worker` role should not be used or added to nodes with the `etcd` or `controlplane` role. diff --git a/content/rancher/v2.x/en/cluster-provisioning/registered-clusters/_index.md b/content/rancher/v2.x/en/cluster-provisioning/registered-clusters/_index.md index d105b33811b..25bb4babb45 100644 --- a/content/rancher/v2.x/en/cluster-provisioning/registered-clusters/_index.md +++ b/content/rancher/v2.x/en/cluster-provisioning/registered-clusters/_index.md @@ -18,7 +18,7 @@ Registering EKS clusters now provides additional benefits. - [Additional Features for Registered K3s Clusters](#additional-features-for-registered-k3s-clusters) - [Additional Features for Registered EKS Clusters](#additional-features-for-registered-eks-clusters) - [Configuring K3s Cluster Upgrades](#configuring-k3s-cluster-upgrades) -- [Debug Logging and Troubleshooting for Registered K3s Clusters](#debug-logging-and-troubleshooting=for-registered-k3s-clusters) +- [Debug Logging and Troubleshooting for Registered K3s Clusters](#debug-logging-and-troubleshooting-for-registered-k3s-clusters) - [Annotating Registered Clusters](#annotating-registered-clusters) # Prerequisites diff --git a/content/rancher/v2.x/en/cluster-provisioning/rke-clusters/cloud-providers/amazon/_index.md b/content/rancher/v2.x/en/cluster-provisioning/rke-clusters/cloud-providers/amazon/_index.md index 5a6fc9f45fb..9dbc050f747 100644 --- a/content/rancher/v2.x/en/cluster-provisioning/rke-clusters/cloud-providers/amazon/_index.md +++ b/content/rancher/v2.x/en/cluster-provisioning/rke-clusters/cloud-providers/amazon/_index.md @@ -22,7 +22,7 @@ All nodes added to the cluster must be able to interact with EC2 so that they ca * The first policy is for the nodes with the `controlplane` role. These nodes have to be able to create/remove EC2 resources. The following IAM policy is an example, please remove any unneeded permissions for your use case. * The second policy is for the nodes with the `etcd` or `worker` role. These nodes only have to be able to retrieve information from EC2. -While creating an [Amazon EC2 cluster]({{}}/rancher/v2.x/en/cluster-provisioning/rke-clusters/node-pools/ec2/#create-the-amazon-ec2-cluster), you must fill in the **IAM Instance Profile Name** (not ARN) of the created IAM role when creating the **Node Template**. +While creating an Amazon EC2 cluster]({{}}/rancher/v2.x/en/cluster-provisioning/rke-clusters/node-pools/ec2/), you must fill in the **IAM Instance Profile Name** (not ARN) of the created IAM role when creating the **Node Template**. While creating a [Custom cluster]({{}}/rancher/v2.x/en/cluster-provisioning/rke-clusters/custom-nodes), you must manually attach the IAM role to the instance(s). @@ -133,7 +133,7 @@ The following resources need to tagged with a `ClusterID`: >**Note:** Do not tag multiple security groups. Tagging multiple groups generates an error when creating an Elastic Load Balancer (ELB). -When you create an [Amazon EC2 Cluster]({{}}/rancher/v2.x/en/cluster-provisioning/rke-clusters/node-pools/ec2/#create-the-amazon-ec2-cluster), the `ClusterID` is automatically configured for the created nodes. Other resources still need to be tagged manually. +When you create an [Amazon EC2 Cluster]({{}}/rancher/v2.x/en/cluster-provisioning/rke-clusters/node-pools/ec2/), the `ClusterID` is automatically configured for the created nodes. Other resources still need to be tagged manually. Use the following tag: diff --git a/content/rancher/v2.x/en/cluster-provisioning/rke-clusters/custom-nodes/_index.md b/content/rancher/v2.x/en/cluster-provisioning/rke-clusters/custom-nodes/_index.md index b6106a15488..b9673d8e914 100644 --- a/content/rancher/v2.x/en/cluster-provisioning/rke-clusters/custom-nodes/_index.md +++ b/content/rancher/v2.x/en/cluster-provisioning/rke-clusters/custom-nodes/_index.md @@ -10,7 +10,7 @@ aliases: When you create a custom cluster, Rancher uses RKE (the Rancher Kubernetes Engine) to create a Kubernetes cluster in on-prem bare-metal servers, on-prem virtual machines, or in any node hosted by an infrastructure provider. -To use this option you'll need access to servers you intend to use in your Kubernetes cluster. Provision each server according to the [requirements]({{}}/rancher/v2.x/en/cluster-provisioning/node-requirements), which includes some hardware specifications and Docker. After you install Docker on each server, run the command provided in the Rancher UI to turn each server into a Kubernetes node. +To use this option you'll need access to servers you intend to use in your Kubernetes cluster. Provision each server according to the [requirements]({{}}/rancher/v2.x/en/cluster-provisioning/node-requirements), which includes some hardware specifications and Docker. After you install Docker on each server, you willl also run the command provided in the Rancher UI on each server to turn each one into a Kubernetes node. This section describes how to set up a custom cluster. @@ -54,15 +54,15 @@ Provision the host according to the [installation requirements]({{}}/ra >**Using Windows nodes as Kubernetes workers?** > - >- See [Enable the Windows Support Option]({{}}/rancher/v2.x/en/cluster-provisioning/rke-clusters/windows-clusters/#enable-the-windows-support-option). - >- The only Network Provider available for clusters with Windows support is Flannel. See [Networking Option]({{}}/rancher/v2.x/en/cluster-provisioning/rke-clusters/windows-clusters/#networking-option). + >- See [Enable the Windows Support Option]({{}}/rancher/v2.x/en/cluster-provisioning/rke-clusters/windows-clusters/). + >- The only Network Provider available for clusters with Windows support is Flannel. 6. Click **Next**. 7. From **Node Role**, choose the roles that you want filled by a cluster node. >**Notes:** > - >- Using Windows nodes as Kubernetes workers? See [Node Configuration]({{}}/rancher/v2.x/en/cluster-provisioning/rke-clusters/windows-clusters/#node-configuration). + >- Using Windows nodes as Kubernetes workers? See [this section]({{}}/rancher/v2.x/en/cluster-provisioning/rke-clusters/windows-clusters/). >- Bare-Metal Server Reminder: If you plan on dedicating bare-metal servers to each role, you must provision a bare-metal server for each role (i.e. provision multiple bare-metal servers). 8. **Optional**: Click **[Show advanced options]({{}}/rancher/v2.x/en/admin-settings/agent-options/)** to specify IP address(es) to use when registering the node, override the hostname of the node, or to add [labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/) or [taints](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/) to the node. diff --git a/content/rancher/v2.x/en/cluster-provisioning/rke-clusters/node-pools/ec2/_index.md b/content/rancher/v2.x/en/cluster-provisioning/rke-clusters/node-pools/ec2/_index.md index 106a2d6f300..4dc2868dfe5 100644 --- a/content/rancher/v2.x/en/cluster-provisioning/rke-clusters/node-pools/ec2/_index.md +++ b/content/rancher/v2.x/en/cluster-provisioning/rke-clusters/node-pools/ec2/_index.md @@ -128,7 +128,8 @@ After creating your cluster, you can access it through the Rancher UI. As a best "ec2:CreateKeyPair", "ec2:CreateSecurityGroup", "ec2:CreateTags", - "ec2:DeleteKeyPair" + "ec2:DeleteKeyPair", + "ec2:ModifyInstanceMetadataOptions" ], "Resource": "*" }, @@ -180,7 +181,8 @@ After creating your cluster, you can access it through the Rancher UI. As a best "ec2:CreateKeyPair", "ec2:CreateSecurityGroup", "ec2:CreateTags", - "ec2:DeleteKeyPair" + "ec2:DeleteKeyPair", + "ec2:ModifyInstanceMetadataOptions" ], "Resource": "*" }, diff --git a/content/rancher/v2.x/en/cluster-provisioning/rke-clusters/node-pools/ec2/ec2-node-template-config/_index.md b/content/rancher/v2.x/en/cluster-provisioning/rke-clusters/node-pools/ec2/ec2-node-template-config/_index.md index ef7393f0f66..e7c1859c4f3 100644 --- a/content/rancher/v2.x/en/cluster-provisioning/rke-clusters/node-pools/ec2/ec2-node-template-config/_index.md +++ b/content/rancher/v2.x/en/cluster-provisioning/rke-clusters/node-pools/ec2/ec2-node-template-config/_index.md @@ -36,7 +36,7 @@ Choose an availability zone and network settings for your cluster. Choose the default security group or configure a security group. -Please refer to [Amazon EC2 security group when using Node Driver]({{}}/rancher/v2.x/en/cluster-provisioning/node-requirements/#security-group-for-nodes-on-aws-ec2) to see what rules are created in the `rancher-nodes` Security Group. +Please refer to [Amazon EC2 security group when using Node Driver]({{}}/rancher/v2.x/en/installation/requirements/ports/#rancher-aws-ec2-security-group) to see what rules are created in the `rancher-nodes` Security Group. ### Instance Options @@ -73,7 +73,7 @@ See our three example JSON policies: ### Security Groups -**Security Groups** creates or configures the Security Groups applied to your nodes. Please refer to [Amazon EC2 security group when using Node Driver]({{}}/rancher/v2.x/en/cluster-provisioning/node-requirements/#security-group-for-nodes-on-aws-ec2) to see what rules are created in the `rancher-nodes` Security Group. +**Security Groups** creates or configures the Security Groups applied to your nodes. Please refer to [Amazon EC2 security group when using Node Driver]({{}}/rancher/v2.x/en/installation/requirements/ports/#rancher-aws-ec2-security-group) to see what rules are created in the `rancher-nodes` Security Group. ### Instance diff --git a/content/rancher/v2.x/en/cluster-provisioning/rke-clusters/node-pools/vsphere/_index.md b/content/rancher/v2.x/en/cluster-provisioning/rke-clusters/node-pools/vsphere/_index.md index 388fe585aac..e027990cd8f 100644 --- a/content/rancher/v2.x/en/cluster-provisioning/rke-clusters/node-pools/vsphere/_index.md +++ b/content/rancher/v2.x/en/cluster-provisioning/rke-clusters/node-pools/vsphere/_index.md @@ -27,7 +27,7 @@ The vSphere node templates have been updated, allowing you to bring cloud operat _Available as of v2.3.0_ -One of the biggest advantages of provisioning vSphere nodes with Rancher is that it allows you to take advantage of Rancher's self-healing node pools, also called the [node auto-replace feature,]({{}}/rancher/v2.x/en/cluster-provisioning/rke-clusters/node-pools/#node-auto-replace) in your on-premises clusters. Self-healing node pools are designed to help you replace worker nodes for stateless applications. When Rancher provisions nodes from a node template, Rancher can automatically replace unreachable nodes. +One of the biggest advantages of provisioning vSphere nodes with Rancher is that it allows you to take advantage of Rancher's self-healing node pools, also called the [node auto-replace feature,]({{}}/rancher/v2.x/en/cluster-provisioning/rke-clusters/node-pools/#about-node-auto-replace) in your on-premises clusters. Self-healing node pools are designed to help you replace worker nodes for stateless applications. When Rancher provisions nodes from a node template, Rancher can automatically replace unreachable nodes. > **Important:** It is not recommended to enable node auto-replace on a node pool of master nodes or nodes with persistent volumes attached, because VMs are treated ephemerally. When a node in a node pool loses connectivity with the cluster, its persistent volumes are destroyed, resulting in data loss for stateful applications. diff --git a/content/rancher/v2.x/en/cluster-provisioning/rke-clusters/options/_index.md b/content/rancher/v2.x/en/cluster-provisioning/rke-clusters/options/_index.md index d30f69de66a..79f17ca15fe 100644 --- a/content/rancher/v2.x/en/cluster-provisioning/rke-clusters/options/_index.md +++ b/content/rancher/v2.x/en/cluster-provisioning/rke-clusters/options/_index.md @@ -9,7 +9,7 @@ This section covers the configuration options that are available in Rancher for You can configure the Kubernetes options one of two ways: -- [Rancher UI](#rancher-ui): Use the Rancher UI to select options that are commonly customized when setting up a Kubernetes cluster. +- [Rancher UI](#rancher-ui-options): Use the Rancher UI to select options that are commonly customized when setting up a Kubernetes cluster. - [Cluster Config File](#cluster-config-file): Instead of using the Rancher UI to choose Kubernetes options for the cluster, advanced users can create an RKE config file. Using a config file allows you to set any of the options available in an RKE installation, except for system_images configuration, by specifying them in YAML. In Rancher v2.0.0-v2.2.x, the RKE cluster config file in Rancher is identical to the [cluster config file for the Rancher Kubernetes Engine]({{}}/rke/latest/en/config-options/), which is the tool Rancher uses to provision clusters. In Rancher v2.3.0, the RKE information is still included in the config file, but it is separated from other options, so that the RKE cluster config options are nested under the `rancher_kubernetes_engine_config` directive. For more information, see the section about the [cluster config file.](#cluster-config-file) @@ -32,7 +32,7 @@ This section is a cluster configuration reference, covering the following topics - [Docker root directory](#docker-root-directory) - [Recurring etcd snapshots](#recurring-etcd-snapshots) - [Cluster config file](#cluster-config-file) - - [Config file structure in Rancher v2.3.0+](#config-file-structure-in-rancher-v2-3-0+) + - [Config file structure in Rancher v2.3.0+](#config-file-structure-in-rancher-v2-3-0) - [Config file structure in Rancher v2.0.0-v2.2.x](#config-file-structure-in-rancher-v2-0-0-v2-2-x) - [Default DNS provider](#default-dns-provider) - [Rancher specific parameters](#rancher-specific-parameters) @@ -75,13 +75,13 @@ In v2.0.5, this was the default option, which did not prevent any network isolat **Notes on Weave:** -When Weave is selected as network provider, Rancher will automatically enable encryption by generating a random password. If you want to specify the password manually, please see how to configure your cluster using a [Config File]({{}}/rancher/v2.x/en/cluster-provisioning/rke-clusters/options/#config-file) and the [Weave Network Plug-in Options]({{}}/rke/latest/en/config-options/add-ons/network-plugins/#weave-network-plug-in-options). +When Weave is selected as network provider, Rancher will automatically enable encryption by generating a random password. If you want to specify the password manually, please see how to configure your cluster using a [Config File]({{}}/rancher/v2.x/en/cluster-provisioning/rke-clusters/options/#cluster-config-file) and the [Weave Network Plug-in Options]({{}}/rke/latest/en/config-options/add-ons/network-plugins/#weave-network-plug-in-options). ### Kubernetes Cloud Providers You can configure a [Kubernetes cloud provider]({{}}/rancher/v2.x/en/cluster-provisioning/rke-clusters/options/cloud-providers). If you want to use [volumes and storage]({{}}/rancher/v2.x/en/k8s-in-rancher/volumes-and-storage/) in Kubernetes, typically you must select the specific cloud provider in order to use it. For example, if you want to use Amazon EBS, you would need to select the `aws` cloud provider. ->**Note:** If the cloud provider you want to use is not listed as an option, you will need to use the [config file option](#config-file) to configure the cloud provider. Please reference the [RKE cloud provider documentation]({{}}/rke/latest/en/config-options/cloud-providers/) on how to configure the cloud provider. +>**Note:** If the cloud provider you want to use is not listed as an option, you will need to use the [config file option](#cluster-config-file) to configure the cloud provider. Please reference the [RKE cloud provider documentation]({{}}/rke/latest/en/config-options/cloud-providers/) on how to configure the cloud provider. If you want to see all the configuration options for a cluster, please click **Show advanced options** on the bottom right. The advanced options are described below: diff --git a/content/rancher/v2.x/en/cluster-provisioning/rke-clusters/windows-clusters/_index.md b/content/rancher/v2.x/en/cluster-provisioning/rke-clusters/windows-clusters/_index.md index a14009355a6..af254cd87e8 100644 --- a/content/rancher/v2.x/en/cluster-provisioning/rke-clusters/windows-clusters/_index.md +++ b/content/rancher/v2.x/en/cluster-provisioning/rke-clusters/windows-clusters/_index.md @@ -87,9 +87,9 @@ We recommend the minimum three-node architecture listed in the table below, but | Node | Operating System | Kubernetes Cluster Role(s) | Purpose | | ------ | --------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------- | -| Node 1 | Linux (Ubuntu Server 18.04 recommended) | [Control Plane]({{}}/rancher/v2.x/en/cluster-provisioning/#control-plane-nodes), [etcd]({{}}/rancher/v2.x/en/cluster-provisioning/#etcd-nodes), [Worker]({{}}/rancher/v2.x/en/cluster-provisioning/#worker-nodes) | Manage the Kubernetes cluster | -| Node 2 | Linux (Ubuntu Server 18.04 recommended) | [Worker]({{}}/rancher/v2.x/en/cluster-provisioning/#worker-nodes) | Support the Rancher Cluster agent, Metrics server, DNS, and Ingress for the cluster | -| Node 3 | Windows (Windows Server core version 1809 or above) | [Worker]({{}}/rancher/v2.x/en/cluster-provisioning/#worker-nodes) | Run your Windows containers | +| Node 1 | Linux (Ubuntu Server 18.04 recommended) | Control plane, etcd, worker | Manage the Kubernetes cluster | +| Node 2 | Linux (Ubuntu Server 18.04 recommended) | Worker | Support the Rancher Cluster agent, Metrics server, DNS, and Ingress for the cluster | +| Node 3 | Windows (Windows Server core version 1809 or above) | Worker | Run your Windows containers | ### Container Requirements @@ -117,7 +117,7 @@ To set up a cluster with support for Windows nodes and containers, you will need 1. [Provision Hosts](#1-provision-hosts) 1. [Create the Cluster on Existing Nodes](#2-create-the-cluster-on-existing-nodes) 1. [Add Nodes to the Cluster](#3-add-nodes-to-the-cluster) -1. [Optional: Configuration for Azure Files](#5-optional-configuration-for-azure-files) +1. [Optional: Configuration for Azure Files](#4-optional-configuration-for-azure-files) # 1. Provision Hosts @@ -144,9 +144,9 @@ You will provision three nodes: If your nodes are hosted by a **Cloud Provider** and you want automation support such as loadbalancers or persistent storage devices, your nodes have additional configuration requirements. For details, see [Selecting Cloud Providers.]({{}}/rancher/v2.x/en/cluster-provisioning/rke-clusters/options/cloud-providers) -# 2. Create the Custom Cluster +# 2. Create the Cluster on Existing Nodes -The instructions for creating a Windows cluster on existing nodes are very similar to the general [instructions for creating a custom cluster]({{}}/rancher/v2.x/en/cluster-provisioning/rke-clusters/custom-nodes/#2-create-the-custom-cluster) with some Windows-specific requirements. +The instructions for creating a Windows cluster on existing nodes are very similar to the general [instructions for creating a custom cluster]({{}}/rancher/v2.x/en/cluster-provisioning/rke-clusters/custom-nodes/) with some Windows-specific requirements. 1. From the **Global** view, click on the **Clusters** tab and click **Add Cluster**. 1. Click **From existing nodes (Custom)**. @@ -239,4 +239,4 @@ After creating your cluster, you can access it through the Rancher UI. As a best # Configuration for Storage Classes in Azure -If you are using Azure VMs for your nodes, you can use [Azure files](https://docs.microsoft.com/en-us/azure/aks/azure-files-dynamic-pv) as a [storage class]({{}}/rancher/v2.x/en/cluster-admin/volumes-and-storage/#adding-storage-classes) for the cluster. For details, refer to [this section.]({{}}/rancher/v2.x/en/cluster-provisioning/rke-clusters/windows-clusters/azure-storageclass) \ No newline at end of file +If you are using Azure VMs for your nodes, you can use [Azure files](https://docs.microsoft.com/en-us/azure/aks/azure-files-dynamic-pv) as a StorageClass for the cluster. For details, refer to [this section.]({{}}/rancher/v2.x/en/cluster-provisioning/rke-clusters/windows-clusters/azure-storageclass) \ No newline at end of file diff --git a/content/rancher/v2.x/en/cluster-provisioning/rke-clusters/windows-clusters/azure-storageclass/_index.md b/content/rancher/v2.x/en/cluster-provisioning/rke-clusters/windows-clusters/azure-storageclass/_index.md index 798916a2bc5..b9b99ffc3cd 100644 --- a/content/rancher/v2.x/en/cluster-provisioning/rke-clusters/windows-clusters/azure-storageclass/_index.md +++ b/content/rancher/v2.x/en/cluster-provisioning/rke-clusters/windows-clusters/azure-storageclass/_index.md @@ -3,11 +3,11 @@ title: Configuration for Storage Classes in Azure weight: 3 --- -If you are using Azure VMs for your nodes, you can use [Azure files](https://docs.microsoft.com/en-us/azure/aks/azure-files-dynamic-pv) as a [storage class]({{}}/rancher/v2.x/en/cluster-admin/volumes-and-storage/#adding-storage-classes) for the cluster. +If you are using Azure VMs for your nodes, you can use [Azure files](https://docs.microsoft.com/en-us/azure/aks/azure-files-dynamic-pv) as a StorageClass for the cluster. In order to have the Azure platform create the required storage resources, follow these steps: -1. [Configure the Azure cloud provider.]({{}}/rancher/v2.x/en/cluster-provisioning/rke-clusters/options/cloud-providers/#azure) +1. [Configure the Azure cloud provider.]({{}}/rancher/v2.x/en/cluster-provisioning/rke-clusters/cloud-providers/azure) 1. Configure `kubectl` to connect to your cluster. 1. Copy the `ClusterRole` and `ClusterRoleBinding` manifest for the service account: diff --git a/content/rancher/v2.x/en/cluster-provisioning/rke-clusters/windows-clusters/docs-for-2.1-and-2.2/_index.md b/content/rancher/v2.x/en/cluster-provisioning/rke-clusters/windows-clusters/docs-for-2.1-and-2.2/_index.md index 8cc045883ff..832134cf1fc 100644 --- a/content/rancher/v2.x/en/cluster-provisioning/rke-clusters/windows-clusters/docs-for-2.1-and-2.2/_index.md +++ b/content/rancher/v2.x/en/cluster-provisioning/rke-clusters/windows-clusters/docs-for-2.1-and-2.2/_index.md @@ -53,9 +53,9 @@ The table below lists the [Kubernetes roles]({{}}/rancher/v2.x/en/clust Node | Operating System | Future Cluster Role(s) --------|------------------|------ -Node 1 | Linux (Ubuntu Server 16.04 recommended) | [Control Plane]({{}}/rancher/v2.x/en/cluster-provisioning/#control-plane-nodes), [etcd]({{}}/rancher/v2.x/en/cluster-provisioning/#etcd), [Worker]({{}}/rancher/v2.x/en/cluster-provisioning/#worker-nodes) -Node 2 | Linux (Ubuntu Server 16.04 recommended) | [Worker]({{}}/rancher/v2.x/en/cluster-provisioning/#worker-nodes) (This node is used for Ingress support) -Node 3 | Windows (Windows Server core version 1809 or above) | [Worker]({{}}/rancher/v2.x/en/cluster-provisioning/#worker-nodes) +Node 1 | Linux (Ubuntu Server 16.04 recommended) | Control plane, etcd, worker +Node 2 | Linux (Ubuntu Server 16.04 recommended) | Worker (This node is used for Ingress support) +Node 3 | Windows (Windows Server core version 1809 or above) | Worker ### Requirements @@ -79,14 +79,14 @@ Azure VM | [Enable or Disable IP Forwarding](https://docs.microsoft.com/en-us/az ## 3. Create the Custom Cluster -To create a custom cluster that supports Windows nodes, follow the instructions in [Creating a Cluster with Custom Nodes]({{}}/rancher/v2.x/en/cluster-provisioning/rke-clusters/custom-nodes/#2-create-the-custom-cluster), starting from [2. Create the Custom Cluster]({{}}/rancher/v2.x/en/cluster-provisioning/rke-clusters/custom-nodes/#2-create-the-custom-cluster). While completing the linked instructions, look for steps that requires special actions for Windows nodes, which are flagged with a note. These notes will link back here, to the special Windows instructions listed in the subheadings below. +To create a custom cluster that supports Windows nodes, follow the instructions in [Creating a Cluster with Custom Nodes]({{}}/rancher/v2.x/en/cluster-provisioning/rke-clusters/custom-nodes/), starting from 2. Create the Custom Cluster. While completing the linked instructions, look for steps that requires special actions for Windows nodes, which are flagged with a note. These notes will link back here, to the special Windows instructions listed in the subheadings below. ### Enable the Windows Support Option While choosing **Cluster Options**, set **Windows Support (Experimental)** to **Enabled**. -After you select this option, resume [Creating a Cluster with Custom Nodes]({{}}/rancher/v2.x/en/cluster-provisioning/rke-clusters/custom-nodes/#create-the-custom-cluster) from [step 6]({{}}/rancher/v2.x/en/cluster-provisioning/rke-clusters/custom-nodes/#step-6). +After you select this option, resume [Creating a Cluster with Custom Nodes]({{}}/rancher/v2.x/en/cluster-provisioning/rke-clusters/custom-nodes/) from [step 6]({{}}/rancher/v2.x/en/cluster-provisioning/rke-clusters/custom-nodes/#step-6). ### Networking Option @@ -103,7 +103,7 @@ Option | Setting Node Operating System | Linux Node Roles | etcd
Control Plane
Worker -When you're done with these configurations, resume [Creating a Cluster with Custom Nodes]({{}}/rancher/v2.x/en/cluster-provisioning/rke-clusters/custom-nodes/#create-the-custom-cluster) from [step 8]({{}}/rancher/v2.x/en/cluster-provisioning/rke-clusters/custom-nodes/#step-8). +When you're done with these configurations, resume [Creating a Cluster with Custom Nodes]({{}}/rancher/v2.x/en/cluster-provisioning/rke-clusters/custom-nodes/) from [step 8]({{}}/rancher/v2.x/en/cluster-provisioning/rke-clusters/custom-nodes/#step-8). @@ -111,7 +111,7 @@ When you're done with these configurations, resume [Creating a Cluster with Cust After the initial provisioning of your custom cluster, your cluster only has a single Linux host. Add another Linux host, which will be used to support Ingress for your cluster. -1. Using the content menu, open the custom cluster your created in [2. Create the Custom Cluster](#2-create-the-custom-cluster). +1. Using the content menu, open the custom cluster your created in [2. Create the Custom Cluster](#3-create-the-custom-cluster). 1. From the main menu, select **Nodes**. diff --git a/content/rancher/v2.x/en/deploy-across-clusters/multi-cluster-apps/_index.md b/content/rancher/v2.x/en/deploy-across-clusters/multi-cluster-apps/_index.md index f0adc3323b9..b0eaddf0d1b 100644 --- a/content/rancher/v2.x/en/deploy-across-clusters/multi-cluster-apps/_index.md +++ b/content/rancher/v2.x/en/deploy-across-clusters/multi-cluster-apps/_index.md @@ -26,7 +26,7 @@ After creating a multi-cluster application, you can program a [Global DNS entry] - [Members](#members) - [Overriding application configuration options for specific projects](#overriding-application-configuration-options-for-specific-projects) - [Upgrading multi-cluster app roles and projects](#upgrading-multi-cluster-app-roles-and-projects) -- [Multi-cluster application management](#multi-cluster-application-managements) +- [Multi-cluster application management](#multi-cluster-application-management) - [Deleting a multi-cluster application](#deleting-a-multi-cluster-application) # Prerequisites diff --git a/content/rancher/v2.x/en/faq/networking/cni-providers/_index.md b/content/rancher/v2.x/en/faq/networking/cni-providers/_index.md index 88719ac4dd0..3618bbb30ab 100644 --- a/content/rancher/v2.x/en/faq/networking/cni-providers/_index.md +++ b/content/rancher/v2.x/en/faq/networking/cni-providers/_index.md @@ -68,7 +68,7 @@ Flannel is a simple and easy way to configure L3 network fabric designed for Kub Encapsulated traffic is unencrypted by default. Therefore, flannel provides an experimental backend for encryption, [IPSec](https://github.com/coreos/flannel/blob/master/Documentation/backends.md#ipsec), which makes use of [strongSwan](https://www.strongswan.org/) to establish encrypted IPSec tunnels between Kubernetes workers. -Kubernetes workers should open UDP port `8472` (VXLAN) and TCP port `9099` (healthcheck). See [the port requirements for user clusters]({{}}/rancher/v2.x/en/cluster-provisioning/node-requirements/#networking-requirements/) for more details. +Kubernetes workers should open UDP port `8472` (VXLAN) and TCP port `9099` (healthcheck). See [the port requirements for user clusters]({{}}/rancher/v2.x/en/cluster-provisioning/node-requirements/#networking-requirements) for more details. ![Flannel Diagram]({{}}/img/rancher/flannel-diagram.png) @@ -82,7 +82,7 @@ Calico enables networking and network policy in Kubernetes clusters across the c Calico also provides a stateless IP-in-IP encapsulation mode that can be used, if necessary. Calico also offers policy isolation, allowing you to secure and govern your Kubernetes workloads using advanced ingress and egress policies. -Kubernetes workers should open TCP port `179` (BGP). See [the port requirements for user clusters]({{}}/rancher/v2.x/en/cluster-provisioning/node-requirements/#networking-requirements/) for more details. +Kubernetes workers should open TCP port `179` (BGP). See [the port requirements for user clusters]({{}}/rancher/v2.x/en/cluster-provisioning/node-requirements/#networking-requirements) for more details. ![Calico Diagram]({{}}/img/rancher/calico-diagram.svg) @@ -100,7 +100,7 @@ _Available as of v2.2.0_ Weave enables networking and network policy in Kubernetes clusters across the cloud. Additionally, it support encrypting traffic between the peers. -Kubernetes workers should open TCP port `6783` (control port), UDP port `6783` and UDP port `6784` (data ports). See the [port requirements for user clusters]({{}}/rancher/v2.x/en/cluster-provisioning/node-requirements/#networking-requirements/) for more details. +Kubernetes workers should open TCP port `6783` (control port), UDP port `6783` and UDP port `6784` (data ports). See the [port requirements for user clusters]({{}}/rancher/v2.x/en/cluster-provisioning/node-requirements/#networking-requirements) for more details. For more information, see the following pages: @@ -151,4 +151,4 @@ As of Rancher v2.0.7, Canal is the default CNI network provider. We recommend it ### How can I configure a CNI network provider? -Please see [Cluster Options]({{}}/rancher/v2.x/en/cluster-provisioning/rke-clusters/options/) on how to configure a network provider for your cluster. For more advanced configuration options, please see how to configure your cluster using a [Config File]({{}}/rancher/v2.x/en/cluster-provisioning/rke-clusters/options/#config-file) and the options for [Network Plug-ins]({{}}/rke/latest/en/config-options/add-ons/network-plugins/). +Please see [Cluster Options]({{}}/rancher/v2.x/en/cluster-provisioning/rke-clusters/options/) on how to configure a network provider for your cluster. For more advanced configuration options, please see how to configure your cluster using a [Config File]({{}}/rancher/v2.x/en/cluster-provisioning/rke-clusters/options/#cluster-config-file) and the options for [Network Plug-ins]({{}}/rke/latest/en/config-options/add-ons/network-plugins/). diff --git a/content/rancher/v2.x/en/faq/technical/_index.md b/content/rancher/v2.x/en/faq/technical/_index.md index 7187dd07eeb..62c3d7589bc 100644 --- a/content/rancher/v2.x/en/faq/technical/_index.md +++ b/content/rancher/v2.x/en/faq/technical/_index.md @@ -115,7 +115,7 @@ When the node is removed from the cluster, and the node is cleaned, you can read ### How can I add additional arguments/binds/environment variables to Kubernetes components in a Rancher Launched Kubernetes cluster? -You can add additional arguments/binds/environment variables via the [Config File]({{}}/rancher/v2.x/en/cluster-provisioning/rke-clusters/options/#config-file) option in Cluster Options. For more information, see the [Extra Args, Extra Binds, and Extra Environment Variables]({{}}/rke/latest/en/config-options/services/services-extras/) in the RKE documentation or browse the [Example Cluster.ymls]({{}}/rke/latest/en/example-yamls/). +You can add additional arguments/binds/environment variables via the [Config File]({{}}/rancher/v2.x/en/cluster-provisioning/rke-clusters/options/#cluster-config-file) option in Cluster Options. For more information, see the [Extra Args, Extra Binds, and Extra Environment Variables]({{}}/rke/latest/en/config-options/services/services-extras/) in the RKE documentation or browse the [Example Cluster.ymls]({{}}/rke/latest/en/example-yamls/). ### How do I check if my certificate chain is valid? diff --git a/content/rancher/v2.x/en/helm-charts/legacy-catalogs/_index.md b/content/rancher/v2.x/en/helm-charts/legacy-catalogs/_index.md index 2e97a46c202..e174ce6eea4 100644 --- a/content/rancher/v2.x/en/helm-charts/legacy-catalogs/_index.md +++ b/content/rancher/v2.x/en/helm-charts/legacy-catalogs/_index.md @@ -46,7 +46,7 @@ Project | This specific cluster can access the Helm charts in this catalog | v2 _Applicable as of v2.4.0_ -In November 2019, Helm 3 was released, and some features were deprecated or refactored. It is not fully [backwards compatible]({{}}/rancher/v2.x/en/catalog#helm-3-backwards-compatibility) with Helm 2. Therefore, catalogs in Rancher need to be separated, with each catalog only using one Helm version. This will help reduce app deployment issues as your Rancher users will not need to know which version of your chart is compatible with which Helm version - they can just select a catalog, select an app and deploy a version that has already been vetted for compatibility. +In November 2019, Helm 3 was released, and some features were deprecated or refactored. It is not fully [backwards compatible]({{}}/rancher/v2.x/en/helm-charts/legacy-catalogs/#helm-3-backwards-compatibility) with Helm 2. Therefore, catalogs in Rancher need to be separated, with each catalog only using one Helm version. This will help reduce app deployment issues as your Rancher users will not need to know which version of your chart is compatible with which Helm version - they can just select a catalog, select an app and deploy a version that has already been vetted for compatibility. When you create a custom catalog, you will have to configure the catalog to use either Helm 2 or Helm 3. This version cannot be changed later. If the catalog is added with the wrong Helm version, it will need to be deleted and re-added. diff --git a/content/rancher/v2.x/en/helm-charts/legacy-catalogs/adding-catalogs/_index.md b/content/rancher/v2.x/en/helm-charts/legacy-catalogs/adding-catalogs/_index.md index ad5e3986d12..8730a23993b 100644 --- a/content/rancher/v2.x/en/helm-charts/legacy-catalogs/adding-catalogs/_index.md +++ b/content/rancher/v2.x/en/helm-charts/legacy-catalogs/adding-catalogs/_index.md @@ -59,7 +59,7 @@ For more information on private Git/Helm catalogs, refer to the [custom catalog 1. From the **Global** view, choose **Tools > Catalogs** in the navigation bar. In versions prior to v2.2.0, you can select **Catalogs** directly in the navigation bar. 2. Click **Add Catalog**. 3. Complete the form. Select the Helm version that will be used to launch all of the apps in the catalog. For more information about the Helm version, refer to [this section.]( -{{}}/rancher/v2.x/en/catalog/#catalog-helm-deployment-versions) +{{}}/rancher/v2.x/en/helm-charts/legacy-catalogs/#catalog-helm-deployment-versions) 4. Click **Create**. **Result**: Your custom global catalog is added to Rancher. Once it is in `Active` state, it has completed synchronization and you will be able to start deploying [multi-cluster apps]({{}}/rancher/v2.x/en/catalog/multi-cluster-apps/) or [applications in any project]({{}}/rancher/v2.x/en/catalog/launching-apps/) from this catalog. @@ -78,7 +78,7 @@ _Available as of v2.2.0_ 2. Choose the **Tools > Catalogs** in the navigation bar. 2. Click **Add Catalog**. 3. Complete the form. By default, the form will provide the ability to select `Scope` of the catalog. When you have added a catalog from the **Cluster** scope, it is defaulted to `Cluster`. Select the Helm version that will be used to launch all of the apps in the catalog. For more information about the Helm version, refer to [this section.]( -{{}}/rancher/v2.x/en/catalog/#catalog-helm-deployment-versions) +{{}}/rancher/v2.x/en/helm-charts/legacy-catalogs/#catalog-helm-deployment-versions) 5. Click **Create**. **Result**: Your custom cluster catalog is added to Rancher. Once it is in `Active` state, it has completed synchronization and you will be able to start deploying [applications in any project in that cluster]({{}}/rancher/v2.x/en/catalog/apps/) from this catalog. @@ -98,7 +98,7 @@ _Available as of v2.2.0_ 2. Choose the **Tools > Catalogs** in the navigation bar. 2. Click **Add Catalog**. 3. Complete the form. By default, the form will provide the ability to select `Scope` of the catalog. When you have added a catalog from the **Project** scope, it is defaulted to `Cluster`. Select the Helm version that will be used to launch all of the apps in the catalog. For more information about the Helm version, refer to [this section.]( -{{}}/rancher/v2.x/en/catalog/#catalog-helm-deployment-versions) +{{}}/rancher/v2.x/en/helm-charts/legacy-catalogs/#catalog-helm-deployment-versions) 5. Click **Create**. **Result**: Your custom project catalog is added to Rancher. Once it is in `Active` state, it has completed synchronization and you will be able to start deploying [applications in that project]({{}}/rancher/v2.x/en/catalog/apps/) from this catalog. diff --git a/content/rancher/v2.x/en/helm-charts/legacy-catalogs/built-in/_index.md b/content/rancher/v2.x/en/helm-charts/legacy-catalogs/built-in/_index.md index e3b78b13b2a..8f31a3c958c 100644 --- a/content/rancher/v2.x/en/helm-charts/legacy-catalogs/built-in/_index.md +++ b/content/rancher/v2.x/en/helm-charts/legacy-catalogs/built-in/_index.md @@ -19,7 +19,7 @@ Within Rancher, there are default catalogs packaged as part of Rancher. These ca 2. Toggle the default catalogs that you want to be enabled or disabled: - - **Library:** The Library Catalog includes charts curated by Rancher. Rancher stores charts in a Git repository to expedite the fetch and update of charts. This catalog features Rancher Charts, which include some [notable advantages]({{}}/rancher/v2.x/en/catalog/creating-apps/#rancher-charts) over native Helm charts. + - **Library:** The Library Catalog includes charts curated by Rancher. Rancher stores charts in a Git repository to expedite the fetch and update of charts. This catalog features Rancher Charts, which include some [notable advantages]({{}}/rancher/v2.x/en/helm-charts/legacy-catalogs/creating-apps/#rancher-charts) over native Helm charts. - **Helm Stable:** This catalog, which is maintained by the Kubernetes community, includes native [Helm charts](https://helm.sh/docs/chart_template_guide/). This catalog features the largest pool of apps. - **Helm Incubator:** Similar in user experience to Helm Stable, but this catalog is filled with applications in **beta**. diff --git a/content/rancher/v2.x/en/helm-charts/legacy-catalogs/catalog-config/_index.md b/content/rancher/v2.x/en/helm-charts/legacy-catalogs/catalog-config/_index.md index 15dca5019eb..047a2d16122 100644 --- a/content/rancher/v2.x/en/helm-charts/legacy-catalogs/catalog-config/_index.md +++ b/content/rancher/v2.x/en/helm-charts/legacy-catalogs/catalog-config/_index.md @@ -48,7 +48,8 @@ When [adding your catalog]({{}}/rancher/v2.x/en/catalog/custom/adding/) | Username (Optional) | Username or OAuth Token | | Password (Optional) | If you are authenticating using a username, enter the associated password. If you are using an OAuth token, use `x-oauth-basic`. | | Branch | For a Git repository, the branch name. Default: `master`. For a Helm Chart repository, this field is ignored. | -| Helm version | The Helm version that will be used to deploy all of the charts in the catalog. This field cannot be changed later. For more information, refer to the [section on Helm versions.]({{}}/rancher/v2.x/en/catalog/#catalog-helm-deployment-versions) | +| Helm version | The Helm version that will be used to deploy all of the charts in the catalog. This field cannot be changed later. For more information, refer to the [section on Helm versions.]( +{{}}/rancher/v2.x/en/helm-charts/legacy-catalogs/#catalog-helm-deployment-versions) | # Private Repositories diff --git a/content/rancher/v2.x/en/helm-charts/legacy-catalogs/globaldns/_index.md b/content/rancher/v2.x/en/helm-charts/legacy-catalogs/globaldns/_index.md index db38295d4c4..fcd9b8e366b 100644 --- a/content/rancher/v2.x/en/helm-charts/legacy-catalogs/globaldns/_index.md +++ b/content/rancher/v2.x/en/helm-charts/legacy-catalogs/globaldns/_index.md @@ -9,7 +9,7 @@ _Available as of v2.2.0_ Rancher's Global DNS feature provides a way to program an external DNS provider to route traffic to your Kubernetes applications. Since the DNS programming supports spanning applications across different Kubernetes clusters, Global DNS is configured at a global level. An application can become highly available as it allows you to have one application run on different Kubernetes clusters. If one of your Kubernetes clusters goes down, the application would still be accessible. -> **Note:** Global DNS is only available in [Kubernetes installations]({{}}/rancher/v2.x/en/installation/install-rancher-on-k8s/) with the [`local` cluster enabled]({{}}/rancher/v2.x/en/installation/resources/chart-options/#import-local-cluster). +> **Note:** Global DNS is only available in [Kubernetes installations]({{}}/rancher/v2.x/en/installation/install-rancher-on-k8s/) with the `local` cluster enabled. - [Global DNS Providers](#global-dns-providers) - [Global-DNS-Entries](#global-dns-entries) @@ -133,7 +133,7 @@ Permission checks are relaxed for removing target projects in order to support s >**Notes:** > ->- Alibaba Cloud SDK uses TZ data. It needs to be present on `/usr/share/zoneinfo` path of the nodes running [`local` cluster]({{}}/rancher/v2.x/en/installation/resources/chart-options/#import-local-cluster), and it is mounted to the external DNS pods. If it is not available on the nodes, please follow the [instruction](https://www.ietf.org/timezones/tzdb-2018f/tz-link.html) to prepare it. +>- Alibaba Cloud SDK uses TZ data. It needs to be present on `/usr/share/zoneinfo` path of the nodes running `local` cluster, and it is mounted to the external DNS pods. If it is not available on the nodes, please follow the [instruction](https://www.ietf.org/timezones/tzdb-2018f/tz-link.html) to prepare it. >- Different versions of AliDNS have different allowable TTL range, where the default TTL for a global DNS entry may not be valid. Please see the [reference](https://www.alibabacloud.com/help/doc-detail/34338.htm) before adding an AliDNS entry. | Field | Explanation | diff --git a/content/rancher/v2.x/en/helm-charts/legacy-catalogs/launching-apps/_index.md b/content/rancher/v2.x/en/helm-charts/legacy-catalogs/launching-apps/_index.md index 74c0fd358e2..ff64af67669 100644 --- a/content/rancher/v2.x/en/helm-charts/legacy-catalogs/launching-apps/_index.md +++ b/content/rancher/v2.x/en/helm-charts/legacy-catalogs/launching-apps/_index.md @@ -5,7 +5,7 @@ aliases: - /rancher/v2.x/en/catalog/launching-apps --- -Within a project, when you want to deploy applications from catalogs, the applications available in your project will be based on the [scope of the catalogs]({{}}/rancher/v2.x/en/catalog/#catalog-scope). +Within a project, when you want to deploy applications from catalogs, the applications available in your project will be based on the [scope of the catalogs]({{}}/rancher/v2.x/en/helm-charts/legacy-catalogs/#catalog-scopes). If your application is using ingresses, you can program the ingress hostname to an external DNS by setting up a [Global DNS entry]({{}}/rancher/v2.x/en/catalog/globaldns/). @@ -64,7 +64,7 @@ If the Helm chart that you are deploying contains a `questions.yml` file, Ranche ### Key Value Pairs for Native Helm Charts -For native Helm charts (i.e., charts from the **Helm Stable** or **Helm Incubator** catalogs or a [custom Helm chart repository]({{}}/rancher/v2.x/en/catalog/custom/#custom-helm-chart-repository)), answers are provided as key value pairs in the **Answers** section. These answers are used to override the default values. +For native Helm charts (i.e., charts from the **Helm Stable** or **Helm Incubator** catalogs or a [custom Helm chart repository]({{}}/rancher/v2.x/en/helm-charts/legacy-catalogs/catalog-config/#custom-helm-chart-repository)), answers are provided as key value pairs in the **Answers** section. These answers are used to override the default values. {{% /tab %}} {{% tab "Editing YAML Files" %}} diff --git a/content/rancher/v2.x/en/helm-charts/legacy-catalogs/tutorial/_index.md b/content/rancher/v2.x/en/helm-charts/legacy-catalogs/tutorial/_index.md index 40537e4e68b..18155cd69db 100644 --- a/content/rancher/v2.x/en/helm-charts/legacy-catalogs/tutorial/_index.md +++ b/content/rancher/v2.x/en/helm-charts/legacy-catalogs/tutorial/_index.md @@ -41,7 +41,7 @@ You can fill your custom catalogs with either Helm Charts or Rancher Charts, alt The example below creates a form that prompts users for persistent volume size and a storage class.

- For a list of variables you can use when creating a `questions.yml` file, see [Question Variable Reference]({{}}/rancher/v2.x/en/catalog/creating-apps/#question-variable-reference). + For a list of variables you can use when creating a `questions.yml` file, see [Question Variable Reference]({{}}/rancher/v2.x/en/helm-charts/legacy-catalogs/creating-apps/#question-variable-reference). ```yaml categories: diff --git a/content/rancher/v2.x/en/installation/_index.md b/content/rancher/v2.x/en/installation/_index.md index d7d27ea890b..5de65d3c5b2 100644 --- a/content/rancher/v2.x/en/installation/_index.md +++ b/content/rancher/v2.x/en/installation/_index.md @@ -67,7 +67,7 @@ There are also separate instructions for installing Rancher in an air gap enviro | Level of Internet Access | Kubernetes Installation - Strongly Recommended | Docker Installation | | ---------------------------------- | ------------------------------ | ---------- | | With direct access to the Internet | [Docs]({{}}/rancher/v2.x/en/installation/install-rancher-on-k8s/) | [Docs]({{}}/rancher/v2.x/en/installation/other-installation-methods/single-node-docker) | -| Behind an HTTP proxy | These [docs,]({{}}/rancher/v2.x/en/installation/install-rancher-on-k8s/) plus this [configuration]({{}}/rancher/v2.x/en/installation/resources/chart-options/#http-proxy) | These [docs,]({{}}/rancher/v2.x/en/installation/other-installation-methods/single-node-docker) plus this [configuration]({{}}/rancher/v2.x/en/installation/other-installation-methods/single-node-docker/proxy/) | +| Behind an HTTP proxy | These [docs,]({{}}/rancher/v2.x/en/installation/install-rancher-on-k8s/) plus this [configuration]({{}}/rancher/v2.x/en/installation/install-rancher-on-k8s/chart-options/#http-proxy) | These [docs,]({{}}/rancher/v2.x/en/installation/other-installation-methods/single-node-docker) plus this [configuration]({{}}/rancher/v2.x/en/installation/other-installation-methods/single-node-docker/proxy/) | | In an air gap environment | [Docs]({{}}/rancher/v2.x/en/installation/other-installation-methods/air-gap) | [Docs]({{}}/rancher/v2.x/en/installation/other-installation-methods/air-gap) | We recommend installing Rancher on a Kubernetes cluster, because in a multi-node cluster, the Rancher management server becomes highly available. This high-availability configuration helps maintain consistent access to the downstream Kubernetes clusters that Rancher will manage. @@ -101,9 +101,9 @@ For more architecture recommendations, refer to [this page.]({{}}/ranch Refer to the [Helm chart options]({{}}/rancher/v2.x/en/installation/resources/chart-options/) for details on installing Rancher on a Kubernetes cluster with other configurations, including: -- With [API auditing to record all transactions]({{}}/rancher/v2.x/en/installation/resources/chart-options/#api-audit-log) -- With [TLS termination on a load balancer]({{}}/rancher/v2.x/en/installation/resources/chart-options/#external-tls-termination) -- With a [custom Ingress]({{}}/rancher/v2.x/en/installation/resources/chart-options/#customizing-your-ingress) +- With [API auditing to record all transactions]({{}}/rancher/v2.x/en/installation/install-rancher-on-k8s/chart-options/#api-audit-log) +- With [TLS termination on a load balancer]({{}}/rancher/v2.x/en/installation/install-rancher-on-k8s/chart-options/#external-tls-termination) +- With a [custom Ingress]({{}}/rancher/v2.x/en/installation/install-rancher-on-k8s/chart-options/#customizing-your-ingress) In the Rancher installation instructions, we recommend using K3s or RKE to set up a Kubernetes cluster before installing Rancher on the cluster. Both K3s and RKE have many configuration options for customizing the Kubernetes cluster to suit your specific environment. For the full list of their capabilities, refer to their documentation: diff --git a/content/rancher/v2.x/en/installation/install-rancher-on-k8s/_index.md b/content/rancher/v2.x/en/installation/install-rancher-on-k8s/_index.md index 33096d9636d..c81bf508624 100644 --- a/content/rancher/v2.x/en/installation/install-rancher-on-k8s/_index.md +++ b/content/rancher/v2.x/en/installation/install-rancher-on-k8s/_index.md @@ -61,7 +61,7 @@ Refer to the [instructions provided by the Helm project](https://helm.sh/docs/in ### 2. Add the Helm Chart Repository -Use `helm repo add` command to add the Helm chart repository that contains charts to install Rancher. For more information about the repository choices and which is best for your use case, see [Choosing a Version of Rancher]({{}}/rancher/v2.x/en/installation/resources/chart-options/#helm-chart-repositories). +Use `helm repo add` command to add the Helm chart repository that contains charts to install Rancher. For more information about the repository choices and which is best for your use case, see [Choosing a Version of Rancher]({{}}/rancher/v2.x/en/installation/install-rancher-on-k8s/chart-options/#helm-chart-repositories). {{< release-channel >}} @@ -81,7 +81,7 @@ kubectl create namespace cattle-system The Rancher management server is designed to be secure by default and requires SSL/TLS configuration. -> **Note:** If you want terminate SSL/TLS externally, see [TLS termination on an External Load Balancer]({{}}/rancher/v2.x/en/installation/resources/chart-options/#external-tls-termination). +> **Note:** If you want terminate SSL/TLS externally, see [TLS termination on an External Load Balancer]({{}}/rancher/v2.x/en/installation/install-rancher-on-k8s/chart-options/#external-tls-termination). There are three recommended options for the source of the certificate used for TLS termination at the Rancher server: @@ -98,7 +98,7 @@ There are three recommended options for the source of the certificate used for T ### 5. Install cert-manager -> You should skip this step if you are bringing your own certificate files (option `ingress.tls.source=secret`), or if you use [TLS termination on an external load balancer]({{}}/rancher/v2.x/en/installation/resources/chart-options/#external-tls-termination). +> You should skip this step if you are bringing your own certificate files (option `ingress.tls.source=secret`), or if you use [TLS termination on an external load balancer]({{}}/rancher/v2.x/en/installation/install-rancher-on-k8s/chart-options/#external-tls-termination). This step is only required to use certificates issued by Rancher's generated CA (`ingress.tls.source=rancher`) or to request Let's Encrypt issued certificates (`ingress.tls.source=letsEncrypt`). @@ -246,9 +246,9 @@ Now that Rancher is deployed, see [Adding TLS Secrets]({{}}/rancher/v2. The Rancher chart configuration has many options for customizing the installation to suit your specific environment. Here are some common advanced scenarios. -- [HTTP Proxy]({{}}/rancher/v2.x/en/installation/resources/chart-options/#http-proxy) -- [Private Docker Image Registry]({{}}/rancher/v2.x/en/installation/resources/chart-options/#private-registry-and-air-gap-installs) -- [TLS Termination on an External Load Balancer]({{}}/rancher/v2.x/en/installation/resources/chart-options/#external-tls-termination) +- [HTTP Proxy]({{}}/rancher/v2.x/en/installation/install-rancher-on-k8s/chart-options/#http-proxy) +- [Private Docker Image Registry]({{}}/rancher/v2.x/en/installation/install-rancher-on-k8s/chart-options/#private-registry-and-air-gap-installs) +- [TLS Termination on an External Load Balancer]({{}}/rancher/v2.x/en/installation/install-rancher-on-k8s/chart-options/#external-tls-termination) See the [Chart Options]({{}}/rancher/v2.x/en/installation/resources/chart-options/) for the full list of options. diff --git a/content/rancher/v2.x/en/installation/install-rancher-on-k8s/chart-options/_index.md b/content/rancher/v2.x/en/installation/install-rancher-on-k8s/chart-options/_index.md index bf88c82008a..9e313f6842a 100644 --- a/content/rancher/v2.x/en/installation/install-rancher-on-k8s/chart-options/_index.md +++ b/content/rancher/v2.x/en/installation/install-rancher-on-k8s/chart-options/_index.md @@ -19,7 +19,6 @@ For information on enabling experimental features, refer to [this page.]({{ In an air-gapped environment, supply the `--set busyboxImage` value during helm install or upgrades to reference the private registry location of the busybox container image, this image is used for the sidecar container. + ### Setting Extra Environment Variables You can set extra environment variables for Rancher server using `extraEnv`. This list uses the same `name` and `value` keys as the container manifest definitions. Remember to quote the values. @@ -175,7 +176,7 @@ We recommend configuring your load balancer as a Layer 4 balancer, forwarding pl You may terminate the SSL/TLS on a L7 load balancer external to the Rancher cluster (ingress). Use the `--set tls=external` option and point your load balancer at port http 80 on all of the Rancher cluster nodes. This will expose the Rancher interface on http port 80. Be aware that clients that are allowed to connect directly to the Rancher cluster will not be encrypted. If you choose to do this we recommend that you restrict direct access at the network level to just your load balancer. -> **Note:** If you are using a Private CA signed certificate, add `--set privateCA=true` and see [Adding TLS Secrets - Using a Private CA Signed Certificate]({{}}/rancher/v2.x/en/installation/resources/encryption/tls-secrets/#using-a-private-ca-signed-certificate) to add the CA cert for Rancher. +> **Note:** If you are using a Private CA signed certificate, add `--set privateCA=true` and see [Adding TLS Secrets - Using a Private CA Signed Certificate]({{}}/rancher/v2.x/en/installation/resources/encryption/tls-secrets/) to add the CA cert for Rancher. Your load balancer must support long lived websocket connections and will need to insert proxy headers so Rancher can route links correctly. diff --git a/content/rancher/v2.x/en/installation/install-rancher-on-k8s/rollbacks/_index.md b/content/rancher/v2.x/en/installation/install-rancher-on-k8s/rollbacks/_index.md index 8464b15f5e4..387be38d940 100644 --- a/content/rancher/v2.x/en/installation/install-rancher-on-k8s/rollbacks/_index.md +++ b/content/rancher/v2.x/en/installation/install-rancher-on-k8s/rollbacks/_index.md @@ -10,7 +10,7 @@ aliases: - /rancher/v2.x/en/installation/install-rancher-on-k8s/upgrades-rollbacks/rollbacks --- -To roll back to Rancher v2.5+, use the `rancher-backup` application and restore Rancher from backup according to [this section.]({{}}/rancher/v2.x/en/backups/restoring-rancher/) +To roll back to Rancher v2.5.0+, use the `rancher-backup` application and restore Rancher from backup according to [this section.]({{}}/rancher/v2.x/en/backups/v2.5/restoring-rancher/) Rancher has to be started with the lower/previous version after a rollback using the Rancher backup operator. To roll back to Rancher prior to v2.5, follow the procedure detailed here: [Restoring Backups — Kubernetes installs]({{}}/rancher/v2.x/en/backups/restorations/ha-restoration) Restoring a snapshot of the Rancher Server cluster will revert Rancher to the version and state at the time of the snapshot. diff --git a/content/rancher/v2.x/en/installation/install-rancher-on-k8s/upgrades/_index.md b/content/rancher/v2.x/en/installation/install-rancher-on-k8s/upgrades/_index.md index d8c84aa10c0..e8c8fca4cd1 100644 --- a/content/rancher/v2.x/en/installation/install-rancher-on-k8s/upgrades/_index.md +++ b/content/rancher/v2.x/en/installation/install-rancher-on-k8s/upgrades/_index.md @@ -13,6 +13,8 @@ aliases: - /rancher/v2.x/en/installation/upgrades-rollbacks/upgrades/ha - /rancher/v2.x/en/installation/install-rancher-on-k8s/upgrades-rollbacks/upgrades - /rancher/v2.x/en/installation/install-rancher-on-k8s/upgrades-rollbacks/upgrades/ha + - /rancher/v2.x/en/installation/upgrades-rollbacks/ + - /rancher/v2.x/en/upgrades/ --- The following instructions will guide you through upgrading a Rancher server that was installed on a Kubernetes cluster with Helm. These steps also apply to air gap installs with Helm. @@ -45,7 +47,7 @@ Review the [known upgrade issues](#known-upgrade-issues) in the Rancher document A more complete list of known issues for each Rancher version can be found in the release notes on [GitHub](https://github.com/rancher/rancher/releases) and on the [Rancher forums.](https://forums.rancher.com/c/announcements/12) -Note that upgrades _to_ or _from_ any chart in the [rancher-alpha repository]({{}}/rancher/v2.x/en/installation/resources/chart-options/#helm-chart-repositories/) aren't supported. +Note that upgrades _to_ or _from_ any chart in the [rancher-alpha repository]({{}}/rancher/v2.x/en/installation/install-rancher-on-k8s/chart-options/#helm-chart-repositories/) aren't supported. ### Helm Version @@ -63,7 +65,7 @@ If you are upgrading to Rancher v2.5 from a Rancher server that was started with ### For upgrades from v2.0-v2.2 with external TLS termination -If you are upgrading Rancher from v2.x to v2.3+, and you are using external TLS termination, you will need to edit the cluster.yml to [enable using forwarded host headers.]({{}}/rancher/v2.x/en/installation/resources/chart-options/#configuring-ingress-for-external-tls-when-using-nginx-v0-25) +If you are upgrading Rancher from v2.x to v2.3+, and you are using external TLS termination, you will need to edit the cluster.yml to [enable using forwarded host headers.]({{}}/rancher/v2.x/en/installation/install-rancher-on-k8s/chart-options/#configuring-ingress-for-external-tls-when-using-nginx-v0-25) ### For upgrades with cert-manager older than 0.8.0 @@ -82,7 +84,7 @@ Follow the steps to upgrade Rancher server: For Rancher v2.5+, use the [backup application]({{}}/rancher/v2.x/en/backups/v2.5/back-up-rancher) to back up Rancher. -For Rancher v2.0-v2.4, [take a one-time snapshot]({{}}/rancher/v2.x/en/backups/backups/ha-backups/#option-b-one-time-snapshots) +For Rancher v2.0-v2.4, [take a one-time snapshot]({{}}/rancher/v2.x/en/backups/v2.0.x-v2.4.x/backup/rke-backups/#option-b-one-time-snapshots) of your Kubernetes cluster running Rancher server. You'll use the backup as a restoration point if something goes wrong during upgrade. @@ -97,7 +99,7 @@ You'll use the backup as a restoration point if something goes wrong during upgr 1. Get the repository name that you used to install Rancher. - For information about the repos and their differences, see [Helm Chart Repositories]({{}}/rancher/v2.x/en/installation/resources/chart-options/#helm-chart-repositories). + For information about the repos and their differences, see [Helm Chart Repositories]({{}}/rancher/v2.x/en/installation/install-rancher-on-k8s/chart-options/#helm-chart-repositories). {{< release-channel >}} @@ -109,7 +111,7 @@ You'll use the backup as a restoration point if something goes wrong during upgr rancher- https://releases.rancher.com/server-charts/ ``` - > **Note:** If you want to switch to a different Helm chart repository, please follow the [steps on how to switch repositories]({{}}/rancher/v2.x/en/installation/resources/chart-options/#switching-to-a-different-helm-chart-repository). If you switch repositories, make sure to list the repositories again before continuing onto Step 3 to ensure you have the correct one added. + > **Note:** If you want to switch to a different Helm chart repository, please follow the [steps on how to switch repositories]({{}}/rancher/v2.x/en/installation/resources/choosing-version/#switching-to-a-different-helm-chart-repository). If you switch repositories, make sure to list the repositories again before continuing onto Step 3 to ensure you have the correct one added. 1. Fetch the latest chart to install Rancher from the Helm chart repository. @@ -276,14 +278,14 @@ Upgrade Scenario | Issue ---|--- Upgrading to v2.4.6 or v2.4.7 | These Rancher versions had an issue where the `kms:ListKeys` permission was required to create, edit, or clone Amazon EC2 node templates. This requirement was removed in v2.4.8. Upgrading to v2.3.0+ | Any user provisioned cluster will be automatically updated upon any edit as tolerations were added to the images used for Kubernetes provisioning. -Upgrading to v2.2.0-v2.2.x | Rancher introduced the [system charts](https://github.com/rancher/system-charts) repository which contains all the catalog items required for features such as monitoring, logging, alerting and global DNS. To be able to use these features in an air gap install, you will need to mirror the `system-charts` repository locally and configure Rancher to use that repository. Please follow the instructions to [configure Rancher system charts]({{}}/rancher/v2.x/en/installation/resources/local-system-charts/#setting-up-system-charts-for-rancher-prior-to-v2-3-0). +Upgrading to v2.2.0-v2.2.x | Rancher introduced the [system charts](https://github.com/rancher/system-charts) repository which contains all the catalog items required for features such as monitoring, logging, alerting and global DNS. To be able to use these features in an air gap install, you will need to mirror the `system-charts` repository locally and configure Rancher to use that repository. Please follow the instructions to [configure Rancher system charts]({{}}/rancher/v2.x/en/installation/resources/local-system-charts/). Upgrading from v2.0.13 or earlier | If your cluster's certificates have expired, you will need to perform [additional steps]({{}}/rancher/v2.x/en/cluster-admin/certificate-rotation/#rotating-expired-certificates-after-upgrading-older-rancher-versions) to rotate the certificates. -Upgrading from v2.0.7 or earlier | Rancher introduced the `system` project, which is a project that's automatically created to store important namespaces that Kubernetes needs to operate. During upgrade to v2.0.7+, Rancher expects these namespaces to be unassigned from all projects. Before beginning upgrade, check your system namespaces to make sure that they're unassigned to [prevent cluster networking issues]({{}}/rancher/v2.x/en/upgrades/upgrades/namespace-migration/#preventing-cluster-networking-issues). +Upgrading from v2.0.7 or earlier | Rancher introduced the `system` project, which is a project that's automatically created to store important namespaces that Kubernetes needs to operate. During upgrade to v2.0.7+, Rancher expects these namespaces to be unassigned from all projects. Before beginning upgrade, check your system namespaces to make sure that they're unassigned to [prevent cluster networking issues.]({{}}/rancher/v2.x/en/installation/install-rancher-on-k8s/upgrades/namespace-migration) # RKE Add-on Installs **Important: RKE add-on install is only supported up to Rancher v2.0.8** -Please use the Rancher helm chart to install Rancher on a Kubernetes cluster. For details, see the [Kubernetes Install - Installation Outline]({{}}/rancher/v2.x/en/installation/install-rancher-on-k8s/#installation-outline). +Please use the Rancher helm chart to install Rancher on a Kubernetes cluster. For details, see the [Kubernetes Install]({{}}/rancher/v2.x/en/installation/install-rancher-on-k8s/). If you are currently using the RKE add-on install method, see [Migrating from a RKE add-on install]({{}}/rancher/v2.x/en/upgrades/upgrades/migrating-from-rke-add-on/) for details on how to move to using the helm chart. diff --git a/content/rancher/v2.x/en/installation/install-rancher-on-k8s/upgrades/helm2/_index.md b/content/rancher/v2.x/en/installation/install-rancher-on-k8s/upgrades/helm2/_index.md index b5d8556e2e6..d7f7091919e 100644 --- a/content/rancher/v2.x/en/installation/install-rancher-on-k8s/upgrades/helm2/_index.md +++ b/content/rancher/v2.x/en/installation/install-rancher-on-k8s/upgrades/helm2/_index.md @@ -24,12 +24,12 @@ If you installed Rancher using the RKE Add-on yaml, follow the directions to [mi >**Notes:** > > - [Let's Encrypt will be blocking cert-manager instances older than 0.8.0 starting November 1st 2019.](https://community.letsencrypt.org/t/blocking-old-cert-manager-versions/98753) Upgrade cert-manager to the latest version by following [these instructions.]({{}}/rancher/v2.x/en/installation/options/upgrading-cert-manager) -> - If you are upgrading Rancher from v2.x to v2.3+, and you are using external TLS termination, you will need to edit the cluster.yml to [enable using forwarded host headers.]({{}}/rancher/v2.x/en/installation/resources/chart-options/#configuring-ingress-for-external-tls-when-using-nginx-v0-25) +> - If you are upgrading Rancher from v2.x to v2.3+, and you are using external TLS termination, you will need to edit the cluster.yml to [enable using forwarded host headers.]({{}}/rancher/v2.x/en/installation/install-rancher-on-k8s/chart-options/#configuring-ingress-for-external-tls-when-using-nginx-v0-25) > - The upgrade instructions assume you are using Helm 3. For migration of installs started with Helm 2, refer to the official [Helm 2 to 3 migration docs.](https://helm.sh/blog/migrate-from-helm-v2-to-helm-v3/) This [section]({{}}/rancher/v2.x/en/installation/upgrades-rollbacks/upgrades/ha/helm2) provides a copy of the older upgrade instructions that used Helm 2, and it is intended to be used if upgrading to Helm 3 is not feasible. # Prerequisites -- **Review the [known upgrade issues]({{}}/rancher/v2.x/en/upgrades/upgrades/#known-upgrade-issues) and [caveats]({{}}/rancher/v2.x/en/upgrades/upgrades/#caveats)** in the Rancher documentation for the most noteworthy issues to consider when upgrading Rancher. A more complete list of known issues for each Rancher version can be found in the release notes on [GitHub](https://github.com/rancher/rancher/releases) and on the [Rancher forums.](https://forums.rancher.com/c/announcements/12) +- **Review the [known upgrade issues]({{}}/rancher/v2.x/en/upgrades/upgrades) in the Rancher documentation for the most noteworthy issues to consider when upgrading Rancher. A more complete list of known issues for each Rancher version can be found in the release notes on [GitHub](https://github.com/rancher/rancher/releases) and on the [Rancher forums.](https://forums.rancher.com/c/announcements/12) - **For [air gap installs only,]({{}}/rancher/v2.x/en/installation/other-installation-methods/air-gap) collect and populate images for the new Rancher server version.** Follow the guide to [populate your private registry]({{}}/rancher/v2.x/en/installation/other-installation-methods/air-gap/populate-private-registry/) with the images for the Rancher version that you want to upgrade to. # Upgrade Outline @@ -43,7 +43,7 @@ Follow the steps to upgrade Rancher server: ### A. Back up Your Kubernetes Cluster that is Running Rancher Server -[Take a one-time snapshot]({{}}/rancher/v2.x/en/backups/backups/ha-backups/#option-b-one-time-snapshots) +[Take a one-time snapshot]({{}}/rancher/v2.x/en/backups/v2.0.x-v2.4.x/backup/rke-backups/#option-b-one-time-snapshots) of your Kubernetes cluster running Rancher server. You'll use the snapshot as a restore point if something goes wrong during upgrade. ### B. Update the Helm chart repository @@ -56,7 +56,7 @@ of your Kubernetes cluster running Rancher server. You'll use the snapshot as a 1. Get the repository name that you used to install Rancher. - For information about the repos and their differences, see [Helm Chart Repositories]({{}}/rancher/v2.x/en/installation/resources/chart-options/#helm-chart-repositories). + For information about the repos and their differences, see [Helm Chart Repositories]({{}}/rancher/v2.x/en/installation/install-rancher-on-k8s/chart-options/#helm-chart-repositories). {{< release-channel >}} @@ -68,7 +68,7 @@ of your Kubernetes cluster running Rancher server. You'll use the snapshot as a rancher- https://releases.rancher.com/server-charts/ ``` - > **Note:** If you want to switch to a different Helm chart repository, please follow the [steps on how to switch repositories]({{}}/rancher/v2.x/en/installation/resources/chart-options/#switching-to-a-different-helm-chart-repository). If you switch repositories, make sure to list the repositories again before continuing onto Step 3 to ensure you have the correct one added. + > **Note:** If you want to switch to a different Helm chart repository, please follow the [steps on how to switch repositories]({{}}/rancher/v2.x/en/installation/resources/choosing-version/#switching-to-a-different-helm-chart-repository). If you switch repositories, make sure to list the repositories again before continuing onto Step 3 to ensure you have the correct one added. 1. Fetch the latest chart to install Rancher from the Helm chart repository. @@ -209,7 +209,7 @@ Log into Rancher to confirm that the upgrade succeeded. >**Having network issues following upgrade?** > -> See [Restoring Cluster Networking]({{}}/rancher/v2.x/en/upgrades/upgrades/namespace-migration/#restoring-cluster-networking). +> See [Restoring Cluster Networking]({{}}/rancher/v2.x/en/installation/install-rancher-on-k8s/upgrades/namespace-migration/#restoring-cluster-networking). ## Rolling Back diff --git a/content/rancher/v2.x/en/installation/install-rancher-on-k8s/upgrades/namespace-migration/_index.md b/content/rancher/v2.x/en/installation/install-rancher-on-k8s/upgrades/namespace-migration/_index.md index 1e4f7ad3fbd..666fec5ef25 100644 --- a/content/rancher/v2.x/en/installation/install-rancher-on-k8s/upgrades/namespace-migration/_index.md +++ b/content/rancher/v2.x/en/installation/install-rancher-on-k8s/upgrades/namespace-migration/_index.md @@ -175,8 +175,8 @@ Reset the cluster nodes' network policies to restore connectivity.
If you can access Rancher, but one or more of the clusters that you launched using Rancher has no networking, you can repair them by moving the -- From the cluster's [embedded kubectl shell]({{}}/rancher/v2.x/en/k8s-in-rancher/kubectl/#accessing-clusters-with-kubectl-shell). -- By [downloading the cluster kubeconfig file and running it]({{}}/rancher/v2.x/en/k8s-in-rancher/kubectl/#accessing-clusters-with-kubectl-and-a-kubeconfig-file) from your workstation. +- Using the cluster's [embedded kubectl shell]({{}}/rancher/v2.x/en/k8s-in-rancher/kubectl/). +- By [downloading the cluster kubeconfig file and running it]({{}}/rancher/v2.x/en/cluster-admin/cluster-access/kubectl) from your workstation. ``` for namespace in $(kubectl --kubeconfig kube_config_rancher-cluster.yml get ns -o custom-columns=NAME:.metadata.name --no-headers); do diff --git a/content/rancher/v2.x/en/installation/install-rancher-on-linux/rancherd-configuration/_index.md b/content/rancher/v2.x/en/installation/install-rancher-on-linux/rancherd-configuration/_index.md index 271f4851a84..889232d8bf9 100644 --- a/content/rancher/v2.x/en/installation/install-rancher-on-linux/rancherd-configuration/_index.md +++ b/content/rancher/v2.x/en/installation/install-rancher-on-linux/rancherd-configuration/_index.md @@ -62,7 +62,7 @@ Put this manifest on your host in `/var/lib/rancher/rke2/server/manifests` befor | Parameter | Default Value | Description | | ------------------------------ | ----------------------------------------------------- | -------------------------------------------- | -| `addLocal` | "auto" | ***string*** - Have Rancher detect and import the “local” Rancher server cluster [Import "local Cluster"](https://rancher.com/docs/rancher/v2.x/en/installation/options/chart-options/#import-local-cluster) | +| `addLocal` | "auto" | ***string*** - Have Rancher detect and import the local Rancher server cluster | | `auditLog.destination` | "sidecar" | ***string*** - Stream to sidecar container console or hostPath volume - *"sidecar, hostPath"* | | `auditLog.hostPath` | "/var/log/rancher/audit" | ***string*** - log file destination on host (only applies when **auditLog.destination** is set to **hostPath**) | | `auditLog.level` | 0 | ***int*** - set the [API Audit Log level](https://rancher.com/docs/rancher/v2.x/en/installation/api-auditing). 0 is off. [0-3] | diff --git a/content/rancher/v2.x/en/installation/other-installation-methods/air-gap/install-rancher/_index.md b/content/rancher/v2.x/en/installation/other-installation-methods/air-gap/install-rancher/_index.md index 8cb50bd7752..97025002cff 100644 --- a/content/rancher/v2.x/en/installation/other-installation-methods/air-gap/install-rancher/_index.md +++ b/content/rancher/v2.x/en/installation/other-installation-methods/air-gap/install-rancher/_index.md @@ -33,7 +33,7 @@ From a system that has access to the internet, fetch the latest Helm chart and c 1. If you haven't already, install `helm` locally on a workstation that has internet access. Note: Refer to the [Helm version requirements]({{}}/rancher/v2.x/en/installation/options/helm-version) to choose a version of Helm to install Rancher. -2. Use `helm repo add` command to add the Helm chart repository that contains charts to install Rancher. For more information about the repository choices and which is best for your use case, see [Choosing a Version of Rancher]({{}}/rancher/v2.x/en/installation/resources/chart-options/#helm-chart-repositories). +2. Use `helm repo add` command to add the Helm chart repository that contains charts to install Rancher. For more information about the repository choices and which is best for your use case, see [Choosing a Version of Rancher]({{}}/rancher/v2.x/en/installation/install-rancher-on-k8s/chart-options/#helm-chart-repositories). {{< release-channel >}} ``` helm repo add rancher- https://releases.rancher.com/server-charts/ @@ -55,7 +55,7 @@ Rancher Server is designed to be secure by default and requires SSL/TLS configur When Rancher is installed on an air gapped Kubernetes cluster, there are two recommended options for the source of the certificate. -> **Note:** If you want terminate SSL/TLS externally, see [TLS termination on an External Load Balancer]({{}}/rancher/v2.x/en/installation/resources/chart-options/#external-tls-termination). +> **Note:** If you want terminate SSL/TLS externally, see [TLS termination on an External Load Balancer]({{}}/rancher/v2.x/en/installation/install-rancher-on-k8s/chart-options/#external-tls-termination). | Configuration | Chart option | Description | Requires cert-manager | | ------------------------------------------ | ---------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------- | @@ -222,7 +222,7 @@ kubectl -n cattle-system apply -R -f ./rancher # 5. For Rancher versions prior to v2.3.0, Configure System Charts -If you are installing Rancher versions prior to v2.3.0, you will not be able to use the packaged system charts. Since the Rancher system charts are hosted in Github, an air gapped installation will not be able to access these charts. Therefore, you must [configure the Rancher system charts]({{}}/rancher/v2.x/en/installation/resources/local-system-charts/#setting-up-system-charts-for-rancher-prior-to-v2-3-0). +If you are installing Rancher versions prior to v2.3.0, you will not be able to use the packaged system charts. Since the Rancher system charts are hosted in Github, an air gapped installation will not be able to access these charts. Therefore, you must [configure the Rancher system charts]({{}}/rancher/v2.x/en/installation/resources/local-system-charts/). # Additional Resources @@ -255,7 +255,7 @@ For security purposes, SSL (Secure Sockets Layer) is required when using Rancher > - Configure custom CA root certificate to access your services? See [Custom CA root certificate]({{}}/rancher/v2.x/en/installation/options/custom-ca-root-certificate/). > - Record all transactions with the Rancher API? See [API Auditing]({{}}/rancher/v2.x/en/installation/other-installation-methods/single-node-docker/advanced/#api-audit-log). -- For Rancher prior to v2.3.0, you will need to mirror the `system-charts` repository to a location in your network that Rancher can reach. Then, after Rancher is installed, you will need to configure Rancher to use that repository. For details, refer to the documentation on [setting up the system charts for Rancher prior to v2.3.0.]({{}}/rancher/v2.x/en/installation/resources/local-system-charts/#setting-up-system-charts-for-rancher-prior-to-v2-3-0) +- For Rancher prior to v2.3.0, you will need to mirror the `system-charts` repository to a location in your network that Rancher can reach. Then, after Rancher is installed, you will need to configure Rancher to use that repository. For details, refer to the documentation on [setting up the system charts for Rancher prior to v2.3.0.]({{}}/rancher/v2.x/en/installation/resources/local-system-charts/) Choose from the following options: @@ -294,8 +294,8 @@ In development or testing environments where your team will access your Rancher > **Prerequisites:** > From a computer with an internet connection, create a self-signed certificate using [OpenSSL](https://www.openssl.org/) or another method of your choice. > -> - The certificate files must be in [PEM format]({{}}/rancher/v2.x/en/installation/other-installation-methods/single-node-docker/advanced/#pem). -> - In your certificate file, include all intermediate certificates in the chain. Order your certificates with your certificate first, followed by the intermediates. For an example, see [SSL FAQ / Troubleshooting]({{}}/rancher/v2.x/en/installation/other-installation-methods/single-node-docker/advanced/#cert-order). +> - The certificate files must be in PEM format. +> - In your certificate file, include all intermediate certificates in the chain. Order your certificates with your certificate first, followed by the intermediates. For an example, see [Certificate Troubleshooting.]({{}}/rancher/v2.x/en/installation/other-installation-methods/single-node-docker/troubleshooting) After creating your certificate, log into your Linux host, and then run the installation command below. When entering the command, use the table below to replace each placeholder. Use the `-v` flag and provide the path to your certificates to mount them in your container. @@ -330,7 +330,7 @@ docker run -d --restart=unless-stopped \ In development or testing environments where you're exposing an app publicly, use a certificate signed by a recognized CA so that your user base doesn't encounter security warnings. -> **Prerequisite:** The certificate files must be in [PEM format]({{}}/rancher/v2.x/en/installation/other-installation-methods/single-node-docker/advanced/#pem). +> **Prerequisite:** The certificate files must be in PEM format. After obtaining your certificate, log into your Linux host, and then run the installation command below. When entering the command, use the table below to replace each placeholder. Because your certificate is signed by a recognized CA, mounting an additional CA certificate file is unnecessary. @@ -364,7 +364,7 @@ If you are installing Rancher v2.3.0+, the installation is complete. > **Note:** If you don't intend to send telemetry data, opt out [telemetry]({{}}/rancher/v2.x/en/faq/telemetry/) during the initial login. -If you are installing Rancher versions prior to v2.3.0, you will not be able to use the packaged system charts. Since the Rancher system charts are hosted in Github, an air gapped installation will not be able to access these charts. Therefore, you must [configure the Rancher system charts]({{}}/rancher/v2.x/en/installation/resources/local-system-charts/#setting-up-system-charts-for-rancher-prior-to-v2-3-0). +If you are installing Rancher versions prior to v2.3.0, you will not be able to use the packaged system charts. Since the Rancher system charts are hosted in Github, an air gapped installation will not be able to access these charts. Therefore, you must [configure the Rancher system charts]({{}}/rancher/v2.x/en/installation/resources/local-system-charts/). {{% /tab %}} {{% /tabs %}} diff --git a/content/rancher/v2.x/en/installation/other-installation-methods/air-gap/launch-kubernetes/_index.md b/content/rancher/v2.x/en/installation/other-installation-methods/air-gap/launch-kubernetes/_index.md index 5f1e867eb7b..1158e8ae38b 100644 --- a/content/rancher/v2.x/en/installation/other-installation-methods/air-gap/launch-kubernetes/_index.md +++ b/content/rancher/v2.x/en/installation/other-installation-methods/air-gap/launch-kubernetes/_index.md @@ -67,7 +67,12 @@ For more information on private registries configuration file for K3s, refer to ### 3. Install K3s +Rancher needs to be installed on a supported Kubernetes version. To find out which versions of Kubernetes are supported for your Rancher version, refer to the [support maintenance terms.](https://rancher.com/support-maintenance-terms/) + +To specify the K3s version, use the INSTALL_K3S_VERSION environment variable when running the K3s installation script. + Obtain the K3s binary from the [releases](https://github.com/rancher/k3s/releases) page, matching the same version used to get the airgap images tar. + Also obtain the K3s install script at https://get.k3s.io Place the binary in `/usr/local/bin` on each node. diff --git a/content/rancher/v2.x/en/installation/other-installation-methods/air-gap/prepare-nodes/_index.md b/content/rancher/v2.x/en/installation/other-installation-methods/air-gap/prepare-nodes/_index.md index 02698e12901..3af1d14721d 100644 --- a/content/rancher/v2.x/en/installation/other-installation-methods/air-gap/prepare-nodes/_index.md +++ b/content/rancher/v2.x/en/installation/other-installation-methods/air-gap/prepare-nodes/_index.md @@ -58,7 +58,7 @@ When Rancher is installed (also in a later step), the Rancher system creates an For your implementation, consider if you want or need to use a Layer-4 or Layer-7 load balancer: - **A layer-4 load balancer** is the simpler of the two choices, in which you are forwarding TCP traffic to your nodes. We recommend configuring your load balancer as a Layer 4 balancer, forwarding traffic to ports TCP/80 and TCP/443 to the Rancher management cluster nodes. The Ingress controller on the cluster will redirect HTTP traffic to HTTPS and terminate SSL/TLS on port TCP/443. The Ingress controller will forward traffic to port TCP/80 to the Ingress pod in the Rancher deployment. -- **A layer-7 load balancer** is a bit more complicated but can offer features that you may want. For instance, a layer-7 load balancer is capable of handling TLS termination at the load balancer, as opposed to Rancher doing TLS termination itself. This can be beneficial if you want to centralize your TLS termination in your infrastructure. Layer-7 load balancing also offers the capability for your load balancer to make decisions based on HTTP attributes such as cookies, etc. that a layer-4 load balancer is not able to concern itself with. If you decide to terminate the SSL/TLS traffic on a layer-7 load balancer, you will need to use the `--set tls=external` option when installing Rancher in a later step. For more information, refer to the [Rancher Helm chart options.]({{}}/rancher/v2.x/en/installation/resources/chart-options/#external-tls-termination) +- **A layer-7 load balancer** is a bit more complicated but can offer features that you may want. For instance, a layer-7 load balancer is capable of handling TLS termination at the load balancer, as opposed to Rancher doing TLS termination itself. This can be beneficial if you want to centralize your TLS termination in your infrastructure. Layer-7 load balancing also offers the capability for your load balancer to make decisions based on HTTP attributes such as cookies, etc. that a layer-4 load balancer is not able to concern itself with. If you decide to terminate the SSL/TLS traffic on a layer-7 load balancer, you will need to use the `--set tls=external` option when installing Rancher in a later step. For more information, refer to the [Rancher Helm chart options.]({{}}/rancher/v2.x/en/installation/install-rancher-on-k8s/chart-options/#external-tls-termination) For an example showing how to set up an NGINX load balancer, refer to [this page.]({{}}/rancher/v2.x/en/installation/options/nginx/) @@ -121,7 +121,7 @@ When Rancher is installed (also in a later step), the Rancher system creates an For your implementation, consider if you want or need to use a Layer-4 or Layer-7 load balancer: - **A layer-4 load balancer** is the simpler of the two choices, in which you are forwarding TCP traffic to your nodes. We recommend configuring your load balancer as a Layer 4 balancer, forwarding traffic to ports TCP/80 and TCP/443 to the Rancher management cluster nodes. The Ingress controller on the cluster will redirect HTTP traffic to HTTPS and terminate SSL/TLS on port TCP/443. The Ingress controller will forward traffic to port TCP/80 to the Ingress pod in the Rancher deployment. -- **A layer-7 load balancer** is a bit more complicated but can offer features that you may want. For instance, a layer-7 load balancer is capable of handling TLS termination at the load balancer, as opposed to Rancher doing TLS termination itself. This can be beneficial if you want to centralize your TLS termination in your infrastructure. Layer-7 load balancing also offers the capability for your load balancer to make decisions based on HTTP attributes such as cookies, etc. that a layer-4 load balancer is not able to concern itself with. If you decide to terminate the SSL/TLS traffic on a layer-7 load balancer, you will need to use the `--set tls=external` option when installing Rancher in a later step. For more information, refer to the [Rancher Helm chart options.]({{}}/rancher/v2.x/en/installation/resources/chart-options/#external-tls-termination) +- **A layer-7 load balancer** is a bit more complicated but can offer features that you may want. For instance, a layer-7 load balancer is capable of handling TLS termination at the load balancer, as opposed to Rancher doing TLS termination itself. This can be beneficial if you want to centralize your TLS termination in your infrastructure. Layer-7 load balancing also offers the capability for your load balancer to make decisions based on HTTP attributes such as cookies, etc. that a layer-4 load balancer is not able to concern itself with. If you decide to terminate the SSL/TLS traffic on a layer-7 load balancer, you will need to use the `--set tls=external` option when installing Rancher in a later step. For more information, refer to the [Rancher Helm chart options.]({{}}/rancher/v2.x/en/installation/install-rancher-on-k8s/chart-options/#external-tls-termination) For an example showing how to set up an NGINX load balancer, refer to [this page.]({{}}/rancher/v2.x/en/installation/options/nginx/) diff --git a/content/rancher/v2.x/en/installation/other-installation-methods/behind-proxy/prepare-nodes/_index.md b/content/rancher/v2.x/en/installation/other-installation-methods/behind-proxy/prepare-nodes/_index.md index 8b39edbbf88..2db3543c63d 100644 --- a/content/rancher/v2.x/en/installation/other-installation-methods/behind-proxy/prepare-nodes/_index.md +++ b/content/rancher/v2.x/en/installation/other-installation-methods/behind-proxy/prepare-nodes/_index.md @@ -38,7 +38,7 @@ When Rancher is installed (also in a later step), the Rancher system creates an For your implementation, consider if you want or need to use a Layer-4 or Layer-7 load balancer: - **A layer-4 load balancer** is the simpler of the two choices, in which you are forwarding TCP traffic to your nodes. We recommend configuring your load balancer as a Layer 4 balancer, forwarding traffic to ports TCP/80 and TCP/443 to the Rancher management cluster nodes. The Ingress controller on the cluster will redirect HTTP traffic to HTTPS and terminate SSL/TLS on port TCP/443. The Ingress controller will forward traffic to port TCP/80 to the Ingress pod in the Rancher deployment. -- **A layer-7 load balancer** is a bit more complicated but can offer features that you may want. For instance, a layer-7 load balancer is capable of handling TLS termination at the load balancer, as opposed to Rancher doing TLS termination itself. This can be beneficial if you want to centralize your TLS termination in your infrastructure. Layer-7 load balancing also offers the capability for your load balancer to make decisions based on HTTP attributes such as cookies, etc. that a layer-4 load balancer is not able to concern itself with. If you decide to terminate the SSL/TLS traffic on a layer-7 load balancer, you will need to use the `--set tls=external` option when installing Rancher in a later step. For more information, refer to the [Rancher Helm chart options.]({{}}/rancher/v2.x/en/installation/resources/chart-options/#external-tls-termination) +- **A layer-7 load balancer** is a bit more complicated but can offer features that you may want. For instance, a layer-7 load balancer is capable of handling TLS termination at the load balancer, as opposed to Rancher doing TLS termination itself. This can be beneficial if you want to centralize your TLS termination in your infrastructure. Layer-7 load balancing also offers the capability for your load balancer to make decisions based on HTTP attributes such as cookies, etc. that a layer-4 load balancer is not able to concern itself with. If you decide to terminate the SSL/TLS traffic on a layer-7 load balancer, you will need to use the `--set tls=external` option when installing Rancher in a later step. For more information, refer to the [Rancher Helm chart options.]({{}}/rancher/v2.x/en/installation/install-rancher-on-k8s/chart-options/#external-tls-termination) For an example showing how to set up an NGINX load balancer, refer to [this page.]({{}}/rancher/v2.x/en/installation/options/nginx/) diff --git a/content/rancher/v2.x/en/installation/other-installation-methods/single-node-docker/_index.md b/content/rancher/v2.x/en/installation/other-installation-methods/single-node-docker/_index.md index f8a717013fc..285df0b85c1 100644 --- a/content/rancher/v2.x/en/installation/other-installation-methods/single-node-docker/_index.md +++ b/content/rancher/v2.x/en/installation/other-installation-methods/single-node-docker/_index.md @@ -42,7 +42,7 @@ For security purposes, SSL (Secure Sockets Layer) is required when using Rancher > - Use a proxy? See [HTTP Proxy Configuration]({{}}/rancher/v2.x/en/installation/other-installation-methods/single-node-docker/proxy/) > - Configure custom CA root certificate to access your services? See [Custom CA root certificate]({{}}/rancher/v2.x/en/installation/other-installation-methods/single-node-docker/advanced/#custom-ca-certificate/) > - Complete an Air Gap Installation? See [Air Gap: Docker Install]({{}}/rancher/v2.x/en/installation/air-gap-single-node/) -> - Record all transactions with the Rancher API? See [API Auditing](#api-audit-log) +> - Record all transactions with the Rancher API? See [API Auditing](./advanced/#api-audit-log) Choose from the following options: @@ -72,8 +72,8 @@ In development or testing environments where your team will access your Rancher > **Prerequisites:** > Create a self-signed certificate using [OpenSSL](https://www.openssl.org/) or another method of your choice. > -> - The certificate files must be in [PEM format](#pem). -> - In your certificate file, include all intermediate certificates in the chain. Order your certificates with your certificate first, followed by the intermediates. For an example, see [SSL FAQ / Troubleshooting](#cert-order). +> - The certificate files must be in PEM format. +> - In your certificate file, include all intermediate certificates in the chain. Order your certificates with your certificate first, followed by the intermediates. For an example, see [Certificate Troubleshooting.]({{}}/rancher/v2.x/en/installation/other-installation-methods/single-node-docker/troubleshooting) After creating your certificate, run the Docker command below to install Rancher. Use the `-v` flag and provide the path to your certificates to mount them in your container. @@ -102,8 +102,8 @@ In production environments where you're exposing an app publicly, use a certific > **Prerequisites:** > -> - The certificate files must be in [PEM format](#pem). -> - In your certificate file, include all intermediate certificates provided by the recognized CA. Order your certificates with your certificate first, followed by the intermediates. For an example, see [SSL FAQ / Troubleshooting](#cert-order). +> - The certificate files must be in PEM format. +> - In your certificate file, include all intermediate certificates provided by the recognized CA. Order your certificates with your certificate first, followed by the intermediates. For an example, see [Certificate Troubleshooting.]({{}}/rancher/v2.x/en/installation/other-installation-methods/single-node-docker/troubleshooting) After obtaining your certificate, run the Docker command below. diff --git a/content/rancher/v2.x/en/installation/other-installation-methods/single-node-docker/advanced/_index.md b/content/rancher/v2.x/en/installation/other-installation-methods/single-node-docker/advanced/_index.md index b8cf98496f0..3642b595979 100644 --- a/content/rancher/v2.x/en/installation/other-installation-methods/single-node-docker/advanced/_index.md +++ b/content/rancher/v2.x/en/installation/other-installation-methods/single-node-docker/advanced/_index.md @@ -25,7 +25,7 @@ Use the command example to start a Rancher container with your private CA certif The example below is based on having the CA root certificates in the `/host/certs` directory on the host and mounting this directory on `/container/certs` inside the Rancher container. -As of Rancher v2.5, privileged access is [required.](../#privileged-access-for-rancher-v2-5) +As of Rancher v2.5, privileged access is [required.]({{}}/rancher/v2.x/en/installation/other-installation-methods/single-node-docker/#privileged-access-for-rancher-v2-5) ``` docker run -d --restart=unless-stopped \ @@ -44,7 +44,7 @@ The API Audit Log writes to `/var/log/auditlog` inside the rancher container by See [API Audit Log]({{}}/rancher/v2.x/en/installation/api-auditing) for more information and options. -As of Rancher v2.5, privileged access is [required.](../#privileged-access-for-rancher-v2-5) +As of Rancher v2.5, privileged access is [required.]({{}}/rancher/v2.x/en/installation/other-installation-methods/single-node-docker/#privileged-access-for-rancher-v2-5) ``` docker run -d --restart=unless-stopped \ @@ -69,7 +69,7 @@ docker run -d --restart=unless-stopped \ rancher/rancher:latest ``` -As of Rancher v2.5, privileged access is [required.](../#privileged-access-for-rancher-v2-5) +As of Rancher v2.5, privileged access is [required.]({{}}/rancher/v2.x/en/installation/other-installation-methods/single-node-docker/#privileged-access-for-rancher-v2-5) See [TLS settings]({{}}/rancher/v2.x/en/admin-settings/tls-settings) for more information and options. @@ -95,7 +95,7 @@ docker run -d --restart=unless-stopped \ rancher/rancher:latest ``` -As of Rancher v2.5, privileged access is [required.](../#privileged-access-for-rancher-v2-5) +As of Rancher v2.5, privileged access is [required.]({{}}/rancher/v2.x/en/installation/other-installation-methods/single-node-docker/#privileged-access-for-rancher-v2-5) ### Running `rancher/rancher` and `rancher/rancher-agent` on the Same Node @@ -114,4 +114,4 @@ docker run -d --restart=unless-stopped \ rancher/rancher:latest ``` -As of Rancher v2.5, privileged access is [required.](../#privileged-access-for-rancher-v2-5) +As of Rancher v2.5, privileged access is [required.]({{}}/rancher/v2.x/en/installation/other-installation-methods/single-node-docker/#privileged-access-for-rancher-v2-5) diff --git a/content/rancher/v2.x/en/installation/other-installation-methods/single-node-docker/proxy/_index.md b/content/rancher/v2.x/en/installation/other-installation-methods/single-node-docker/proxy/_index.md index e097a3dae40..f91bb0daede 100644 --- a/content/rancher/v2.x/en/installation/other-installation-methods/single-node-docker/proxy/_index.md +++ b/content/rancher/v2.x/en/installation/other-installation-methods/single-node-docker/proxy/_index.md @@ -41,4 +41,4 @@ docker run -d --restart=unless-stopped \ rancher/rancher:latest ``` -As of Rancher v2.5, privileged access is [required.](../#privileged-access-for-rancher-v2-5) +As of Rancher v2.5, privileged access is [required.]({{}}/rancher/v2.x/en/installation/other-installation-methods/single-node-docker/#privileged-access-for-rancher-v2-5) diff --git a/content/rancher/v2.x/en/installation/other-installation-methods/single-node-docker/single-node-rollbacks/_index.md b/content/rancher/v2.x/en/installation/other-installation-methods/single-node-docker/single-node-rollbacks/_index.md index c911397e5c3..02814802211 100644 --- a/content/rancher/v2.x/en/installation/other-installation-methods/single-node-docker/single-node-rollbacks/_index.md +++ b/content/rancher/v2.x/en/installation/other-installation-methods/single-node-docker/single-node-rollbacks/_index.md @@ -79,7 +79,7 @@ If you have issues upgrading Rancher, roll it back to its latest known healthy s --privileged \ rancher/rancher: ``` - As of Rancher v2.5, privileged access is [required.](../#privileged-access-for-rancher-v2-5) + As of Rancher v2.5, privileged access is [required.]({{}}/rancher/v2.x/en/installation/other-installation-methods/single-node-docker/#privileged-access-for-rancher-v2-5) >**Note:** _Do not_ stop the rollback after initiating it, even if the rollback process seems longer than expected. Stopping the rollback may result in database issues during future upgrades. diff --git a/content/rancher/v2.x/en/installation/other-installation-methods/single-node-docker/single-node-upgrades/_index.md b/content/rancher/v2.x/en/installation/other-installation-methods/single-node-docker/single-node-upgrades/_index.md index 00db6582884..ab8530d16bc 100644 --- a/content/rancher/v2.x/en/installation/other-installation-methods/single-node-docker/single-node-upgrades/_index.md +++ b/content/rancher/v2.x/en/installation/other-installation-methods/single-node-docker/single-node-upgrades/_index.md @@ -13,7 +13,7 @@ The following instructions will guide you through upgrading a Rancher server tha # Prerequisites -- **Review the [known upgrade issues]({{}}/rancher/v2.x/en/upgrades/upgrades/#known-upgrade-issues) in the Rancher documentation for the most noteworthy issues to consider when upgrading Rancher. A more complete list of known issues for each Rancher version can be found in the release notes on [GitHub](https://github.com/rancher/rancher/releases) and on the [Rancher forums.](https://forums.rancher.com/c/announcements/12) Note that upgrades to or from any chart in the [rancher-alpha repository]({{}}/rancher/v2.x/en/installation/resources/chart-options/#helm-chart-repositories/) aren’t supported. +- **Review the [known upgrade issues]({{}}/rancher/v2.x/en/installation/install-rancher-on-k8s/upgrades/#known-upgrade-issues) in the Rancher documentation for the most noteworthy issues to consider when upgrading Rancher. A more complete list of known issues for each Rancher version can be found in the release notes on [GitHub](https://github.com/rancher/rancher/releases) and on the [Rancher forums.](https://forums.rancher.com/c/announcements/12) Note that upgrades to or from any chart in the [rancher-alpha repository]({{}}/rancher/v2.x/en/installation/install-rancher-on-k8s/chart-options/#helm-chart-repositories/) aren’t supported. - **For [air gap installs only,]({{}}/rancher/v2.x/en/installation/other-installation-methods/air-gap) collect and populate images for the new Rancher server version.** Follow the guide to [populate your private registry]({{}}/rancher/v2.x/en/installation/other-installation-methods/air-gap/populate-private-registry/) with the images for the Rancher version that you want to upgrade to. # Placeholder Review @@ -152,7 +152,7 @@ docker run -d --volumes-from rancher-data \ rancher/rancher: ``` -As of Rancher v2.5, privileged access is [required.](../#privileged-access-for-rancher-v2-5) +As of Rancher v2.5, privileged access is [required.]({{}}/rancher/v2.x/en/installation/other-installation-methods/single-node-docker/#privileged-access-for-rancher-v2-5) {{% /accordion %}} @@ -162,7 +162,7 @@ As of Rancher v2.5, privileged access is [required.](../#privileged-access-for-r If you have selected to bring your own self-signed certificate, you add the `--volumes-from rancher-data` to the command that you had started your original Rancher server container and need to have access to the same certificate that you had originally installed with. ->**Reminder of the Cert Prerequisite:** The certificate files must be in [PEM format]({{}}/rancher/v2.x/en/installation/other-installation-methods/single-node-docker/advanced/#pem). In your certificate file, include all intermediate certificates in the chain. Order your certificates with your certificate first, followed by the intermediates. +>**Reminder of the Cert Prerequisite:** The certificate files must be in PEM format. In your certificate file, include all intermediate certificates in the chain. Order your certificates with your certificate first, followed by the intermediates. Placeholder | Description ------------|------------- @@ -183,7 +183,7 @@ docker run -d --volumes-from rancher-data \ rancher/rancher: ``` -As of Rancher v2.5, privileged access is [required.](../#privileged-access-for-rancher-v2-5) +As of Rancher v2.5, privileged access is [required.]({{}}/rancher/v2.x/en/installation/other-installation-methods/single-node-docker/#privileged-access-for-rancher-v2-5) {{% /accordion %}} @@ -193,7 +193,7 @@ As of Rancher v2.5, privileged access is [required.](../#privileged-access-for-r If you have selected to use a certificate signed by a recognized CA, you add the `--volumes-from rancher-data` to the command that you had started your original Rancher server container and need to have access to the same certificates that you had originally installed with. Remember to include `--no-cacerts` as an argument to the container to disable the default CA certificate generated by Rancher. ->**Reminder of the Cert Prerequisite:** The certificate files must be in [PEM format]({{}}/rancher/v2.x/en/installation/other-installation-methods/single-node-docker/advanced/#pem). In your certificate file, include all intermediate certificates provided by the recognized CA. Order your certificates with your certificate first, followed by the intermediates. For an example, see [SSL FAQ / Troubleshooting](#cert-order). +>**Reminder of the Cert Prerequisite:** The certificate files must be in PEM format. In your certificate file, include all intermediate certificates provided by the recognized CA. Order your certificates with your certificate first, followed by the intermediates. For an example, see [Certificate Troubleshooting.]({{}}/rancher/v2.x/en/installation/other-installation-methods/single-node-docker/troubleshooting) Placeholder | Description ------------|------------- @@ -213,7 +213,7 @@ docker run -d --volumes-from rancher-data \ --no-cacerts ``` -As of Rancher v2.5, privileged access is [required.](../#privileged-access-for-rancher-v2-5) +As of Rancher v2.5, privileged access is [required.]({{}}/rancher/v2.x/en/installation/other-installation-methods/single-node-docker/#privileged-access-for-rancher-v2-5) {{% /accordion %}} ### Option D: Let's Encrypt Certificate @@ -243,7 +243,7 @@ docker run -d --volumes-from rancher-data \ --acme-domain ``` -As of Rancher v2.5, privileged access is [required.](../#privileged-access-for-rancher-v2-5) +As of Rancher v2.5, privileged access is [required.]({{}}/rancher/v2.x/en/installation/other-installation-methods/single-node-docker/#privileged-access-for-rancher-v2-5) {{% /accordion %}} @@ -252,7 +252,7 @@ As of Rancher v2.5, privileged access is [required.](../#privileged-access-for-r For security purposes, SSL (Secure Sockets Layer) is required when using Rancher. SSL secures all Rancher network communication, like when you login or interact with a cluster. -> For Rancher versions from v2.2.0 to v2.2.x, you will need to mirror the `system-charts` repository to a location in your network that Rancher can reach. Then, after Rancher is installed, you will need to configure Rancher to use that repository. For details, refer to the documentation on [setting up the system charts for Rancher prior to v2.3.0.]({{}}/rancher/v2.x/en/installation/resources/local-system-charts/#setting-up-system-charts-for-rancher-prior-to-v2-3-0) +> For Rancher versions from v2.2.0 to v2.2.x, you will need to mirror the `system-charts` repository to a location in your network that Rancher can reach. Then, after Rancher is installed, you will need to configure Rancher to use that repository. For details, refer to the documentation on [setting up the system charts for Rancher prior to v2.3.0.]({{}}/rancher/v2.x/en/installation/resources/local-system-charts/) When starting the new Rancher server container, choose from the following options: @@ -277,7 +277,7 @@ Placeholder | Description /rancher/rancher: ``` -As of Rancher v2.5, privileged access is [required.](../#privileged-access-for-rancher-v2-5) +As of Rancher v2.5, privileged access is [required.]({{}}/rancher/v2.x/en/installation/other-installation-methods/single-node-docker/#privileged-access-for-rancher-v2-5) {{% /accordion %}} ### Option B: Bring Your Own Certificate: Self-Signed @@ -286,7 +286,7 @@ As of Rancher v2.5, privileged access is [required.](../#privileged-access-for-r If you have selected to bring your own self-signed certificate, you add the `--volumes-from rancher-data` to the command that you had started your original Rancher server container and need to have access to the same certificate that you had originally installed with. ->**Reminder of the Prerequisite:** The certificate files must be in [PEM format]({{}}/rancher/v2.x/en/installation/other-installation-methods/single-node-docker/advanced/#pem). In your certificate file, include all intermediate certificates in the chain. Order your certificates with your certificate first, followed by the intermediates. For an example, see [SSL FAQ / Troubleshooting](#cert-order). +>**Reminder of the Prerequisite:** The certificate files must be in PEM format. In your certificate file, include all intermediate certificates in the chain. Order your certificates with your certificate first, followed by the intermediates. For an example, see [Certificate Troubleshooting.]({{}}/rancher/v2.x/en/installation/other-installation-methods/single-node-docker/troubleshooting) Placeholder | Description ------------|------------- @@ -308,7 +308,7 @@ docker run -d --restart=unless-stopped \ --privileged \ /rancher/rancher: ``` -As of Rancher v2.5, privileged access is [required.](../#privileged-access-for-rancher-v2-5) +As of Rancher v2.5, privileged access is [required.]({{}}/rancher/v2.x/en/installation/other-installation-methods/single-node-docker/#privileged-access-for-rancher-v2-5) {{% /accordion %}} ### Option C: Bring Your Own Certificate: Signed by Recognized CA @@ -317,7 +317,7 @@ As of Rancher v2.5, privileged access is [required.](../#privileged-access-for-r If you have selected to use a certificate signed by a recognized CA, you add the `--volumes-from rancher-data` to the command that you had started your original Rancher server container and need to have access to the same certificates that you had originally installed with. - >**Reminder of the Prerequisite:** The certificate files must be in [PEM format]({{}}/rancher/v2.x/en/installation/other-installation-methods/single-node-docker/advanced/#pem). In your certificate file, include all intermediate certificates provided by the recognized CA. Order your certificates with your certificate first, followed by the intermediates. For an example, see [SSL FAQ / Troubleshooting](#cert-order). + >**Reminder of the Prerequisite:** The certificate files must be in PEM format. In your certificate file, include all intermediate certificates provided by the recognized CA. Order your certificates with your certificate first, followed by the intermediates. For an example, see [Certificate Troubleshooting.]({{}}/rancher/v2.x/en/installation/other-installation-methods/single-node-docker/troubleshooting) Placeholder | Description ------------|------------- @@ -341,7 +341,7 @@ docker run -d --volumes-from rancher-data \ --privileged /rancher/rancher: ``` -As of Rancher v2.5, privileged access is [required.](../#privileged-access-for-rancher-v2-5) +As of Rancher v2.5, privileged access is [required.]({{}}/rancher/v2.x/en/installation/other-installation-methods/single-node-docker/#privileged-access-for-rancher-v2-5) {{% /accordion %}} {{% /tab %}} {{% /tabs %}} @@ -354,7 +354,7 @@ Log into Rancher. Confirm that the upgrade succeeded by checking the version dis >**Having network issues in your user clusters following upgrade?** > -> See [Restoring Cluster Networking]({{}}/rancher/v2.x/en/upgrades/upgrades/namespace-migration/#restoring-cluster-networking). +> See [Restoring Cluster Networking]({{}}/rancher/v2.x/en/installation/install-rancher-on-k8s/upgrades/namespace-migration/#restoring-cluster-networking). # 6. Clean up Your Old Rancher Server Container diff --git a/content/rancher/v2.x/en/installation/other-installation-methods/single-node-docker/troubleshooting/_index.md b/content/rancher/v2.x/en/installation/other-installation-methods/single-node-docker/troubleshooting/_index.md index 3b442e08f57..9a1fc02ee8d 100644 --- a/content/rancher/v2.x/en/installation/other-installation-methods/single-node-docker/troubleshooting/_index.md +++ b/content/rancher/v2.x/en/installation/other-installation-methods/single-node-docker/troubleshooting/_index.md @@ -1,6 +1,88 @@ --- -title: FAQ and Troubleshooting +title: Certificate Troubleshooting weight: 4 --- +### How Do I Know if My Certificates are in PEM Format? -{{< ssl_faq_single >}} +You can recognize the PEM format by the following traits: + +- The file begins with the following header: + ``` + -----BEGIN CERTIFICATE----- + ``` +- The header is followed by a long string of characters. +- The file ends with a footer: + -----END CERTIFICATE----- + +PEM Certificate Example: + +``` +----BEGIN CERTIFICATE----- +MIIGVDCCBDygAwIBAgIJAMiIrEm29kRLMA0GCSqGSIb3DQEBCwUAMHkxCzAJBgNV +... more lines +VWQqljhfacYPgp8KJUJENQ9h5hZ2nSCrI+W00Jcw4QcEdCI8HL5wmg== +-----END CERTIFICATE----- +``` + +PEM Certificate Key Example: + +``` +-----BEGIN RSA PRIVATE KEY----- +MIIGVDCCBDygAwIBAgIJAMiIrEm29kRLMA0GCSqGSIb3DQEBCwUAMHkxCzAJBgNV +... more lines +VWQqljhfacYPgp8KJUJENQ9h5hZ2nSCrI+W00Jcw4QcEdCI8HL5wmg== +-----END RSA PRIVATE KEY----- +``` + +If your key looks like the example below, see [Converting a Certificate Key From PKCS8 to PKCS1.](#converting-a-certificate-key-from-pkcs8-to-pkcs1) + +``` +-----BEGIN PRIVATE KEY----- +MIIGVDCCBDygAwIBAgIJAMiIrEm29kRLMA0GCSqGSIb3DQEBCwUAMHkxCzAJBgNV +... more lines +VWQqljhfacYPgp8KJUJENQ9h5hZ2nSCrI+W00Jcw4QcEdCI8HL5wmg== +-----END PRIVATE KEY----- +``` + +### Converting a Certificate Key From PKCS8 to PKCS1 + +If you are using a PKCS8 certificate key file, Rancher will log the following line: + +``` +ListenConfigController cli-config [listener] failed with : failed to read private key: asn1: structure error: tags don't match (2 vs {class:0 tag:16 length:13 isCompound:true}) +``` + +To make this work, you will need to convert the key from PKCS8 to PKCS1 using the command below: + +``` +openssl rsa -in key.pem -out convertedkey.pem +``` + +You can now use `convertedkey.pem` as certificate key file for Rancher. + +### What is the Order of Certificates if I Want to Add My Intermediate(s)? + +The order of adding certificates is as follows: + +``` +-----BEGIN CERTIFICATE----- +%YOUR_CERTIFICATE% +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +%YOUR_INTERMEDIATE_CERTIFICATE% +-----END CERTIFICATE----- +``` + +### How Do I Validate My Certificate Chain? + +You can validate the certificate chain by using the `openssl` binary. If the output of the command (see the command example below) ends with `Verify return code: 0 (ok)`, your certificate chain is valid. The `ca.pem` file must be the same as you added to the `rancher/rancher` container. + +When using a certificate signed by a recognized Certificate Authority, you can omit the `-CAfile` parameter. + +Command: + +``` +openssl s_client -CAfile ca.pem -connect rancher.yourdomain.com:443 +... + Verify return code: 0 (ok) +``` \ No newline at end of file diff --git a/content/rancher/v2.x/en/installation/requirements/_index.md b/content/rancher/v2.x/en/installation/requirements/_index.md index f6eb895acab..c70a20aa7de 100644 --- a/content/rancher/v2.x/en/installation/requirements/_index.md +++ b/content/rancher/v2.x/en/installation/requirements/_index.md @@ -29,6 +29,8 @@ Rancher should work with any modern Linux distribution. Docker is required for nodes that will run K3s or RKE Kubernetes clusters. It is not required for RancherD installs. +Rancher needs to be installed on a supported Kubernetes version. To find out which versions of Kubernetes are supported for your Rancher version, refer to the [support maintenance terms.](https://rancher.com/support-maintenance-terms/) + For details on which OS and Docker versions were tested with each Rancher version, refer to the [support maintenance terms.](https://rancher.com/support-maintenance-terms/) All supported operating systems are 64-bit x86. @@ -47,7 +49,7 @@ For the container runtime, RKE should work with any modern Docker version. For the container runtime, K3s should work with any modern version of Docker or containerd. -Rancher needs to be installed on a supported Kubernetes version. To find out which versions of Kubernetes are supported for your Rancher version, refer to the [support maintenance terms.](https://rancher.com/support-maintenance-terms/) To specify the K3s version, use the INSTALL_K3S_VERSION environment variable when running the K3s installation script. +Rancher needs to be installed on a supported Kubernetes version. To find out which versions of Kubernetes are supported for your Rancher version, refer to the [support maintenance terms.](https://rancher.com/support-maintenance-terms/) To specify the K3s version, use the INSTALL_K3S_VERSION environment variable when running the K3s installation script. If you are installing Rancher on a K3s cluster with **Raspbian Buster**, follow [these steps]({{}}/k3s/latest/en/advanced/#enabling-legacy-iptables-on-raspbian-buster) to switch to legacy iptables. diff --git a/content/rancher/v2.x/en/installation/requirements/ports/_index.md b/content/rancher/v2.x/en/installation/requirements/ports/_index.md index 68a3cef0ef4..10d08d6349a 100644 --- a/content/rancher/v2.x/en/installation/requirements/ports/_index.md +++ b/content/rancher/v2.x/en/installation/requirements/ports/_index.md @@ -172,7 +172,7 @@ The following tables break down the port requirements for Rancher nodes, for inb Downstream Kubernetes clusters run your apps and services. This section describes what ports need to be opened on the nodes in downstream clusters so that Rancher can communicate with them. -The port requirements differ depending on how the downstream cluster was launched. Each of the tabs below list the ports that need to be opened for different [cluster types]({{}}/rancher/v2.x/en/cluster-provisioning/#cluster-creation-options). +The port requirements differ depending on how the downstream cluster was launched. Each of the tabs below list the ports that need to be opened for different [cluster types]({{}}/rancher/v2.x/en/cluster-provisioning/). The following diagram depicts the ports that are opened for each [cluster type]({{}}/rancher/v2.x/en/cluster-provisioning). diff --git a/content/rancher/v2.x/en/installation/resources/advanced/air-gap-helm2/install-rancher/_index.md b/content/rancher/v2.x/en/installation/resources/advanced/air-gap-helm2/install-rancher/_index.md index 2e3fc143acc..5c2b936a99a 100644 --- a/content/rancher/v2.x/en/installation/resources/advanced/air-gap-helm2/install-rancher/_index.md +++ b/content/rancher/v2.x/en/installation/resources/advanced/air-gap-helm2/install-rancher/_index.md @@ -34,7 +34,7 @@ From a system that has access to the internet, fetch the latest Helm chart and c helm init -c ``` -2. Use `helm repo add` command to add the Helm chart repository that contains charts to install Rancher. For more information about the repository choices and which is best for your use case, see [Choosing a Version of Rancher]({{}}/rancher/v2.x/en/installation/options/server-tags/#helm-chart-repositories). +2. Use `helm repo add` command to add the Helm chart repository that contains charts to install Rancher. For more information about the repository choices and which is best for your use case, see [Choosing a Version of Rancher]({{}}/rancher/v2.x/en/installation/resources/choosing-version/). {{< release-channel >}} ``` helm repo add rancher- https://releases.rancher.com/server-charts/ @@ -45,7 +45,7 @@ From a system that has access to the internet, fetch the latest Helm chart and c helm fetch rancher-/rancher ``` -> Want additional options? Need help troubleshooting? See [Kubernetes Install: Advanced Options]({{}}/rancher/v2.x/en/installation/k8s-install/helm-rancher/#advanced-configurations). +> Want additional options? See the Rancher [Helm chart options]({{}}/rancher/v2.x/en/installation/install-rancher-on-k8s/chart-options). ### B. Choose your SSL Configuration @@ -211,7 +211,7 @@ kubectl -n cattle-system apply -R -f ./rancher ### E. For Rancher versions prior to v2.3.0, Configure System Charts -If you are installing Rancher versions prior to v2.3.0, you will not be able to use the packaged system charts. Since the Rancher system charts are hosted in Github, an air gapped installation will not be able to access these charts. Therefore, you must [configure the Rancher system charts]({{}}/rancher/v2.x/en/installation/options/local-system-charts/#setting-up-system-charts-for-rancher-prior-to-v2-3-0). +If you are installing Rancher versions prior to v2.3.0, you will not be able to use the packaged system charts. Since the Rancher system charts are hosted in Github, an air gapped installation will not be able to access these charts. Therefore, you must [configure the Rancher system charts]({{}}/rancher/v2.x/en/installation/options/local-system-charts/). ### Additional Resources @@ -236,9 +236,9 @@ For security purposes, SSL (Secure Sockets Layer) is required when using Rancher > **Do you want to...** > > - Configure custom CA root certificate to access your services? See [Custom CA root certificate]({{}}/rancher/v2.x/en/installation/options/chart-options/#additional-trusted-cas). -> - Record all transactions with the Rancher API? See [API Auditing]({{}}/rancher/v2.x/en/installation/other-installation-methods/single-node-docker/#api-audit-log). +> - Record all transactions with the Rancher API? See [API Auditing]({{}}/rancher/v2.x/en/installation/other-installation-methods/single-node-docker/advanced/#api-audit-log). -- For Rancher prior to v2.3.0, you will need to mirror the `system-charts` repository to a location in your network that Rancher can reach. Then, after Rancher is installed, you will need to configure Rancher to use that repository. For details, refer to the documentation on [setting up the system charts for Rancher prior to v2.3.0.]({{}}/rancher/v2.x/en/installation/options/local-system-charts/#setting-up-system-charts-for-rancher-prior-to-v2-3-0) +- For Rancher prior to v2.3.0, you will need to mirror the `system-charts` repository to a location in your network that Rancher can reach. Then, after Rancher is installed, you will need to configure Rancher to use that repository. For details, refer to the documentation on [setting up the system charts for Rancher prior to v2.3.0.]({{}}/rancher/v2.x/en/installation/options/local-system-charts/) Choose from the following options: @@ -269,8 +269,8 @@ In development or testing environments where your team will access your Rancher > **Prerequisites:** > From a computer with an internet connection, create a self-signed certificate using [OpenSSL](https://www.openssl.org/) or another method of your choice. > -> - The certificate files must be in [PEM format]({{}}/rancher/v2.x/en/installation/other-installation-methods/single-node-docker/#pem). -> - In your certificate file, include all intermediate certificates in the chain. Order your certificates with your certificate first, followed by the intermediates. For an example, see [SSL FAQ / Troubleshooting]({{}}/rancher/v2.x/en/installation/other-installation-methods/single-node-docker/#cert-order). +> - The certificate files must be in PEM format. +> - In your certificate file, include all intermediate certificates in the chain. Order your certificates with your certificate first, followed by the intermediates. For an example, see [Certificate Troubleshooting.]({{}}/rancher/v2.x/en/installation/other-installation-methods/single-node-docker/troubleshooting) After creating your certificate, log into your Linux host, and then run the installation command below. When entering the command, use the table below to replace each placeholder. Use the `-v` flag and provide the path to your certificates to mount them in your container. @@ -299,7 +299,7 @@ docker run -d --restart=unless-stopped \ In development or testing environments where you're exposing an app publicly, use a certificate signed by a recognized CA so that your user base doesn't encounter security warnings. -> **Prerequisite:** The certificate files must be in [PEM format]({{}}/rancher/v2.x/en/installation/other-installation-methods/single-node-docker/#pem). +> **Prerequisite:** The certificate files must be in PEM format. After obtaining your certificate, log into your Linux host, and then run the installation command below. When entering the command, use the table below to replace each placeholder. Because your certificate is signed by a recognized CA, mounting an additional CA certificate file is unnecessary. @@ -328,7 +328,7 @@ docker run -d --restart=unless-stopped \ If you are installing Rancher v2.3.0+, the installation is complete. -If you are installing Rancher versions prior to v2.3.0, you will not be able to use the packaged system charts. Since the Rancher system charts are hosted in Github, an air gapped installation will not be able to access these charts. Therefore, you must [configure the Rancher system charts]({{}}/rancher/v2.x/en/installation/options/local-system-charts/#setting-up-system-charts-for-rancher-prior-to-v2-3-0). +If you are installing Rancher versions prior to v2.3.0, you will not be able to use the packaged system charts. Since the Rancher system charts are hosted in Github, an air gapped installation will not be able to access these charts. Therefore, you must [configure the Rancher system charts]({{}}/rancher/v2.x/en/installation/options/local-system-charts/). {{% /tab %}} {{% /tabs %}} diff --git a/content/rancher/v2.x/en/installation/resources/advanced/api-audit-log/_index.md b/content/rancher/v2.x/en/installation/resources/advanced/api-audit-log/_index.md index efa156a73ba..a5a08192554 100644 --- a/content/rancher/v2.x/en/installation/resources/advanced/api-audit-log/_index.md +++ b/content/rancher/v2.x/en/installation/resources/advanced/api-audit-log/_index.md @@ -16,7 +16,7 @@ The Audit Log is enabled and configured by passing environment variables to the - [Docker Install]({{}}/rancher/v2.x/en/installation/other-installation-methods/single-node-docker/advanced/#api-audit-log) -- [Kubernetes Install]({{}}/rancher/v2.x/en/installation/resources/chart-options/#api-audit-log) +- [Kubernetes Install]({{}}/rancher/v2.x/en/installation/install-rancher-on-k8s/chart-options/#api-audit-log) ## API Audit Log Options diff --git a/content/rancher/v2.x/en/installation/resources/advanced/helm2/_index.md b/content/rancher/v2.x/en/installation/resources/advanced/helm2/_index.md index 394cf2ca596..b3bdb08f7f1 100644 --- a/content/rancher/v2.x/en/installation/resources/advanced/helm2/_index.md +++ b/content/rancher/v2.x/en/installation/resources/advanced/helm2/_index.md @@ -55,6 +55,6 @@ The following CLI tools are required for this install. Please make sure these to > **Important: RKE add-on install is only supported up to Rancher v2.0.8** > -> Please use the Rancher helm chart to install Rancher on a Kubernetes cluster. For details, see the [Kubernetes Install - Installation Outline]({{}}/rancher/v2.x/en/installation/options/helm2/#installation-outline). +> Please use the Rancher helm chart to install Rancher on a Kubernetes cluster. For details, see the [Kubernetes Install ]({{}}/rancher/v2.x/en/installation/options/helm2/). > > If you are currently using the RKE add-on install method, see [Migrating from a Kubernetes Install with an RKE Add-on]({{}}/rancher/v2.x/en/upgrades/upgrades/migrating-from-rke-add-on/) for details on how to move to using the Helm chart. diff --git a/content/rancher/v2.x/en/installation/resources/advanced/helm2/helm-init/_index.md b/content/rancher/v2.x/en/installation/resources/advanced/helm2/helm-init/_index.md index 565fbec8f27..bb62d0219ff 100644 --- a/content/rancher/v2.x/en/installation/resources/advanced/helm2/helm-init/_index.md +++ b/content/rancher/v2.x/en/installation/resources/advanced/helm2/helm-init/_index.md @@ -8,7 +8,7 @@ aliases: Helm is the package management tool of choice for Kubernetes. Helm "charts" provide templating syntax for Kubernetes YAML manifest documents. With Helm we can create configurable deployments instead of just using static files. For more information about creating your own catalog of deployments, check out the docs at [https://helm.sh/](https://helm.sh/). To be able to use Helm, the server-side component `tiller` needs to be installed on your cluster. -For systems without direct internet access, see [Helm - Air Gap]({{}}/rancher/v2.x/en/installation/air-gap-installation/install-rancher/#helm) for install details. +For systems without direct internet access, see [Helm - Air Gap]({{}}/rancher/v2.x/en/installation/other-installation-methods/air-gap) for install details. Refer to the [Helm version requirements]({{}}/rancher/v2.x/en/installation/options/helm-version) to choose a version of Helm to install Rancher. diff --git a/content/rancher/v2.x/en/installation/resources/advanced/helm2/helm-rancher/_index.md b/content/rancher/v2.x/en/installation/resources/advanced/helm2/helm-rancher/_index.md index 3529904e3b6..9382bc95919 100644 --- a/content/rancher/v2.x/en/installation/resources/advanced/helm2/helm-rancher/_index.md +++ b/content/rancher/v2.x/en/installation/resources/advanced/helm2/helm-rancher/_index.md @@ -15,7 +15,7 @@ Refer to the [Helm version requirements]({{}}/rancher/v2.x/en/installat ### Add the Helm Chart Repository -Use `helm repo add` command to add the Helm chart repository that contains charts to install Rancher. For more information about the repository choices and which is best for your use case, see [Choosing a Version of Rancher]({{}}/rancher/v2.x/en/installation/options/server-tags/#helm-chart-repositories). +Use `helm repo add` command to add the Helm chart repository that contains charts to install Rancher. For more information about the repository choices and which is best for your use case, see [Choosing a Version of Rancher]({{}}/rancher/v2.x/en/installation/resources/choosing-version). {{< release-channel >}} @@ -203,8 +203,8 @@ It should show the same count for `DESIRED` and `AVAILABLE`. The Rancher chart configuration has many options for customizing the install to suit your specific environment. Here are some common advanced scenarios. -* [HTTP Proxy]({{}}/rancher/v2.x/en/installation/options/helm2/helm-rancher/chart-options/#http-proxy) -* [Private Docker Image Registry]({{}}/rancher/v2.x/en/installation/options/helm2/helm-rancher/chart-options/#private-registry-and-air-gap-installs) +* [HTTP Proxy]({{}}/rancher/v2.x/en/installation/install-rancher-on-k8s/chart-options/) +* [Private Docker Image Registry]({{}}/rancher/v2.x/en/installation/install-rancher-on-k8s/chart-options/#private-registry-and-air-gap-installs) * [TLS Termination on an External Load Balancer]({{}}/rancher/v2.x/en/installation/options/helm2/helm-rancher/chart-options/#external-tls-termination) See the [Chart Options]({{}}/rancher/v2.x/en/installation/options/helm2/helm-rancher/chart-options/) for the full list of options. diff --git a/content/rancher/v2.x/en/installation/resources/advanced/helm2/helm-rancher/chart-options/_index.md b/content/rancher/v2.x/en/installation/resources/advanced/helm2/helm-rancher/chart-options/_index.md index 0659c5619e5..da972352a8f 100644 --- a/content/rancher/v2.x/en/installation/resources/advanced/helm2/helm-rancher/chart-options/_index.md +++ b/content/rancher/v2.x/en/installation/resources/advanced/helm2/helm-rancher/chart-options/_index.md @@ -22,7 +22,7 @@ aliases: | Option | Default Value | Description | | --- | --- | --- | | `additionalTrustedCAs` | false | `bool` - See [Additional Trusted CAs](#additional-trusted-cas) | -| `addLocal` | "auto" | `string` - Have Rancher detect and import the "local" Rancher server cluster [Import "local Cluster](#import-local-cluster) | +| `addLocal` | "auto" | `string` - Have Rancher detect and import the local Rancher server cluster | | `antiAffinity` | "preferred" | `string` - AntiAffinity rule for Rancher pods - "preferred, required" | | `auditLog.destination` | "sidecar" | `string` - Stream to sidecar container console or hostPath volume - "sidecar, hostPath" | | `auditLog.hostPath` | "/var/log/rancher/audit" | `string` - log file destination on host (only applies when `auditLog.destination` is set to `hostPath`) | @@ -154,7 +154,7 @@ We recommend configuring your load balancer as a Layer 4 balancer, forwarding pl You may terminate the SSL/TLS on a L7 load balancer external to the Rancher cluster (ingress). Use the `--set tls=external` option and point your load balancer at port http 80 on all of the Rancher cluster nodes. This will expose the Rancher interface on http port 80. Be aware that clients that are allowed to connect directly to the Rancher cluster will not be encrypted. If you choose to do this we recommend that you restrict direct access at the network level to just your load balancer. -> **Note:** If you are using a Private CA signed certificate, add `--set privateCA=true` and see [Adding TLS Secrets - Using a Private CA Signed Certificate]({{}}/rancher/v2.x/en/installation/options/helm2/helm-rancher/tls-secrets/#using-a-private-ca-signed-certificate) to add the CA cert for Rancher. +> **Note:** If you are using a Private CA signed certificate, add `--set privateCA=true` and see [Adding TLS Secrets - Using a Private CA Signed Certificate]({{}}/rancher/v2.x/en/installation/options/helm2/helm-rancher/tls-secrets/) to add the CA cert for Rancher. Your load balancer must support long lived websocket connections and will need to insert proxy headers so Rancher can route links correctly. diff --git a/content/rancher/v2.x/en/installation/resources/advanced/helm2/helm-rancher/troubleshooting/_index.md b/content/rancher/v2.x/en/installation/resources/advanced/helm2/helm-rancher/troubleshooting/_index.md index bf28fd0ed3e..561f457d306 100644 --- a/content/rancher/v2.x/en/installation/resources/advanced/helm2/helm-rancher/troubleshooting/_index.md +++ b/content/rancher/v2.x/en/installation/resources/advanced/helm2/helm-rancher/troubleshooting/_index.md @@ -126,10 +126,10 @@ W0705 23:04:58.240571 7 backend_ssl.go:49] error obtaining PEM from secret ### no matches for kind "Issuer" -The [SSL configuration]({{}}/rancher/v2.x/en/installation/options/helm2/helm-rancher/#choose-your-ssl-configuration) option you have chosen requires [cert-manager]({{}}/rancher/v2.x/en/installation/options/helm2/helm-rancher/#optional-install-cert-manager) to be installed before installing Rancher or else the following error is shown: +The SSL configuration option you have chosen requires cert-manager to be installed before installing Rancher or else the following error is shown: ``` Error: validation failed: unable to recognize "": no matches for kind "Issuer" in version "certmanager.k8s.io/v1alpha1" ``` -Install [cert-manager]({{}}/rancher/v2.x/en/installation/options/helm2/helm-rancher/#optional-install-cert-manager) and try installing Rancher again. +Install cert-manager and try installing Rancher again. diff --git a/content/rancher/v2.x/en/installation/resources/advanced/helm2/rke-add-on/_index.md b/content/rancher/v2.x/en/installation/resources/advanced/helm2/rke-add-on/_index.md index 17a94566846..2bce2c02178 100644 --- a/content/rancher/v2.x/en/installation/resources/advanced/helm2/rke-add-on/_index.md +++ b/content/rancher/v2.x/en/installation/resources/advanced/helm2/rke-add-on/_index.md @@ -7,7 +7,7 @@ aliases: > #### **Important: RKE add-on install is only supported up to Rancher v2.0.8** > ->Please use the Rancher helm chart to install Rancher on a Kubernetes cluster. For details, see the [Kubernetes Install - Installation Outline]({{}}/rancher/v2.x/en/installation/options/helm2/#installation-outline). +>Please use the Rancher helm chart to install Rancher on a Kubernetes cluster. For details, see the [Kubernetes Install ]({{}}/rancher/v2.x/en/installation/options/helm2/). > >If you are currently using the RKE add-on install method, see [Migrating from a Kubernetes Install with an RKE Add-on]({{}}/rancher/v2.x/en/upgrades/upgrades/migrating-from-rke-add-on/) for details on how to move to using the helm chart. diff --git a/content/rancher/v2.x/en/installation/resources/advanced/helm2/rke-add-on/api-auditing/_index.md b/content/rancher/v2.x/en/installation/resources/advanced/helm2/rke-add-on/api-auditing/_index.md index 8ea13eb4b52..d40575bae3f 100644 --- a/content/rancher/v2.x/en/installation/resources/advanced/helm2/rke-add-on/api-auditing/_index.md +++ b/content/rancher/v2.x/en/installation/resources/advanced/helm2/rke-add-on/api-auditing/_index.md @@ -8,7 +8,7 @@ aliases: >**Important: RKE add-on install is only supported up to Rancher v2.0.8** > ->Please use the Rancher Helm chart to install Rancher on a Kubernetes cluster. For details, see the [Kubernetes Install - Installation Outline]({{}}/rancher/v2.x/en/installation/options/helm2/#installation-outline). +>Please use the Rancher Helm chart to install Rancher on a Kubernetes cluster. For details, see the [Kubernetes Install ]({{}}/rancher/v2.x/en/installation/options/helm2/). > >If you are currently using the RKE add-on install method, see [Migrating from a Kubernetes Install with an RKE Add-on]({{}}/rancher/v2.x/en/upgrades/upgrades/migrating-from-rke-add-on/) for details on how to move to using the helm chart. diff --git a/content/rancher/v2.x/en/installation/resources/advanced/helm2/rke-add-on/layer-4-lb/_index.md b/content/rancher/v2.x/en/installation/resources/advanced/helm2/rke-add-on/layer-4-lb/_index.md index 128ae1697ab..09a63839128 100644 --- a/content/rancher/v2.x/en/installation/resources/advanced/helm2/rke-add-on/layer-4-lb/_index.md +++ b/content/rancher/v2.x/en/installation/resources/advanced/helm2/rke-add-on/layer-4-lb/_index.md @@ -7,7 +7,7 @@ aliases: > #### **Important: RKE add-on install is only supported up to Rancher v2.0.8** > ->Please use the Rancher helm chart to install Rancher on a Kubernetes cluster. For details, see the [Kubernetes Install - Installation Outline]({{}}/rancher/v2.x/en/installation/options/helm2/#installation-outline). +>Please use the Rancher helm chart to install Rancher on a Kubernetes cluster. For details, see the [Kubernetes Install ]({{}}/rancher/v2.x/en/installation/options/helm2/). > >If you are currently using the RKE add-on install method, see [Migrating from a High-availability Kubernetes install with an RKE add-on]({{}}/rancher/v2.x/en/upgrades/upgrades/migrating-from-rke-add-on/) for details on how to move to using the Helm chart. @@ -224,9 +224,9 @@ Choose from the following options: >**Prerequisites:** >Create a self-signed certificate. > ->- The certificate files must be in [PEM format](#pem). +>- The certificate files must be in PEM format. >- The certificate files must be encoded in [base64](#base64). ->- In your certificate file, include all intermediate certificates in the chain. Order your certificates with your certificate first, followed by the intermediates. For an example, see [Intermediate Certificates](#cert-order). +>- In your certificate file, include all intermediate certificates in the chain. Order your certificates with your certificate first, followed by the intermediates. 1. In `kind: Secret` with `name: cattle-keys-ingress`: @@ -274,10 +274,8 @@ Choose from the following options: {{% /accordion %}} {{% accordion id="option-b" label="Option B—Bring Your Own Certificate: Signed by Recognized CA" %}} ->**Note:** -> If you are using Self Signed Certificate, [click here](#option-a-bring-your-own-certificate-self-signed) to proceed. -If you are using a Certificate Signed By A Recognized Certificate Authority, you will need to generate a base64 encoded string for the Certificate file and the Certificate Key file. Make sure that your certificate file includes all the [intermediate certificates](#cert-order) in the chain, the order of certificates in this case is first your own certificate, followed by the intermediates. Please refer to the documentation of your CSP (Certificate Service Provider) to see what intermediate certificate(s) need to be included. +If you are using a Certificate Signed By A Recognized Certificate Authority, you will need to generate a base64 encoded string for the Certificate file and the Certificate Key file. Make sure that your certificate file includes all the intermediate certificates in the chain, the order of certificates in this case is first your own certificate, followed by the intermediates. Please refer to the documentation of your CSP (Certificate Service Provider) to see what intermediate certificate(s) need to be included. In the `kind: Secret` with `name: cattle-keys-ingress`: diff --git a/content/rancher/v2.x/en/installation/resources/advanced/helm2/rke-add-on/layer-4-lb/nlb/_index.md b/content/rancher/v2.x/en/installation/resources/advanced/helm2/rke-add-on/layer-4-lb/nlb/_index.md index 334253353c1..40ce11c1778 100644 --- a/content/rancher/v2.x/en/installation/resources/advanced/helm2/rke-add-on/layer-4-lb/nlb/_index.md +++ b/content/rancher/v2.x/en/installation/resources/advanced/helm2/rke-add-on/layer-4-lb/nlb/_index.md @@ -8,7 +8,7 @@ aliases: > #### **Important: RKE add-on install is only supported up to Rancher v2.0.8** > ->Please use the Rancher Helm chart to install Rancher on a Kubernetes cluster. For details, see the [Kubernetes Install - Installation Outline]({{}}/rancher/v2.x/en/installation/options/helm2/#installation-outline). +>Please use the Rancher Helm chart to install Rancher on a Kubernetes cluster. For details, see the [Kubernetes Install ]({{}}/rancher/v2.x/en/installation/options/helm2/). > >If you are currently using the RKE add-on install method, see [Migrating from a High-availability Kubernetes install with an RKE add-on]({{}}/rancher/v2.x/en/upgrades/upgrades/migrating-from-rke-add-on/) for details on how to move to using the helm chart. diff --git a/content/rancher/v2.x/en/installation/resources/advanced/helm2/rke-add-on/layer-7-lb/_index.md b/content/rancher/v2.x/en/installation/resources/advanced/helm2/rke-add-on/layer-7-lb/_index.md index 99126e52803..f68c31a48ea 100644 --- a/content/rancher/v2.x/en/installation/resources/advanced/helm2/rke-add-on/layer-7-lb/_index.md +++ b/content/rancher/v2.x/en/installation/resources/advanced/helm2/rke-add-on/layer-7-lb/_index.md @@ -8,7 +8,7 @@ aliases: > #### **Important: RKE add-on install is only supported up to Rancher v2.0.8** > ->Please use the Rancher Helm chart to install Rancher on a Kubernetes cluster. For details, see the [Kubernetes Install - Installation Outline]({{}}/rancher/v2.x/en/installation/options/helm2/#installation-outline). +>Please use the Rancher Helm chart to install Rancher on a Kubernetes cluster. For details, see the [Kubernetes Install ]({{}}/rancher/v2.x/en/installation/options/helm2/). > >If you are currently using the RKE add-on install method, see [Migrating from a Kubernetes Install with an RKE Add-on]({{}}/rancher/v2.x/en/upgrades/upgrades/migrating-from-rke-add-on/) for details on how to move to using the helm chart. @@ -172,9 +172,9 @@ Choose from the following options: >**Prerequisites:** >Create a self-signed certificate. > ->- The certificate files must be in [PEM format](#pem). +>- The certificate files must be in PEM format. >- The certificate files must be encoded in [base64](#base64). ->- In your certificate file, include all intermediate certificates in the chain. Order your certificates with your certificate first, followed by the intermediates. For an example, see [SSL FAQ / Troubleshooting](#cert-order). +>- In your certificate file, include all intermediate certificates in the chain. Order your certificates with your certificate first, followed by the intermediates. For an example, see [Certificate Troubleshooting.]({{}}/rancher/v2.x/en/installation/other-installation-methods/single-node-docker/troubleshooting) In `kind: Secret` with `name: cattle-keys-ingress`, replace `` with the base64 encoded string of the CA Certificate file (usually called `ca.pem` or `ca.crt`) diff --git a/content/rancher/v2.x/en/installation/resources/advanced/helm2/rke-add-on/layer-7-lb/alb/_index.md b/content/rancher/v2.x/en/installation/resources/advanced/helm2/rke-add-on/layer-7-lb/alb/_index.md index 603c1b2144b..0a6dd56b51d 100644 --- a/content/rancher/v2.x/en/installation/resources/advanced/helm2/rke-add-on/layer-7-lb/alb/_index.md +++ b/content/rancher/v2.x/en/installation/resources/advanced/helm2/rke-add-on/layer-7-lb/alb/_index.md @@ -8,7 +8,7 @@ aliases: > #### **Important: RKE add-on install is only supported up to Rancher v2.0.8** > ->Please use the Rancher helm chart to install Kubernetes Rancher. For details, see the [Kubernetes Install - Installation Outline]({{}}/rancher/v2.x/en/installation/options/helm2/#installation-outline). +>Please use the Rancher helm chart to install Kubernetes Rancher. For details, see the [Kubernetes Install ]({{}}/rancher/v2.x/en/installation/options/helm2/). > >If you are currently using the RKE add-on install method, see [Migrating from a Kubernetes Install with an RKE Add-on]({{}}/rancher/v2.x/en/upgrades/upgrades/migrating-from-rke-add-on/) for details on how to move to using the helm chart. diff --git a/content/rancher/v2.x/en/installation/resources/advanced/helm2/rke-add-on/layer-7-lb/nginx/_index.md b/content/rancher/v2.x/en/installation/resources/advanced/helm2/rke-add-on/layer-7-lb/nginx/_index.md index 20b5aa5f89e..29fdec03cc4 100644 --- a/content/rancher/v2.x/en/installation/resources/advanced/helm2/rke-add-on/layer-7-lb/nginx/_index.md +++ b/content/rancher/v2.x/en/installation/resources/advanced/helm2/rke-add-on/layer-7-lb/nginx/_index.md @@ -8,7 +8,7 @@ aliases: > #### **Important: RKE add-on install is only supported up to Rancher v2.0.8** > ->Please use the Rancher Helm chart to install Rancher on a Kubernetes cluster. For details, see the [Kubernetes Install - Installation Outline]({{}}/rancher/v2.x/en/installation/options/helm2/#installation-outline). +>Please use the Rancher Helm chart to install Rancher on a Kubernetes cluster. For details, see the [Kubernetes Install ]({{}}/rancher/v2.x/en/installation/options/helm2/). > >If you are currently using the RKE add-on install method, see [Migrating from a Kubernetes Install with an RKE Add-on]({{}}/rancher/v2.x/en/upgrades/upgrades/migrating-from-rke-add-on/) for details on how to move to using the helm chart. diff --git a/content/rancher/v2.x/en/installation/resources/advanced/helm2/rke-add-on/proxy/_index.md b/content/rancher/v2.x/en/installation/resources/advanced/helm2/rke-add-on/proxy/_index.md index 05b3667a076..1a1f390e769 100644 --- a/content/rancher/v2.x/en/installation/resources/advanced/helm2/rke-add-on/proxy/_index.md +++ b/content/rancher/v2.x/en/installation/resources/advanced/helm2/rke-add-on/proxy/_index.md @@ -7,7 +7,7 @@ aliases: > #### **Important: RKE add-on install is only supported up to Rancher v2.0.8** > ->Please use the Rancher Helm chart to install Rancher on a Kubernetes cluster. For details, see the [Kubernetes Install - Installation Outline]({{}}/rancher/v2.x/en/installation/options/helm2/#installation-outline). +>Please use the Rancher Helm chart to install Rancher on a Kubernetes cluster. For details, see the [Kubernetes Install ]({{}}/rancher/v2.x/en/installation/options/helm2/). > >If you are currently using the RKE add-on install method, see [Migrating from a Kubernetes Install with an RKE Add-on]({{}}/rancher/v2.x/en/upgrades/upgrades/migrating-from-rke-add-on/) for details on how to move to using the helm chart. diff --git a/content/rancher/v2.x/en/installation/resources/advanced/helm2/rke-add-on/troubleshooting/404-default-backend/_index.md b/content/rancher/v2.x/en/installation/resources/advanced/helm2/rke-add-on/troubleshooting/404-default-backend/_index.md index ed4dda0817c..788ec1c5565 100644 --- a/content/rancher/v2.x/en/installation/resources/advanced/helm2/rke-add-on/troubleshooting/404-default-backend/_index.md +++ b/content/rancher/v2.x/en/installation/resources/advanced/helm2/rke-add-on/troubleshooting/404-default-backend/_index.md @@ -8,7 +8,7 @@ aliases: > #### **Important: RKE add-on install is only supported up to Rancher v2.0.8** > ->Please use the Rancher Helm chart to install Rancher on a Kubernetes cluster. For details, see the [Kubernetes Install - Installation Outline]({{}}/rancher/v2.x/en/installation/options/helm2/#installation-outline). +>Please use the Rancher Helm chart to install Rancher on a Kubernetes cluster. For details, see the [Kubernetes Install ]({{}}/rancher/v2.x/en/installation/options/helm2/). > >If you are currently using the RKE add-on install method, see [Migrating from a Kubernetes Install with an RKE Add-on]({{}}/rancher/v2.x/en/upgrades/upgrades/migrating-from-rke-add-on/) for details on how to move to using the helm chart. diff --git a/content/rancher/v2.x/en/installation/resources/advanced/helm2/rke-add-on/troubleshooting/_index.md b/content/rancher/v2.x/en/installation/resources/advanced/helm2/rke-add-on/troubleshooting/_index.md index ed11a3c32b6..d9041182eaa 100644 --- a/content/rancher/v2.x/en/installation/resources/advanced/helm2/rke-add-on/troubleshooting/_index.md +++ b/content/rancher/v2.x/en/installation/resources/advanced/helm2/rke-add-on/troubleshooting/_index.md @@ -8,7 +8,7 @@ aliases: > #### **Important: RKE add-on install is only supported up to Rancher v2.0.8** > ->Please use the Rancher Helm chart to install Rancher on a Kubernetes cluster. For details, see the [Kubernetes Install - Installation Outline]({{}}/rancher/v2.x/en/installation/options/helm2/#installation-outline). +>Please use the Rancher Helm chart to install Rancher on a Kubernetes cluster. For details, see the [Kubernetes Install ]({{}}/rancher/v2.x/en/installation/options/helm2/). > >If you are currently using the RKE add-on install method, see [Migrating from a Kubernetes Install with an RKE Add-on]({{}}/rancher/v2.x/en/upgrades/upgrades/migrating-from-rke-add-on/) for details on how to move to using the helm chart. @@ -28,6 +28,6 @@ Choose from the following options: In this section, you can find errors related to deploying addons. -- [404 - default backend](./404-default-backend/) +- [404 - default backend]({{}}/rancher/v2.x/en/installation/resources/advanced/helm2/rke-add-on/troubleshooting/404-default-backend/) In this section, you can find errors related to the `404 - default backend` page that is shown when trying to access Rancher. diff --git a/content/rancher/v2.x/en/installation/resources/advanced/helm2/rke-add-on/troubleshooting/generic-troubleshooting/_index.md b/content/rancher/v2.x/en/installation/resources/advanced/helm2/rke-add-on/troubleshooting/generic-troubleshooting/_index.md index af5f42679bb..e9807e68036 100644 --- a/content/rancher/v2.x/en/installation/resources/advanced/helm2/rke-add-on/troubleshooting/generic-troubleshooting/_index.md +++ b/content/rancher/v2.x/en/installation/resources/advanced/helm2/rke-add-on/troubleshooting/generic-troubleshooting/_index.md @@ -8,7 +8,7 @@ aliases: > #### **Important: RKE add-on install is only supported up to Rancher v2.0.8** > ->Please use the Rancher Helm chart to install Rancher on a Kubernetes cluster. For details, see the [Kubernetes Install - Installation Outline]({{}}/rancher/v2.x/en/installation/options/helm2/#installation-outline). +>Please use the Rancher Helm chart to install Rancher on a Kubernetes cluster. For details, see the [Kubernetes Install ]({{}}/rancher/v2.x/en/installation/options/helm2/). > >If you are currently using the RKE add-on install method, see [Migrating from a Kubernetes Install with an RKE Add-on]({{}}/rancher/v2.x/en/upgrades/upgrades/migrating-from-rke-add-on/) for details on how to move to using the helm chart. @@ -16,7 +16,7 @@ Below are steps that you can follow to determine what is wrong in your cluster. ### Double check if all the required ports are opened in your (host) firewall -Double check if all the [required ports]({{}}/rancher/v2.x/en/cluster-provisioning/node-requirements/#networking-requirements/) are opened in your (host) firewall. +Double check if all the [required ports]({{}}/rancher/v2.x/en/cluster-provisioning/node-requirements/#networking-requirements) are opened in your (host) firewall. ### All nodes should be present and in **Ready** state @@ -144,7 +144,7 @@ To test the overlay network, you can launch the following `DaemonSet` definition => End ``` -If you see error in the output, that means that the [required ports]({{}}/rancher/v2.x/en/cluster-provisioning/node-requirements/#networking-requirements/) for overlay networking are not opened between the hosts indicated. +If you see error in the output, that means that the [required ports]({{}}/rancher/v2.x/en/cluster-provisioning/node-requirements/#networking-requirements) for overlay networking are not opened between the hosts indicated. Example error output of a situation where NODE1 had the UDP ports blocked. diff --git a/content/rancher/v2.x/en/installation/resources/advanced/helm2/rke-add-on/troubleshooting/job-complete-status/_index.md b/content/rancher/v2.x/en/installation/resources/advanced/helm2/rke-add-on/troubleshooting/job-complete-status/_index.md index 583d124da07..5f9853639fb 100644 --- a/content/rancher/v2.x/en/installation/resources/advanced/helm2/rke-add-on/troubleshooting/job-complete-status/_index.md +++ b/content/rancher/v2.x/en/installation/resources/advanced/helm2/rke-add-on/troubleshooting/job-complete-status/_index.md @@ -8,7 +8,7 @@ aliases: > #### **Important: RKE add-on install is only supported up to Rancher v2.0.8** > ->Please use the Rancher Helm chart to install Rancher on a Kubernetes cluster. For details, see the [Kubernetes Install - Installation Outline]({{}}/rancher/v2.x/en/installation/options/helm2/#installation-outline). +>Please use the Rancher Helm chart to install Rancher on a Kubernetes cluster. For details, see the [Kubernetes Install ]({{}}/rancher/v2.x/en/installation/options/helm2/). > >If you are currently using the RKE add-on install method, see [Migrating from a Kubernetes Install with an RKE Add-on]({{}}/rancher/v2.x/en/upgrades/upgrades/migrating-from-rke-add-on/) for details on how to move to using the helm chart. diff --git a/content/rancher/v2.x/en/installation/resources/advanced/rke-add-on/layer-4-lb/_index.md b/content/rancher/v2.x/en/installation/resources/advanced/rke-add-on/layer-4-lb/_index.md index 423ba54fb6a..276e043168f 100644 --- a/content/rancher/v2.x/en/installation/resources/advanced/rke-add-on/layer-4-lb/_index.md +++ b/content/rancher/v2.x/en/installation/resources/advanced/rke-add-on/layer-4-lb/_index.md @@ -9,7 +9,7 @@ aliases: > #### **Important: RKE add-on install is only supported up to Rancher v2.0.8** > ->Please use the Rancher helm chart to install Rancher on a Kubernetes cluster. For details, see the [Kubernetes Install - Installation Outline]({{}}/rancher/v2.x/en/installation/install-rancher-on-k8s/#installation-outline). +>Please use the Rancher helm chart to install Rancher on a Kubernetes cluster. For details, see the [Kubernetes Install]({{}}/rancher/v2.x/en/installation/install-rancher-on-k8s/). > >If you are currently using the RKE add-on install method, see [Migrating from a Kubernetes Install with an RKE Add-on]({{}}/rancher/v2.x/en/upgrades/upgrades/migrating-from-rke-add-on/) for details on how to move to using the helm chart. @@ -222,9 +222,9 @@ Choose from the following options: >**Prerequisites:** >Create a self-signed certificate. > ->- The certificate files must be in [PEM format](#pem). +>- The certificate files must be in PEM format. >- The certificate files must be encoded in [base64](#base64). ->- In your certificate file, include all intermediate certificates in the chain. Order your certificates with your certificate first, followed by the intermediates. For an example, see [Intermediate Certificates](#cert-order). +>- In your certificate file, include all intermediate certificates in the chain. Order your certificates with your certificate first, followed by the intermediates. For an example, see [Certificate Troubleshooting.]({{}}/rancher/v2.x/en/installation/other-installation-methods/single-node-docker/troubleshooting) 1. In `kind: Secret` with `name: cattle-keys-ingress`: @@ -272,10 +272,8 @@ Choose from the following options: {{% /accordion %}} {{% accordion id="option-b" label="Option B—Bring Your Own Certificate: Signed by Recognized CA" %}} ->**Note:** -> If you are using Self Signed Certificate, [click here](#option-a-bring-your-own-certificate-self-signed) to proceed. -If you are using a Certificate Signed By A Recognized Certificate Authority, you will need to generate a base64 encoded string for the Certificate file and the Certificate Key file. Make sure that your certificate file includes all the [intermediate certificates](#cert-order) in the chain, the order of certificates in this case is first your own certificate, followed by the intermediates. Please refer to the documentation of your CSP (Certificate Service Provider) to see what intermediate certificate(s) need to be included. +If you are using a Certificate Signed By A Recognized Certificate Authority, you will need to generate a base64 encoded string for the Certificate file and the Certificate Key file. Make sure that your certificate file includes all the intermediate certificates in the chain, the order of certificates in this case is first your own certificate, followed by the intermediates. Please refer to the documentation of your CSP (Certificate Service Provider) to see what intermediate certificate(s) need to be included. In the `kind: Secret` with `name: cattle-keys-ingress`: diff --git a/content/rancher/v2.x/en/installation/resources/advanced/rke-add-on/layer-7-lb/_index.md b/content/rancher/v2.x/en/installation/resources/advanced/rke-add-on/layer-7-lb/_index.md index fe5397fb635..4c94ca9fd7b 100644 --- a/content/rancher/v2.x/en/installation/resources/advanced/rke-add-on/layer-7-lb/_index.md +++ b/content/rancher/v2.x/en/installation/resources/advanced/rke-add-on/layer-7-lb/_index.md @@ -9,7 +9,7 @@ aliases: > #### **Important: RKE add-on install is only supported up to Rancher v2.0.8** > ->Please use the Rancher Helm chart to install Rancher on a Kubernetes cluster. For details, see the [Kubernetes Install - Installation Outline]({{}}/rancher/v2.x/en/installation/install-rancher-on-k8s/#installation-outline). +>Please use the Rancher Helm chart to install Rancher on a Kubernetes cluster. For details, see the [Kubernetes Install]({{}}/rancher/v2.x/en/installation/install-rancher-on-k8s/). > >If you are currently using the RKE add-on install method, see [Migrating from a Kubernetes Install with an RKE Add-on]({{}}/rancher/v2.x/en/upgrades/upgrades/migrating-from-rke-add-on/) for details on how to move to using the helm chart. @@ -169,9 +169,9 @@ Choose from the following options: >**Prerequisites:** >Create a self-signed certificate. > ->- The certificate files must be in [PEM format](#pem). +>- The certificate files must be in PEM format. >- The certificate files must be encoded in [base64](#base64). ->- In your certificate file, include all intermediate certificates in the chain. Order your certificates with your certificate first, followed by the intermediates. For an example, see [SSL FAQ / Troubleshooting](#cert-order). +>- In your certificate file, include all intermediate certificates in the chain. Order your certificates with your certificate first, followed by the intermediates. For an example, see [Certificate Troubleshooting.]({{}}/rancher/v2.x/en/installation/other-installation-methods/single-node-docker/troubleshooting) In `kind: Secret` with `name: cattle-keys-ingress`, replace `` with the base64 encoded string of the CA Certificate file (usually called `ca.pem` or `ca.crt`) diff --git a/content/rancher/v2.x/en/installation/resources/advanced/single-node-install-external-lb/_index.md b/content/rancher/v2.x/en/installation/resources/advanced/single-node-install-external-lb/_index.md index 3f34c911832..31aa8c42a2b 100644 --- a/content/rancher/v2.x/en/installation/resources/advanced/single-node-install-external-lb/_index.md +++ b/content/rancher/v2.x/en/installation/resources/advanced/single-node-install-external-lb/_index.md @@ -54,7 +54,7 @@ If you elect to use a self-signed certificate to encrypt communication, you must > **Prerequisites:** > Create a self-signed certificate. > -> - The certificate files must be in [PEM format](#pem). +> - The certificate files must be in PEM format. **To Install Rancher Using a Self-Signed Cert:** @@ -73,7 +73,7 @@ If your cluster is public facing, it's best to use a certificate signed by a rec > **Prerequisites:** > -> - The certificate files must be in [PEM format](#pem). +> - The certificate files must be in PEM format. **To Install Rancher Using a Cert Signed by a Recognized CA:** @@ -173,7 +173,7 @@ http { ## FAQ and Troubleshooting -{{< ssl_faq_single >}} +For help troubleshooting certificates, see [this section.]({{}}/rancher/v2.x/en/installation/other-installation-methods/single-node-docker/troubleshooting) ## Advanced Options @@ -209,7 +209,7 @@ docker run -d --restart=unless-stopped \ rancher/rancher:latest ``` -As of Rancher v2.5, privileged access is [required.](../#privileged-access-for-rancher-v2-5) +As of Rancher v2.5, privileged access is [required.]({{}}/rancher/v2.x/en/installation/other-installation-methods/single-node-docker/#privileged-access-for-rancher-v2-5) This layer 7 NGINX configuration is tested on NGINX version 1.13 (mainline) and 1.14 (stable). diff --git a/content/rancher/v2.x/en/installation/resources/local-system-charts/_index.md b/content/rancher/v2.x/en/installation/resources/local-system-charts/_index.md index e7f4eef10d8..eec77dee63b 100644 --- a/content/rancher/v2.x/en/installation/resources/local-system-charts/_index.md +++ b/content/rancher/v2.x/en/installation/resources/local-system-charts/_index.md @@ -15,7 +15,7 @@ In an air gapped installation of Rancher, you will need to configure Rancher to In Rancher v2.3.0, a local copy of `system-charts` has been packaged into the `rancher/rancher` container. To be able to use these features in an air gap install, you will need to run the Rancher install command with an extra environment variable, `CATTLE_SYSTEM_CATALOG=bundled`, which tells Rancher to use the local copy of the charts instead of attempting to fetch them from GitHub. -Example commands for a Rancher installation with a bundled `system-charts` are included in the [air gap Docker installation]({{}}/rancher/v2.x/en/installation/air-gap-single-node/install-rancher) instructions and the [air gap Kubernetes installation]({{}}/rancher/v2.x/en/installation/air-gap-high-availability/install-rancher/#c-install-rancher) instructions. +Example commands for a Rancher installation with a bundled `system-charts` are included in the [air gap Docker installation]({{}}/rancher/v2.x/en/installation/air-gap-single-node/install-rancher) instructions and the [air gap Kubernetes installation]({{}}/rancher/v2.x/en/installation/air-gap-high-availability/install-rancher/) instructions. # Setting Up System Charts for Rancher Prior to v2.3.0 diff --git a/content/rancher/v2.x/en/installation/resources/tls-settings/_index.md b/content/rancher/v2.x/en/installation/resources/tls-settings/_index.md index 6c2ae09d236..46094ee1a14 100644 --- a/content/rancher/v2.x/en/installation/resources/tls-settings/_index.md +++ b/content/rancher/v2.x/en/installation/resources/tls-settings/_index.md @@ -13,7 +13,7 @@ In Rancher v2.1.7, the default TLS configuration changed to only accept TLS 1.2 The Audit Log is enabled and configured by passing environment variables to the Rancher server container. See the following to enable on your installation. -- [TLS settings in Docker options]({{}}/v2.x/en/installation/other-installation-methods/single-node-docker/advanced/#tls-settings) +- [TLS settings in Docker options]({{}}/rancher/v2.x/en/installation/other-installation-methods/single-node-docker/advanced/#tls-settings) - [TLS settings in Helm chart options]({{}}/rancher/v2.x/en/installation/install-rancher-on-k8s/chart-options/#tls-settings) diff --git a/content/rancher/v2.x/en/installation/resources/troubleshooting/_index.md b/content/rancher/v2.x/en/installation/resources/troubleshooting/_index.md index df6aa08e731..1d367a12a02 100644 --- a/content/rancher/v2.x/en/installation/resources/troubleshooting/_index.md +++ b/content/rancher/v2.x/en/installation/resources/troubleshooting/_index.md @@ -24,7 +24,7 @@ A number of things can cause the ingress-controller not to forward traffic to yo Things to check -- [Is Rancher Running](#is-rancher-running) +- [Is Rancher Running](#check-if-rancher-is-running) - [Cert CN is "Kubernetes Ingress Controller Fake Certificate"](#cert-cn-is-kubernetes-ingress-controller-fake-certificate) ### Check if Rancher is Running diff --git a/content/rancher/v2.x/en/installation/resources/upgrading-cert-manager/_index.md b/content/rancher/v2.x/en/installation/resources/upgrading-cert-manager/_index.md index a66d6a181d3..f48dea0279d 100644 --- a/content/rancher/v2.x/en/installation/resources/upgrading-cert-manager/_index.md +++ b/content/rancher/v2.x/en/installation/resources/upgrading-cert-manager/_index.md @@ -27,7 +27,7 @@ To address these changes, this guide will do two things: > The reason is that when Helm upgrades Rancher, it will reject the upgrade and show error messages if the running Rancher app does not match the chart template used to install it. Because cert-manager changed its API group and we cannot modify released charts for Rancher, there will always be a mismatch on the cert-manager's API version, therefore the upgrade will be rejected. -> For reinstalling Rancher with Helm, please check [Option B: Reinstalling Rancher Chart]({{}}/rancher/v2.x/en/installation/upgrades-rollbacks/upgrades/ha/#c-upgrade-rancher) under the upgrade Rancher section. +> For reinstalling Rancher with Helm, please check [Option B: Reinstalling Rancher Chart]({{}}/rancher/v2.x/en/installation/upgrades-rollbacks/upgrades/ha/) under the upgrade Rancher section. # Upgrade Cert-Manager diff --git a/content/rancher/v2.x/en/installation/resources/upgrading-cert-manager/helm-2-instructions/_index.md b/content/rancher/v2.x/en/installation/resources/upgrading-cert-manager/helm-2-instructions/_index.md index 7dbcbeee2b7..73cca9cd337 100644 --- a/content/rancher/v2.x/en/installation/resources/upgrading-cert-manager/helm-2-instructions/_index.md +++ b/content/rancher/v2.x/en/installation/resources/upgrading-cert-manager/helm-2-instructions/_index.md @@ -26,7 +26,7 @@ To address these changes, this guide will do two things: > The reason is that when Helm upgrades Rancher, it will reject the upgrade and show error messages if the running Rancher app does not match the chart template used to install it. Because cert-manager changed its API group and we cannot modify released charts for Rancher, there will always be a mismatch on the cert-manager's API version, therefore the upgrade will be rejected. -> For reinstalling Rancher with Helm, please check [Option B: Reinstalling Rancher Chart]({{}}/rancher/v2.x/en/installation/upgrades-rollbacks/upgrades/ha/#c-upgrade-rancher) under the upgrade Rancher section. +> For reinstalling Rancher with Helm, please check [Option B: Reinstalling Rancher Chart]({{}}/rancher/v2.x/en/installation/upgrades-rollbacks/upgrades/ha/) under the upgrade Rancher section. ## Upgrade Cert-Manager Only diff --git a/content/rancher/v2.x/en/istio/v2.3.x-v2.4.x/_index.md b/content/rancher/v2.x/en/istio/v2.3.x-v2.4.x/_index.md index 342cac2df6b..cd5d22c1735 100644 --- a/content/rancher/v2.x/en/istio/v2.3.x-v2.4.x/_index.md +++ b/content/rancher/v2.x/en/istio/v2.3.x-v2.4.x/_index.md @@ -53,7 +53,7 @@ To remove Istio components from a cluster, namespace, or workload, refer to the # Accessing Visualizations -> By default, only cluster owners have access to Jaeger and Kiali. For instructions on how to allow project members to access them, refer to [Access to Visualizations.]({{}}/rancher/v2.x/en/cluster-admin/tools/istio/rbac/#access-to-visualizations) +> By default, only cluster owners have access to Jaeger and Kiali. For instructions on how to allow project members to access them, see [this section.]({{}}/rancher/v2.x/en/cluster-admin/tools/istio/rbac/) After Istio is set up in a cluster, Grafana, Prometheus, Jaeger, and Kiali are available in the Rancher UI. diff --git a/content/rancher/v2.x/en/istio/v2.3.x-v2.4.x/setup/_index.md b/content/rancher/v2.x/en/istio/v2.3.x-v2.4.x/setup/_index.md index 062943de64a..8ef4d73aa45 100644 --- a/content/rancher/v2.x/en/istio/v2.3.x-v2.4.x/setup/_index.md +++ b/content/rancher/v2.x/en/istio/v2.3.x-v2.4.x/setup/_index.md @@ -20,7 +20,7 @@ If you use Istio for traffic management, you will need to allow external traffic 1. [Add deployments and services that have the Istio sidecar injected.]({{}}/rancher/v2.x/en/cluster-admin/tools/istio/setup/deploy-workloads) 1. [Set up the Istio gateway. ]({{}}/rancher/v2.x/en/cluster-admin/tools/istio/setup/gateway) 1. [Set up Istio's components for traffic management.]({{}}/rancher/v2.x/en/cluster-admin/tools/istio/setup/set-up-traffic-management) -1. [Generate traffic and see Istio in action.](#generate-traffic-and-see-istio-in-action) +1. [Generate traffic and see Istio in action.]({{}}/rancher/v2.x/en/cluster-admin/tools/istio/setup/#view-traffic) # Prerequisites diff --git a/content/rancher/v2.x/en/istio/v2.3.x-v2.4.x/setup/enable-istio-in-cluster/enable-istio-with-psp/_index.md b/content/rancher/v2.x/en/istio/v2.3.x-v2.4.x/setup/enable-istio-in-cluster/enable-istio-with-psp/_index.md index 39bb3dd572c..db7ba6719fd 100644 --- a/content/rancher/v2.x/en/istio/v2.3.x-v2.4.x/setup/enable-istio-in-cluster/enable-istio-with-psp/_index.md +++ b/content/rancher/v2.x/en/istio/v2.3.x-v2.4.x/setup/enable-istio-in-cluster/enable-istio-with-psp/_index.md @@ -11,9 +11,9 @@ If you have restrictive Pod Security Policies enabled, then Istio may not be abl The Istio CNI plugin removes the need for each application pod to have a privileged `NET_ADMIN` container. For further information, see the [Istio CNI Plugin docs](https://istio.io/docs/setup/additional-setup/cni). Please note that the [Istio CNI Plugin is in alpha](https://istio.io/about/feature-stages/). -- 1. [Configure the System Project Policy to allow Istio install.](#2-configure-the-system-project-policy-to-allow-istio-install) -- 2. [Install the CNI plugin in the System project.](#3-install-the-cni-plugin-in-the-system-project) -- 3. [Install Istio.](#4-install-istio) +- 1. [Configure the System Project Policy to allow Istio install.](#1-configure-the-system-project-policy-to-allow-istio-install) +- 2. [Install the CNI plugin in the System project.](#2-install-the-cni-plugin-in-the-system-project) +- 3. [Install Istio.](#3-install-istio) ### 1. Configure the System Project Policy to allow Istio install diff --git a/content/rancher/v2.x/en/istio/v2.5/_index.md b/content/rancher/v2.x/en/istio/v2.5/_index.md index 569d5ca3d4d..36dc5ed10ca 100644 --- a/content/rancher/v2.x/en/istio/v2.5/_index.md +++ b/content/rancher/v2.x/en/istio/v2.5/_index.md @@ -86,7 +86,7 @@ Another option is to manually uninstall istio resources one at a time, but leave # Accessing Visualizations -> By default, only cluster-admins have access to Kiali. For instructions on how to allow admin, edit or views roles to access them, refer to [Access to Visualizations.]({{}}/rancher/v2.x/en/cluster-admin/tools/istio/rbac/#access-to-visualizations) +> By default, only cluster-admins have access to Kiali. For instructions on how to allow admin, edit or views roles to access them, see [this section.]({{}}/rancher/v2.x/en/cluster-admin/tools/istio/rbac/) After Istio is set up in a cluster, Grafana, Prometheus,and Kiali are available in the Rancher UI. @@ -94,7 +94,7 @@ To access the Grafana and Prometheus visualizations, from the **Cluster Explorer To access the Kiali visualization, from the **Cluster Explorer** navigate to the **Istio** app overview page, and click on **Kiali**. From here you can access the **Traffic Graph** tab or the **Traffic Metrics** tab to see network visualizations and metrics. -By default, all namespace will picked up by prometheus and make data available for Kiali graphs. Refer to [selector/scrape config setup]({{}}/rancher/v2.x/en/istio/setup/enable-istio-in-cluster/#selectors-scrape-configs) if you would like to use a different configuration for prometheus data scraping. +By default, all namespace will picked up by prometheus and make data available for Kiali graphs. Refer to [selector/scrape config setup](./configuration-reference/selectors-and-scrape) if you would like to use a different configuration for prometheus data scraping. Your access to the visualizations depend on your role. Grafana and Prometheus are only available for `cluster-admin` roles. The Kiali UI is available only to `cluster-admin` by default, but `cluster-admin` can allow other roles to access them by editing the Istio values.yaml. @@ -122,4 +122,4 @@ By default the Egress gateway is disabled, but can be enabled on install or upgr # Additional Steps for Installing Istio on an RKE2 Cluster -To install Istio on an RKE2 cluster, follow the steps in [this section.](./setup/enable-istio-in-cluster/rke2) +To install Istio on an RKE2 cluster, follow the steps in [this section.]({{}}/rancher/v2.x/en/istio/v2.5/configuration-reference/rke2/) diff --git a/content/rancher/v2.x/en/istio/v2.5/configuration-reference/canal-and-project-network/_index.md b/content/rancher/v2.x/en/istio/v2.5/configuration-reference/canal-and-project-network/_index.md index 03fc9c11637..f2f87d8e98e 100644 --- a/content/rancher/v2.x/en/istio/v2.5/configuration-reference/canal-and-project-network/_index.md +++ b/content/rancher/v2.x/en/istio/v2.5/configuration-reference/canal-and-project-network/_index.md @@ -5,7 +5,7 @@ weight: 4 In clusters where: -- The [Canal network plug-in]({{}}/rancher/v2.x/en/cluster-provisioning/rke-clusters/options/#canal) is in use. +- The Canal network plug-in is in use. - The Project Network Isolation option is enabled. - You install the Istio Ingress module diff --git a/content/rancher/v2.x/en/istio/v2.5/resources/_index.md b/content/rancher/v2.x/en/istio/v2.5/resources/_index.md index dff95ccedb1..19dde46e0d2 100644 --- a/content/rancher/v2.x/en/istio/v2.5/resources/_index.md +++ b/content/rancher/v2.x/en/istio/v2.5/resources/_index.md @@ -42,7 +42,7 @@ You can find more information about Istio configuration in the [official Istio d To configure the resources allocated to an Istio component, 1. In the Rancher **Cluster Explorer**, navigate to your Istio installation in **Apps & Marketplace** -1. Click **Upgrade** to edit the base components via changes the values.yaml or add an [overlay file]({{}}/rancher/v2.x/en/istio/setup/enable-istio-in-cluster/#overlay-file). +1. Click **Upgrade** to edit the base components via changes the values.yaml or add an [overlay file]({{}}/rancher/v2.x/en/istio/v2.5/configuration-reference/#overlay-file). 1. Change the CPU or memory allocations, the nodes where each component will be scheduled to, or the node tolerations. 1. Click **Upgrade.** to rollout changes diff --git a/content/rancher/v2.x/en/istio/v2.5/setup/enable-istio-in-cluster/_index.md b/content/rancher/v2.x/en/istio/v2.5/setup/enable-istio-in-cluster/_index.md index cca2fbda815..bcfa931381d 100644 --- a/content/rancher/v2.x/en/istio/v2.5/setup/enable-istio-in-cluster/_index.md +++ b/content/rancher/v2.x/en/istio/v2.5/setup/enable-istio-in-cluster/_index.md @@ -10,7 +10,7 @@ aliases: > >- Only a user with the `cluster-admin` [Kubernetes default role](https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles) assigned can configure and install Istio in a Kubernetes cluster. >- If you have pod security policies, you will need to install Istio with the CNI enabled. For details, see [this section.]({{}}/rancher/v2.x/en/istio/v2.5/configuration-reference/enable-istio-with-psp) ->- To install Istio on an RKE2 cluster, additional steps are required. For details, see [this section.]({{}}/rancher/v2.x/en/istio/v2.5/configuration-reference/rke2) +>- To install Istio on an RKE2 cluster, additional steps are required. For details, see [this section.]({{}}/rancher/v2.x/en/istio/v2.5/configuration-reference/rke2/) >- To install Istio in a cluster where the Canal network plug-in is in use and the Project Network isolation option is enabled, additional steps are required. For details, see [this section.]({{}}/rancher/v2.x/en/istio/v2.5/configuration-reference/canal-and-project-network) 1. From the **Cluster Explorer**, navigate to available **Charts** in **Apps & Marketplace** diff --git a/content/rancher/v2.x/en/istio/v2.5/setup/view-traffic/_index.md b/content/rancher/v2.x/en/istio/v2.5/setup/view-traffic/_index.md index 01b6687ebab..3af6fbd12f5 100644 --- a/content/rancher/v2.x/en/istio/v2.5/setup/view-traffic/_index.md +++ b/content/rancher/v2.x/en/istio/v2.5/setup/view-traffic/_index.md @@ -12,7 +12,7 @@ This section describes how to view the traffic that is being managed by Istio. The Istio overview page provides a link to the Kiali dashboard. From the Kiali dashboard, you are able to view graphs for each namespace. The Kiali graph provides a powerful way to visualize the topology of your Istio service mesh. It shows you which services communicate with each other. ->**Prerequisite:** To enable traffic to show up in the graph, ensure you have prometheus installed in the cluster. Rancher-istio installs Kiali configured by default to work with the rancher-monitoring chart. You can use rancher-monitoring or install your own monitoring solution. Optional: you can change configuration on how data scraping occurs by setting the [Selectors & Scrape Configs]({{}}/rancher/v2.x/en/istio/setup/enable-istio-in-cluster/#selectors-scrape-configs) options. +>**Prerequisite:** To enable traffic to show up in the graph, ensure you have prometheus installed in the cluster. Rancher-istio installs Kiali configured by default to work with the rancher-monitoring chart. You can use rancher-monitoring or install your own monitoring solution. Optional: you can change configuration on how data scraping occurs by setting the [Selectors & Scrape Configs]({{}}/rancher/v2.x/en/istio/v2.5/configuration-reference/selectors-and-scrape) options. To see the traffic graph, diff --git a/content/rancher/v2.x/en/k8s-in-rancher/_index.md b/content/rancher/v2.x/en/k8s-in-rancher/_index.md index d9095f9f097..fe60b1f2a83 100644 --- a/content/rancher/v2.x/en/k8s-in-rancher/_index.md +++ b/content/rancher/v2.x/en/k8s-in-rancher/_index.md @@ -56,7 +56,7 @@ For more information, see [Service Discovery]({{}}/rancher/v2.x/en/k8s- ## Pipelines -After your project has been [configured to a version control provider]({{}}/rancher/v2.x/en/project-admin/pipelines/#version-control-providers), you can add the repositories and start configuring a pipeline for each repository. +After your project has been [configured to a version control provider]({{}}/rancher/v2.x/en/project-admin/pipelines/#1-configure-version-control-providers), you can add the repositories and start configuring a pipeline for each repository. For more information, see [Pipelines]({{}}/rancher/v2.x/en/k8s-in-rancher/pipelines/). diff --git a/content/rancher/v2.x/en/logging/v2.0.x-v2.4.x/project-logging/_index.md b/content/rancher/v2.x/en/logging/v2.0.x-v2.4.x/project-logging/_index.md index febca09d719..d4547dc6910 100644 --- a/content/rancher/v2.x/en/logging/v2.0.x-v2.4.x/project-logging/_index.md +++ b/content/rancher/v2.x/en/logging/v2.0.x-v2.4.x/project-logging/_index.md @@ -9,7 +9,7 @@ aliases: Rancher can integrate with a variety of popular logging services and tools that exist outside of your Kubernetes clusters. -For background information about how logging integrations work, refer to the [cluster administration section.]({{}}/rancher/v2.x/en/cluster-admin/tools/logging/#how-logging-integrations-work) +For background information about how logging integrations work, refer to the [cluster administration section.]({{}}/rancher/v2.x/en/logging/v2.0.x-v2.4.x/cluster-logging/#how-logging-integrations-work) Rancher supports the following services: diff --git a/content/rancher/v2.x/en/monitoring-alerting/v2.0.x-v2.4.x/cluster-alerts/_index.md b/content/rancher/v2.x/en/monitoring-alerting/v2.0.x-v2.4.x/cluster-alerts/_index.md index aea40f6beee..e89f6b85923 100644 --- a/content/rancher/v2.x/en/monitoring-alerting/v2.0.x-v2.4.x/cluster-alerts/_index.md +++ b/content/rancher/v2.x/en/monitoring-alerting/v2.0.x-v2.4.x/cluster-alerts/_index.md @@ -6,7 +6,7 @@ aliases: - /rancher/v2.x/en/monitoring-alerting/legacy/alerts/cluster-alerts --- -> In Rancher 2.5, the monitoring application was improved. There are now two ways to enable monitoring and alerting. The older way is documented in this section, and the new application for monitoring and alerting is documented [here.]({{}}/rancher/v2.x/en/monitoring-alerting) +> In Rancher 2.5, the monitoring application was improved. There are now two ways to enable monitoring and alerting. The older way is documented in this section, and the new application for monitoring and alerting is documented [here.]({{}}/rancher/v2.x/en/monitoring-alerting/v2.5/) To keep your clusters and applications healthy and driving your organizational productivity forward, you need to stay informed of events occurring in your clusters and projects, both planned and unplanned. When an event occurs, your alert is triggered, and you are sent a notification. You can then, if necessary, follow up with corrective actions. @@ -343,4 +343,4 @@ By default, the below options will apply to all alert rules within the group. Yo - **Group Wait Time**: How long to wait to buffer alerts of the same group before sending initially, default to 30 seconds. - **Group Interval Time**: How long to wait before sending an alert that has been added to a group which contains already fired alerts, default to 30 seconds. -- **Repeat Wait Time**: How long to wait before re-sending a given alert that has already been sent, default to 1 hour. \ No newline at end of file +- **Repeat Wait Time**: How long to wait before re-sending a given alert that has already been sent, default to 1 hour. diff --git a/content/rancher/v2.x/en/monitoring-alerting/v2.0.x-v2.4.x/cluster-monitoring/_index.md b/content/rancher/v2.x/en/monitoring-alerting/v2.0.x-v2.4.x/cluster-monitoring/_index.md index ef0f37d26d5..c96f6ca81ea 100644 --- a/content/rancher/v2.x/en/monitoring-alerting/v2.0.x-v2.4.x/cluster-monitoring/_index.md +++ b/content/rancher/v2.x/en/monitoring-alerting/v2.0.x-v2.4.x/cluster-monitoring/_index.md @@ -22,7 +22,7 @@ This section covers the following topics: - [Enabling cluster monitoring](#enabling-cluster-monitoring) - [Resource consumption](#resource-consumption) - [Resource consumption of Prometheus pods](#resource-consumption-of-prometheus-pods) - - [Resource consumption of other pods](#resources-consumption-of-other-pods) + - [Resource consumption of other pods](#resource-consumption-of-other-pods) # About Prometheus @@ -64,7 +64,7 @@ As an [administrator]({{}}/rancher/v2.x/en/admin-settings/rbac/global-p 1. Click **Save**. -**Result:** The Prometheus server will be deployed as well as two monitoring applications. The two monitoring applications, `cluster-monitoring` and `monitoring-operator`, are added as an [application]({{}}/rancher/v2.x/en/catalog/apps/) to the cluster's `system` project. After the applications are `active`, you can start viewing [cluster metrics]({{}}/rancher/v2.x/en/monitoring-alerting/legacy/monitoring/cluster-monitoring/cluster-metrics/) through the Rancher dashboard or directly from [Grafana]({{}}/rancher/v2.x/en/monitoring-alerting/legacy/monitoring/cluster-monitoring/#grafana). +**Result:** The Prometheus server will be deployed as well as two monitoring applications. The two monitoring applications, `cluster-monitoring` and `monitoring-operator`, are added as an [application]({{}}/rancher/v2.x/en/catalog/apps/) to the cluster's `system` project. After the applications are `active`, you can start viewing [cluster metrics]({{}}/rancher/v2.x/en/monitoring-alerting/legacy/monitoring/cluster-monitoring/cluster-metrics/) through the Rancher dashboard or directly from Grafana. > The default username and password for the Grafana instance will be `admin/admin`. However, Grafana dashboards are served via the Rancher authentication proxy, so only users who are currently authenticated into the Rancher server have access to the Grafana dashboard. diff --git a/content/rancher/v2.x/en/monitoring-alerting/v2.0.x-v2.4.x/cluster-monitoring/cluster-metrics/_index.md b/content/rancher/v2.x/en/monitoring-alerting/v2.0.x-v2.4.x/cluster-monitoring/cluster-metrics/_index.md index 0a7a7981f0d..1be8c9eca40 100644 --- a/content/rancher/v2.x/en/monitoring-alerting/v2.0.x-v2.4.x/cluster-monitoring/cluster-metrics/_index.md +++ b/content/rancher/v2.x/en/monitoring-alerting/v2.0.x-v2.4.x/cluster-monitoring/cluster-metrics/_index.md @@ -39,7 +39,7 @@ Some of the biggest metrics to look out for: 1. Click on **Node Metrics**. -[_Get expressions for Cluster Metrics_]({{}}/rancher/v2.x/en/monitoring-alerting/legacy/monitoring/cluster-monitoring/expression/#cluster-metrics) +[_Get expressions for Cluster Metrics_]({{}}/rancher/v2.x/en/monitoring-alerting/v2.0.x-v2.4.x/cluster-monitoring/expression/#cluster-metrics) ### Etcd Metrics @@ -59,7 +59,7 @@ Some of the biggest metrics to look out for: If this statistic suddenly grows, it usually indicates network communication issues that constantly force the cluster to elect a new leader. -[_Get expressions for Etcd Metrics_]({{}}/rancher/v2.x/en/monitoring-alerting/legacy/monitoring/cluster-monitoring/expression/#etcd-metrics) +[_Get expressions for Etcd Metrics_]({{}}/rancher/v2.x/en/monitoring-alerting/v2.0.x-v2.4.x/cluster-monitoring/expression/#etcd-metrics) ### Kubernetes Components Metrics @@ -97,7 +97,7 @@ Some of the more important component metrics to monitor are: Although the Dashboard for a cluster primarily displays data sourced from Prometheus, it also displays information for cluster logging, provided that you have [configured Rancher to use a logging service]({{}}/rancher/v2.x/en/cluster-admin/tools/logging/). -[_Get expressions for Rancher Logging Metrics_]({{}}/rancher/v2.x/en/monitoring-alerting/legacy/monitoring/cluster-monitoring/expression/#rancher-logging-metrics) +[_Get expressions for Rancher Logging Metrics_]({{}}/rancher/v2.x/en/monitoring-alerting/v2.0.x-v2.4.x/cluster-monitoring/expression/#rancher-logging-metrics) ## Finding Workload Metrics @@ -114,4 +114,4 @@ Workload metrics display the hardware utilization for a Kubernetes workload. You - **View the Pod Metrics:** Click on **Pod Metrics**. - **View the Container Metrics:** In the **Containers** section, select a specific container and click on its name. Click on **Container Metrics**. -[_Get expressions for Workload Metrics_]({{}}/rancher/v2.x/en/monitoring-alerting/legacy/monitoring/cluster-monitoring/expression/#workload-metrics) +[_Get expressions for Workload Metrics_]({{}}/rancher/v2.x/en/monitoring-alerting/v2.0.x-v2.4.x/cluster-monitoring/expression/#workload-metrics) diff --git a/content/rancher/v2.x/en/monitoring-alerting/v2.0.x-v2.4.x/cluster-monitoring/project-monitoring/_index.md b/content/rancher/v2.x/en/monitoring-alerting/v2.0.x-v2.4.x/cluster-monitoring/project-monitoring/_index.md index de970e2a923..54afeb9ef7a 100644 --- a/content/rancher/v2.x/en/monitoring-alerting/v2.0.x-v2.4.x/cluster-monitoring/project-monitoring/_index.md +++ b/content/rancher/v2.x/en/monitoring-alerting/v2.0.x-v2.4.x/cluster-monitoring/project-monitoring/_index.md @@ -54,13 +54,12 @@ Prometheus|750m| 750Mi | 1000m | 1000Mi | Yes Grafana | 100m | 100Mi | 200m | 200Mi | No -**Result:** A single application,`project-monitoring`, is added as an [application]({{}}/rancher/v2.x/en/catalog/apps/) to the project. After the application is `active`, you can start viewing [project metrics](#project-metrics) through the [Rancher dashboard]({{}}/rancher/v2.x/en/monitoring-alerting/legacy/monitoring/cluster-monitoring/#rancher-dashboard) or directly from [Grafana]({{}}/rancher/v2.x/en/monitoring-alerting/legacy/monitoring/cluster-monitoring/#grafana). +**Result:** A single application,`project-monitoring`, is added as an [application]({{}}/rancher/v2.x/en/catalog/apps/) to the project. After the application is `active`, you can start viewing project metrics through the [Rancher dashboard]({{}}/rancher/v2.x/en/monitoring-alerting/legacy/monitoring/cluster-monitoring/) or directly from Grafana. > The default username and password for the Grafana instance will be `admin/admin`. However, Grafana dashboards are served via the Rancher authentication proxy, so only users who are currently authenticated into the Rancher server have access to the Grafana dashboard. ### Project Metrics - -[Workload metrics]({{}}/rancher/v2.x/en/monitoring-alerting/legacy/monitoring/cluster-monitoring/cluster-metrics/#workload-metrics) are available for the project if monitoring is enabled at the [cluster level]({{}}/rancher/v2.x/en/monitoring-alerting/legacy/monitoring/cluster-monitoring/) and at the [project level.](#enabling-project-monitoring) +[Workload metrics]({{}}/rancher/v2.x/en/monitoring-alerting/v2.0.x-v2.4.x/cluster-monitoring/expression/#workload-metrics) are available for the project if monitoring is enabled at the [cluster level]({{}}/rancher/v2.x/en/monitoring-alerting/legacy/monitoring/cluster-monitoring/) and at the [project level.](#enabling-project-monitoring) You can monitor custom metrics from any [exporters.](https://prometheus.io/docs/instrumenting/exporters/) You can also expose some custom endpoints on deployments without needing to configure Prometheus for your project. diff --git a/content/rancher/v2.x/en/monitoring-alerting/v2.0.x-v2.4.x/cluster-monitoring/prometheus/_index.md b/content/rancher/v2.x/en/monitoring-alerting/v2.0.x-v2.4.x/cluster-monitoring/prometheus/_index.md index b265606bc01..d0ac0e39dab 100644 --- a/content/rancher/v2.x/en/monitoring-alerting/v2.0.x-v2.4.x/cluster-monitoring/prometheus/_index.md +++ b/content/rancher/v2.x/en/monitoring-alerting/v2.0.x-v2.4.x/cluster-monitoring/prometheus/_index.md @@ -79,11 +79,11 @@ When configuring Prometheus and enabling the node exporter, enter a host port in # Persistent Storage ->**Prerequisite:** Configure one or more [storage class]({{}}/rancher/v2.x/en/cluster-admin/volumes-and-storage/#adding-storage-classes) to use as [persistent storage]({{}}/rancher/v2.x/en/cluster-admin/volumes-and-storage/) for your Prometheus or Grafana pod. +>**Prerequisite:** Configure one or more StorageClasses to use as [persistent storage]({{}}/rancher/v2.x/en/cluster-admin/volumes-and-storage/) for your Prometheus or Grafana pod. By default, when you enable Prometheus for either a cluster or project, all monitoring data that Prometheus collects is stored on its own pod. With local storage, if the Prometheus or Grafana pods fail, all the data is lost. Rancher recommends configuring an external persistent storage to the cluster. With the external persistent storage, if the Prometheus or Grafana pods fail, the new pods can recover using data from the persistent storage. -When enabling persistent storage for Prometheus or Grafana, specify the size of the persistent volume and select the [storage class]({{}}/rancher/v2.x/en/cluster-admin/volumes-and-storage/#storage-classes). +When enabling persistent storage for Prometheus or Grafana, specify the size of the persistent volume and select the StorageClass. # Remote Storage diff --git a/content/rancher/v2.x/en/monitoring-alerting/v2.5/_index.md b/content/rancher/v2.x/en/monitoring-alerting/v2.5/_index.md index ee9a33060da..19dc1c0a70b 100644 --- a/content/rancher/v2.x/en/monitoring-alerting/v2.5/_index.md +++ b/content/rancher/v2.x/en/monitoring-alerting/v2.5/_index.md @@ -30,7 +30,7 @@ For more information about upgrading the Monitoring app in Rancher 2.5, please r - [Grafana UI](#grafana-ui) - [Prometheus UI](#prometheus-ui) - [Viewing the Prometheus Targets](#viewing-the-prometheus-targets) - - [Viewing the PrometheusRules](#viewing-the-prometheus-rules) + - [Viewing the PrometheusRules](#viewing-the-prometheusrules) - [Viewing Active Alerts in Alertmanager](#viewing-active-alerts-in-alertmanager) - [Uninstall Monitoring](#uninstall-monitoring) - [Setting Resource Limits and Requests](#setting-resource-limits-and-requests) @@ -53,7 +53,7 @@ As an [administrator]({{}}/rancher/v2.x/en/admin-settings/rbac/global-p > **Requirements:** > > - Make sure that you are allowing traffic on port 9796 for each of your nodes because Prometheus will scrape metrics from here. -> - Make sure your cluster fulfills the resource requirements. The cluster should have at least 1950Mi memory available, 2700m CPU, and 50Gi storage. A breakdown of the resource limits and requests is [here.](#resource-requirements) +> - Make sure your cluster fulfills the resource requirements. The cluster should have at least 1950Mi memory available, 2700m CPU, and 50Gi storage. A breakdown of the resource limits and requests is [here.](#setting-resource-limits-and-requests) 1. In the Rancher UI, go to the cluster where you want to install monitoring and click **Cluster Explorer.** @@ -68,7 +68,7 @@ As an [administrator]({{}}/rancher/v2.x/en/admin-settings/rbac/global-p By default, Rancher Monitoring deploys exporters (such as [node-exporter](https://github.com/prometheus/node_exporter) and [kube-state-metrics](https://github.com/kubernetes/kube-state-metrics)) as well as default Prometheus alerts and Grafana dashboards (curated by the [kube-prometheus](https://github.com/prometheus-operator/kube-prometheus) project) onto a cluster. -To see the default alerts, go to the [Alertmanager UI](#alertmanager-ui) and click **Expand all groups.** +To see the default alerts, go to the [Alertmanager UI](#viewing-active-alerts-in-alertmanager) and click **Expand all groups.** To see what services you are monitoring, you will need to see your targets. To view the default targets, refer to [Viewing the Prometheus Targets.](#viewing-the-prometheus-targets) diff --git a/content/rancher/v2.x/en/monitoring-alerting/v2.5/configuration/_index.md b/content/rancher/v2.x/en/monitoring-alerting/v2.5/configuration/_index.md index 8f7ae53ca05..b469666ba68 100644 --- a/content/rancher/v2.x/en/monitoring-alerting/v2.5/configuration/_index.md +++ b/content/rancher/v2.x/en/monitoring-alerting/v2.5/configuration/_index.md @@ -71,7 +71,7 @@ If the scrape configuration you want cannot be specified via a ServiceMonitor or A [scrape_config section](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#scrape_config) specifies a set of targets and parameters describing how to scrape them. In the general case, one scrape configuration specifies a single job. -An example of where this might be used is with Istio. For more information, see [this section.](https://rancher.com/docs/rancher/v2.x/en/istio/setup/enable-istio-in-cluster/#selectors-scrape-configs) +An example of where this might be used is with Istio. For more information, see [this section.](https://rancher.com/docs/rancher/v2.x/en/istio/v2.5/configuration-reference/selectors-and-scrape) # Examples diff --git a/content/rancher/v2.x/en/monitoring-alerting/v2.5/migrating/_index.md b/content/rancher/v2.x/en/monitoring-alerting/v2.5/migrating/_index.md index 9361d3c7767..2960a60d8a9 100644 --- a/content/rancher/v2.x/en/monitoring-alerting/v2.5/migrating/_index.md +++ b/content/rancher/v2.x/en/monitoring-alerting/v2.5/migrating/_index.md @@ -9,7 +9,7 @@ If you previously enabled Monitoring, Alerting, or Notifiers in Rancher prior to ### Monitoring Prior to Rancher v2.5 -As of v2.2.0, Rancher's Cluster Manager allowed users to enable Monitoring & Alerting V1 (both powered by [Prometheus Operator](https://github.com/prometheus-operator/prometheus-operator)) independently within a cluster. For more information on how to configure Monitoring & Alerting V1, see the [docs about monitoring prior to Rancher v2.5](/rancher/v2.x/en/monitoring-alerting/v2.0.x-v2.4.x). +As of v2.2.0, Rancher's Cluster Manager allowed users to enable Monitoring & Alerting V1 (both powered by [Prometheus Operator](https://github.com/prometheus-operator/prometheus-operator)) independently within a cluster. For more information on how to configure Monitoring & Alerting V1, see the [docs about monitoring prior to Rancher v2.5]({{}}/rancher/v2.x/en/monitoring-alerting/v2.0.x-v2.4.x). When Monitoring is enabled, Monitoring V1 deploys [Prometheus](https://prometheus.io/) and [Grafana](https://grafana.com/docs/grafana/latest/getting-started/what-is-grafana/) onto a cluster to monitor the state of processes of your cluster nodes, Kubernetes components, and software deployments and create custom dashboards to make it easy to visualize collected metrics. diff --git a/content/rancher/v2.x/en/overview/architecture-recommendations/_index.md b/content/rancher/v2.x/en/overview/architecture-recommendations/_index.md index 95fcd786f37..da2071281ef 100644 --- a/content/rancher/v2.x/en/overview/architecture-recommendations/_index.md +++ b/content/rancher/v2.x/en/overview/architecture-recommendations/_index.md @@ -9,9 +9,9 @@ This section covers the following topics: - [Separation of Rancher and User Clusters](#separation-of-rancher-and-user-clusters) - [Why HA is Better for Rancher in Production](#why-ha-is-better-for-rancher-in-production) -- [Recommended Load Balancer Configuration for Kubernetes Installations](#recommended-load-balancer-configuration-for-ha-installations) -- [Environment for Kubernetes Installations](#environment-for-ha-installations) -- [Recommended Node Roles for Kubernetes Installations](#recommended-node-roles-for-ha-installations) +- [Recommended Load Balancer Configuration for Kubernetes Installations](#recommended-load-balancer-configuration-for-kubernetes-installations) +- [Environment for Kubernetes Installations](#environment-for-kubernetes-installations) +- [Recommended Node Roles for Kubernetes Installations](#recommended-node-roles-for-kubernetes-installations) - [Architecture for an Authorized Cluster Endpoint](#architecture-for-an-authorized-cluster-endpoint) # Separation of Rancher and User Clusters diff --git a/content/rancher/v2.x/en/project-admin/namespaces/_index.md b/content/rancher/v2.x/en/project-admin/namespaces/_index.md index 82b308daf17..9f52eb90367 100644 --- a/content/rancher/v2.x/en/project-admin/namespaces/_index.md +++ b/content/rancher/v2.x/en/project-admin/namespaces/_index.md @@ -20,7 +20,7 @@ Resources that you can assign directly to namespaces include: To manage permissions in a vanilla Kubernetes cluster, cluster admins configure role-based access policies for each namespace. With Rancher, user permissions are assigned on the project level instead, and permissions are automatically inherited by any namespace owned by the particular project. -> **Note:** If you create a namespace with `kubectl`, it may be unusable because `kubectl` doesn't require your new namespace to be scoped within a project that you have access to. If your permissions are restricted to the project level, it is better to [create a namespace through Rancher]({{}}/rancher/v2.x/en/project-admin/namespaces/#creating-namespaces) to ensure that you will have permission to access the namespace. +> **Note:** If you create a namespace with `kubectl`, it may be unusable because `kubectl` doesn't require your new namespace to be scoped within a project that you have access to. If your permissions are restricted to the project level, it is better to [create a namespace through Rancher]({{}}/rancher/v2.x/en/project-admin/namespaces) to ensure that you will have permission to access the namespace. ### Creating Namespaces diff --git a/content/rancher/v2.x/en/project-admin/pod-security-policies/_index.md b/content/rancher/v2.x/en/project-admin/pod-security-policies/_index.md index e7c01b2aec9..a5367c4cf73 100644 --- a/content/rancher/v2.x/en/project-admin/pod-security-policies/_index.md +++ b/content/rancher/v2.x/en/project-admin/pod-security-policies/_index.md @@ -10,7 +10,7 @@ You can always assign a pod security policy (PSP) to an existing project if you ### Prerequisites - Create a Pod Security Policy within Rancher. Before you can assign a default PSP to an existing project, you must have a PSP available for assignment. For instruction, see [Creating Pod Security Policies]({{}}/rancher/v2.x/en/admin-settings/pod-security-policies/). -- Assign a default Pod Security Policy to the project's cluster. You can't assign a PSP to a project until one is already applied to the cluster. For more information, see [Existing Cluster: Adding a Pod Security Policy]({{}}/rancher/v2.x/en/k8s-in-rancher/editing-clusters/#adding-changing-a-pod-security-policy). +- Assign a default Pod Security Policy to the project's cluster. You can't assign a PSP to a project until one is already applied to the cluster. For more information, see [the documentation about adding a pod security policy to a cluster]({{}}/rancher/v2.x/en/cluster-admin/pod-security-policy). ### Applying a Pod Security Policy diff --git a/content/rancher/v2.x/en/project-admin/resource-quotas/_index.md b/content/rancher/v2.x/en/project-admin/resource-quotas/_index.md index 5613dce83e7..769c8872895 100644 --- a/content/rancher/v2.x/en/project-admin/resource-quotas/_index.md +++ b/content/rancher/v2.x/en/project-admin/resource-quotas/_index.md @@ -11,7 +11,7 @@ This page is a how-to guide for creating resource quotas in existing projects. Resource quotas can also be set when a new project is created. For details, refer to the section on [creating new projects.]({{}}/rancher/v2.x/en/cluster-admin/projects-and-namespaces/#creating-projects) -Resource quotas in Rancher include the same functionality as the [native version of Kubernetes](https://kubernetes.io/docs/concepts/policy/resource-quotas/). In Rancher, resource quotas have been extended so that you can apply them to [projects]({{}}/rancher/v2.x/en/k8s-in-rancher/projects-and-namespaces/#projects). For details on how resource quotas work with projects in Rancher, refer to [this page.](./quotas-for-projects) +Resource quotas in Rancher include the same functionality as the [native version of Kubernetes](https://kubernetes.io/docs/concepts/policy/resource-quotas/). In Rancher, resource quotas have been extended so that you can apply them to projects. For details on how resource quotas work with projects in Rancher, refer to [this page.](./quotas-for-projects) ### Applying Resource Quotas to Existing Projects @@ -30,7 +30,7 @@ Edit [resource quotas]({{}}/rancher/v2.x/en/k8s-in-rancher/projects-and 1. Expand **Resource Quotas** and click **Add Quota**. Alternatively, you can edit existing quotas. -1. Select a [Resource Type]({{}}/rancher/v2.x/en/project-admin/resource-quotas/#resource-quota-types). +1. Select a Resource Type. For more information on types, see the [quota type reference.](./quota-type-reference) 1. Enter values for the **Project Limit** and the **Namespace Default Limit**. diff --git a/content/rancher/v2.x/en/project-admin/resource-quotas/override-container-default/_index.md b/content/rancher/v2.x/en/project-admin/resource-quotas/override-container-default/_index.md index 5d3bf362301..1c15bad1155 100644 --- a/content/rancher/v2.x/en/project-admin/resource-quotas/override-container-default/_index.md +++ b/content/rancher/v2.x/en/project-admin/resource-quotas/override-container-default/_index.md @@ -13,7 +13,7 @@ To avoid setting these limits on each and every container during workload creati _Available as of v2.2.0_ -Edit [container default resource limit]({{}}/rancher/v2.x/en/k8s-in-rancher/projects-and-namespaces/resource-quotas/#setting-container-default-resource-limit) when: +Edit [container default resource limit]({{}}/rancher/v2.x/en/k8s-in-rancher/projects-and-namespaces/resource-quotas/) when: - You have a CPU or Memory resource quota set on a project, and want to supply the corresponding default values for a container. - You want to edit the default container resource limit. diff --git a/content/rancher/v2.x/en/project-admin/resource-quotas/override-namespace-default/_index.md b/content/rancher/v2.x/en/project-admin/resource-quotas/override-namespace-default/_index.md index f09feb9e83c..dc3b768d19a 100644 --- a/content/rancher/v2.x/en/project-admin/resource-quotas/override-namespace-default/_index.md +++ b/content/rancher/v2.x/en/project-admin/resource-quotas/override-namespace-default/_index.md @@ -24,7 +24,7 @@ If there is a [resource quota]({{}}/rancher/v2.x/en/k8s-in-rancher/proj 1. Edit the Resource Quota **Limits**. These limits determine the resources available to the namespace. The limits must be set within the configured project limits. - For more information about each **Resource Type**, see [Resource Quota Types]({{}}/rancher/v2.x/en/k8s-in-rancher/projects-and-namespaces/resource-quotas/#resource-quota-types). + For more information about each **Resource Type**, see [Resource Quotas]({{}}/rancher/v2.x/en/k8s-in-rancher/projects-and-namespaces/resource-quotas/). >**Note:** > diff --git a/content/rancher/v2.x/en/project-admin/resource-quotas/quota-type-reference/_index.md b/content/rancher/v2.x/en/project-admin/resource-quotas/quota-type-reference/_index.md index e671a9afdb1..18005bc817a 100644 --- a/content/rancher/v2.x/en/project-admin/resource-quotas/quota-type-reference/_index.md +++ b/content/rancher/v2.x/en/project-admin/resource-quotas/quota-type-reference/_index.md @@ -21,4 +21,4 @@ When you create a resource quota, you are configuring the pool of resources avai | Replications Controllers | The maximum number of replication controllers that can exist in the project/namespace. | | Secrets | The maximum number of secrets that can exist in the project/namespace. | ->***** When setting resource quotas, if you set anything related to CPU or Memory (i.e. limits or reservations) on a project / namespace, all containers will require a respective CPU or Memory field set during creation. As of v2.2.0, a [container default resource limit](#setting-container-default-resource-limit) can be set at the same time to avoid the need to explicitly set these limits for every workload. See the [Kubernetes documentation](https://kubernetes.io/docs/concepts/policy/resource-quotas/#requests-vs-limits) for more details on why this is required. \ No newline at end of file +>***** When setting resource quotas, if you set anything related to CPU or Memory (i.e. limits or reservations) on a project / namespace, all containers will require a respective CPU or Memory field set during creation. As of v2.2.0, a container default resource limit can be set at the same time to avoid the need to explicitly set these limits for every workload. See the [Kubernetes documentation](https://kubernetes.io/docs/concepts/policy/resource-quotas/#requests-vs-limits) for more details on why this is required. \ No newline at end of file diff --git a/content/rancher/v2.x/en/project-admin/resource-quotas/quotas-for-projects/_index.md b/content/rancher/v2.x/en/project-admin/resource-quotas/quotas-for-projects/_index.md index 60f8c59d91a..48fd35226c5 100644 --- a/content/rancher/v2.x/en/project-admin/resource-quotas/quotas-for-projects/_index.md +++ b/content/rancher/v2.x/en/project-admin/resource-quotas/quotas-for-projects/_index.md @@ -3,7 +3,7 @@ title: How Resource Quotas Work in Rancher Projects weight: 1 --- -Resource quotas in Rancher include the same functionality as the [native version of Kubernetes](https://kubernetes.io/docs/concepts/policy/resource-quotas/). However, in Rancher, resource quotas have been extended so that you can apply them to [projects]({{}}/rancher/v2.x/en/k8s-in-rancher/projects-and-namespaces/#projects). +Resource quotas in Rancher include the same functionality as the [native version of Kubernetes](https://kubernetes.io/docs/concepts/policy/resource-quotas/). However, in Rancher, resource quotas have been extended so that you can apply them to projects. In a standard Kubernetes deployment, resource quotas are applied to individual namespaces. However, you cannot apply the quota to your namespaces simultaneously with a single action. Instead, the resource quota must be applied multiple times. @@ -12,7 +12,7 @@ In the following diagram, a Kubernetes administrator is trying to enforce a reso Base Kubernetes: Unique Resource Quotas Being Applied to Each Namespace ![Native Kubernetes Resource Quota Implementation]({{}}/img/rancher/kubernetes-resource-quota.svg) -Resource quotas are a little different in Rancher. In Rancher, you apply a resource quota to the [project]({{}}/rancher/v2.x/en/k8s-in-rancher/projects-and-namespaces/#projects), and then the quota propagates to each namespace, whereafter Kubernetes enforces your limits using the native version of resource quotas. If you want to change the quota for a specific namespace, you can [override it](#overriding-the-default-limit-for-a-namespace). +Resource quotas are a little different in Rancher. In Rancher, you apply a resource quota to the project, and then the quota propagates to each namespace, whereafter Kubernetes enforces your limits using the native version of resource quotas. If you want to change the quota for a specific namespace, you can override it. The resource quota includes two limits, which you set while creating or editing a project: @@ -23,7 +23,7 @@ The resource quota includes two limits, which you set while creating or editing - **Namespace Default Limits:** - This value is the default resource limit available for each namespace. When the resource quota is created at the project level, this limit is automatically propagated to each namespace in the project. Each namespace is bound to this default limit unless you [override it](#namespace-default-limit-overrides). + This value is the default resource limit available for each namespace. When the resource quota is created at the project level, this limit is automatically propagated to each namespace in the project. Each namespace is bound to this default limit unless you override it. In the following diagram, a Rancher administrator wants to apply a resource quota that sets the same CPU and memory limit for every namespace in their project (`Namespace 1-4`). However, in Rancher, the administrator can set a resource quota for the project (`Project Resource Quota`) rather than individual namespaces. This quota includes resource limits for both the entire project (`Project Limit`) and individual namespaces (`Namespace Default Limit`). Rancher then propagates the `Namespace Default Limit` quotas to each namespace (`Namespace Resource Quota`) when created. diff --git a/content/rancher/v2.x/en/quick-start-guide/cli/_index.md b/content/rancher/v2.x/en/quick-start-guide/cli/_index.md index cd6784d1b23..41e15bb83c0 100644 --- a/content/rancher/v2.x/en/quick-start-guide/cli/_index.md +++ b/content/rancher/v2.x/en/quick-start-guide/cli/_index.md @@ -22,20 +22,30 @@ Run `kubectl cluster-info` or `kubectl get pods` successfully. ## Authentication with kubectl and kubeconfig Tokens with TTL -_**Available as of v2.4.6**_ +_**Available as of v2.4.6**_ _Requirements_ -If admins have [enforced TTL on kubeconfig tokens]({{}}/rancher/v2.x/en/api/api-tokens/#setting-ttl-on-kubeconfig-tokens), the kubeconfig file requires the [Rancher cli](../cli) to be present in your PATH when you run `kubectl`. Otherwise, you’ll see error like: -`Unable to connect to the server: getting credentials: exec: exec: "rancher": executable file not found in $PATH`. +If admins have [enforced TTL on kubeconfig tokens]({{}}/rancher/v2.x/en/api/api-tokens/#setting-ttl-on-kubeconfig-tokens), the kubeconfig file requires the [Rancher cli](../cli) to be present in your PATH when you run `kubectl`. Otherwise, you’ll see error like: +`Unable to connect to the server: getting credentials: exec: exec: "rancher": executable file not found in $PATH`. -This feature enables kubectl to authenticate with the Rancher server and get a new kubeconfig token when required. The following auth providers are currently supported: +This feature enables kubectl to authenticate with the Rancher server and get a new kubeconfig token when required. The following auth providers are currently supported: 1. Local 2. Active Directory -3. FreeIpa, OpenLdap -4. SAML providers - Ping, Okta, ADFS, Keycloak, Shibboleth +3. FreeIpa, OpenLdap +4. SAML providers - Ping, Okta, ADFS, Keycloak, Shibboleth -When you first run kubectl, for example, `kubectl get pods`, it will ask you to pick an auth provider and log in with the Rancher server. -The kubeconfig token is cached in the path where you run kubectl under `./.cache/token`. This token is valid till [it expires](../../api/api-tokens/#expiration-period), or [gets deleted from the Rancher server](../../api/api-tokens/#deleting-tokens) -Upon expiration, the next `kubectl get pods` will ask you to log in with the Rancher server again. +When you first run kubectl, for example, `kubectl get pods`, it will ask you to pick an auth provider and log in with the Rancher server. +The kubeconfig token is cached in the path where you run kubectl under `./.cache/token`. This token is valid till [it expires](../../api/api-tokens/#setting-ttl-on-kubeconfig-tokens-period), or [gets deleted from the Rancher server](../../api/api-tokens/#deleting-tokens) +Upon expiration, the next `kubectl get pods` will ask you to log in with the Rancher server again. + +_Note_ + +As of CLI [v2.4.10](https://github.com/rancher/cli/releases/tag/v2.4.10), the kubeconfig token can be cached at a chosen path with `cache-dir` flag or env var `RANCHER_CACHE_DIR`. + +_**Current Known Issues**_ + +1. If [authorized cluster endpoint]({{}}/rancher/v2.x/en/overview/architecture/#4-authorized-cluster-endpoint) is enabled for RKE clusters to [authenticate directly with downstream cluster]({{}}/rancher/v2.x/en/cluster-admin/cluster-access/kubectl/#authenticating-directly-with-a-downstream-cluster) and Rancher server goes down, all kubectl calls will fail after the kubeconfig token expires. No new kubeconfig tokens can be generated if Rancher server isn't accessible. +2. If a kubeconfig token is deleted from Rancher [API tokens]({{}}/rancher/v2.x/en/api/api-tokens/#deleting-tokens) page, and the token is still cached, cli won't ask you to login again until the token expires or is deleted. +`kubectl` calls will result into an error like `error: You must be logged in to the server (the server has asked for the client to provide credentials`. Tokens can be deleted using `rancher token delete`. diff --git a/content/rancher/v2.x/en/security/_index.md b/content/rancher/v2.x/en/security/_index.md index 2ce2d72bf8d..c27c4c504ac 100644 --- a/content/rancher/v2.x/en/security/_index.md +++ b/content/rancher/v2.x/en/security/_index.md @@ -29,7 +29,6 @@ On this page, we provide security-related documentation along with resources to - [The CIS Benchmark and self-assessment](#the-cis-benchmark-and-self-assessment) - [Third-party penetration test reports](#third-party-penetration-test-reports) - [Rancher CVEs and resolutions](#rancher-cves-and-resolutions) -- [Security Tips and Best Practices](#security-tips-and-best-practices) ### Running a CIS Security Scan on a Kubernetes Cluster @@ -53,7 +52,7 @@ For details, refer to the section on [security scans.]({{}}/rancher/v2. The Rancher Hardening Guide is based on controls and best practices found in the CIS Kubernetes Benchmark from the Center for Internet Security. -The hardening guide provides prescriptive guidance for hardening a production installation of Rancher v2.1.x, v2.2.x and v.2.3.x. See Rancher's [Self Assessment of the CIS Kubernetes Benchmark](#cis-benchmark-rancher-self-assessment) for the full list of security controls. +The hardening guide provides prescriptive guidance for hardening a production installation of Rancher v2.1.x, v2.2.x and v.2.3.x. See Rancher's guides for [Self Assessment of the CIS Kubernetes Benchmark](#the-cis-benchmark-and-self-sssessment) for the full list of security controls. > The hardening guides describe how to secure the nodes in your cluster, and it is recommended to follow a hardening guide before installing Kubernetes. @@ -78,10 +77,10 @@ Each version of Rancher's self-assessment guide corresponds to specific versions Self Assessment Guide Version | Rancher Version | Hardening Guide Version | Kubernetes Version | CIS Benchmark Version ---------------------------|----------|---------|-------|----- -[Self Assessment Guide v2.4]({{}}/rancher/v2.x/en/security/benchmark-2.4/#cis-kubernetes-benchmark-1-5-0-rancher-2-4-+-with-kubernetes-1-15) | Rancher v2.4 | Hardening Guide v2.4 | Kubernetes v1.15 | Benchmark v1.5 -[Self Assessment Guide v2.3.5]({{}}/rancher/v2.x/en/security/benchmark-2.3.5/#cis-kubernetes-benchmark-1-5-0-rancher-2-3-5-+-with-kubernetes-1-15) | Rancher v2.3.5 | Hardening Guide v2.3.5 | Kubernetes v1.15 | Benchmark v1.5 -[Self Assessment Guide v2.3.3]({{}}/rancher/v2.x/en/security/benchmark-2.3.3/#cis-kubernetes-benchmark-1-4-1-rancher-2-3-3-+-with-kubernetes-1-16) | Rancher v2.3.3 | Hardening Guide v2.3.3 | Kubernetes v1.16 | Benchmark v1.4.1 -[Self Assessment Guide v2.3]({{}}/rancher/v2.x/en/security/benchmark-2.3/#cis-kubernetes-benchmark-1-4-1-rancher-2-3-0-2-3-2-with-kubernetes-1-15) | Rancher v2.3.0-2.3.2 | Hardening Guide v2.3 | Kubernetes v1.15 | Benchmark v1.4.1 +[Self Assessment Guide v2.4]({{}}/rancher/v2.x/en/security/benchmark-2.4/#cis-kubernetes-benchmark-1-5-0-rancher-2-4-with-kubernetes-1-15) | Rancher v2.4 | Hardening Guide v2.4 | Kubernetes v1.15 | Benchmark v1.5 +[Self Assessment Guide v2.3.5]({{}}/rancher/v2.x/en/security/benchmark-2.3.5/#cis-kubernetes-benchmark-1-5-0-rancher-2-3-5-with-kubernetes-1-15) | Rancher v2.3.5 | Hardening Guide v2.3.5 | Kubernetes v1.15 | Benchmark v1.5 +[Self Assessment Guide v2.3.3]({{}}/rancher/v2.x/en/security/benchmark-2.3.3/#cis-kubernetes-benchmark-1-4-1-rancher-2-3-3-with-kubernetes-1-16) | Rancher v2.3.3 | Hardening Guide v2.3.3 | Kubernetes v1.16 | Benchmark v1.4.1 +[Self Assessment Guide v2.3]({{}}/rancher/v2.x/en/security/rancher-2.3.x/rancher-v2.3.0/benchmark-2.3/) | Rancher v2.3.0-2.3.2 | Hardening Guide v2.3 | Kubernetes v1.15 | Benchmark v1.4.1 [Self Assessment Guide v2.2]({{}}/rancher/v2.x/en/security/benchmark-2.2/) | Rancher v2.2.x | Hardening Guide v2.2 | Kubernetes v1.13 | Benchmark v1.4.0 and v1.4.1 [Self Assessment Guide v2.1]({{}}/rancher/v2.x/en/security/benchmark-2.1/) | Rancher v2.1.x | Hardening Guide v2.1 | Kubernetes v1.11 | Benchmark 1.3.0 diff --git a/content/rancher/v2.x/en/security/rancher-2.2/benchmark-2.2/_index.md b/content/rancher/v2.x/en/security/rancher-2.2/benchmark-2.2/_index.md index 9ae8594599c..7662c1d2595 100644 --- a/content/rancher/v2.x/en/security/rancher-2.2/benchmark-2.2/_index.md +++ b/content/rancher/v2.x/en/security/rancher-2.2/benchmark-2.2/_index.md @@ -14,7 +14,7 @@ Self Assessment Guide Version | Rancher Version | Hardening Guide Version | Kube Self Assessment Guide v2.2 | Rancher v2.2.x | Hardening Guide v2.2 | Kubernetes 1.13 | Benchmark v1.4.0 and v1.4.1 ### CIS Kubernetes Benchmark 1.4.0 - Rancher 2.2.x with Kubernetes 1.13 -There is no material difference in control verification checks between CIS Kubernetes Benchmark 1.4.0 and [1.4.1](https://rancher.com/docs/rancher/v2.x/en/security/benchmark-2.2/#cis-kubernetes-benchmark-1-4-1-rancher-2-2-x-with-kubernetes-1-13) +There is no material difference in control verification checks between CIS Kubernetes Benchmark 1.4.0 and 1.4.1. ### CIS Kubernetes Benchmark 1.4.1 - Rancher 2.2.x with Kubernetes 1.13 diff --git a/content/rancher/v2.x/en/troubleshooting/networking/_index.md b/content/rancher/v2.x/en/troubleshooting/networking/_index.md index d476c1695ee..c4d10f7552b 100644 --- a/content/rancher/v2.x/en/troubleshooting/networking/_index.md +++ b/content/rancher/v2.x/en/troubleshooting/networking/_index.md @@ -9,7 +9,7 @@ Make sure you configured the correct kubeconfig (for example, `export KUBECONFIG ### Double check if all the required ports are opened in your (host) firewall -Double check if all the [required ports]({{}}/rancher/v2.x/en/cluster-provisioning/node-requirements/#networking-requirements/) are opened in your (host) firewall. The overlay network uses UDP in comparison to all other required ports which are TCP. +Double check if all the [required ports]({{}}/rancher/v2.x/en/cluster-provisioning/node-requirements/#networking-requirements) are opened in your (host) firewall. The overlay network uses UDP in comparison to all other required ports which are TCP. ### Check if overlay network is functioning correctly The pod can be scheduled to any of the hosts you used for your cluster, but that means that the NGINX ingress controller needs to be able to route the request from `NODE_1` to `NODE_2`. This happens over the overlay network. If the overlay network is not functioning, you will experience intermittent TCP/HTTP connection failures due to the NGINX ingress controller not being able to route to the pod. @@ -84,7 +84,7 @@ To test the overlay network, you can launch the following `DaemonSet` definition wk1 can reach wk1 => End network overlay test ``` - If you see error in the output, there is some issue with the route between the pods on the two hosts. In the above output the node `wk2` has no connectivity over the overlay network. This could be because the [required ports]({{}}/rancher/v2.x/en/cluster-provisioning/node-requirements/#networking-requirements/) for overlay networking are not opened for `wk2`. + If you see error in the output, there is some issue with the route between the pods on the two hosts. In the above output the node `wk2` has no connectivity over the overlay network. This could be because the [required ports]({{}}/rancher/v2.x/en/cluster-provisioning/node-requirements/#networking-requirements) for overlay networking are not opened for `wk2`. 6. You can now clean up the DaemonSet by running `kubectl delete ds/overlaytest`. diff --git a/content/rancher/v2.x/en/v1.6-migration/get-started/_index.md b/content/rancher/v2.x/en/v1.6-migration/get-started/_index.md index fd50091066e..7293a2c2af4 100644 --- a/content/rancher/v2.x/en/v1.6-migration/get-started/_index.md +++ b/content/rancher/v2.x/en/v1.6-migration/get-started/_index.md @@ -82,13 +82,13 @@ When you create a cluster, two projects are automatically created: - The `System` project, which includes system namespaces where important Kubernetes resources are running (like ingress controllers and cluster dns services) - The `Default` project. -However, for production environments, we recommend [creating your own project]({{}}/rancher/v2.x/en/project-admin/namespaces/#creating-projects) and giving it a descriptive name. +However, for production environments, we recommend [creating your own project]({{}}/rancher/v2.x/en/cluster-admin/projects-and-namespaces/#creating-projects) and giving it a descriptive name. After provisioning a new cluster and project, you can authorize your users to access and use project resources. Similarly to Rancher v1.6 environments, Rancher v2.x allows you to [assign users to projects]({{}}/rancher/v2.x/en/k8s-in-rancher/projects-and-namespaces/editing-projects/). By assigning users to projects, you can limit what applications and resources a user can access. ## D. Create Stacks -In Rancher v1.6, _stacks_ were used to group together the services that belong to your application. In v2.x, you need to [create namespaces]({{}}/rancher/v2.x/en/k8s-in-rancher/projects-and-namespaces/#creating-namespaces), which are the v2.x equivalent of stacks, for the same purpose. +In Rancher v1.6, _stacks_ were used to group together the services that belong to your application. In v2.x, you need to [create namespaces]({{}}/rancher/v2.x/en/k8s-in-rancher/projects-and-namespaces/), which are the v2.x equivalent of stacks, for the same purpose. In Rancher v2.x, namespaces are child objects to projects. When you create a project, a `default` namespace is added to the project, but you can create your own to parallel your stacks from v1.6. diff --git a/content/rke/latest/en/config-options/cloud-providers/vsphere/enabling-uuid/_index.md b/content/rke/latest/en/config-options/cloud-providers/vsphere/enabling-uuid/_index.md index fb8ae19158d..15b8c0e8946 100644 --- a/content/rke/latest/en/config-options/cloud-providers/vsphere/enabling-uuid/_index.md +++ b/content/rke/latest/en/config-options/cloud-providers/vsphere/enabling-uuid/_index.md @@ -32,4 +32,4 @@ $ govc vm.change -vm -e disk.enableUUID=TRUE In Rancher v2.0.4+, disk UUIDs are enabled in vSphere node templates by default. -If you are using Rancher prior to v2.0.4, refer to the [Rancher documentation.]({{}}/rancher/v2.x/en/cluster-provisioning/rke-clusters/node-pools/vsphere/#enabling-disk-uuids-with-a-node-template) for details on how to enable a UUID with a Rancher node template. +If you are using Rancher prior to v2.0.4, refer to the [vSphere node template documentation.]({{}}/rancher/v2.x/en/cluster-provisioning/rke-clusters/node-pools/vsphere/vsphere-node-template-config/prior-to-2.0.4/#disk-uuids) for details on how to enable a UUID with a Rancher node template. diff --git a/content/rke/latest/en/config-options/services/_index.md b/content/rke/latest/en/config-options/services/_index.md index b1c7a4d4c1e..0266731a249 100644 --- a/content/rke/latest/en/config-options/services/_index.md +++ b/content/rke/latest/en/config-options/services/_index.md @@ -29,7 +29,7 @@ By default, RKE will deploy a new etcd service, but you can also run Kubernetes ## Kubernetes API Server -> **Note for Rancher 2 users** If you are configuring Cluster Options using a [Config File]({{}}/rancher/v2.x/en/cluster-provisioning/rke-clusters/options/#config-file) when creating [Rancher Launched Kubernetes]({{}}/rancher/v2.x/en/cluster-provisioning/rke-clusters/), the names of services should contain underscores only: `kube_api`. This only applies to Rancher v2.0.5 and v2.0.6. +> **Note for Rancher 2 users** If you are configuring Cluster Options using a [Config File]({{}}/rancher/v2.x/en/cluster-provisioning/rke-clusters/options/#cluster-config-file) when creating [Rancher Launched Kubernetes]({{}}/rancher/v2.x/en/cluster-provisioning/rke-clusters/), the names of services should contain underscores only: `kube_api`. This only applies to Rancher v2.0.5 and v2.0.6. The [Kubernetes API](https://kubernetes.io/docs/reference/command-line-tools-reference/kube-apiserver/) REST service, which handles requests and data for all Kubernetes objects and provide shared state for all the other Kubernetes components. @@ -61,7 +61,7 @@ RKE supports the following options for the `kube-api` service : - **Secrets Encryption Config** (`secrets_encryption_config`) - Manage Kubernetes at-rest data encryption. Documented [here]({{}}//rke/latest/en/config-options/secrets-encryption) ## Kubernetes Controller Manager -> **Note for Rancher 2 users** If you are configuring Cluster Options using a [Config File]({{}}/rancher/v2.x/en/cluster-provisioning/rke-clusters/options/#config-file) when creating [Rancher Launched Kubernetes]({{}}/rancher/v2.x/en/cluster-provisioning/rke-clusters/), the names of services should contain underscores only: `kube_controller`. This only applies to Rancher v2.0.5 and v2.0.6. +> **Note for Rancher 2 users** If you are configuring Cluster Options using a [Config File]({{}}/rancher/v2.x/en/cluster-provisioning/rke-clusters/options/#cluster-config-file) when creating [Rancher Launched Kubernetes]({{}}/rancher/v2.x/en/cluster-provisioning/rke-clusters/), the names of services should contain underscores only: `kube_controller`. This only applies to Rancher v2.0.5 and v2.0.6. The [Kubernetes Controller Manager](https://kubernetes.io/docs/reference/command-line-tools-reference/kube-controller-manager/) service is the component responsible for running Kubernetes main control loops. The controller manager monitors the cluster desired state through the Kubernetes API server and makes the necessary changes to the current state to reach the desired state. diff --git a/content/rke/latest/en/example-yamls/_index.md b/content/rke/latest/en/example-yamls/_index.md index 9fe11e634f8..64d3ecf54bb 100644 --- a/content/rke/latest/en/example-yamls/_index.md +++ b/content/rke/latest/en/example-yamls/_index.md @@ -7,7 +7,7 @@ aliases: There are lots of different [configuration options]({{}}/rke/latest/en/config-options/) that can be set in the cluster configuration file for RKE. Here are some examples of files: -> **Note for Rancher 2 users** If you are configuring Cluster Options using a [Config File]({{}}/rancher/v2.x/en/cluster-provisioning/rke-clusters/options/#config-file) when creating [Rancher Launched Kubernetes]({{}}/rancher/v2.x/en/cluster-provisioning/rke-clusters/), the names of services should contain underscores only: `kube_api` and `kube_controller`. This only applies to Rancher v2.0.5 and v2.0.6. +> **Note for Rancher 2 users** If you are configuring Cluster Options using a [Config File]({{}}/rancher/v2.x/en/cluster-provisioning/rke-clusters/options/#cluster-config-file) when creating [Rancher Launched Kubernetes]({{}}/rancher/v2.x/en/cluster-provisioning/rke-clusters/), the names of services should contain underscores only: `kube_api` and `kube_controller`. This only applies to Rancher v2.0.5 and v2.0.6. ## Minimal `cluster.yml` example diff --git a/layouts/shortcodes/ssl_faq_single.html b/layouts/shortcodes/ssl_faq_single.html deleted file mode 100644 index f10af1e0903..00000000000 --- a/layouts/shortcodes/ssl_faq_single.html +++ /dev/null @@ -1,84 +0,0 @@ -

How Do I Know if My Certificates are in PEM Format?

- -

You can recognize the PEM format by the following traits:

-
    -
  • The file begins with the following header:
    -----BEGIN CERTIFICATE-----
    • -
  • The header is followed by a long string of characters. Like, really long.
    • -
  • The file ends with a footer:
    -----END CERTIFICATE-----
    • -
- -

PEM Certificate Example:

- -
-----BEGIN CERTIFICATE-----
-MIIGVDCCBDygAwIBAgIJAMiIrEm29kRLMA0GCSqGSIb3DQEBCwUAMHkxCzAJBgNV
-... more lines
-VWQqljhfacYPgp8KJUJENQ9h5hZ2nSCrI+W00Jcw4QcEdCI8HL5wmg==
------END CERTIFICATE-----
-
- -

PEM Certificate Key Example:

- -
------BEGIN RSA PRIVATE KEY-----
-MIIGVDCCBDygAwIBAgIJAMiIrEm29kRLMA0GCSqGSIb3DQEBCwUAMHkxCzAJBgNV
-... more lines
-VWQqljhfacYPgp8KJUJENQ9h5hZ2nSCrI+W00Jcw4QcEdCI8HL5wmg==
------END RSA PRIVATE KEY-----
-
- -

If your key looks like the example below, see How Can I Convert My Certificate Key From - PKCS8 to PKCS1? -

- - 

------BEGIN PRIVATE KEY-----
-MIIGVDCCBDygAwIBAgIJAMiIrEm29kRLMA0GCSqGSIb3DQEBCwUAMHkxCzAJBgNV
-... more lines
-VWQqljhfacYPgp8KJUJENQ9h5hZ2nSCrI+W00Jcw4QcEdCI8HL5wmg==
------END PRIVATE KEY-----
-
- -

How Can I Convert My Certificate Key From PKCS8 to PKCS1?

- -

If you are using a PKCS8 certificate key file, Rancher will log the following line:

- - 
-ListenConfigController cli-config [listener] failed with : failed to read private key: asn1: structure error: tags don't match (2 vs {class:0 tag:16 length:13 isCompound:true})
-
- -

To make this work, you will need to convert the key from PKCS8 to PKCS1 using the command below:

- - 
-openssl rsa -in key.pem -out convertedkey.pem
-
- -

You can now use convertedkey.pem as certificate key file for Rancher.

- -

What is the Order of Certificates if I Want to Add My Intermediate(s)?

- -

The order of adding certificates is as follows:

- - 
------BEGIN CERTIFICATE-----
-%YOUR_CERTIFICATE%
------END CERTIFICATE-----
------BEGIN CERTIFICATE-----
-%YOUR_INTERMEDIATE_CERTIFICATE%
------END CERTIFICATE-----
-
- -

How Do I Validate My Certificate Chain?

- -

You can validate the certificate chain by using the openssl binary. If the output of the command - (see the command example below) ends with Verify return code: 0 (ok), your certificate chain is - valid. The ca.pem file must be the same as you added to the rancher/rancher container. - When using a certificate signed by a recognized Certificate Authority, you can omit the -CAfile - parameter.

- -

Command:

- 
-openssl s_client -CAfile ca.pem -connect rancher.yourdomain.com:443
-...
-    Verify return code: 0 (ok)
-